April 2025

Ex-NSA chief warns AI devs: Don’t repeat infosec’s early-day screwups

Bake in security now or pay later, says Mike Rogers AI engineers should take a lesson from the early days of cybersecurity and bake safety and security into their models during development, rather than trying to bolt it on after the fact, according to former NSA boss Mike…

America’s cyber defenses are being dismantled from the inside

The CVE system nearly dying shows that someone has lost the plot Opinion  We almost lost the Common Vulnerabilities and Exposures (CVE) database system, but that's only the tip of the iceberg of what President Trump and company are doing to US cybersecurity efforts.…

RIP, Google Privacy Sandbox

Chrome will keep third-party cookies, a win for web giant's ad rivals After six years of work, Google's Privacy Sandbox, technology for delivering ads while protecting privacy, looks like dust in the wind.…

Fog ransomware channels Musk with demands for work recaps or a trillion bucks

In effect: 'Ha ha – the government is borked and so are you' Ransomware scumbags - potentially those behind the Fog gang - are channeling their inner Elon Musk with their latest ransom note, spotted by researchers at Trend Micro.…

A pot of $250K is now available to ransomware researchers, but it feeds a commercial product

Security bods can earn up to $10K per report Ransomware threat hunters can now collect rewards of $10,000 for each piece of intel they file under a new bug bounty that aims to squash extortionists.…

This is not just any ‘cyber incident’ … this is an M&S ‘cyber incident’

Retailer tight-lipped on details as digital hiccup disrupts customer orders UK high street mainstay Marks & Spencer told the London Stock Exchange this afternoon it has been managing a "cyber incident" for "the past few days."…

UN says Asian scam call center epidemic expanding globally amid political heat

What used to be a serious issue mainly in Southeast Asia is now the world’s problem Scam call centers are metastasizing worldwide "like a cancer," according to the United Nations, which warns the epidemic has reached a global inflection point as syndicates scale up and spread out.…

Bug hunter tricked SSL.com into issuing cert for Alibaba Cloud domain in 5 steps

10 other certificates 'were mis-issued and have now been revoked' Certificate issuer SSL.com’s domain validation system had an unfortunate bug that was exploited by miscreants to obtain, without authorization, digital certs for legit websites.…

Microsoft rated this bug as low exploitability. Miscreants weaponized it in just 8 days

It's now hitting govt, enterprise targets On March 11 - Patch Tuesday - Microsoft rolled out its usual buffet of bug fixes. Just eight days later, miscreants had weaponized one of the vulnerabilities, using it against government and private sector targets in Poland and Romania.…

Hacking US crosswalks to talk like Zuck is as easy as 1234

AI-spoofed Mark joins fellow billionaires as the voice of the street – here's how it was probably done Video  Crosswalk buttons in various US cities were hijacked over the past week or so to – rather than robotically tell people it's safe to walk or wait – instead…

Copyright © 2024 Lugapel