news
Security, Windows TCO, and GitHub Code Execution Vulnerability
-
Security Week ☛ Chrome 138, Firefox 140 Patch Multiple Vulnerabilities
Chrome 138 and Firefox 140 are rolling out with fixes for two dozen vulnerabilities, including high-severity memory safety issues.
-
Hackaday ☛ NREL Maps Out US Data Infrastructure
Spending time as wee hackers perusing the family atlas taught us an appreciation for a good map, and [Billy Roberts], a cartographer at NREL, has served up a doozy with a map of the data center infrastructure in the United States. [via LinkedIn]
-
Security Week ☛ Prometei Botnet Activity Spikes
Palo Alto Networks has observed a spike in Prometei activity since March 2025, pointing to a resurgence of the botnet.
-
Security Week ☛ Chinese APT Hacking Routers to Build Espionage Infrastructure
A Chinese APT has been infecting SOHO routers with the ShortLeash backdoor to build stealthy espionage infrastructure.
-
Windows TCO / Windows Bot Nets
-
The Register UK ☛ Four REvil ransomware crooks walk free after admitting guilt
Andrey Bessonov, Mikhail Golovachuk, Roman Muromsky, and Dmitry Korotayev were all handed five-year sentences to a so-called "general regime penal colony" on Monday, although they were released on time served.
-
Security Week ☛ Russian APT Hits Ukrainian Government With New Malware via Signal
The backdoor relies on a COM-hijacking method within the Windows registry to persist even after system reboots.
-
The Record ☛ Ransomware attack contributed to patient’s death, says Britain’s NHS
A ransomware attack that disrupted blood testing across several hospitals in London last year contributed to a patient’s death, according to the National Health Service (NHS).
-
IT Wire ☛ Lessons from Black Basta – How to protect against evolving ransomware threats
Crucially though, ransomware groups are largely opportunistic. They no longer focus solely on large companies, they simply look to exploit easy targets – organisations with poor cyber hygiene, unpatched vulnerabilities, and gaps in their attack surface management. This makes organisations with weak security postures particularly vulnerable and a highly desirable target. The cost of failing to strengthen cyber resilience is growing, and organisations can no longer afford to take a reactive approach.
-
-
Entrapment (Microsoft GitHub)
-
Security Week ☛ Code Execution Vulnerability Patched in GitHub Enterprise Server
An initial fix for the security defect was found incomplete, allowing attackers to exploit the issue in certain cases, and a new patch was rolled out, the Microsoft-owned platform says.
-