Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. The industry is fighting back against the recent spike in supply-chain attacks targeting shared library platforms like NPM, PyPi, etc.: GitHub tightens npm security with mandatory 2FA, access tokens β www.bleepingcomputer.com/β¦ πΊπΈ Details are […]
Continue readingCategory: Security Bits
Security Bits β 14 September 2025
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. Some clarity has emerged on the spate of Salesforce-related data breaches mentioned in the previous instalment β krebsonsecurity.com/β¦ & www.bleepingcomputer.com/β¦ The issue was with how the third-party AI chatbot from Salesloft integrated with Salesforce, […]
Continue readingSecurity Bits β 31 August 2025
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. πΊπΈ The leaked data from the Allianz Life breach discussed last time has been added to Have-I-Been-Pwned, so you can now check if you are affected β www.bleepingcomputer.com/β¦ There have been confusing developments in […]
Continue readingSecurity Bits β 17 August 2025
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. π§ More details on the Tea leak discussed last time, with reporting of how many women are continuing to use the app, and including new sigunups π€―: kill switch: why are women still signing […]
Continue readingSecurity Bits β 1 August 2025
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. π¬π§ It looks like the UK is trying to find a face-saving way to back down from it’s secretive attempt to back-door Apple’s iCloud Advanced Data Protection feature β appleinsider.com/β¦ (Nothing official because everything […]
Continue readingSecurity Bits β 20 July 2025
β Action Alerts Calls to action, if any stories in this section are relevant to you, there is some action you should take. Microsoft July 2025 Patch Tuesday fixes one zero-day, 137 flaws β www.bleepingcomputer.com/β¦, krebsonsecurity.com/β¦ & isc.sans.edu/β¦ Most important patches for typical NosillaCastaways are Office zero-click exploits (triggered by previewing a document) Most important […]
Continue readingSecurity Bits β 6 July 2025
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. Just like we predicted last time: Scattered Spider hackers shift focus to aviation, transportation firms β www.bleepingcomputer.com/β¦ (They’d just pivoted to Insurance and were finding it fallow ground, so we predicted they’d jump again […]
Continue readingSecurity Bits β 22 June 2025
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. Greyware spyware from Pegatron continues to be abused: Graphite spyware used in Apple iOS zero-click attacks on journalists β www.bleepingcomputer.com/β¦ (This all happened a few months ago, and the zero-day was patched back in […]
Continue readingSecurity Bits β 8 June 2025 βΒ Including VPN Deep Dive
Deep Dive β Some VPN Nuance On last week’s Chit Chat Across the Pond segment, Allison & Adam had a great discussion on VPNs, and the vast thrust of the conversation was superb. But, there were two threads left dangling a little, and one point I want to quibble with. But nonetheless, the TL;DR is […]
Continue readingSecurity Bits β 25 May 2025
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. πͺπΊ Following the near-miss with the US-funded critically important CVE database earlier this year (CISA nearly let funding lapse without notice, and even then only temporarily extended the existing funding rather than actually renewing […]
Continue reading