惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

M
MIT News - Artificial intelligence
有赞技术团队
有赞技术团队
S
Schneier on Security
aimingoo的专栏
aimingoo的专栏
T
Troy Hunt's Blog
U
Unit 42
Hacker News - Newest:
Hacker News - Newest: "LLM"
V2EX - 技术
V2EX - 技术
T
The Blog of Author Tim Ferriss
V
Visual Studio Blog
H
Heimdal Security Blog
H
Hacker News: Front Page
Blog — PlanetScale
Blog — PlanetScale
博客园 - 司徒正美
Cloudbric
Cloudbric
Google DeepMind News
Google DeepMind News
C
Cisco Blogs
The Cloudflare Blog
C
Cybersecurity and Infrastructure Security Agency CISA
Microsoft Security Blog
Microsoft Security Blog
MyScale Blog
MyScale Blog
F
Fortinet All Blogs
N
News | PayPal Newsroom
Attack and Defense Labs
Attack and Defense Labs
D
DataBreaches.Net
N
News and Events Feed by Topic
Security Archives - TechRepublic
Security Archives - TechRepublic
Forbes - Security
Forbes - Security
Simon Willison's Weblog
Simon Willison's Weblog
F
Full Disclosure
The Register - Security
The Register - Security
L
LINUX DO - 热门话题
Webroot Blog
Webroot Blog
Google Online Security Blog
Google Online Security Blog
AI
AI
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
I
Intezer
S
Security Affairs
阮一峰的网络日志
阮一峰的网络日志
K
Kaspersky official blog
云风的 BLOG
云风的 BLOG
博客园 - 叶小钗
T
Threatpost
Spread Privacy
Spread Privacy
小众软件
小众软件
AWS News Blog
AWS News Blog
S
Secure Thoughts
S
Security @ Cisco Blogs
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
J
Java Code Geeks

The Register - Security

India's cyber agency sets clock at 12 hours to tackle exploited bugs as AI turns up the heat Are we human? MyPillow must decide whether to be firm or soft as ransomware crims demand pay Experts pour cold borscht on Farage's Russian hack claim AI eyes scanning for bugs create a worrisome Linux security trend A Russian speaker and jailbroken Gemini went on a hacking spree and emptied at least one MAGA victim's crypto wallets Techie claims Trump Mobile website was leaking thousands of people's data Dems slam Trump for making cybersecurity hold out the tin cup while splurging on ballroom and Jan. 6 'slush fund' Attackers spill plaintext passwords of 46k Myspace93 users after 2021 breach Microsoft open-sources agentic AI safety tools Are we human? America's top cyber-defense agency left a GitHub repo open with with passwords, keys, tokens – and incredibly obvious filenames America's top cyber-defense agency left a GitHub repo open with passwords, keys, tokens – and incredibly obvious filenames Shai-Hulud copycat worm infects yet another npm package MPs want social media treated more like unsafe toys than harmless apps Nobody believes the 'criminals and scumbags' who hacked Canvas really deleted stolen student data To gain root access, intruder just had to ask AWS patched Quick auth bypass, says customers weren't using control Disgruntled researcher releases two more Microsoft zero-days Malware crew TeamPCP open-sources its Shai-Hulud worm on GitHub Foxconn confirms cyberattack after ransomware crew claims it stole confidential Apple, Nvidia files US bank reports itself after slinging customer data at 'unauthorized AI app' Anthropic’s bug-hunting Mythos was greatest marketing stunt ever, says cURL creator Best Western Hotels confirms web app data breach Arctic Wolf cuts 250 jobs in AI push 1 in 8 workers say selling company logins is justifiable Iran cyberspies LARPing as ransomware crims in espionage ops UK age-gating plans risk breaking the internet, privacy groups warn India orders infosec red alert in case Mythos sparks crime 'CopyFail' attackers start cashing in on Linux flaw ShinyHunters claims dump puts 119K Vimeo emails in the wild ShinyHunters claims 119K Vimeo emails in the wild Singapore boffins get diverse SIEMs singing in harmony Shadow IT has given way to shadow AI. Enter AI-BOMs AI-BOMs replace SBOMs as way to track AI agents and bots Home Office adds £216M to travel doc contract before bids FBI: China's hacker-for-hire ecosystem 'out of control' UK business breach rate stuck at 43%... blame the phishing What type of 'C2 on a sleep cycle' do they leave behind? Novel Chinese spy group found in critical networks in Poland, Asia Chinese spy group caught lurking in Poland, Asia networks Critical cPanel, WHM flaw probs exploited as 0-day, pros say ORNL builds more sensitive GPS interference detector Microsoft patch fell short. New Windows flaw exploited Fooling large language models just keeps getting simpler Wiz hands GitHub AI-aided bug report that isn Don’t pay VECT a ransom - your big files are likely gone Pitney Bowes the latest victim of ShinyHunters’ breach-spree Ongoing supply-chain attack targets security, dev tools Medical and utility tech companies admit digital breakins Cybersecurity professional getting more work and less pay Crime crew impersonates help desk, abuses Teams chats ShinyHunters claim they have cruise giant Carnival’s booty CISA, NCSC issue Firestarter backdoor warning Intel expects AI inference to drive demand for its CPUs Open source models can find bugs as well as Mythos Researchers find sabotage malware that may predate Stuxnet Attackers could disable all of a city's public EV chargers Age checks could turn internet into an ID checkpoint, complains Proton CEO If malware via monitor cables is a matter of national security, this might be the gadget for you France's 'Secure' ID agency probes breach as crooks claim 19M records Scotland Yard can keep using live facial recognition on Londoners, say judges Nation-states want to cause harm, not just steal cash - stop handing your cyber defenses to the cheapest contractor Murder, she wrote: Ex-FBI chief wants some ransomware crims charged with homicide macOS ClickFix attacks deliver AppleScript stealers to snarf credentials, wallets Yet another ex-ransomware negotiator admits turning rogue after payoff from crimelords AI-assisted intruders pwned Vercel via OAuth abuse and a pilfered employee account Crook claims to leak 'video surveillance footage' of companies Met police trials snoop tech platform in push to cuff more London shoplifters Adaptavist Group breach spawns imposter emails as ransomware crew claims mega-haul Panasonic creates device-locked QR codes to speed facial biometric capture Iran claims US used backdoors to knock out networking equipment during war Vibe coding upstart Lovable denies data leak, cites 'intentional behavior,' then throws HackerOne under the bus Scot becomes second Scattered Spider-linked crook to plead guilty in US Just like phishing for gullible humans, prompt injecting AIs is here to stay Locked-out iPhone user tells The Reg that Apple is scrambling to fix character flaw passcode bug Git identity spoof fools Claude into giving bad code the nod McGraw Hill linked to 13.5M-record data leak Microsoft announces product it doesn't want anyone to buy Server-room lock was nothing but a crock Nobody knows how many CVEs Anthropic's Project Glasswing has actually found Autovista blames ransomware for service disruption French cops free mother and son after crypto kidnapping UK told its Big Tech habit is now a national security risk Commvault has a Ctrl+Z for rogue AI agents No honor among thieves as 0APT threatens rival ransomware gang Krybit Fake Linux leader using Slack to con devs into giving up their secrets Booking.com warns of possible reservation data exposure NHS pays £46K to prep next Microsoft licensing round China wants AI to prepare school lessons and mark homework Anthropic's Mythos has The Kettle crew curious, skeptical Two different attackers poisoned popular open source tools Hungary officials used weak passwords exposed in breach dump CPUID hijacked to serve malware as HWMonitor downloads Unpacking AI security 2026 from experimentation agentic era Microsoft locks out top open source devs, blames process Iran cyber actors disrupting US water, energy facilities, FBI warns Russia's Fancy Bear still attacking routers to boost fake sites, NCSC warns AI agents found vulns in this Linux and Unix print server Don't glamorize cybercrims, roast them instead Trump wants to take a battle axe to CISA again and slash $707M from budget
NHS Scotland-linked domains push pr0n and illegal streams
2026-04-08 · via The Register - Security

REG AD

Security

NHS Scotland-linked domains caught serving pr0n and dodgy sports streams

Two practice web addresses appear to have been compromised

Multiple domains belonging to Scottish healthcare providers have been hijacked and are now pushing links to adult content and illegal sports streams, according to a researcher.

First spotted by Nick Hatter, a former cybersecurity engineer turned psychotherapist and life coach, an influx of links hosted on a domain belonging to The New Surgery in Kilmacolm, near Glasgow, flooded Google's index in recent days.

On closer inspection, some seem to have been created as far back as January.

REG AD

The landing page for the domain is not the one currently used by the practice, but it was likely used previously, given the scot.nhs.uk namespace appears to belong to a US-based web developer as a guise for the illicit content it now hosts.

REG AD

The Register asked NHS Greater Glasgow and Clyde (NHSGGC), Scotland's largest health board and the one that oversees The New Surgery, to comment.

A spokesperson for NHSGGC said: "NHS Greater Glasgow and Clyde's cybersecurity team is working with Public Services Delivery Scotland's Cyber Centre of Excellence to support an independent GP practice after being made aware that a legacy website had been compromised. This affects a legacy website that was independently set up and managed by the GP practice, and there is no evidence the practice's primary website, or any NHS Scotland systems locally or nationally, were compromised."

We also contacted NHS National Services Scotland (NSS), which administers the scot.nhs.uk domain.

In a statement, Scott Barnett, Chief Information Security Officer, Public Services Delivery Scotland, said: "Our NHS Scotland Cyber Centre of Excellence (CCoE) was made aware of a security issue affecting a legacy website associated with a local GP practice.

"At this time, we are not aware of personal or sensitive data exposure as a result of this incident. There is also no evidence the practice's primary website, or any NHS Scotland systems locally or nationally, were compromised.

"Our CCoE teams are continuing to work closely with NHS Greater Glasgow and Clyde's cyber security team to understand the cause of the issue and to ensure it has been fully contained."

Hatter also told The Register that after unearthing the initial compromise related to The New Surgery, he found similar activity at the domain for Lerwick GP Practice, located in the remote Shetland Isles.

REG AD

In Lerwick's case, the domain currently in use by the practice is the one serving the illicit links. The New Surgery's compromised domain has not been used for the practice's primary website in years.

A search using the Wayback Machine shows that as of 2019, one of the sites now serving dodgy links was indeed the one used to access The New Surgery, suggesting it was compromised at some point more recently.

In discussions related to the original The New Surgery findings, Alan Woodward, professor of cybersecurity at the University of Surrey, told The Register: "The big question is, is it a real surgery or is someone putting up a dodgy URL to automatically redirect? 

"Either way, the scot.nhs.uk subdomains are managed by NHS Scotland, so somehow someone has managed to set up a subdomain of scot.nhs.uk, which should be under NHS Scotland's control.

"The most obvious way I can think someone would have done that is to steal credentials of a system admin, access the DNS controller, and add in the redirect from a URL that looks like it could be a particular GP surgery but actually isn't. That suggests a deeper penetration than just one surgery being hacked. It also means that the usual users of that GP's website won't have noticed anything, so how long it's been there, who knows."

Because the nhs.uk and scot.nhs.uk domains are closed, an everyday cybercrook cannot simply register a copycat of a GP practice within these namespaces and begin hosting questionable content.

Registering a website using these namespaces requires official authorization through the NHS directly, so the question for NHS Scotland is how a domain under its control was apparently compromised.

The same applies to DNS record changes, and NHS domains are also eligible for protection under the UK NCSC's Protective DNS scheme, although each public sector organization must apply for it, rather than it being applied automatically.

REG AD

Hatter told The Register: "My guess is this could be a DNS attack of some sort or a compromised WordPress setup, which is more likely."

Domain Information Groper (dig) queries show that the NHS domains are correctly and safely pointing to WP Engine, suggesting the compromise was on the WordPress side.

Hypothetically, if the hijackings were caused by exploitation of a plugin vulnerability, for example, it would hardly be the first time something like this had transpired as a result.

"In my opinion, it is quite possible other NHS Scotland practices are vulnerable to this attack," Hatter added. ®