Blog
-
Security of GitHub Repositories Called Into Question as Multiple Supply Chain Attacks Uncovered
How safe are your GitHub repositories? If they are public, a set of recent compromises has called their security into question. The widely-used GitHub Actions tool, owned and maintained by Microsoft, has been the source of at least one major supply chain attack.
-
Will the Trump Administration Commit to Loose AI Regulations? OpenAI Hopes So
OpenAI’s proposal invokes China as the central motivation for its requests for lighter AI regulations, but the company is under a variety of legal pressures that could be eased by federal relief: hundreds of emerging US state laws and lawsuits from copyright holders among them.
-
US Electric Grid Company Compromised by Volt Typhoon for Most of 2023
When Dragos was contracted to implement operational technology security measures for a Massachusetts electric grid company in late 2023, it found that Volt Typhoon had been lurking in their systems since February of that year.
-
DDoS Attack on X Claimed by Anti-Israel Group
Some independent monitoring services report that X was under fire from around 5 AM to noon on Monday and that users were experiencing login and loading issues throughout that time, making it one of the biggest DDoS attacks on the platform in history.
-
Fed Vulnerability Disclosure Program for Government Contractors Could Prompt Boom for White Hat Researchers
Adoption of the vulnerability disclosure program is still not quite guaranteed, but is poised to create a ripple effect across the broader cybersecurity market if it is. It is highly likely to push broad adoption of vulnerability disclosure programs (VDPs).
-
Cyber Operations Targeting Russia Paused, But Order Came Before Trump-Zelensky Meeting
Three days after the seemingly disastrous Oval Office meeting between presidents Donald Trump and Volodymyr Zelensky, inside sources speaking to The Record reported that the US cyber command had been ordered to stand down from cyber operations targeting Russia.
-
Chinese Hackers Steal Emails From Belgian State Intelligence Service
The Belgian government is investigating what looks to be a 2023 attack by Chinese hackers, who breached an external email server used regularly by its federal intelligence service.
-
Password-Spraying Attacks by Botnet With 130,000 Devices Linked to Chinese Hackers Target Microsoft 365 Accounts
A group that security researchers believe to be affiliated with China is targeting Microsoft 365 accounts with password-spraying attacks, taking advantage of a common oversight in automated security logging to fly below the radar despite the massive scale of the operation.
-
Record-Setting $1.5 Billion Crypto Theft Keeps Lazarus Hackers At The Top of the Threat List
North Korea’s Lazarus hackers appear to have pulled off another record-setting crypto theft as security researchers are attributing the $1.5 billion Bybit hack to them.
-
Talos: Salt Typhoon Campaign Targeted Cisco Equipment, But Did Not Rely on Published Cisco Bugs
Despite reports of exploitation of Cisco bugs, researchers found that only one known published vulnerability was used in a compromise. For the most part, the Salt Typhoon hackers were able to obtain valid login credentials from somewhere.