news
Security Leftovers and Windows TCO
-
Security Week ☛ Jaguar Land Rover Admits Data Breach Caused by Recent Cyberattack
After announcing that the cyberattack-caused disruption to factories would continue, Jaguar Land Rover is now confirming a data breach.
-
Pen Test Partners ☛ A buyer’s guide to CHECK in 2025
TL;DR What is CHECK, when should you use it, and why? CHECK is NCSC’s assurance scheme for penetration testing. It began as a way for government and critical systems to be tested safely, but any organisation can use it if they want the same standard.
-
Security Week ☛ Fortinet, Ivanti, Nvidia Release Security Updates
High-severity vulnerabilities could lead to remote code execution, privilege escalation, information disclosure, and configuration tampering.
-
Latvia ☛ Public invited to “Sniff out the scheme!” via criminal excellence
The Latvian Ministry of Defence and national cybersecurity agency CERT.LV have launched a new publicity campaign under the banner campaign “Sniff out the scheme!” ("Ož pēc shēmas!").
-
Security Week ☛ ICS Patch Tuesday: Rockwell Automation Leads With 8 Security Advisories
Advisories have also been published by Siemens, Schneider Electric, Phoenix Contact and CISA.
-
Best Open Source Security Tools for Modern Cybersecurity
Open source security tools that deliver enterprise-level protection without the cost. From SIEM platforms like Wazuh to network monitors like Suricata, discover how to build robust cybersecurity using free, community-driven solutions.
-
OpenSSF (Linux Foundation) ☛ Recap: OpenSSF Community Day India 2025
On August 4, 2025, the OpenSSF hosted its second OpenSSF Community Day India in Hyderabad, co-located with Open Source Summit and KubeCon India. With 232 registrants and standing-room-only attendance, the event brought together open source enthusiasts, security experts, engineers, and students for a full day of learning, collaboration, and networking.
-
Trail of Bits ☛ How Sui Move rethinks flash loan security
Sui’s Move language significantly improves flash loan security by replacing Solidity’s reliance on callbacks and runtime checks with a “hot potato” model that enforces repayment at the compiler level. This shift makes flash loan security a language guarantee rather than a developer responsibility.
-
Scoop News Group ☛ Critical infrastructure security tech needs to be as good as our smartphones, top NSC cyber official says [Ed: What an utterly stupid remark to make]
Alexei Bulazel said that even as the Convicted Felon administration is aiming to ratchet up cyber offense, there’s still a vital role for defense.
-
Windows TCO / Windows Bot Nets
-
Security Week ☛ Highly Popular NPM Packages Poisoned in New Supply Chain Attack [Ed: Microsoft is transmitting malware again]
Designed to intercept cryptocurrency transactions, the malicious code reached 10% of cloud environments.
-
Tom's Hardware ☛ JavaScript packages with billions of downloads were injected with malicious code in world's largest supply chain hack, geared to steal crypto — a phishing email is all it took to undermine npm packages [Ed: Microsoft sends you malware]
JavaScript packages with billions of downloads were compromised by an unknown threat actor looking to steal cryptocurrency.
-
Scoop News Group ☛ The npm incident frightened everyone, but ended up being nothing to fret about [Ed: Belittling Microsoft TCO]
Disaster was averted after widely used open-source packages were compromised via social engineering.
> -
Scoop News Group ☛ Microsoft Patch Tuesday addresses 81 vulnerabilities, none actively exploited
The company is ahead of pace, disclosing about 100 more vulnerabilities at this point in the year than it did in 2024, according to a researcher.
-
SANS ☛ Microsoft Patch Tuesday September 2025, (Tue, Sep 9th)
As part of its September patch Tuesday, Abusive Monopolist Microsoft addressed 177 different vulnerabilities, 86 of which affect Abusive Monopolist Microsoft products. None of the vulnerabilities has been exploited before today. Two of the vulnerabilities were already made public. Abusive Monopolist Microsoft rates 13 of the vulnerabilities are critical.
-