Catching up on two weeks worth of news.  

News

Hi folks,

I think last week was the first time I ever skipped an issue. My grandfather passed away, so priorities changed. Fortunately he passed without pain, in his sleep, at the worthy age of 98. We had a beautiful service honoring the man he was and the family he built, and are now getting back on track.

For this issue I had the choice of either focusing on the last seven days of news, or focus on the last two weeks but only highlight articles, not summarise them. I went for the latter option, because I want to make sure I didn't miss anything big. So here are the stories of the last two weeks that jumped out to me.

Have a good week my friends,

Dieter

  • GitHub tightens npm security with mandatory 2FA, access tokens: link.
  • As many as 2 million Cisco devices affected by actively exploited 0-day: link.
  • Hackers steal sensitive Red Hat customer data after breaching GitLab repository: link.
  • New EDR-Freeze tool uses Windows WER to suspend security software: link.

  • Supermicro server motherboards can be infected with unremovable malware: link.

  • Chinese hackers exploiting VMware zero-day since October 2024: link.

  • CISA warns of critical Linux Sudo flaw exploited in attacks: link.
  • Microsoft warns of new XCSSET macOS malware variant targeting Xcode devs: link.
  • Redis warns of critical flaw impacting thousands of instances: link.

  • Steam and Microsoft warn of Unity flaw exposing gamers to attacks: link.

  • Signal adds new cryptographic defense against quantum attacks: link.

  • Potential EU law sparks global concerns over end-to-end encryption for messaging apps: link.
  • Microsoft will offer free Windows 10 extended security updates in Europe: link.
  • Microsoft Outlook stops displaying inline SVG images used in attacks: link.

  • Gmail business users can now send encrypted emails to anyone: link.

  • Google's new AI bug bounty program pays up to $30,000 for flaws: link.

  • Zeroday Cloud hacking contest offers $4.5 million in bounties: link.
  • Dutch teens arrested for trying to spy on Europol for Russia: link.
  • UK govt backs JLR with £1.5 billion loan guarantee after cyberattack: link.
  • ParkMobile pays... $1 each for 2021 data breach that hit 22 million: link.

That's it for this week (/the last two weeks). Thank you for reading, and thank you to 1Password for their support. See you next week!

Dieter

No spam, ever. We'll never share your email address and you can opt out at any time.