news
Security and Windows TCO Leftovers
-
Scoop News Group ☛ CISA director pick Sean Plankey withdraws his nomination
Plankey had been waiting for more than a year, prompting the request to withdraw him as the one tapped to lead an agency now in further upheaval.
-
Federal News Network ☛ Plankey withdraws as CISA nominee
Plankey asked to be withdrawn, saying "it has become clear" the Senate won't confirm him after 13 months since his initial nomination to be CISA director.
-
Security Week ☛ Oracle Patches 450 Vulnerabilities With April 2026 CPU
The company released 481 new security patches across 28 product families, including over 300 fixes for remotely exploitable, unauthenticated flaws.
-
Security Week ☛ Are SBOMs Failing? Supply Chain Attacks Rise as Security Teams Struggle With SBOM Data
Researcher says the missing piece is a governance-driven intelligence layer that turns SBOM and VEX data into explainable security decisions.
-
Security Week ☛ Mirai Botnet Targets Flaw in Discontinued D-Link Routers
The exploitation of the command injection vulnerability started one year after public disclosure and PoC exploit code publication.
-
Security Week ☛ After Bluesky, Mastodon Targeted in DDoS Attack
The DDoS attack caused a major outage, but Mastodon mitigated it within a few hours.
-
Security Week ☛ North Korean Hackers Use AppleScript, ClickFix in Fresh macOS Attacks
The campaigns focus on financial organizations, including cryptocurrency, venture capital, and blockchain entities.
-
Citizen Lab ☛ The Hack That Exposed Syria’s Sweeping Security Failures
Senior researcher Noura Aljizawi spoke to WIRED about a hack that revealed Syria’s fragile cybersecurity.
-
LWN ☛ Security updates for Wednesday
Security updates have been issued by Debian (firefox-esr, flatpak, ngtcp2, ntfs-3g, packagekit, python-geopandas, simpleeval, strongswan, and xdg-dbus-proxy), Fedora (chromium, cups, curl, jq, opkssh, perl-Net-CIDR-Lite, python-cbor2, python-pillow, tinyproxy, xdg-dbus-proxy, and xorg-x11-server-Xwayland), Slackware (libXpm and mozilla), SUSE (botan, chromium, clamav, cockpit, cockpit-machines, cockpit-packages, cockpit-podman, cockpit-subscriptions, dovecot24, firefox, flatpak, freeipmi, gdk-pixbuf, glibc, gnome-remote-desktop, go1.25, go1.26, go1.26-openssl, google-cloud-sap-agent, gosec, graphicsmagick, haproxy, kernel, libpng16, libraw, libtasn1, libvncserver, ncurses, nebula, nodejs24, openssl-3, ovmf, pam, pcre2, perl-Authen-SASL, pgvector, plexus-utils, podman, python-cbor2, python-cryptography, python-django, python-gi-docgen, python-pypdf2, python-python-multipart, python311, python311-PyPDF2, python313, qemu, roundcubemail, rust1.94, sqlite3, strongswan, systemd, tar, tigervnc, util-linux, vim, webkit2gtk3, xorg-x11-server, xwayland, and zlib), and Ubuntu (commons-io, libcap2, ntfs-3g, and rapidjson).
-
CIQ Bets on Compliance: Can Enterprise Linux Really Deliver Federal Crypto and Post-Quantum Readiness?
CIQ has launched what it claims is the first Enterprise Linux compliance platform built for federal cryptographic validation and post-quantum readiness [1]. The move targets a gap in security assurance for regulated enterprises and government agencies, but the real test will be whether CIQ can keep pace with rapidly evolving standards and the operational complexity that comes with them.
-
Security Week ☛ New Wiper Malware Targeted Venezuelan Energy Sector Prior to US Intervention
Dubbed Lotus Wiper, the malware targets recovery mechanisms, overwrites drives, and systematically deletes files.
-
Security Week ☛ Google Antigravity in Crosshairs of Security Researchers, Cybercriminals
Researchers discovered a remote code execution vulnerability and cybercriminals are using its reputation to deliver malware.
-
Tom's Hardware ☛ Iran claims US exploited networking equipment backdoors during strikes — says devices from Cisco and others failed despite blackout in attack that 'indicates deep sabotage'
Iranian state media has alleged that equipment from Cisco, Juniper, Fortinet, and MikroTik failed during U.S. and Israeli military operations against Iran.
-
LWN ☛ A flood of useful security reports
The idea of using large language models (LLMs) to discover security problems is not new. Google's Project Zero investigated the feasibility of using LLMs for security research in 2024. At the time, they found that models could identify real problems, but required a good deal of structure and hand-holding to do so on small benchmark problems. In February 2026, Anthropic published a report claiming that the company's most recent LLM at that point in time, Claude Opus 4.6, had discovered real-world vulnerabilities in critical open-source software, including the Linux kernel, with far less scaffolding. On April 7, Anthropic announced a new experimental model that is supposedly even better; they have partnered with the Linux Foundation to supply to some open-source developers with access to the tool for security reviews. LLMs seem to have progressed significantly in the last few months, a change which is being noticed in the open-source community.
Only a few days after Anthropic's February report, Daniel Stenberg gave a keynote at FOSDEM complaining about the poor quality of LLM-generated security reports. The curl project had been dealing with a number of "security reports" that were simply wrong, a trend that other open-source projects were seeing as well. Two months later, Stenberg is now spending hours per day looking at ""really good"" LLM-generated security reports. He finds it hard to complain about the workload when the reports point out real security problems, but the high volume of reports causes its own problems.
-
Windows TCO / Windows Bot Nets
-
Tom's Hardware ☛ Ransomware negotiator pleads guilty after leaking victims' insurance details to 'BlackCat' hackers — perp gave attackers a precise picture of exactly how much each target could afford to pay
Martino, of Land O’Lakes, Florida, is the third and final member of a trio of cybersecurity professionals charged in the scheme.
-
Bleeping Computer ☛ New GoGra malware for Linux uses Microsoft Graph API for comms
A Linux variant of the GoGra backdoor uses legitimate Microsoft infrastructure, relying on an Outlook inbox for stealthy payload delivery.
-
Broadcom Inc ☛ Harvester: APT Group Expands Toolset With New GoGra Linux Backdoor
One of the most notable features of this new backdoor is its abuse of legitimate Microsoft cloud infrastructure. The inner i386 implant comes equipped with hardcoded, plaintext Azure AD application credentials, including a tenant ID, client ID, and client secret. These credentials allow the malware to request OAuth2 tokens from Microsoft.
-