Risky Bulletin
Risky Bulletin: BadHost vulnerability bypasses authentication on AI infrastructure
In other news: Hackers breach Lithuania's state registry; security firms take down Glassworm botnet; CERT India releases strict patching guideline.
Catalin Cimpanu
Risky Bulletin
Risky Bulletin: Mythos found thousands of critical bugs
In other news: Hackers breach Russia's SDA disinfo group; GitHub rolls out new npm security features; bulletproof hosting providers raided in the Netherlands.
Risky Bulletin
Risky Bulletin: Microsoft ends SMS MFA for personal accounts
In other news: GitHub hacked via VS Code extension; CISA to let researchers submit new KEV entries; SMS blaster detained at Eurovision.
Risky Bulletin
Risky Bulletin: Microsoft takes down MSaaS used by ransomware gangs
In other news: CISA contractor leaks GovCloud keys; vulnerability exploitation is now the dominant entry vector; Drupal readies security updates for "highly critical" bug.
Risky Bulletin
Risky Bulletin: Indonesia emerges as a new hub for cyber scams
In other news: Grafana hacked and held for ransom; Fast16 malware targeted nuclear explosion simulation software; a new Exchange zero-day is under attack.
Risky Bulletin
Risky Bulletin: Shai-Hulud goes open-source
In other news: Dream Market admin charged after major OPSEC failure; France investigates Israeli disinfo firm; Composer rushes to fix GitHub token leak.
Risky Bulletin
Risky Bulletin: RubyGems disables sign-ups after attack on staff
In other news: Instructure paid the ransom; The Gentlemen RaaS gets hacked; another major supply chain attack on npm (yawn).
Risky Bulletin
Risky Bulletin: FCC relaxes foreign router ban to allow for security updates
In other news: ShinyHunters disrupts schools across US; 21-year-old RCE found in FreeBSD; and another Linux zero-day LPE.
Risky Bulletin
Risky Bulletin: Google patches Android remote takeover bug
In other news: Palo Alto Networks discloses a firewall zero-day; Ivanti also patches one; leak exposes Russia's spy and hacker school.
Risky Bulletin
Risky Bulletin: Extremely targeted supply chain attack hits DAEMON Tools
In other news: Australia gets its own CSRB; VOIP server hacker arrested after 17 years; Oracle switches to monthly security updates.
Risky Bulletin
Risky Bulletin: DigiCert hacked with a malicious screensaver file
In other news: Ransomware negotiators get four years in prison; Trellix discloses security breach; another Russian hacker arrested while vacationing in the wrong place.
Risky Bulletin
Risky Bulletin: The mysterious hack of Moldova's healthcare database
In other news: Scam compounds raided in Dubai; Copy Fail vulnerability impacts Linux distros going back to 2017; major cPanel bug exploited in the wild.