The FCC's ban on Huawei and ZTE equipment: A deep dive into the national security ruling
The FCC has prohibited new equipment from Huawei, ZTE, and others over national security risks. We analyze the technical concerns and what it means fo
This week in security: A sophisticated Linux backdoor, FBI data purchases, and rapid exploits
A near-catastrophic Linux backdoor, government data purchases, and rapid zero-day attacks highlight persistent digital risks for everyone.
We are at war
Rising geopolitical tensions are manifesting as sophisticated cyber operations, targeting everything from critical infrastructure to private industry.
China-linked Red Menshen uses stealthy BPFDoor implants to spy via telecom networks
A long-term espionage campaign by a China-nexus actor uses the BPFDoor implant to infiltrate telecom networks, creating a stealthy path to spy on gove
Google's new Android developer verification sparks security vs. openness debate
Google's new policy requiring identity verification for sideloaded Android apps aims to boost security but sparks a debate on platform openness and co
Iranian hackers claim breach of former Trump official Kash Patel's personal data
An alleged Iranian hacker group, Handala, claims to have breached the personal data of former official Kash Patel, highlighting the persistent threat
A ghost in the machine: The cybersecurity risks of a proposed federal voter list
An analysis of a 2020 proposal for a federal voter list reveals why centralizing election data creates a catastrophic cybersecurity risk.
Dutch Finance Ministry's precautionary shutdown highlights high-stakes government cyber defense
The Dutch Ministry of Finance took its treasury portal offline after an attempted cyberattack, showcasing a proactive but disruptive incident response
Popular Axios npm package compromised to deliver cross-platform malware
Malicious versions of the widely used Axios HTTP client were published to the npm registry, injecting a trojan that targets Windows, macOS, and Linux.
How a single malicious prompt could have hijacked your ChatGPT account
A vulnerability in ChatGPT's web interface could have let attackers steal accounts with a single prompt, highlighting classic web security risks in AI
TrueConf zero-day exploited in attacks targeting Southeast Asian governments
A high-severity flaw in TrueConf video conferencing software was exploited as a zero-day to deliver malicious updates to government networks in Southe
F5 BIG-IP vulnerability under active attack after RCE discovery
A critical F5 BIG-IP vulnerability (CVE-2023-46747) is under active attack, allowing unauthenticated attackers to gain full system control.