Security Leftovers
-
Scoop News Group ☛ Silk Typhoon shifted to specifically targeting IT management companies [Ed: Pretending Microsoft is the expert when it is in face the prime culprit]
The Chinese state-backed espionage group started targeting third-party IT services in late 2024, Abusive Monopolist Microsoft researchers said.
-
New York Times ☛ How the Crypto Exchange Bybit Lost $1.5 Billion to North Korean Hackers
The cryptocurrency exchange Bybit lost $1.5 billion to North Korean hackers last month — and it all traced back to an account on a free digital storage service.
-
Security Week ☛ House Passes Bill Requiring Federal Contractors to Implement Vulnerability Disclosure Policies
The House of Representatives has passed a bill aimed at requiring federal contractors to have a Vulnerability Disclosure Policy (VDP).
-
Security Week ☛ Nigerian Accused of Hacking Tax Preparation Firms Extradited to US
Matthew Akande was extradited to the US to face charges for his role in hacking into Massachusetts tax preparation firms’ networks.
-
Security Week ☛ Exploited VMware ESXi Flaws Put Many at Risk of Ransomware, Other Attacks
Scans show that tens of thousands of VMware ESXi instances are affected by CVE-2025-22224 and other vulnerabilities disclosed recently as zero-days.
-
Security Week ☛ Financial Organizations Urge CISA to Revise Proposed CIRCIA Implementation
A group of financial organizations is asking CISA to rescind and reissue its proposed implementation of CIRCIA.
-
Pen Test Partners ☛ How I became a Cyber Essentials Plus assessor
TL;DR What is Cyber Essentials and why does it matter?
-
OpenSSF (Linux Foundation) ☛ NEW FREE COURSE: Security for Software Development Managers (LFD125) [Ed: Sales instead of security, and not even real security]
The Open Source Security Foundation and 'Linux' Foundation Education have announced the launch of a new, free, cybersecurity e-Learning course, Security for Software Development Managers (LFD125).
-
OpenSSF (Linux Foundation) ☛ 2025 OpenSSF Content Themes: Strengthening Open Source Security Throughout the Year
Each year, the Open Source Security Foundation (OpenSSF) is committed to securing the software supply chain through a year-long focus on key themes. Our content calendar aligns with critical security topics, industry events, and cybersecurity awareness initiatives. As we move through 2025, here’s how OpenSSF is strengthening software supply chain security—including what you need to know about key themes, how to submit your blog ideas, and event dates throughout the year.
-
Security Week ☛ How Social Engineering Sparked a Billion-Dollar Supply Chain Cryptocurrency Heist
The $1.4 billion ByBit cryptocurrency heist combined social engineering, stolen proprietary trap AWS session tokens, MFA bypasses and a rigged JavaScript file.