The United States withdraws from UNESCO
We’re sorry, this site is currently experiencing technical difficulties. Please try again in a few moments. Exception: forbidden
Stay updated with the latest in technology, AI, cybersecurity, and more
We’re sorry, this site is currently experiencing technical difficulties. Please try again in a few moments. Exception: forbidden
What’s next for Murena, though? Well, the company confirmed that it will be making some improvements: Murena is taking security issues seriously, and our policy about integration of security patches in /e/OS is very comparable to or even better in some cases than many of mobile OS vendors in the smartphone industry. However, as part of our ongoing efforts to continuously improve we have decided to reduce the integration time of monthly security updates in /e/OS. Therefore we’ll progressively u
Zero Trust has been a buzzword at every enterprise tech conference for years (only recently being replaced with AI), but Tailscale’s new State of Zero Trust 2025 report makes it clear that most organizations still have no idea what it means or how to do it. They surveyed 1,000 IT, security, and engineering leaders. Only 1% of those surveyed said they’re happy with their current access setup. That stat says a lot about the confusion in the marketplace. Some of my favorite gear eufyCam 2C Upgrade
Today we're excited to announce OSS Rebuild, a new project to strengthen trust in open source package ecosystems by reproducing upstream artifacts. As supply chain attacks continue to target widely-used dependencies, OSS Rebuild gives security teams powerful data to avoid compromise without burden on upstream maintainers. The project comprises: Automation to derive declarative build definitions for existing PyPI (Python), npm (JS/TS), and Crates.io (Rust) packages. SLSA Provenance for thousan
We’re sorry, this site is currently experiencing technical difficulties. Please try again in a few moments. Exception: forbidden
What’s next for Murena, though? Well, the company confirmed that it will be making some improvements: Murena is taking security issues seriously, and our policy about integration of security patches in /e/OS is very comparable to or even better in some cases than many of mobile OS vendors in the smartphone industry. However, as part of our ongoing efforts to continuously improve we have decided to reduce the integration time of monthly security updates in /e/OS. Therefore we’ll progressively u
NurPhoto/Contributor/Getty Microsoft is launching a new agentic AI system to help cybersecurity professionals manage and protect their organizations' data, the company said Tuesday. Microsoft Sentinel, a proprietary Security Incidents and Event Management (SEIM) platform, which debuted in 2019, now comes with a data lake -- that is, a centralized repository that can store structured and unstructured data without any kind of reformatting. Also: Microsoft fixes two SharePoint zero-days under at
AirTags can also help you keep track of larger bags and luggage, and you could easily slip one into an interior pocket and call it a day. But if you’d rather hook the tracker to the outside, you’ll need something a bit larger and more flexible than a standard key ring. Belkin’s Secure Holder with Strap is a good option: it comes in different colors and it’s budget friendly at only $13. The case opens up into two pieces, allowing you to sit the AirTag inside the circle and twist and snap the two
Want smarter insights in your inbox? Sign up for our weekly newsletters to get only what matters to enterprise AI, data, and security leaders. Subscribe Now As we wrote in our initial analysis of the CrowdStrike incident, the July 19, 2024, outage served as a stark reminder of the importance of cyber resilience. Now, one year later, both CrowdStrike and the industry have undergone significant transformation, with the catalyst being driven by 78 minutes that changed everything. “The first anniv
Support for Let's Encrypt services is community-based and information on current status and outages can be found at: https://community.letsencrypt.org
Hackers exploited a major security flaw in widely used Microsoft server software to launch a global attack on government agencies and businesses in the past few days, breaching U.S. federal and state agencies, universities, energy companies and an Asian telecommunications company, according to state officials and private researchers. The U.S. government and partners in Canada and Australia are investigating the compromise of SharePoint servers, which provide a platform for sharing and managing d
SimpliSafe home security systems can be easily tailored to your needs. Just add or subtract hardware and equipment as you please. CNET When choosing a home security system for your home, you may be tempted to start by deciding between a DIY setup or one that is professionally installed and monitored. When you consider the equipment, installation, monitoring options and other features you want, you'll probably reach a DIY-versus-pro system decision along the way. Here are some more parameters to
Spanish law enforcement arrested five people suspected of running an international cryptocurrency investment fraud scheme that laundered more than €460 million ($542 million) from over 5,000 victims worldwide, according to a statement from Europol. The suspects, based in Madrid and the Canary Islands, allegedly operated a global network of accomplices who collected money through cash deposits, wire transfers and cryptocurrency transactions. According to Spain’s Guardia Civil, the criminal ring
A major zero-day security vulnerability in Microsoft's widely used SharePoint server software has been exploited by hackers, causing chaos within businesses and government agencies, multiple outlets have reported. Microsoft announced that it had released a new security patch "to mitigate active attacks targeting on-premises [and not online] servers," but the breach has already effected universities, energy companies, federal and state agencies and telecommunications firms. The SharePoint flaw i
More than 10,000 organizations around the world are at risk from hackers after a serious security flaw was discovered in Microsoft’s popular Sharepoint platform, used to store and share confidential documents. The majority of companies at risk are said to be in the US … Microsoft said that there were “active attacks targeting on-premises servers.” US federal and state agencies are among the organizations said to have been affected. Security researchers cited by Bloomberg said that the vulnerab
In the last 30 years or so, cybersecurity has gone from being a niche specialty within the larger field of computer science, to an industry estimated to be worth more than $170 billion made of a globe-spanning community of hackers. In turn, the industry’s growth, and high-profile hacks such as the 2015 Sony breach, the 2016 U.S. election hack and leak operations, the Colonial Pipeline ransomware attack, and a seemingly endless list of Chinese government hacks, have made cybersecurity and hacking
Hewlett-Packard Enterprise (HPE) is warning of hardcoded credentials in Aruba Instant On Access Points that allow attackers to bypass normal device authentication and access the web interface. Aruba Instant On Access Points are compact, plug-and-play wireless (Wi-Fi) devices, designed primarily for small to medium-sized businesses, offering enterprise-grade features (guest networks, traffic segmentation) with cloud/mobile app management. The security issue, tracked as CVE-2025-37103 and rated
A critical zero-day vulnerability in Microsoft SharePoint, tracked as CVE-2025-53770, has been actively exploited since at least July 18th, with no patch available and at least 85 servers already compromised worldwide. In May, Viettel Cyber Security researchers chained two Microsoft SharePoint flaws, CVE-2025-49706 and CVE-2025-49704, in a "ToolShell" attack demonstrated at Pwn2Own Berlin to achieve remote code execution. While Microsoft patched both ToolShell flaws as part of the July Patch T
A PoisonSeed phishing campaign is bypassing FIDO2 security key protections by abusing the cross-device sign-in feature in WebAuthn to trick users into approving login authentication requests from fake company portals. The PoisonSeed threat actors are known to employ large-volume phishing attacks for financial fraud. In the past, distributing emails containing crypto seed phrases used to drain cryptocurrency wallets. In the recent phishing attack observed by Expel, the PoisonSeed threat actors
Elevenlabs AudioNative Player Been digging into Model Context Protocol implementations lately and found some stuff that's keeping me up at night. Not because it's earth-shattering, but because it's the kind of boring security debt that bites you when you least expect it. This is Part 1 of a two-part series. Read Part 2: Actually Fixing This Mess → MCP is Anthropic's attempt at standardizing how AI models talk to external tools1. Instead of every AI app rolling their own integration layer, you
The United Nations’ Global E-waste Monitor estimates that the world generates over 60 million tonnes of e-waste annually. Furthermore, this number is rising five times as fast as e-waste recycling. Much of this waste comes from prematurely discarded electronic devices. Many enterprises follow a standard three-year replacement cycle, assuming older computers are inefficient. However, many of these devices are still functional and could perform well with minor upgrades or maintenance. The issue i
Want smarter insights in your inbox? Sign up for our weekly newsletters to get only what matters to enterprise AI, data, and security leaders. Subscribe Now In case you missed it, OpenAI yesterday debuted a powerful new feature for ChatGPT and with it, a host of new security risks and ramifications. Called the “ChatGPT agent,” this new feature is an optional mode that ChatGPT paying subscribers can engage by clicking “Tools” in the prompt entry box and selecting “agent mode,” at which point, t
After years of innovation and community collaboration, we’re ending support for Clear Linux OS. Effective immediately, Intel will no longer provide security patches, updates, or maintenance for Clear Linux OS, and the Clear Linux OS GitHub repository will be archived in read-only mode. So, if you’re currently using Clear Linux OS, we strongly recommend planning your migration to another actively maintained Linux distribution as soon as possible to ensure ongoing security and stability. Rest ass
Yes I know about that one talk from Rob Pike. The title of this blog post is not something you hear people say often, if ever. What you do hear people say is “concurrency is not parallelism”, but that’s not as useful, in my opinion. Let’s see how Wikipedia defines those terms: Concurrency refers to the ability of a system to execute multiple tasks through simultaneous execution or time-sharing (context switching) Parallel computing is a type of computation in which many calculations or proce
Researchers recently reported encountering a phishing attack in the wild that bypasses a multifactor authentication scheme based on FIDO (Fast Identity Online), the industry-wide standard being adopted by thousands of sites and enterprises. If true, the attack, reported in a blog post Thursday by security firm Expel, would be huge news, since FIDO is widely regarded as being immune to credential phishing attacks. After analyzing the Expel write-up, I’m confident that the attack doesn’t bypass F
Update, July 18, 2025 (04:40 PM ET): We have just heard back from Fairphone in response to our inquiry. In a statement, the company explains: Fairphone and Murena have a strong, proud partnership that offers many users around the world a secure, sustainable, and modular smartphone alternative – with a clear focus on longevity and lasting value. We’re committed to delivering operating systems that meet market-standard security expectations. While we respect that there are different approaches to
Yes I know about that one talk from Rob Pike. The title of this blog post is not something you hear people say often, if ever. What you do hear people say is “concurrency is not parallelism”, but that’s not as useful, in my opinion. Let’s see how Wikipedia defines those terms: Concurrency refers to the ability of a system to execute multiple tasks through simultaneous execution or time-sharing (context switching) Parallel computing is a type of computation in which many calculations or proce
The startup behind the viral AI coding app Cursor is snapping up top talent from AI enterprise startups in a bid to bolster its competition with Microsoft’s GitHub Copilot and win over businesses looking to supercharge their employees with AI coding tools. In one recent case, Cursor maker Anysphere struck a deal to acquire the AI-powered customer relationship management (CRM) startup Koala, two sources familiar with the matter told TechCrunch. As part of the deal, Cursor will bring on several
Kunzinger and Sämann wanted to use their new way of estimating curvature to determine whether these singularity theorems would still be valid if they no longer assumed space-time is smooth. Would singularities persist even in rougher, more realistic-looking spaces? It’s important to find out if the smoothness condition can be waived, Sämann said, because doing so would bring the theorems closer to physical reality. After all, he added, “we believe non-smoothness is an inescapable part of the nat
Why ISO 27001 Demands Immutable Logs (Without Actually Saying So) # ISO 27001 is like that careful lawyer who never says exactly what they mean – it tells you what needs to be achieved, not how to do it. When it comes to logging, this is particularly telling: Control A.12.4.2 simply states that “logging information and logging facilities shall be protected against tampering and unauthorized access.” Period. How? That’s your problem to solve. But anyone who’s ever had to investigate a security