lemmydev2

Senator Ron Wyden has asked the Federal Trade Commission to investigate Microsoft over its continued use of the RC4 encryption algorithm. The letter talks about a hacker technique called Kerberoasting, that exploits the Kerberos authentication system.

Developers publishing crates (binaries and libraries written in Rust) on crates.io, Rust’s main public package registry, have been targeted with emails echoing the recent npm phishing campaign. The phishing email The emails started hitting developers’ inboxes on Friday, minutes after they published a (new) crate on the registry. The emails – titled “Important: Breach notification regarding crates.io” and made to look like they’ve been sent by the Rust Foundation – claimed that an attacker compromised … More → The post Phishing campaign targets Rust developers appeared first on Help Net Security.

Research shows that students are responsible for over half of school incidents, often without realizing the possible consequences.

All target organizations are different, but ransomware attackers are highly adaptive and appreciate – and will exploit – any mistake you make. The latest Akira ransomware attacks Managed security service providers and external incident responders have had a front-row seat for observing many of the actions carried out by Akira ransomware affiliates in the last few months. In early August 2025, both Arctic Wolf and Huntress researchers warned about the possibility of Akira affiliates using … More → The post Ransomware attackers used incorrectly stored recovery codes to disable EDR agents appeared first on Help Net Security.

At least 187 code packages made available through the JavaScript repository NPM have been infected with a self-replicating worm that steals credentials from developers and publishes those secrets on GitHub, experts warn. The malware, which briefly infected multiple code packages from the security vendor CrowdStrike, steals and publishes even more credentials every time an infected package is installed.

The cyberattack that’s brought Jaguar Land Rover Automotive Plc factories to a standstill is affecting suppliers, with some European parts makers forced to pause or scale back their own production.

The ransomware gang breached a "major element" of the healthcare technology supply chain and stole sensitive patient data, according to researchers.

Google has confirmed that hackers created a fraudulent account in its Law Enforcement Request System (LERS) platform that law enforcement uses to submit official data requests to the company [...]

However — when you’re talking about organisations with tens of thousands of employees, when they outsource areas like cyber risk and compliance, cyber security operation, password reset helpdesks etc — they take on a level of risk which, I think, becomes highly questionable. It’s not just risk — it’s risks that can and do materialise. That 10% budget saving doesn’t look so hot when the whole company has a heart attack.

The Investigatory Powers Tribunal heard today that the security service has conceded that it unlawfully monitored the phone data of former BBC Spotlight reporter Vincent Kearney

As drones have risen to prominence on the battlefield, so too has electronic warfare, in which adversaries attempt to mask, jam or trace radio signals. Now, a new stealthy radio device could help give people the edge, letting them fly drones without detection

Next month, Microsoft will begin automatically installing the Microsoft 365 Copilot app on Windows devices that have the Microsoft 365 desktop client apps. [...]