Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. πΊπΈ US Court Blocks Spyware Vendor NSO Group from Targeting WhatsApp Users β cyberinsider.com/β¦ (Maybe their recent change to US ownership will give this injunction more teeth!) Update on the Tea app which suffered […]
Continue readingTag: vulnerabilities
Security Bits β 12 October 2025
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. Another interesting twist in the NSO Group Saga: Spyware maker NSO Group confirms acquisition by US investors β techcrunch.com/β¦ (via Allison) β Action Alerts Calls to action, if any stories in this section are […]
Continue readingSecurity Bits β 17 August 2025
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. π§ More details on the Tea leak discussed last time, with reporting of how many women are continuing to use the app, and including new sigunups π€―: kill switch: why are women still signing […]
Continue readingSecurity Bits β 6 July 2025
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. Just like we predicted last time: Scattered Spider hackers shift focus to aviation, transportation firms β www.bleepingcomputer.com/β¦ (They’d just pivoted to Insurance and were finding it fallow ground, so we predicted they’d jump again […]
Continue readingSecurity Bits β 22 June 2025
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. Greyware spyware from Pegatron continues to be abused: Graphite spyware used in Apple iOS zero-click attacks on journalists β www.bleepingcomputer.com/β¦ (This all happened a few months ago, and the zero-day was patched back in […]
Continue readingSecurity Bits β 25 May 2025
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. πͺπΊ Following the near-miss with the US-funded critically important CVE database earlier this year (CISA nearly let funding lapse without notice, and even then only temporarily extended the existing funding rather than actually renewing […]
Continue readingSecurity Bits β 11 May 2025
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. A great example of why it’s important to patch β this is one of the things the Apple updates we called out last time patched: Apple ‘AirBorne’ flaws can lead to zero-click AirPlay RCE […]
Continue readingSecurity Bits β 30 March 2025 (Bart Solo)
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. Thankfully Microsoft have not learned the wrong lesson from their recent over-zealous response to possible malware in the VS Code Marketplace: VSCode Marketplace Removes Two Extensions Deploying Early-Stage Ransomware β thehackernews.com/β¦ Attackers are continuing […]
Continue readingSecurity Bits β 29 September 2024
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. Consequences arrive for past failure: πΊπΈ AT&T pays $13 million FCC settlement over 2023 data breach β www.bleepingcomputer.com/β¦ πͺπΊ Meta fined β¬91M by the Irish Data Protection Commissioners for storing over 600 million passwords […]
Continue readingSecurity Bits β 15 September 2024
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. Apple have decided to end their case against the NSO Group (authors of the infamous Pegasus spyware) because disclosure could do more harm to users than letting the NSO group off the hook β […]
Continue reading