UK Social Media Ban for Minors Has Privacy Experts Worried
The UK will ban adolescents under 16 years old from user-to-user social media platforms, despite age verification issues and privacy concerns.
Security & Lifecycle News
Aggregated from vendor advisories, security research, and industry publications.
Chrome and Firefox Updated to Patch Critical, High-Severity Vulnerabilities
The browser updates address multiple memory safety bugs that could potentially lead to remote code execution. The post Chrome and Firefox Updated to Patch Critical, High-Severity V…
144 Mastra npm Packages Compromised via Hijacked Contributor Account
As many as 144 npm packages associated with the Mastra namespace ("@mastra/*"), a popular open-source JavaScript and TypeScript framework for building artificial intelligence (AI) …
Tesco is sprinting to quit VMware and Broadcom despite rapid migration risks
Supermarket giant has turned to third-party support as court sets date to hear licensing dispute
Joomla, LiteSpeed Vulnerabilities Exploited in Attacks
The flaws allow attackers to execute arbitrary PHP code and gain root privileges on shared hosting servers. The post Joomla, LiteSpeed Vulnerabilities Exploited in Attacks appeared…
Kodak confirms data breach claimed by ShinyHunters extortion gang
Kodak has confirmed that it's working with external cybersecurity experts to investigate a security breach after hackers gained access to some of the company's data. [...]
3 Recently Patched Fortinet FortiSandbox Vulnerabilities in Hacker Crosshairs
SOCRadar has detected 30,000 compromised Fortinet firewalls that expose networks to hacking. The post 3 Recently Patched Fortinet FortiSandbox Vulnerabilities in Hacker Crosshairs…
Developers build the best tools for developers – and are now defanging the AI menace
Fear and even grief are natural reactions to machines that do your job. The next reactions – acceptance and innovation – are more useful
CISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code Execution
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a maximum-severity security flaw impacting Widget Factory Joomla Content Editor (JCE) to its Known…
Cyberattack sees crops kept in the ground
Bitter harvest for Australia's Mackay Sugar, attacked in peak cane crushing season
Fileless Phantom Stealer Targets Browser Credentials
In addition to executing entirely in memory, the malware's infection chain incorporates other anti-analysis techniques designed to evade detection.
AMD's Mext buy shows how AI could solve the RAM shortage it created
Running low on memory, can't afford more? The House of Zen's latest acquisition puts an AI spin on flash-based memory expansion
Security Community Slams US Ban on Exporting Mythos, Fable
An open letter signed by dozens of security experts asked the government to reverse export restrictions on Anthropic's Claude Fable 5 and Mythos 5 models.
Malicious JetBrains Marketplace plugins steal AI API keys from developers
At least 15 malicious plugins found on the JetBrains Marketplace were designed to steal AI API keys from developers. [...]
The new Siri makes one of Apple's most convenient OS features a cumbersome mess
Goodbye, useful Spotlight; hello force-fed Apple intelligence bloatware that feels distressingly like Google AI Overviews
Python dev saved from disaster by intuition... and AI
I'm sorry, Dave. I can't install that repo that will totally hose your system
New Rokarolla Android malware targets 217 banking, crypto apps
A new Android banking trojan named Rokarolla is targeting 217 banking and cryptocurrency applications using an extensive set of 137 commands. [...]
Intel-born networking tech resurfaces as InfiniBand alternative for DoE supers
Omni-Path lights up Lawrence Livermore system at 400 Gbps
Google Vertex AI SDK Flaw Let Attackers Hijack Model Uploads via Bucket Squatting
A flaw in the Google Cloud Vertex AI SDK for Python let an attacker with no access to a victim's project hijack the victim's machine learning model upload and run code inside Googl…
AI and brain-computer interface allow speechless ALS patient to work a full-time job
The hardware isn't new, but a UC Davis research team's machine learning-powered method of translating brain activity in an ALS patient into sentences with 92% accuracy is
Steam Workshop abused to spread malware via Wallpaper Engine app
Threat actors are abusing Steam Workshop, Valve's community hub for downloading game-related content, to push various malware hidden in wallpaper packages. [...]
Three critical Fortinet sandbox bugs splattered by unknown attackers
All have patches, so make sure you upgrade to a fixed version
SprySOCKS Windows Variant Abuses Kernel Drivers to Evade Detection
FishMonger, a China-nexus threat group, has deployed an undocumented version of the Linux backdoor against government targets in Honduras, Taiwan, Thailand, and Pakistan.
Commodore gets into the phone biz with Sailfish-powered retro 'Callback'
Ships sans email, web, or socials, but with plenty of beige plastic
Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, and Cisco Catalys…
ClickFix Campaigns Expand Malware Delivery With New Loaders and Fake Update Lures
Cybersecurity researchers have flagged multiple ClickFix campaigns that deliver three malware loaders called BabaDeda Loader, Lorem Ipsum Loader, and Potemkin, per independent repo…
Rokarolla Android Trojan Levels Up to Full Device Control, Persistence
The emerging malware, spread via fake TikTok and Chrome downloads, has evolved by combining banking fraud with extensive device surveillance and remote control.
HPE product barrage targets AI networks, agents, management
HPE has rolled out a super-sized package of hardware and software aimed at helping enterprise customers build and manage large AI infrastructures from the data center to the edge. …
HS135: AI Spyware in Chrome Spotlights Attractions of DaaS
VDI (Virtual Desktop Infrastructure) and Desktop as a Service (DaaS) have been arriving “real soon now” for the past couple of decades. Will the advent of vendors’ AI spyware (as G…
There's no such thing as an agentic CPU
AI agents are a general-purpose workload no different from any other