News
Hi folks,
I think last week was the first time I ever skipped an issue. My grandfather passed away, so priorities changed. Fortunately he passed without pain, in his sleep, at the worthy age of 98. We had a beautiful service honoring the man he was and the family he built, and are now getting back on track.
For this issue I had the choice of either focusing on the last seven days of news, or focus on the last two weeks but only highlight articles, not summarise them. I went for the latter option, because I want to make sure I didn't miss anything big. So here are the stories of the last two weeks that jumped out to me.
Have a good week my friends,
Dieter
- GitHub tightens npm security with mandatory 2FA, access tokens: link.
- As many as 2 million Cisco devices affected by actively exploited 0-day: link.
- Hackers steal sensitive Red Hat customer data after breaching GitLab repository: link.
- New EDR-Freeze tool uses Windows WER to suspend security software: link.
Supermicro server motherboards can be infected with unremovable malware: link.
Chinese hackers exploiting VMware zero-day since October 2024: link.
- CISA warns of critical Linux Sudo flaw exploited in attacks: link.
- Microsoft warns of new XCSSET macOS malware variant targeting Xcode devs: link.
- Redis warns of critical flaw impacting thousands of instances: link.
Steam and Microsoft warn of Unity flaw exposing gamers to attacks: link.
Signal adds new cryptographic defense against quantum attacks: link.
- Potential EU law sparks global concerns over end-to-end encryption for messaging apps: link.
- Microsoft will offer free Windows 10 extended security updates in Europe: link.
- Microsoft Outlook stops displaying inline SVG images used in attacks: link.
Gmail business users can now send encrypted emails to anyone: link.
Google's new AI bug bounty program pays up to $30,000 for flaws: link.
- Zeroday Cloud hacking contest offers $4.5 million in bounties: link.
- Dutch teens arrested for trying to spy on Europol for Russia: link.
- UK govt backs JLR with £1.5 billion loan guarantee after cyberattack: link.
- ParkMobile pays... $1 each for 2021 data breach that hit 22 million: link.
That's it for this week (/the last two weeks). Thank you for reading, and thank you to 1Password for their support. See you next week!