July 2025
Compromised Amazon Q extension told AI to delete everything – and it shipped
Malicious actor reportedly sought to expose AWS 'security theater' The official Amazon Q extension for Visual Studio Code (VS Code) was compromised to include a prompt to wipe the user's home directory and delete all their AWS resources.…
VMware prevents some perpetual license holders from downloading patches
Despite pledging help for those who don’t sign for subs, Broadcom says validating their entitlements will delay support Exclusive Some customers of Broadcom’s VMware business currently cannot access security patches, putting them at greater risk of attack.…
Three questions you should always be able to answer about your security environment
All security questions are hard to answer, but these three are non-negotiable Partner content We've all seen those seemingly straightforward security questions that snowball into multi-day research projects across dozens of consoles, spreadsheets, and manual queries. The reality is that even the most fundamental security questions are notoriously…
$380M lawsuit claims intruder got Clorox’s passwords from Cognizant simply by asking
Hand us the mind bleach, we want to flush our memories of attack Clorox is suing its service desk provider, Cognizant, for $380 million in a California state court, alleging the IT support crew "enabled a cybercriminal to gain a foothold in Clorox's network" by handing over staffers'…
Copilot Vision on Windows 11 sends data to Microsoft servers
Total Recall: Capturing everything you do on your PC screen to become a 'true companion' Microsoft is again throwing AI at Windows 11 to see what sticks, releasing features including the even more eyebrow-raising successor to its controversial Recall, a screen-streaming remotely processed backseat driver dubbed Copilot Vision.…
China warns citizens to beware backdoored devices, on land and under the sea
Suggests buying local tech to avoid infosec worries China’s Ministry of State Security has spent the week warning of backdoored devices on land and at sea.…
Arch Linux users told to purge Firefox forks after AUR malware scare
The distro's greatest asset is arguably also its greatest weakness If you installed the Firefox, LibreWolf, or Zen web browsers from the Arch User Repository (AUR) in the last few days, delete them immediately and install fresh copies.…
Surprise, surprise: Chinese spies, IP stealers, other miscreants attacking Microsoft SharePoint servers
With more to come, no doubt At least three Chinese groups are attacking on-premises SharePoint servers via a couple of recently disclosed Microsoft bugs, according to Redmond.…
Silicon Valley engineer admits theft of US missile tech secrets
Used stolen info to pitch for Chinese tech talent program A Silicon Valley engineer has pleaded guilty to stealing thousands of trade secrets worth hundreds of millions of dollars, including crucial military technology.…
Humans can be tracked with unique ‘fingerprint’ based on how their bodies block Wi-Fi signals
Wi-Fi spy with my little eye that same guy I saw at another hotspot Researchers in Italy have developed a way to create a biometric identifier for people based on the way the human body interferes with Wi-Fi signal propagation.…