news
Security Leftovers
-
Harish Pillay ☛ pwn2own success stories
Kudos to the team from STAR Labs SG on topping the leaderboard of the recently concluded pwn2own held in Berlin and walking away with US$320K all together. It is really heartening to see skills like these are fostered and celebrated here.
-
Security Week ☛ Thousands Hit by The North Face Credential Stuffing Attack
Threat actors steal personal information from thenorthface.com user accounts in a recent credential stuffing campaign.
-
Security Week ☛ Google Warns of Vishing, Extortion Campaign Targeting Salesfarce Customers
A financially motivated threat actor employing vishing to compromise Salesfarce customers, and extort them.
-
Security Week ☛ Victoria’s Secret Says It Will Postpone Earnings Report After Recent Security Breach
Victoria’s Secret is postponing the release of its quarterly earnings following a security breach that disrupted the popular lingerie brand’s corporate operations.
-
Federal News Network ☛ CISA at a crossroads amid workforce cuts, paused partnerships
Sean Plankey, the nominee for CISA director, faces the prospect of leading an agency that's lost one-third of its workforce in just a few months.
-
Harish Pillay ☛ It is 2025 and “open source is insecure” myths continues [Ed: Maybe stop reading a Microsoft site for information then]
I came across a post on linkedin with the heading “Why CIOs and CTOs Must Rethink Open Source AI: Lesons from DeepSeek’s Security Challenges“.
-
APNIC ☛ Building NetEdit: Managing eBPF programs at scale at Meta
Guest Post: How to efficiently develop and manage eBPF programs at massive scale without sacrificing performance or availability.
-
Security Week ☛ Ramnit Malware Infections Spike in OT as Evidence Suggests ICS Shift
Industrial giant Honeywell has published its 2025 Cybersecurity Threat Report with information on the latest trends.
-
Qubes Canary 043
We have published Qubes Canary 043. The text of this canary and its accompanying cryptographic signatures are reproduced below. For an explanation of this announcement and instructions for authenticating this canary, please see the end of this announcement.
-
Windows TCO / Windows Bot Nets
-
Silicon Angle ☛ CrowdStrike faces federal scrutiny following global backdoored Windows outage
CrowdStrike Holdings Inc. has revealed that it’s cooperating with ongoing U.S. federal investigations into its July 2024 outage that disrupted computer systems worldwide. The company said the Justice Department and the Securities and Exchange Commission have requested information related to the incident and other matters in a filing with the SEC.
-