Friday Squid Blogging: What to Do When You Find a Squid "Egg Mop" - Schneier on Security
Tips on what to do if you find a mop of squid eggs. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy.
Microsoft security updates address CrowdStrike crash, kill ‘Blue Screen of Death’ | CyberScoop
Third-party antivirus software will no longer have access to the Windows kernel as Microsoft rolls out changes to reduce IT downtime from unexpected crashes or disruptions.
Unveiling RIFT: Enhancing Rust malware analysis through pattern matching
Threat actors are adopting Rust for malware development. RIFT, an open-source tool, helps reverse engineers analyze Rust malware, solving challenges in the security industry.
Scattered Spider strikes again? Aviation industry appears to be next target for criminal group | CyberScoop
The aviation industry has seemingly become the latest target of Scattered Spider, a sophisticated cybercriminal group that has shifted its focus from retail and insurance companies to airlines in what cybersecurity experts describe as a coordinated campaign against the sector.
STRATEGIC REEL: APIs are the new perimeter — and business logic attacks are slipping through
APIs have become the digital glue of the enterprise — and attackers know it. Related: API security - the big picture In this debut edition of the Last Watchdog Strategic Reel (LWSR), A10 Networks’ Field CISO Jamison Utter cuts through the noise from RSAC 2025 with a sharp breakdown of today’s API threatscape. From 15,000
Scattered Spider hackers shift focus to aviation, transportation firms
Hackers associated with Scattered Spider tactics have expanded their targeting to the aviation and transportation industries after previously attacking insurance and retail sectors
Most building management systems exposed to cyber vulnerabilities, experts warn
A study of over 467,000 building management systems across 500 organizations found that 2% of all devices essential to business operations had the highest level of risk exposure.
Russia’s throttling of Cloudflare makes sites inaccessible
Starting June 9, 2025, Russian internet service providers (ISPs) have begun throttling access to websites and services protected by Cloudflare, an American internet giant.
United Natural Foods says cyberattack will reduce quarterly earnings
The company, which supplies Whole Foods and other grocery stores nationwide, had to disable electronic ordering systems while responding to the attack earlier this month.
Critical Citrix Bleed 2 flaw now likely exploited in attacks
A critical NetScaler ADC and Gateway vulnerability dubbed "Citrix Bleed 2" (CVE-2025-5777) is now likely exploited in attacks, according to cybersecurity firm ReliaQuest, seeing an increase in suspicious sessions on Citrix devices.
Citrix Bleed 2 flaw now believed to be exploited in attacks
A critical NetScaler ADC and Gateway vulnerability dubbed "Citrix Bleed 2" (CVE-2025-5777) is now likely exploited in attacks, according to cybersecurity firm ReliaQuest, seeing an increase in suspicious sessions on Citrix devices.
Hackers stole data on 2.2 million people in cyberattack affecting American grocery chains
The Dutch conglomerate behind Hannaford, Stop & Shop and other major grocery brands informed state regulators of the scope of a November cyberattack that hampered online orders and leaked sensitive data.
The CCM includes Virtualization & Infrastructure Security controls about network security, virtualization technology, and the protection of other IT facilities.
United Natural Foods says week-long cyber incident will impact quarterly income
UNFI, the biggest supplier to Whole Foods stores, reported that its income will take a hit for the quarter that ends in August because of a recent cyberattack that disrupted operations.
Navigating Cybersecurity in Indian Manufacturing | CSA
As India becomes a global manufacturing anchor, cybersecurity is becoming the frontline of industrial continuity. Is India ready to protect what it builds?
We need to talk about data integrity. Narrowly, the term refers to ensuring that data isn’t tampered with, either in transit or in storage. Manipulating account balances in bank databases, removing entries from criminal records, and murder by removing notations about allergies from medical records are all integrity attacks. More broadly, integrity refers to ensuring that data is correct and accurate from the point it is collected, through all the ways it is used, modified, transformed, and eventually deleted. Integrity-related incidents include malicious actions, but also inadvertent mistakes...
Retail giant Ahold Delhaize says data breach affects 2.2 million people
Ahold Delhaize, one of the world's largest food retail chains, is notifying over 2.2 million individuals that their personal, financial, and health information was stolen in a November ransomware attack that impacted its U.S. systems.