Hive Five 226 – Mastery vs. Management
I took my laptop on the road and outside several times this week while it was sunny, and it made me appreciate light mode in…
Month: June 2025
Google Chrome to distrust Chunghwa Telecom, Netlock certificates in August
Google says it will no longer trust root CA certificates signed by Chunghwa Telecom and Netlock in the Chrome Root Store due to a pattern of compliance…
Future of Passwords Biometrics and Passwordless Authentication
The digital authentication landscape is dramatically transforming as passwordless technologies gain unprecedented momentum. Passkey adoption surging 400% in 2024 alone. Despite predictions that passwords will…
Hackers Weaponize Free SSH Client PuTTY to Deliver Malware on Windows
OpenSSH has become a standard tool for secure remote management on both Linux and Windows systems. Since its inclusion as a default component in Windows…
Attackers breached ConnectWise, compromised customer ScreenConnect instances
A suspected “sophisticated nation state actor” has compromised ScreenConnect cloud instances of a “very small number” of ConnectWise customers, the company has revealed on Wednesday.…
Preinstalled Apps on Ulefone, Krüger&Matz Phones Let Any App Reset Device, Steal PIN
Jun 02, 2025Ravie LakshmananMobile Security / Vulnerability Three security vulnerabilities have been disclosed in preloaded Android applications on smartphones from Ulefone and Krüger&Matz that could…
Microsoft and CrowdStrike partner to link hacking group names
Microsoft and CrowdStrike announced today that they’ve partnered to connect the aliases used for specific threat groups without actually using a single naming standard. As…
Ransomware Negotiation When and How to Engage Attackers
As ransomware attacks devastate organizations globally, many companies are turning to professional negotiators to engage directly with cybercriminals, despite strong government opposition to paying ransoms.…
New PyPI Supply Chain Attacks Target Python and NPM Users on Windows and Linux
Checkmarx Zero researcher Ariel Harush has uncovered a sophisticated malicious package campaign targeting Python and NPM users across Windows and Linux platforms through typo-squatting and…
Cryptojacking Campaign Exploits DevOps APIs Using Off-the-Shelf Tools from GitHub
Cybersecurity researchers have discovered a new cryptojacking campaign that’s targeting publicly accessible DevOps web servers such as those associated with Docker, Gitea, and HashiCorp Consul…
Cryptojackers Caught Mining Monero via Exposed DevOps Infrastructure
Security researchers at Wiz on Monday raised an alarm catching a malicious hacker hijacking misconfigured DevOps infrastructure for cryptocurrency mining in what appears to be the…
Qualcomm fixed three zero-days exploited in limited, targeted attacks
Qualcomm fixed three zero-days exploited in limited, targeted attacks Pierluigi Paganini June 02, 2025 Qualcomm addressed three zero-day vulnerabilities that, according to the company, have…