China's Webworm Uses Discord, Microsoft Graphs to Hack EU Governments
The advanced persistent threat group also relied on SOCKS proxies like SoftEther VPN, tunneling tools that act as a middleman between victim and attacker.
Security & Lifecycle News
Aggregated from vendor advisories, security research, and industry publications.
Marketing demanded IT add website feature that was already working
Techie regrets not taking credit for getting it done with amazing speed
CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two security flaws impacting Langflow and Trend Micro Apex One to its Known Exploited Vulnerabili…
Cisco used AI to write security incident reports, with mixed results
You’ll need a lot of detailed prompts to get solid output - and even then it may have errors and typos
Cisco Patches CVSS 10.0 Secure Workload REST API Flaw Enabling Data Access
Cisco has rolled out updates for a maximum-severity security flaw impacting Secure Workload that could allow an unauthenticated, remote attacker to access sensitive data. Tracked …
Alibaba just admitted it’s struggling to keep up with rival chipmakers and AI shops
Reveals decent new homegrown accelerator and tiny production volumes
Dems slam Trump for making cybersecurity hold out the tin cup while splurging on ballroom and Jan. 6 'slush fund'
'Budgets are moral documents,' Rep. Delia Ramirez said
Critical vulnerability in Cisco Secure Workload rated at maximum severity
A critical vulnerability in the on-premises version of the Cisco Secure Workload security platform could allow a threat actor to obtain the privileges of a site admin, enabling the…
Alleged Kimwolf Botmaster ‘Dort’ Arrested, Charged in U.S. and Canada
Canadian authorities on Wednesday arrested a 23-year-old Ottawa man on suspicion of building and operating Kimwolf, a fast spreading Internet-of-Things botnet that enslaved million…
Google explains how it will infuse ads into AI answers
Just like in The Truman Show
How CISOs Should Prep for Agentic-Ready AI BOMs
Finding ways to document both component and execution attributes for AI bills of materials (AI BOMs).
Threat hunters find Google API keys still usable 23 minutes after deletion
Plenty of time for cyber crims to grab data or hit you with a giant bill
Google API Keys Remain Active After Deletion
A security researcher discovered the API keys can still be used for up to 23 minutes after deletion, even though the cloud provider claims deletion is immediate.
Npm registry sets stage for more secure package publishing
All the world's a stage, and all the packages are merely players
HackerOne takes an axe to its bug bounty rewards
Critical flaw payouts slashed by more than 75%
Cisco’s new certs are a wake-up call for AI-era network engineers
Cisco is reshaping its certification portfolio to reflect an AI-first world, with major updates to CCNA and CCIE that explicitly bake AI, automation, and “human skills” into the le…
Microsoft plans significant update to Windows Secure Boot
Microsoft is about to make a significant upgrade to its Secure Boot system, and if enterprise customers have not gotten started on the upgrade, they are already behind. Secure B…
Google accidentally exposed details of unfixed Chromium flaw
Google has accidentally leaked details about an unfixed issue in Chromium that keeps JavaScript running in the background even when the browser is closed, allowing remote code exec…
Seattle Shield, an intelligence-sharing network operated by the Seattle police
Article URL: https://prismreports.org/2026/05/20/seattle-shield-private-companies-surveillance/ Comments URL: https://news.ycombinator.com/item?id=48226588 Points: 492 # Comments: …
AI is getting expensive, but relief is on the way - just not for you
New hardware promises greater efficiency, user experiences, and most importantly larger margins
LIU015: Eyvonne Sharp: From Farm Roots to the Cloud
Today’s guest is Eyvonne Sharp, a Google Cloud technical leader, Network Collective co-founder, co-host of The Cloud Gambit podcast, and former network architect at a Fortune 100. …
Deus ex machina: Half of US Christians trust AI's spiritual advice
AI sycophancy + spirituality = uh oh
macOS Kernel Memory Corruption Exploit
A group used Anthropic’s Mythos AI model to help find a kernel memory corruption vulnerability and exploit on Apple’s M5. News article.
AI Agents Are Shifting Identity Security Budget Dynamics
AI agent projects are proliferating throughout the enterprise, and those AI agent identities require management, security, and governance. New Omdia research shows the AI agent ide…
Apple blocked over $11 billion in App Store fraud in 6 years
Apple revealed that it blocked over $11 billion in fraudulent App Store transactions over the last six years, more than $2.2 billion in potentially fraudulent App Store transaction…
Flipper One wants to be the Linux multi-tool in your pocket
Not a Zero successor, ARM box aims for openness, but shipping remains the hard part
Web devs sleeping with the enemy: AI is doing their job and they worry it's after their desk too
Most software engineers now use AI for most of their code and fear the existential threat
Showboat Linux Malware Hits Middle East Telecom with SOCKS5 Proxy Backdoor
Cybersecurity researchers have disclosed details of a new Linux malware dubbed Showboat that has been put to use in a campaign targeting a telecommunications provider in the Middle…
Inside a Crypto Drainer: How to Spot it Before it Empties Your Wallet
Modern crypto drainers don't hack wallets. They trick users into approving malicious transactions. Flare explores how the Lucifer DaaS platform scales wallet theft through phishin…
Chinese APTs Share Linux Backdoor in Central Asia Telco Attacks
"Showboat" doesn't show off, but clearly it doesn't need to, as it's long helped China spy on small market communications providers.