A ransomware gang dubbed Codefinger is encrypting data stored in target organizations’ AWS S3 buckets with AWS’s server-side encryption option with customer-provided keys (SSE-C), and asking for money to... Read more »

Personal data of nearly 100,000 individuals that have participated in trainings organized by CEPOL, the European Union (EU) Agency for Law Enforcement Training, has potentially been compromised due to... Read more »

Three Russian nationals have been indicted in the Northern District of Georgia for their alleged role as operators of cryptocurrency mixing (cryptomixer) services Blender.io and Sinbad.io. Roman Vitalyevich Ostapenko... Read more »

In this Help Net Security, Alexis Wales, CISO at GitHub, discusses how GitHub embeds security into every aspect of its platform to protect millions of developers and repositories, ensuring... Read more »

Organizations don’t know their software engineers’ security skills because they don’t assess them in the interview process. Trying to do that in an interview is challenging, of course, given... Read more »

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Ivanti Connect Secure zero-day exploited by attackers (CVE-2025-0282) Ivanti has fixed two vulnerabilities affecting... Read more »

Cryptojackers are impersonating Crowdstrike via email to get developers to unwittingly install the XMRig cryptocurrency miner on their Windows PC, the company has warned. The email Crowdstrike has a... Read more »

Welcome to 2025 and a new year of patch excitement! In my December article, I talked about Microsoft’s Secure Future Initiative (SFI) and how it manifested in many of... Read more »