Tag Archives: Biz & IT

Widely used Trivy scanner compromised in ongoing supply-chain attack

Hackers have compromised virtually all versions of Aqua Security’s widely used Trivy vulnerability scanner in an ongoing supply chain attack that could have wide-ranging consequences for developers and the organizations that use them. Trivy maintainer Itay Shakury confirmed the compromise on Friday, following rumors and a thread, since deleted by the attackers, discussing the incident.… Read More: Widely used Trivy scanner compromised in ongoing supply-chain attack »

Cloud service providers ask EU regulator to reinstate VMware partner program

“In January 2026 Broadcom signaled the termination of its VMware Cloud Service Provider program in Europe,” CIPSE said in a statement. This unilateral decision ​removed all but a tiny minority of hand-selected partners and ​excluded most European CSPs from selling VMware products.” In its complaint, CISPE also accused Broadcom of “ongoing abuse,” citing sharp price… Read More: Cloud service providers ask EU regulator to reinstate VMware partner… »

Federal cyber experts called Microsoft’s cloud a “pile of shit,” approved it anyway

The problem is that agencies often lack the staff and resources to do thorough reviews, which means the whole system is leaning on the claims of the cloud companies and the assessments of the third-party firms they pay to evaluate them. Under the current vision, critics say, FedRAMP has lost the plot. “FedRAMP’s job is… Read More: Federal cyber experts called Microsoft’s cloud a “pile of shit,”… »

Researchers disclose vulnerabilities in IP KVMs from four manufacturers

Researchers are warning about the risks posed by a low-cost device that can give insiders and hackers unusually broad powers in compromising networks. The devices, which typically sell for $30 to $100, are known as IP KVMs. Administrators often use them to remotely access machines on networks. The devices, not much bigger than a deck… Read More: Researchers disclose vulnerabilities in IP KVMs from four manufacturers »

Supply-chain attack using invisible code hits GitHub and other repositories

The invisible code is rendered with Public Use Areas (sometimes called Public Use Access), which are ranges in the Unicode specification for special characters reserved for private use in defining emojis, flags, and other symbols. The code points represent every letter of the US alphabet when fed to computers, but their output is completely invisible… Read More: Supply-chain attack using invisible code hits GitHub and other repositories »

The who, what, and why of the attack that has shut down Stryker’s Windows network

What else is known about Handala Hack? The group has existed since at least 2023. It takes its name from a character in the political cartoons of Palestinian artist Naji al-Ali. The group’s logo depicts a small Palestinian boy who is a symbol associated with Palestinian resistance. Check Point and other security firms have said… Read More: The who, what, and why of the attack that has… »

14,000 routers are infected by malware that’s highly resistant to takedowns

Researchers say they have uncovered a takedown-resistant botnet of 14,000 routers and other network devices—primarily made by Asus—that have been conscripted into a proxy network that anonymously carries traffic used for cybercrime. The malware—dubbed KadNap—takes hold by exploiting vulnerabilities that have gone unpatched by their owners, Chris Formosa, a researcher at security firm Lumen’s Black… Read More: 14,000 routers are infected by malware that’s highly resistant to… »

Feds take notice of iOS vulnerabilities exploited under mysterious circumstances

Coruna is also notable for its use by three distinct hacking groups. Google first detected its use in February of last year in an operation conducted by a “customer of a surveillance vendor.” The vulnerability exploited, tracked as CVE-2025-23222, had been patched 13 months earlier. In July 2025, a “suspected Russian espionage group” exploited CVE-2023-43000… Read More: Feds take notice of iOS vulnerabilities exploited under mysterious circumstances »

Amazon appears to be down, with over 20,000 reported problems

Based on over 20,000 reports, Amazon appears to be experiencing an outage. According to Downdetector, reports of problems started increasing at 1:41 pm ET today. By 2:26 pm, ET, Downdetector received 18,320 reports of problems with Amazon’s website. The number of complaints peaked at 3:32 pm ET at 20,804. There have also been a smaller… Read More: Amazon appears to be down, with over 20,000 reported problems »

Trump gets data center companies to pledge to pay for power generation

On Wednesday, the Trump administration announced that a large collection of tech companies had signed on to what it’s calling the Ratepayer Protection Pledge. By agreeing, the initial signatories—Amazon, Google, Meta, Microsoft, OpenAI, Oracle, and xAI—are saying they will pay for the new generation and transmission capacities needed for any additional data centers they build.… Read More: Trump gets data center companies to pledge to pay for… »