“Before the troops and horses move, provisions and fodder must go first”—is the Chinese equivalent of Napoleon’s supposed saying that “An army marches on its stomach,” or Omar Bradley’s admonition...

The Transportation Department will soon run on Google Workspace, fulfilling part of the department’s “1DOT IT” strategy to unify and strengthen the sprawling 55,000-employee department and...

In a worrying turn of events for the aviation industry, Korean Air has confirmed that the personal details of roughly 30,000 current and former employees have been stolen. This news, shared on...

Ilya Lichtenstein, who was sentenced to prison last year for money laundering charges in connection with his role in the massive hack of cryptocurrency exchange Bitfinex in 2016, said he has been...

The European Space Agency (ESA) suffered a security breach of its science servers, with a hacker group claiming they have stolen 200 gigabytes worth of data that includes confidential documents...

With the new year comes a new report of a deadly, puzzling infectious disease. In a January 1 case study, health officials with the Centers for Disease Control and Prevention and the state of...

Aflac, the largest U.S. supplemental health insurance provider, is notifying 22.65 million people whose sensitive health and personal information, including Social Security numbers, was...

It's January 2026, and Google is finding innovative new ways to make one of its services worse Important news for Gmail power users: Google is dropping the feature whereby Gmail can collect mail...

Part 2 of 2: While many organizations are migrating to private or hybrid cloud infrastructure, public cloud risk will remain a threat for the foreseeable future

Cybersecurity researchers have disclosed details of a new Python-based information stealer called VVS Stealer (also styled as VVS $tealer) that's capable of harvesting Discord credentials and...

Wired is reporting on Chinese darknet markets on Telegram. The ecosystem of marketplaces for Chinese-speaking crypto scammers hosted on the messaging service Telegram have now grown to be bigger...

Government 'incredibly' concerned about breach potentially affecting more than 100,000 patients New Zealand health minister Simeon Brown has ordered a review into the cyberattack at...

China’s campaign to break into our critical infrastructure and federal government networks is persistent and growing. Beijing is stealing information while also planting tools and maintaining...

Leduc County said it was the target of a deliberate cybersecurity attack which disabled some of the county’s information technology (IT) systems. A news release issued Sunday afternoon said the...

While setting up Gemini Code Assist tools for personal use, they noticed that the State parameter on the OAuth Authorization flow contained an origin key. This key was used to verify the target...

The author was reviewing a website when they found two separate issues: a cache decption issue and a client-side path traversal (CSPT) bug. Separately, they were useless. Together, they created an...

Mozilla's VPN client software has a live_reload command available over a websocket. This command reaches out to a server and writes the file to /tmp on the local machine. This code contains a...

Mintlify is a b2b software as a service documentation platform that allows companies to make documentation via MDX files then host them with styling. Some of their clients include Discord,...

Beego is a popular Object Relational Mapper (ORM) in Golang. Its filtering syntax is heavily based on Django ORM. Because of these similarities, techniques from the Django ORM article plORM worked...

Beego is a popular Object Relational Mapper (ORM) in Golang. Its filtering syntax is heavily based on Django ORM. Because of these similarities, techniques from the Django ORM article plORM worked...

The website takes a previously known vulnerability, and it explains it. You can "roll" random bugs, which is pretty neat. If you're looking to learn about new vulnerabilities in existing projects,...

AI applications accept text and then act based upon that. If text is hidden to the user but consumed by the AI, this becomes a problem. When code executes in a multitude of languages, from Python...

RAI (Reflexer Finance) is an ETH-backed stable asset with a managed float regime. DAI pegs to $1 through governance-controlled mechanisms, RAI only uses ETH as collateral. With this, it contains...

Ransomware groups made less money in 2025 despite a 47% increase in attacks, driving new tactics: bundled DDoS services, insider recruitment, and gig worker exploitation. Learn the emerging trends...

Also, Korean Air hacked, EmEditor installer hijacked, a perfect 10 router RCE vuln, and more infosec in brief The Trump administration has cleared a trio of individuals sanctioned by the Biden...

Meta’s end-to-end encrypted messaging app is used by billions of people. Here’s how to make sure you’re one of the most locked-down ones out there.

Lock 'em down interview AI agents represent the new insider threat to companies in 2026, according to Palo Alto Networks Chief Security Intel Officer Wendi Whitmore, and this poses several...

Being targeted by sophisticated spyware is relatively rare, but experts say that everyone needs to stay vigilant as this dangerous malware continues to proliferate worldwide.

Probably a college prank. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy.

Netflix documentary part 2 in the works? Ilya Lichtenstein, who pleaded guilty to money-laundering charges tied to the 2016 theft of about 120,000 bitcoins from the Bitfinex exchange and was...