lugapelsiteadmin
Asus supplier hit by ransomware attack as gang flaunts alleged 1 TB haul
Laptop maker says a vendor breach exposed some phone camera code, but not its own systems Asus has admitted that a third-party supplier was popped by cybercrims after the Everest ransomware gang claimed it had rifled through the tech titan's internal files.…
Beijing-linked hackers are hammering max-severity React bug, AWS warns
State-backed attackers started poking flaw as soon as it dropped – anyone still unpatched is on borrowed time Amazon has warned that China-nexus hacking crews began hammering the critical React "React2Shell" vulnerability within hours of disclosure, turning a theoretical CVSS-10 hole into a live-fire incident almost immediately.…
UK pushes ahead with facial recognition expansion despite civil liberties backlash
Plan would create statutory powers for police use of biometrics, prompting warnings of mass surveillance The UK government has kicked off plans to ramp up police use of facial recognition, undeterred by a mounting civil liberties backlash and fresh warnings that any expansion risks turning public spaces into…
Bots, bias, and bunk: How can you tell what’s real on the net?
You can improve the odds by combining skepticism, verification habits, and a few technical checks Opinion Liars, cranks, and con artists have always been with us. It's just that nowadays their reach has gone from the local pub to the globe.…
An AI for an AI: Anthropic says AI agents require AI defense
Automated software keeps getting better at pilfering cryptocurrency Anthropic could have scored an easy $4.6 million by using its Claude AI models to find and exploit vulnerabilities in blockchain smart contracts.…
Microsoft quietly shuts down Windows shortcut flaw after years of espionage abuse
Silent Patch Tuesday mitigation ends ability to hide malicious commands in .lnk files Microsoft has quietly closed off a critical Windows shortcut file bug long abused by espionage and cybercrime networks.…
Aisuru botnet turns Q3 into a terabit-scale stress test for the entire internet
Cloudflare data shows 29.7 Tbps record-breaker landed amid 87% surge in network-layer attacks The internet has spent the past three months ducking for cover as the Aisuru botnet hurled record-shattering DDoS barrages from an army of up to 4 million infected machines.…
TLS 1.3 includes welcome improvements, but still allows long-lived secrets
Tricky tradeoffs are hard to avoid when designing systems, but the choice not to use LLMs for some tasks is clear Systems Approach As we neared the finish line for our network security book, I received a piece of feedback from Brad Karp that my explanation of forward…
Rust core library partly polished for industrial safety spec
Ferrous Systems achieves IEC 61508 (SIL 2) certification for systems that demand reliability Memory-safe Rust code can now be more broadly applied in devices that require electronic system safety, at least as measured by International Electrotechnical Commission (IEC) standards.…
‘Exploitation is imminent’ as 39 percent of cloud environs have max-severity React hole
Finish reading this, then patch A maximum-severity flaw in the widely used JavaScript library React, and several React-based frameworks including Next.js allows unauthenticated, remote attackers to execute malicious code on vulnerable instances. The flaw is easy to abuse, and mass exploitation is "imminent," according to security researchers.…