Risky Bulletin
Risky Bulletin: Arch Linux supply chain attack spreads to 1,900+ AUR packages
In other news: FISA S702 expires for the first time since 2008; FBI takes down Chinese phishing service; major supply chain attack hits WordPress ecosystem.
Catalin Cimpanu
Risky Bulletin
Risky Bulletin: In the age of AI, CISA changes federal patching rules
In other news: House Republican hacked by Russia; ShinyHunters gets a new zero-day; npm to block auto-run install scripts by default.
Risky Bulletin
Risky Bulletin: Meta says NSO violated court order with new campaign targeting WhatsApp
In other news: Security incident at France's Tchap messenger; Putin cuts some Kremlin security cameras; Russia bans foreign login services.
Risky Bulletin
Risky Bulletin: RubyGems adds dependency cooldowns to counter supply chain attacks
In other news: AT&T and IBM accused of hiding foreign hacks; Cisco warns of a new SD-WAN zero-day; Google layoffs hit security teams.
Risky Bulletin
Risky Bulletin: The EU debuts digital sovereignty plan
In other news: American law firm pays a $20m ransom; authorities take down millions of email and social media scam accounts; new HTTP/2 Bomb attack.
Risky Bulletin
Risky Bulletin: A tenth of all new domains last year were malicious
In other news: Hackers hijack Instagram accounts with Meta's own AI; FSB unmasks Western spyware plot; Red Hat npm packages compromised.
Risky Bulletin
Risky Bulletin: Russia greatly expands SORM surveillance requirements
In other news: NIST is looking for new PQC algorithms; ENSOC launches in Europe; new PAN firewall bug exploited in the wild.
Risky Bulletin
Risky Bulletin: Dutch police take down giant botnet of 17 million devices
In other news: US military staff tracked with adtech location data; Google engineer arrested for Polymarket bets; unpatched bugs in Gogs and Casdoor IAM.
Risky Bulletin
Risky Bulletin: BadHost vulnerability bypasses authentication on AI infrastructure
In other news: Hackers breach Lithuania's state registry; security firms take down Glassworm botnet; CERT India releases strict patching guideline.
Risky Bulletin
Risky Bulletin: Mythos found thousands of critical bugs
In other news: Hackers breach Russia's SDA disinfo group; GitHub rolls out new npm security features; bulletproof hosting providers raided in the Netherlands.
Risky Bulletin
Risky Bulletin: Microsoft ends SMS MFA for personal accounts
In other news: GitHub hacked via VS Code extension; CISA to let researchers submit new KEV entries; SMS blaster detained at Eurovision.
Risky Bulletin
Risky Bulletin: Microsoft takes down MSaaS used by ransomware gangs
In other news: CISA contractor leaks GovCloud keys; vulnerability exploitation is now the dominant entry vector; Drupal readies security updates for "highly critical" bug.