Blog

GitHub supply chain attack spills secrets from 23,000 projects

Large organizations among those cleaning up the mess It's not such a happy Monday for defenders wiping the sleep from their eyes only to deal with the latest supply chain attack.…

UK government to open £16B IT services competition after 6-month delay

Technology Services 4 framework expands by £4B, with procurement to begin this week UK government is set to crack open the pork barrel for up to £16 billion in contracts for a range of IT services. The buying framework was delayed by six months and the total pot…

Microsoft wouldn’t look at a bug report without a video. Researcher maliciously complied

Maddening techno bass loop, Zoolander reference, and 14 minutes of time wasted A vulnerability analyst and prominent member of the infosec industry has blasted Microsoft for refusing to look at a bug report unless he submitted a video alongside a written explanation.…

Apple’s alleged UK encryption battle sparks political and privacy backlash

National security defense being used to keep appeal behind closed doors US politicians and privacy campaigners are calling for the private hearing between Apple and the UK government regarding its alleged encryption-busting order to be aired in public.…

New kids on the ransomware block channel Lockbit to raid Fortinet firewalls

It's March already and you haven't patched? Researchers are tracking a newly discovered ransomware group with suspected links to LockBit after a series of intrusions were reported starting in January.…

Dems ask federal agencies for reassurance DOGE isn’t feeding data into AI willy-nilly

Pouring sensitive info into unapproved, unaccountable, unsafe models would be a 'severe' cybersecurity fail House Democrats have sent letters to 24 federal agencies asking for assurances that Elon Musk's DOGE team is not feeding sensitive government data into "unapproved and unaccountable" AI systems.…

Google says it’s rolling out fix for stricken Chromecasts

It'll take a few days, give or take your situation Google has told The Register it's beginning to roll out a fix for Chromecast devices that were crippled by an expired security certificate authority. We're assured this deployment will take place over the next few days.…

That ‘angry guest’ email from Booking.com? It’s a scam, not a 1-star review

Phishers check in, your credentials check out, Microsoft warns An ongoing phishing campaign disguised as a Booking.com email casts keystroke and credential-stealing malware into hospitality employees' inboxes for financial fraud and theft, according to Microsoft Threat Intelligence.…

CISA: We didn’t fire red teams, we just unhired a bunch of them

Agency tries to save face as it also pulls essential funding for election security initiatives Uncle Sam's cybersecurity agency is trying to save face by seeking to clear up what it's calling "inaccurate reporting" after a former senior pen-tester claimed the organization axed two red teams.…

DeepSeek can be gently persuaded to spit out malware code

It might need polishing, but a useful find for any budding cybercrooks out there DeepSeek's flagship R1 model is capable of generating a working keylogger and basic ransomware code, just as long as a techie is on hand to tinker with it a little.…

Copyright © 2024 Lugapel