Infosec.Pub

From Ergo Platform via this RSS feed

Senator Ron Wyden has asked the Federal Trade Commission to investigate Microsoft over its continued use of the RC4 encryption algorithm. The letter talks about a hacker technique called Kerberoasting, that exploits the Kerberos authentication system.

Developers publishing crates (binaries and libraries written in Rust) on crates.io, Rust’s main public package registry, have been targeted with emails echoing the recent npm phishing campaign. The phishing email The emails started hitting developers’ inboxes on Friday, minutes after they published a (new) crate on the registry. The emails – titled “Important: Breach notification regarding crates.io” and made to look like they’ve been sent by the Rust Foundation – claimed that an attacker compromised … More → The post Phishing campaign targets Rust developers appeared first on Help Net Security.

Research shows that students are responsible for over half of school incidents, often without realizing the possible consequences.

All target organizations are different, but ransomware attackers are highly adaptive and appreciate – and will exploit – any mistake you make. The latest Akira ransomware attacks Managed security service providers and external incident responders have had a front-row seat for observing many of the actions carried out by Akira ransomware affiliates in the last few months. In early August 2025, both Arctic Wolf and Huntress researchers warned about the possibility of Akira affiliates using … More → The post Ransomware attackers used incorrectly stored recovery codes to disable EDR agents appeared first on Help Net Security.

At least 187 code packages made available through the JavaScript repository NPM have been infected with a self-replicating worm that steals credentials from developers and publishes those secrets on GitHub, experts warn. The malware, which briefly infected multiple code packages from the security vendor CrowdStrike, steals and publishes even more credentials every time an infected package is installed.

The cyberattack that’s brought Jaguar Land Rover Automotive Plc factories to a standstill is affecting suppliers, with some European parts makers forced to pause or scale back their own production.