News

Hi folks,

I think last week was the first time I ever skipped an issue. My grandfather passed away, so priorities changed. Fortunately he passed without pain, in his sleep, at the worthy age of 98. We had a beautiful service honoring the man he was and the family he built, and are now getting back on track.

For this issue I had the choice of either focusing on the last seven days of news, or focus on the last two weeks but only highlight articles, not summarise them. I went for the latter option, because I want to make sure I didn't miss anything big. So here are the stories of the last two weeks that jumped out to me.

Have a good week my friends,

Dieter


  • GitHub tightens npm security with mandatory 2FA, access tokens: link.
  • As many as 2 million Cisco devices affected by actively exploited 0-day: link.
  • Hackers steal sensitive Red Hat customer data after breaching GitLab repository: link.
  • New EDR-Freeze tool uses Windows WER to suspend security software: link.
  • Supermicro server motherboards can be infected with unremovable malware: link.

  • Chinese hackers exploiting VMware zero-day since October 2024: link.

  • CISA warns of critical Linux Sudo flaw exploited in attacks: link.
  • Microsoft warns of new XCSSET macOS malware variant targeting Xcode devs: link.
  • Redis warns of critical flaw impacting thousands of instances: link.
  • Steam and Microsoft warn of Unity flaw exposing gamers to attacks: link.

  • Signal adds new cryptographic defense against quantum attacks: link.

  • Potential EU law sparks global concerns over end-to-end encryption for messaging apps: link.
  • Microsoft will offer free Windows 10 extended security updates in Europe: link.
  • Microsoft Outlook stops displaying inline SVG images used in attacks: link.
  • Gmail business users can now send encrypted emails to anyone: link.

  • Google's new AI bug bounty program pays up to $30,000 for flaws: link.

  • Zeroday Cloud hacking contest offers $4.5 million in bounties: link.
  • Dutch teens arrested for trying to spy on Europol for Russia: link.
  • UK govt backs JLR with £1.5 billion loan guarantee after cyberattack: link.
  • ParkMobile pays... $1 each for 2021 data breach that hit 22 million: link.

That's it for this week (/the last two weeks). Thank you for reading, and thank you to 1Password for their support. See you next week!

Dieter