Consultant mistakenly deleted a ton of data – but reported it as a bug
And he got away with it too!
Security & Lifecycle News
Aggregated from vendor advisories, security research, and industry publications.
VS Code Adds 2-Hour Extension Auto-Update Delay to Limit Supply Chain Attacks
Microsoft has announced that Visual Studio Code (VS Code) will apply a two-hour delay before extensions for the integrated development environment (IDE) are updated automatically t…
Over 20,000 Instagram accounts stolen in Meta AI support hack
Meta has revealed that 20,225 Instagram users had their accounts hijacked in a recent incident where attackers used Meta's AI-powered support system to reset passwords. [...]
Hands on with Intelligent Terminal, an AI-powered Windows Terminal
Microsoft has created an open-source fork of Windows Terminal called "Intelligent Terminal," and it allows you to use AI directly inside Terminal without interfering with the regul…
Our systems editor flew all the way to Taiwan and still couldn't get away from AI
Every show now is an AI show, and that included this year's Computex
C0XMO botnet spreads via DD-WRT router flaw, kills rival malware
A new variant of the Gafgyt botnet called C0XMO is targeting DD-WRT router firmware and can move to other device types with various CPU architectures. [...]
Silent Ransom Group targets law firms with fake IT support calls
The Silent Ransom Group extortion gang is actively targeting U.S. law firms and professional services organizations in social engineering attacks that often lead to data theft with…
Emphere Raises $2.1 Million for AI-Powered Vulnerability Remediation
Emphere’s solution delivers AI-driven remediation to software companies to speed up releases. The post Emphere Raises $2.1 Million for AI-Powered Vulnerability Remediation appeared…
Brit maritime agency heralds fresh global rules for crewless cargo ships
If you thought driverless cars were bad, imagine a 200,000 ton container ship
Home Office ditches legacy asylum database, keeps the spreadsheets
Years into a major IT overhaul, MPs say the department still lacks reliable view of what is happening across the asylum system
England's exam watchdog frets over smart specs turning GCSEs into Google searches
Ofqual says smart glasses, hidden earpieces, and AI tools are creating a new generation of cheating headaches
Critical Everest Forms Pro flaw exploited to take over WordPress sites
Hackers are actively exploiting a critical vulnerability (CVE-2026-3300) in the Everest Forms Pro plugin, which lets them take complete control of a WordPress website. [...]
New ChatGPT Lockdown Mode Limits Tools That Could Enable Data Exfiltration
OpenAI has begun rolling out a new Lockdown Mode to ChatGPT for eligible personal accounts to reduce the risk of data exfiltration arising from prompt injection attacks. The featu…
Opal Security Raises $23 Million for AI-Native Identity Governance
Raising $59 million to date, Opal also announced five senior leadership appointments. The post Opal Security Raises $23 Million for AI-Native Identity Governance appeared first on …
Free Apps Are Quietly Turning Smart TVs Into Web-Scraping Proxies for AI
A researcher has reverse-engineered the iOS SDK that Bright Data embeds in consumer apps and documented how it turns devices, including always-on smart TVs, into exit nodes that re…
CISA Adds Actively Exploited SolarWinds Serv-U DoS Flaw to KEV Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity security flaw impacting SolarWinds Serv-U multi-protocol file server software to its Kno…
AI Agent Uncovers 21 Zero-Days in FFmpeg; Chrome Patches Record 429 Bugs
Two things landed within days of each other this week. A security startup reported 21 previously unknown vulnerabilities in FFmpeg, the media library inside almost everything that …
Oxford Uni student data pwned yet again - this time via career platform breach
Totally different attack from the break-in last month. Oh so that's OK then
Miasma Worm Hits 73 Microsoft GitHub Repositories in Major Supply Chain Attack
Microsoft's GitHub repositories have become the latest to fall victim to the ongoing Miasma self-replicating supply chain attack campaign. The incident impacted 73 Microsoft repos…
Cisco Catalyst SD-WAN Manager CVE-2026-20245 Flaw Actively Exploited – No Patch Available
Cisco has warned that a high-severity security flaw impacting Catalyst SD-WAN Manager has come under active exploitation. The vulnerability, tracked as CVE-2026-20245, carries a C…
Start spreading the news: Datacenters may face one-year ban in NY
The bill awaits Gov. Hochul's signature after passing the state legislature
Suspicious Polyfill login prompts pop up on Toshiba, Muji websites
Tech giant Toshiba and mega-retailer Muji warned visitors that suspicious sign-in screens popping up on their websites could collect credentials. [...]
If you don't fall for these extortionists' calls, they'll show up with USB sticks
When 'Chatty Spider' morphs into tech services cosplay spider
New data center routing design cuts AWS networking energy costs by 40%, Amazon claims
Amazon has started deploying a completely new routing architecture in AWS data centers which it says will deliver higher throughput from fewer physical switches while slashing elec…
HN830: Tailscale CEO on WireGuard, Zero Trust, and Securing AI (Sponsored)
If you think Tailscale is just a VPN for the home lab, think again. On today’s sponsored episode Ethan and Drew are joined by Tailscale CEO Avery Pennarun. Avery explains how the c…
CISA: Hackers now exploit SolarWinds Serv-U flaw to crash servers
CISA warned today that hackers are now actively exploiting a recently patched high-severity SolarWinds Serv-U flaw to crash servers. [...]
Exposed Fuel Tank Gauges Under Attack in the US
Threat actors are taking advantage of Internet-exposed tank gauges by breaching gas stations, opening the door to disruption.
TNO064: The Realities of Running SONiC at Scale
Scott is joined by Brett Lykins, a Senior Systems Development Engineer at Amazon. Brett works with software-defined infrastructure built around SONiC (Software for Open Networking …
Chinese APT deploys new malware to keep access to hacked networks
A Chinese espionage group tracked as UNC5221 has been accessing Microsoft 365 environments using the Brickstorm backdoor and previously undocumented malware named Plenet and AgentP…
IronWorm and New Miasma Worm Variant Hit npm in Supply Chain Attacks
Multiple software supply chain attacks have hit the npm ecosystem, with threat actors using both malicious and poisoned versions of over 50 legitimate packages to distribute a Rust…