Inadequate Database Security: A Darkbeam Case Study | CSA
2023: Darkbeam failed to follow database security best practices, publicly exposing their Elasticsearch & Kibana interface. No data exfiltration was reported.
The UK Online Safety Act: A Well-Intentioned Law or a Surveillance Nightmare?
The UK Online Safety Act promises protection online but risks privacy and free speech. Learn why critics warn it's a step toward surveillance and censorship.
Ransomware gangs join attacks targeting Microsoft SharePoint servers
Ransomware gangs have recently joined ongoing attacks targeting a Microsoft SharePoint vulnerability chain, part of a broader exploitation campaign that has already led to the breach of at least 148 organizations worldwide.
First Sentencing in Scheme to Help North Koreans Infiltrate US Companies - Schneier on Security
An Arizona woman was sentenced to eight-and-a-half years in prison for her role helping North Korean workers infiltrate US companies by pretending to be US workers. From an article: According to court documents, Chapman hosted the North Korean IT workers’ computers in her own home between October 2020 and October 2023, creating a so-called “laptop farm” which was used to make it appear as though the devices were located in the United States. The North Koreans were hired as remote software and application developers with multiple Fortune 500 companies, including an aerospace and defense company, a major television network, a Silicon Valley technology company, and a high-profile company...
Lazarus est de retour : les célèbres voleurs de crypto-monnaies nord-coréens ciblent désormais l’open source
Dans une étude publiée fin juillet 2025, les chercheurs de Sonatype annoncent avoir détecté une vaste campagne d’espionnage menée au sein des écosystèmes open source. Aux commandes : Lazarus, un groupe cybercriminel affilié à l’État nord-coréen, connu depuis plus d’une décennie pour des détournements spectaculaires
Attackers exploit link-wrapping services to steal Microsoft 365 logins
A threat actor has been abusing link wrapping services from reputed technology companies to mask malicious links leading to Microsoft 365 phishing pages that collect login credentials.
Senate confirms national cyber director pick Sean Cairncross | CyberScoop
The Senate voted to confirm Sean Cairncross as national cyber director Saturday, giving the Trump administration one of its top cyber officials after a more than five-month process.
Senate confirms Trump’s national cyber director nominee
Sean Cairncross, a political veteran without significant cybersecurity experience, could turn the relatively new White House office into a major player in the administration