Newsletters

The RubyGems package repository has disabled new user sign-ups after a malicious attack on Monday targeted its engineers and staff.

Hundreds of malicious packages were published on Monday and then again on Tuesday.

The packages contained malicious code aimed at RubyGems developers. The code tried to execute cross-site scripting attacks and steal data from their systems.

The US Federal Communications Commission has updated its ban on foreign-made routers to allow vendors to ship security updates for a longer period of time.

The agency banned the sale of foreign routers in March, but allowed companies to ship security updates for one more year until March 2027.

The FCC says that based on comments from the government and private sector it has now updated this cutoff date to January 1, 2029.

This month's Android security updates carry an important patch for a critical vulnerability that can grant attackers remote access to an Android smartphone or smart device.

Tracked as CVE-2026-0073, the bug allows attackers to bypass authentication in the Android remote debugging service ADB.

Successful exploitation opens a remote shell on a device where the ADB service was enabled. ADB is disabled by default in the standard Android OS release, but may be enabled and left exposed by accident by some OEM (device makers) during factory testing, which has happened a lot over the past years.

The Trump administration is considering applying stricter oversight to American AI models due to their cyber security impact. However, before pulling the trigger on strict and inflexible regulation, we believe the government should spend a little time watching and learning.

This apparent shift from the administration's light touch AI regulation has reportedly been driven by concern about the hacking capabilities of frontier models. 

According to the New York Times, the administration wants to establish a group made up of tech executives and government officials to propose oversight procedures for the roll out of all new AI models. The group is likely to consider a range of options, including a formal government review process.

A supply chain attack is currently ongoing on the website of DAEMON Tools, a popular app for burning CDs and DVDs, and for creating bootable USB drives.

DAEMON Tools installers have been shipping with a backdoor since at least April 8. The installers were signed with the vendor's legitimate certificate, suggesting deep access to the AVB Disc Soft's internal network and processes.

The backdoor triggers every time the user runs their PC, collects data about the host, and uploads it to a remote server. Collected data includes the machine's MAC address, hostname, system locale, DNS domain name, and a list of active processes and installed software.

A threat actor gained access to DigiCert's backend and stole 27 code signing certificates they later used to sign malware.

The incident took place last month and was traced back to a social engineering attack that successfully compromised two employees of DigiCert's tech support team.

According to DigiCert's post-mortem, the attacker posed as a customer and tricked the tech support staff into running an SCR file, a format used to install and configure Windows screensavers.

A mysterious hacking group has stolen the personal and financial information of Moldovan citizens from the country's national healthcare database.

Moldova's national health insurance agency, CNAM, confirmed that data was stolen but denied initial news reports that almost a third of the database had been destroyed in the attack.

Ion Vintilă, an adjunct director for Moldova's Cybersecurity Agency, had told reporters in a taped interview that almost 30% of the agency's data was impacted in the incident, but didn't specify in what manner.

The US government has committed to countering Chinese 'distillation attacks' which are being used to steal the proprietary capabilities of American frontier AI models. We love a little governmental fist-shaking, but we don't think its plan will have China's AI labs shaking in their boots. 

Distillation attacks, also known as model extraction attacks, upskill less capable models on the cheap by training them on the outputs of more advanced models. 

Back in February, OpenAI, Google and Anthropic each said that they had been victims of distillation attacks. Anthropic said that Chinese labs had collectively generated "16 million exchanges" with Claude, across 24,000 fraudulent accounts. Google cited an attack that involved 100,000 queries to Gemini. 

The UK's cybersecurity agency has advised public and private organizations against relying too much on bad metrics to evaluate the efficiency of their security operations centers (SOCs).

Officials say bad metrics incentivize SOC teams to be careless about their jobs and rush through tickets and detections rather than be dedicated to protecting their networks.

While metrics can be used for other IT departments to evaluate their effectiveness, the true value of a SOC team comes from insight and not speed or quantity, hence SOC teams should not be treated as any other department that needs to be optimized.

Firefox and Tor Browser users are advised to install the latest security patches to address a bug that can allow threat actors to track them across the internet.

The bug works in normal browsing mode, in private browsing windows, and, in the case of Tor, across different Tor sessions.

The issue, found by the team at Fingerprint, resides in IndexedDB, a Firefox API that allows websites to store data inside a user's browser for future visits.