Risky Bulletin
Risky Bulletin: The FortiBleed incident is so much worse than a simple credentials leak
In other news: White House EO sets out 2031 PQC deadline; Meta leaks employee keystroke data; a third of Samsung and LG TVs act as proxies.
Risky Bulletin
Risky Bulletin
Risky Bulletin: Klue breach impacts security firms
In other news: Hacker breaches Brazil's national alert system; North Korean hackers are behind the Mastra supply chain attack; new unfixable exploit in Apple's A12/A13 chips.
Risky Bulletin
Risky Bulletin: Canada’s spy agency allowed to remove a botnet from Canadian devices
In other news: A bunch of Fortinet creds leak online; supply chain attack hits Mastra AI framework; Europol disrupts SocGolish.
Risky Bulletin
Risky Bulletin: China arrests members of Silver Fox cybercrime group
In other news: EU to help Ukraine in major cyberattacks; MS-ISAC loses 70% of members; SBOM still not widely adopted.
Risky Bulletin
Risky Bulletin: Arch Linux supply chain attack spreads to 1,900+ AUR packages
In other news: FISA S702 expires for the first time since 2008; FBI takes down Chinese phishing service; major supply chain attack hits WordPress ecosystem.
Risky Bulletin
Risky Bulletin: In the age of AI, CISA changes federal patching rules
In other news: House Republican hacked by Russia; ShinyHunters gets a new zero-day; npm to block auto-run install scripts by default.
Risky Bulletin
Risky Bulletin: Meta says NSO violated court order with new campaign targeting WhatsApp
In other news: Security incident at France's Tchap messenger; Putin cuts some Kremlin security cameras; Russia bans foreign login services.
Risky Bulletin
Risky Bulletin: RubyGems adds dependency cooldowns to counter supply chain attacks
In other news: AT&T and IBM accused of hiding foreign hacks; Cisco warns of a new SD-WAN zero-day; Google layoffs hit security teams.
Risky Bulletin
Risky Bulletin: The EU debuts digital sovereignty plan
In other news: American law firm pays a $20m ransom; authorities take down millions of email and social media scam accounts; new HTTP/2 Bomb attack.
Risky Bulletin
Risky Bulletin: A tenth of all new domains last year were malicious
In other news: Hackers hijack Instagram accounts with Meta's own AI; FSB unmasks Western spyware plot; Red Hat npm packages compromised.
Risky Bulletin
Risky Bulletin: Russia greatly expands SORM surveillance requirements
In other news: NIST is looking for new PQC algorithms; ENSOC launches in Europe; new PAN firewall bug exploited in the wild.
Risky Bulletin
Risky Bulletin: Dutch police take down giant botnet of 17 million devices
In other news: US military staff tracked with adtech location data; Google engineer arrested for Polymarket bets; unpatched bugs in Gogs and Casdoor IAM.