news
Security and Windows TCO Leftovers
-
Bryan Lunduke ☛ Number of Accounts Exposed in Hacks Now Nearly 2X Earths Population
Over 3 Million accounts were exposed this last week alone.
-
LWN ☛ Security updates for Monday
Security updates have been issued by Debian (glib2.0, jinja2, kernel, mediawiki, perl, subversion, twitter-bootstrap3, twitter-bootstrap4, and wpa), Fedora (c-ares, chromium, condor, corosync, cri-tools1.29, exim, firefox, matrix-synapse, nextcloud, openvpn, perl-Data-Entropy, suricata, upx, varnish, webkitgtk, yarnpkg, and zabbix), Mageia (giflib, gnupg2, graphicsmagick, and poppler), Oracle (delve and golang, go-toolset:ol8, grub2, and webkit2gtk3), Red Hat (kernel and kernel-rt), SUSE (chromium, fontforge-20230101, govulncheck-vulndb, kernel, liblzma5-32bit, pgadmin4, python311-Django, and python311-PyJWT), and Ubuntu (graphicsmagick).
-
OpenSSF (Linux Foundation) ☛ Tech Talk Preview: Strengthening Open Source Through Security Standards and Global Policy
Open source is the backbone of today’s digital infrastructure—but with great power comes great responsibility. As cybersecurity threats grow in complexity and regulatory landscapes shift globally, open source projects are under increasing pressure to meet stringent security expectations.
-
OpenSSF (Linux Foundation) ☛ Key Takeaways from VulnCon 2025: Insights from the OpenSSF Community [Ed: It is not what it seems]
-
The Straits Times ☛ China accuses US of launching 'advanced' cyberattacks, names alleged NSA agents
Chinese police in the northeastern city of Harbin have accused the United States National Security Agency (NSA) of launching "advanced" cyberattacks during the Asian Winter Games in February, targeting essential industries.
-
The Strategist ☛ Australia can learn from Britain on cyber governance
Australia needs to reevaluate its security priorities and establish a more dynamic regulatory framework for cybersecurity.
-
Silicon Angle ☛ Security certificate lifespans to be reduced to 47 days by 2029 under new industry standard [Ed: It's not even security but "theatre" thereof]
The Certification Authority Browser Forum has voted to reduce Secure Sockets Layer/Transport Layer Security certificates to 47 days by March 2029, in a move that will radically alter existing security practices.
-
Open Source For U ☛ SageMath: Deeper Insights into Cybersecurity
In the previous article in this SageMath series (published in the January 2025 issue of OSFY), we concluded our discussion of classical encryption techniques and moved on to the exploration of modern cryptography by looking at symmetric-key cryptography. In this ninth article in the series, we will continue the focus on symmetric-key cryptography.
-
Security Week ☛ Threat Actor Allegedly Selling Fortinet Firewall Zero-Day Exploit
A threat actor claims to offer a zero-day exploit for an unauthenticated remote code execution vulnerability in Fortinet firewalls.
-
Security Week ☛ Huntress Documents In-The-Wild Exploitation of Critical Gladinet Vulnerabilities
The flaw, tagged as CVE-2025-30406, was added to CISA’s Known Exploited Vulnerabilities (KEV) catalog in early April.
-
Federal News Network ☛ Lawmakers call on National Archives to investigate use of Signal and Gmail by top government officials
Democrats on the Senate Homeland Security Committee say the reported use of Signal and Gmail by national security officials creates major cybersecurity risks.
-
Windows TCO
-
Security Week ☛ New ‘ResolverRAT’ Targeting Healthcare, Pharmaceutical Organizations
Organizations in the healthcare and pharmaceutical sectors have been targeted with ResolverRAT, a new malware family with advanced capabilities.
-
Security Week ☛ Malicious NPM Packages Target Cryptocurrency, PayPal Users [Ed: NPM is Microsoft, so Microsoft transmits malware again, gets "free pass" from the media]
Threat actors are publishing malicious NPM packages to steal PayPal credentials and hijack cryptocurrency transfers.
-