Murky Panda hackers exploit cloud trust to hack downstream customers
A Chinese state-sponsored hacking group known as Murky Panda (Silk Typhoon) exploits trusted relationships in cloud environments to gain initial access to the networks and data of downstream customers.
Friday Squid Blogging: Bobtail Squid - Schneier on Security
Nice short article on the bobtail squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy.
I'm Spending the Year at the Munk School - Schneier on Security
This academic year, I am taking a sabbatical from the Kennedy School and Harvard University. (It’s not a real sabbatical—I’m just an adjunct—but it’s the same idea.) I will be spending the Fall 2025 and Spring 2026 semesters at the Munk School at the University of Toronto. I will be organizing a reading group on AI security in the fall. I will be teaching my cybersecurity policy class in the Spring. I will be working with Citizen Lab, the Law School, and the Schwartz Reisman Institute. And I will be enjoying all the multicultural offerings of Toronto...
« Il n’y a pas vraiment de moyen de s’en protéger » : cet outil peut déverrouiller près de 200 modèles de voitures
Une enquête menée par 404 Media révèle les dessous d'un marché peu scrupuleux qui ne cesse d'évoluer. Celui des Flipper Zero, ou plus précisément celui des logiciels que cet outil peut embarquer. Les dernières versions, disponibles à l'achat sous le manteau, permettent de déverrouiller une très large gamme de modèles
Interpol-led crackdown disrupts cybercrime networks in Africa that caused $485 million in losses | CyberScoop
Operation Serengeti 2.0 dismantled almost 11,500 malicious infrastructures between June and August. Officials arrested more than 1,200 alleged cybercriminals.
Fake Mac fixes trick users into installing new Shamos infostealer
A new infostealer malware targeting Mac devices, called 'Shamos,' is targeting Mac devices in ClickFix attacks that impersonate troubleshooting guides and fixes.
CISA warns of Apple zero-day used in targeted cyberattacks
The Cybersecurity and Infrastructure Security Agency (CISA) gave civilian federal agencies until September 11 to implement a fix for CVE-2025-43300 — a vulnerability affecting popular brands of Apple phones, iPads and Macbooks.
Electronics manufacturer Data I/O reports ransomware attack to SEC
The tech manufacturer Data I/O reported a ransomware attack to federal regulators, writing that the incident has taken down critical operational systems.
Over 1,200 arrested in Africa-wide cybercrime crackdown, Interpol says
Authorities across Africa have dismantled large-scale cybercrime and fraud networks, arresting over three months more than 1,200 people suspected of carrying out ransomware attacks, online scams, and business email compromise schemes, Interpol said.
Microsoft: August Windows updates cause severe streaming issues
Microsoft has confirmed that the August 2025 security updates are causing severe lag and stuttering issues with NDI streaming software on some Windows 10 and Windows 11 systems.
AI Agents Need Data Integrity - Schneier on Security
Think of the Web as a digital territory with its own social contract. In 2014, Tim Berners-Lee called for a “Magna Carta for the Web” to restore the balance of power between individuals and institutions. This mirrors the original charter’s purpose: ensuring that those who occupy a territory have a meaningful stake in its governance. Web 3.0—the distributed, decentralized Web of tomorrow—is finally poised to change the Internet’s dynamic by returning ownership to data creators. This will change many things about what’s often described as the “CIA triad” of ...
Sentant le licenciement venir à plein nez, il glisse un malware sur le réseau de son employeur
Un ressortissant chinois vivant dans l'Ohio vient d'être condamné à 4 ans de prison par la justice américaine. Ce développeur de logiciels, un brin revanchard, est reconnu coupable d'avoir implémenté un logiciel malveillant avant d'avoir été licencié par son employeur. Nous sommes en 2007 et Davis Lu, développeur
Massive anti-cybercrime operation leads to over 1,200 arrests in Africa
Law enforcement authorities in Africa have arrested over 1,200 suspects as part of 'Operation Serengeti 2.0,' an INTERPOL-led international crackdown targeting cross-border cybercriminal gangs.