Authentication vs. Privacy
Like many "teeter-totter" issues, there is a give-take relationship between new authentication technologies and privacy rights. Maybe I am biased (or paranoid), but it seems like people's concerns over digital privacy have waned into apathy, and I, for one, don't think this is a good thing. Maybe the privacy we have given up by having free* social media accounts, browser cookies, cheap Chinese IOT devices, and free* email and phone apps have sent us into a neurological state scientists call Learned Helplessness. READ MORE...
OPSEC Nightmare: Leaking US Military Plans to a Reporter
On March 24, Jeffrey Goldberg, editor-in-chief of The Atlantic, reported that US Secretary of Defense Pete Hegseth texted him precise plans via Signal regarding the US's plans to bomb Houthi targets in Yemen. These attacks, Goldberg said, occurred roughly two hours after he received the plans at 11:44 a.m. ET on March 15. In his article, Goldberg said the conversation went on to include the name of an active US intelligence officer as well as, reportedly, sensitive US military strategy. READ MORE...
Researchers back claim of Oracle Cloud breach despite company's denials
Security researchers said they confirmed a breach of Oracle Cloud after a previously unknown threat actor posted an offer to sell more than 6 million records. The technology firm denied the original hacking claim, but CloudSEK presented supporting evidence in a follow-up report released Monday. Researchers said the hacker, identified as "rose87168," successfully exploited a vulnerability in Oracle Cloud's login endpoint, allowing the attacker to access the records. READ MORE...
Fake Booking.com phish uses fake CAPTCHAs to trick hotel staff into downloading malware
A new phishing campaign that uses the fake CAPTCHA websites we reported about recently is targeting hotel staff in a likely attempt to access customer data, according to research from ThreatDown. Here's how it works: Cybercriminals send a fake Booking.com email to a hotel's email address, asking them to confirm a booking. The email is sent only a few days before the check-in-date, which is very likely to create a sense of urgency-a common tactic of scammers. READ MORE...
macOS Users Warned of New Versions of ReaderUpdate Malware
The threat actors behind the macOS malware loader known as ReaderUpdate have built new versions of the threat using the Crystal, Nim, Rust, and Go programming languages, SentinelOne reports. Initially observed in 2020, when it was distributed as a compiled Python binary, the malware has been communicating with a command-and-control (C&C) server at www[.]entryway[.]world, and was seen deploying a payload identified as the Genieo (aka Dolittle and MaxOfferDeal) adware. READ MORE...
Open Source devs say AI crawlers dominate traffic, forcing blocks on entire countries
Software developer Xe Iaso reached a breaking point earlier this year when aggressive AI crawler traffic from Amazon overwhelmed their Git repository service, repeatedly causing instability and downtime. Despite configuring standard defensive measures-adjusting robots.txt, blocking known crawler user-agents, and filtering suspicious traffic-Iaso found that AI crawlers continued evading all attempts to stop them, spoofing user-agents and cycling through residential IP addresses as proxies. READ MORE...
Vulnerability Exploitation Possibly Behind Widespread DrayTek Router Reboots
Users around the world are complaining that routers made by Taiwan-based networking equipment manufacturer DrayTek are rebooting, causing connectivity issues. Many reboots have been documented in the UK and Australia, but there are also reports from Germany, Vietnam, and other countries of various router models rebooting. ISPreview has been tracking the issue in the UK, where many broadband providers have reported significant customer connectivity issues due to DrayTek devices rebooting. READ MORE...
Critical vulnerabilities put Kubernetes environments in jeopardy
Wiz researchers on Monday disclosed the technical details of four critical vulnerabilities - CVE-2025-1097, CVE-2025-1098, CVE-2025-24514 and CVE-2025-1974 - for Ingress NGINX Controller for Kubernetes that enable remote code execution against the popular controller. If exploited, the vulnerabilities could allow a threat actor to access sensitive data about organizations' Kubernetes environments, potentially leading to a full takeover of the clusters. READ MORE...
Broadcom warns of authentication bypass in VMware Windows Tools
Broadcom released security updates today to fix a high-severity authentication bypass vulnerability in VMware Tools for Windows. VMware Tools is a suite of drivers and utilities designed to improve performance, graphics, and overall system integration for guest operating systems running in VMware virtual machines. The vulnerability (CVE-2025-22230) is caused by an improper access control weakness and was reported by Sergey Bliznyuk of Positive Technologies. READ MORE...
- ...in 1812, the term "gerrymander" is coined in a political cartoon published in the Boston Gazette.
- ...in 1930, former Supreme Court Justice Sandra Day O'Connor, the first woman to serve on the Court, is born in El Paso, TX.
- ...in 1931, actor Leonard Nimoy, best known for playing Spock on the original "Star Trek", is born in Boston, MA.
- ...in 1953, Dr. Jonas Salk of the University of Pittsburgh announces that he has successfully tested his polio vaccine.
