Newsletters

The US government must develop a strategy to more effectively use its private sector to scale up offensive cyber activities, according to a new report from Dartmouth's Institute for Security, Technology and Society.

The authors convened 30 experts from government, industry and academia to analyse the current state of play in "offensive cyber" and make recommendations. "Offensive cyber" was defined very broadly as pretty much anything including tool development, acquiring access, espionage and even disruptive or destructive operations. 

The report assumes that US policymakers want both a higher operational tempo of cyber operations and to more effectively take advantage of the country's private sector.  

Security researchers have spotted a second self-propagating worm that hit the DevOps space within the span of a month. The new threat is named GlassWorm and primarily targets the VS Code extensions space.

It is the second such threat after the Shai-Hulud worm that hit the npm JavaScript package repo in mid-September.

GlassWorm was spotted by Koi Security. It was first seen on the unofficial OpenVSX marketplace for VS Code extensions, but later spread to the official Microsoft VS Code store as well.

A convict at a Romanian prison has hacked the country's prisoner management platform in a security breach that has rocked Romania's penitentiary agency.

The incident took place in August and continued through October.

From various reports in Romanian media and a statement released by the national penitentiary police union, the incident appears to have originated in the city of Dej, in Romania's Transilvania region, at a prison hospital complex, where prisoners are sent to treat illnesses and then return to finish their sentence at their normal jails.

F5 (formerly F5 Networks), one of the largest US tech companies and a member of the S&P 500, has disclosed a security breach this week, in an incident that is in contention for the year's biggest hack award.

Details about the breach have been in flux since it was disclosed, so we put together a list with all we know happened so far.

The main Risky Business podcast is now on YouTube with video versions of our recent episodes. Below is our latest weekly show with Pat and Adam at the helm!

A recent investigation into a Jakarta-based company shows there are still companies willing to offer unethical surveillance-as-a-service, even as crackdowns on high-profile spyware have really hurt big players.

A collaborative media investigation kicked off by Lighthouse Reports looked at First Wap, a company that began as a mobile phone messaging service in 1999. The company soon pivoted to phone tracking after being asked by an unnamed law enforcement agency to support its counterterrorism efforts. 

First Wap's surveillance product Altamides, short for Advanced Location Tracking and Deception System, exploits vulnerabilities in Signalling System 7 (SS7) to locate phones and even redirect text messages or phone calls. Because it exploits vulnerabilities in phone network protocols, Altamides does not require the deployment of malware to target devices. 

The Windows 10 operating system reached End-of-Life (EOL) on Tuesday, October 14, after more than 10 years since its official release back in July 2015.

The OS won't receive any new security updates unless users or companies enroll in the Extended Security Updates (ESU) program.

Because Windows 10 is still installed on around 40% of all Windows systems, Microsoft has made this ESU the first one available to home consumers—ESUs were initially introduced to provide extended paid support for larger enterprises.

A mysterious threat actor is abusing the legacy Internet Explorer mode in Microsoft Edge to run malicious code in a user's browser and take over their device.

The attacks have been going on since at least August, according to the Microsoft Edge security team.

The Internet Explorer legacy mode, or IE Mode, is a separate website execution environment in Edge. It works by reloading a web page but running its code inside the old Internet Explorer engines.

The European Union has scrapped next week's vote on Chat Control, proposed legislation that would have mandated tech companies to break their encryption to scan content for child abuse materials.

The project was supposed to be put to a vote on Tuesday, October 14, during a meeting of interior ministers of EU member states.

Denmark, which currently holds the EU presidency and was backing the legislation, scrapped the vote, according to reports on Austrian and German media.

The Clop ransomware gang is once again in the news after a mass exploitation campaign targeting users of Oracle's E-business Suite. This month Clop emailed executives at victim companies threatening to leak stolen files if it does not receive payment. 

Stealing data to extort companies is not good, but it is a hell of a lot better than systems getting locked up with encrypting ransomware, leading to weeks of factory shutdowns. Right now, from a government perspective, it would be a win if every campaign looked like Clop's.  

The group has been active since 2019, making it one of the longer-lasting ransomware gangs. It initially deployed standard encrypting ransomware, but in 2020 it was one of the first groups to experiment with 'double extortion'. 

The Redis database project released a security update last week to patch a critical vulnerability that can allow remote attackers to run malicious code and take over systems.

The vulnerability is as bad as it gets and impacts all Redis versions released over the past 13 years.

The vulnerability is tracked as CVE-2025-49844, but the Google Wiz team that discovered it calls it RediShell.