Cybersecurity

TLS 1.3 includes welcome improvements, but still allows long-lived secrets

Tricky tradeoffs are hard to avoid when designing systems, but the choice not to use LLMs for some tasks is clear Systems Approach  As we neared the finish line for our network security book, I received a piece of feedback from Brad Karp that my explanation of forward…

Rust core library partly polished for industrial safety spec

Ferrous Systems achieves IEC 61508 (SIL 2) certification for systems that demand reliability Memory-safe Rust code can now be more broadly applied in devices that require electronic system safety, at least as measured by International Electrotechnical Commission (IEC) standards.…

‘Exploitation is imminent’ as 39 percent of cloud environs have max-severity React hole

Finish reading this, then patch A maximum-severity flaw in the widely used JavaScript library React, and several React-based frameworks including Next.js allows unauthenticated, remote attackers to execute malicious code on vulnerable instances. The flaw is easy to abuse, and mass exploitation is "imminent," according to security researchers.…

Here’s your worst nightmare: E-tailer can only resume partial sales 45 days after ransomware attack

Japan’s Askul still can’t run all its sites, but at least the fax line held up OK Japanese e-tailer Askul has resumed online sales, 45 days after a ransomware attack.…

Indian government reveals GPS spoofing at eight major airports

Extra infosec investments are taxiing towards the runway India’s Civil Aviation Minister has revealed that local authorities have detected GPS spoofing and jamming at eight major airports.…

Two Android 0-day bugs disclosed and fixed, plus 105 more to patch

Christmas comes early for attackers this year Two high-severity Android bugs were exploited as zero-days before Google issued a fix, according to its December Android security bulletin. …

University of Pennsylvania joins list of victims from Clop’s Oracle EBS raid

Ivy League school warns more than 1,400 people after attackers siphon data via zero-day The University of Pennsylvania has become the latest victim of Clop's smash-and-grab spree against Oracle's E-Business Suite (EBS) customers, with the Ivy League school now warning more than a thousand individuals that their personal…

Europol nukes Cryptomixer laundering hub, seizing €25M in Bitcoin

Operation Olympia pulls Swiss servers offline and scoops up 12TB of data in latest crime infrastructure crackdown Law enforcement agencies in Germany and Switzerland have shut down cryptocurrency laundering platform Cryptomixer in Europe's latest pushback against cybercrime infrastructure.…

Kensington and Chelsea confirms IT outage was a data breach after all

Borough says attackers copied 'historical' info as three-council cyber woes drag on Kensington and Chelsea Council has admitted that data was quietly lifted from its systems during last week's cyber meltdown, confirming that the outage was not just an IT faceplant but a bona fide data breach.…

FTC schools edtech outfit after intruder walked off with 10M student records

Regulator says Illuminate ignored years of warnings, stored kids' data in plain text, and kept districts in the dark US edtech provider Illuminate Education just got dinged by the Federal Trade Commission for allegedly failing to keep an attacker from pilfering data on 10 million students.…

Copyright © 2026 Lugapel