"LLMs can't stop making up software dependencies and sabotaging everything."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 13 April 2025, 1321 UTC.

Content and Source:  Email subscription via https://feedly.com.

Please check link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

The Register – Security

95K followers27 articles per week

#security#tech

17

Most popular

LLMs can't stop making up software dependencies and sabotaging everything

UTSA studies AI risks in coding

•

83by Thomas Claburn / 1d

Hallucinated package names fuel 'slopsquatting' The rise of LLM-powered code generation tools is reshaping how developers write software - and introducing new risks to the software supply chain in the process.…

Ex-Meta exec tells Senate Zuck dangled US citizen data in bid to enter China

Wynn-Williams to testify on Facebook

•

49by Iain Thomson / 2d

Former policy boss claims Facebook cared little about national security as it chased the mighty Yuan Facebook's former director of global public policy told a Senate committee that Meta CEO Mark Zuckerberg was willing to do almost anything to get the social network into China - including, she alleged, offering up Americans' data.…

Don't open that JPEG in WhatsApp for Windows. It might be an .EXE

6 TTPs

•

21by Jessica Lyons / 4d

•

CVE-2025-30401

What a MIME field A bug in WhatsApp for Windows can be exploited to execute malicious code by anyone crafty enough to persuade a user to open a rigged attachment - and, to be fair, it doesn't take much craft to pull that off.…

Apr 11, 2025

Microsoft total recalls Recall totally to Copilot+ PCs

Microsoft re-releases Recall feature

•

by Iain Thomson / 1d

Redmond hopes you’ve forgotten or got over why everyone hated it the first time After temporarily shelving its controversial Windows Recall feature amid a wave of backlash, Microsoft is back at it - now quietly slipping the screenshotting app into the Windows 11 Release Preview channel for Copilot+ PCs, signaling its near-readiness for general availability.…

Apr 10, 2025

Ransomware crims hammering UK more than ever as British techies complain the board just doesn't get it

43% UK businesses face cyber breaches

•

by Connor Jones / 2d

Issues at the very top continue to worsen The UK government's latest annual data breach survey shows the number of ransomware attacks on the isles is on the increase – and many techies are forced to constantly informally request company directors for defense spending because there's no security people on the board.…

US sensor giant Sensata admits ransomware derailed ops

3 TTPs

•

by Connor Jones / 2d

•

Sensata experiences ransomware incident

Props for the transparency though US sensor maker Sensata has told regulators that a ransomware attack caused an operational disruption, and that it's still working to fully restore affected systems.…

Infosec experts fear China could retaliate against tariffs with a Typhoon attack

China and Spain strengthen partnership

•

by Jessica Lyons / 3d

Scammers are already cashing in with fake invoices for import costs World War Fee As the trade war between America and China escalates, some infosec and policy experts fear Beijing will strike back in cyberspace.…

Apr 9, 2025

Europol: Five pay-per-infect suspects cuffed, some spill secrets to cops

Operation Endgame follow-up arrests malware

•

by Connor Jones / 3d

Officials teased more details to come later this year Following the 2024 takedown of several major malware operations under Operation Endgame, law enforcement has continued its crackdown into 2025, detaining five individuals linked to the Smokeloader botnet.…

The Reg translates the letter in which Oracle kinda-sorta tells customers it was pwned

Oracle faces criticism over security incidents

•

by Iain Thomson / 3d

TL;DR: Move along, still nothing to see here - an idea that leaves infosec pros aghast Oracle's letter to customers about an intrusion into part of its public cloud empire - while insisting Oracle Cloud Infrastructure was untouched - has sparked a mix of ridicule and outrage in the infosec community.…

Trump kills clearances for infosec's SentinelOne, ex-CISA boss Chris Krebs

Trump revokes Chris Krebs security clearance

•

by Simon Sharwood / 3d

Alleges cybersecurity agency was ‘weaponized’ to suppress debunked theories Updated The Trump administration on Wednesday ordered a criminal investigation into alleged censorship conducted by the USA’s Cybersecurity and Infrastructure Security Agency, aka CISA, plus revocation of any security clearances held by the agency's ex-head Chris Krebs and anyone else at SentinelOne, the cybersecurity com

April's Patch Tuesday leaves unlucky Windows Hello users unable to login

CVE-2025-29824

•

by Iain Thomson / 3d

Can't Redmond ask its whizz-bang Copilot AI to fix it? Updated Those keen to get their Microsoft PCs patched up as soon as possible have been getting an unpleasant shock when they try to get in using Windows Hello.…

Wyden blocks Trump's CISA boss nominee, blames cyber agency for 'actively hiding info' about telecom insecurity

Senator blocks cybersecurity nominee over

•

by Jessica Lyons / 3d

It worked for in 2018 with Chris Krebs. Will it work again? Uncle Sam's Cybersecurity and Infrastructure Security Agency, aka CISA, has been "actively hiding information" about American telecommunications networks' weak security for years, according to Senator Ron Wyden.…

Someone compromised US bank watchdog to access sensitive financial files

Hackers accessed US bank regulators' emails

•

by Iain Thomson / 3d

OCC mum on who broke into email, but Treasury fingered China in similar hack months ago A US banking regulator says sensitive financial oversight data was accessed by one or more system intruders for more than a year in what's been described as "a major information security incident."…

Google's got a hot cloud infosec startup, a new unified platform — and its eye on Microsoft's $20B+ security biz

LTIMindtree expands Google Cloud partnership

•

by Jessica Lyons / 4d

How Chocolate Factory hopes to double down on enterprise-sec Cloud Next Google will today reveal a new unified security platform that analysts think can help it battle Microsoft for a bigger chunk of the enterprise infosec market.…

Apr 8, 2025

Pharmacist accused of using webcams to spy on women in intimate moments at work, home

Pharmacist spied on coworkers for years

•

by Thomas Claburn / 4d

Lawsuit claims sick cyber-voyeurism went undetected for years, using hundreds of PCs, due to lax infosec A now-former pharmacist at the University of Maryland Medical Center (UMMC) has been accused of compromising the US healthcare organization's IT systems to ogle female clinicians using webcams at their workplace and at their homes.…

Bad luck, Windows 10 users. No fix yet for ransomware-exploited bug

6 TTPs

•

by Iain Thomson / 4d

A novel way to encourage upgrades? Microsoft would never stoop so low Patch Tuesday Patch Tuesday has arrived, and Microsoft has revealed one flaw in its products under active exploitation and 11 critical issues in its code to fix.…

Scattered Spider stops the Rickrolls, starts the RAT race

IoC > 9 domains

•

by Jessica Lyons / 5d

•

19 TTPs

Despite arrests, eight-legged menace targeted more victims this year Despite several arrests last year, Scattered Spider's social engineering attacks are continuing into 2025 as the cybercrime collective targets high-profile organizations and adds another phishing kit to its arsenal along with a new version of Spectre RAT malware.…

End of feed