Hackers have compromised virtually all versions of Aqua Security’s widely used Trivy vulnerability scanner in an ongoing supply chain attack that could have wide-ranging consequences for developers and the organizations that use them. Trivy maintainer Itay Shakury confirmed the compromise on Friday, following rumors and a thread, since deleted by the attackers, discussing the incident.… Read More »
“In January 2026 Broadcom signaled the termination of its VMware Cloud Service Provider program in Europe,” CIPSE said in a statement. This unilateral decision removed all but a tiny minority of hand-selected partners and excluded most European CSPs from selling VMware products.” In its complaint, CISPE also accused Broadcom of “ongoing abuse,” citing sharp price… Read More »
The problem is that agencies often lack the staff and resources to do thorough reviews, which means the whole system is leaning on the claims of the cloud companies and the assessments of the third-party firms they pay to evaluate them. Under the current vision, critics say, FedRAMP has lost the plot. “FedRAMP’s job is… Read More »
Researchers are warning about the risks posed by a low-cost device that can give insiders and hackers unusually broad powers in compromising networks. The devices, which typically sell for $30 to $100, are known as IP KVMs. Administrators often use them to remotely access machines on networks. The devices, not much bigger than a deck… Read More »
The invisible code is rendered with Public Use Areas (sometimes called Public Use Access), which are ranges in the Unicode specification for special characters reserved for private use in defining emojis, flags, and other symbols. The code points represent every letter of the US alphabet when fed to computers, but their output is completely invisible… Read More »
What else is known about Handala Hack? The group has existed since at least 2023. It takes its name from a character in the political cartoons of Palestinian artist Naji al-Ali. The group’s logo depicts a small Palestinian boy who is a symbol associated with Palestinian resistance. Check Point and other security firms have said… Read More »
Researchers say they have uncovered a takedown-resistant botnet of 14,000 routers and other network devices—primarily made by Asus—that have been conscripted into a proxy network that anonymously carries traffic used for cybercrime. The malware—dubbed KadNap—takes hold by exploiting vulnerabilities that have gone unpatched by their owners, Chris Formosa, a researcher at security firm Lumen’s Black… Read More »
Coruna is also notable for its use by three distinct hacking groups. Google first detected its use in February of last year in an operation conducted by a “customer of a surveillance vendor.” The vulnerability exploited, tracked as CVE-2025-23222, had been patched 13 months earlier. In July 2025, a “suspected Russian espionage group” exploited CVE-2023-43000… Read More »
Based on over 20,000 reports, Amazon appears to be experiencing an outage. According to Downdetector, reports of problems started increasing at 1:41 pm ET today. By 2:26 pm, ET, Downdetector received 18,320 reports of problems with Amazon’s website. The number of complaints peaked at 3:32 pm ET at 20,804. There have also been a smaller… Read More »
On Wednesday, the Trump administration announced that a large collection of tech companies had signed on to what it’s calling the Ratepayer Protection Pledge. By agreeing, the initial signatories—Amazon, Google, Meta, Microsoft, OpenAI, Oracle, and xAI—are saying they will pay for the new generation and transmission capacities needed for any additional data centers they build.… Read More »