Chris Wysopal

The curl project plans to end its HackerOne bug bounty program at the end of January, citing a surge in low-quality AI-generated vulnerability reports

The developer of the popular curl command-line utility and library announced that the project will end its HackerOne security bug bounty program …

The curl project plans to end its HackerOne bug bounty program at the end of January, citing a surge in low-quality AI-generated vulnerability reports

The developer of the popular curl command-line utility and library announced that the project will end its HackerOne security bug bounty program …

Amit Yoran, the CEO of cybersecurity company Tenable, passed away after a battle with cancer; he previously held a number of roles, including president of RSA

Longtime entrepreneur and cybersecurity executive Amit Yoran passed away Friday after a battle with cancer.

Unisys, Check Point, Avaya, and Mimecast to pay a combined $7M to the SEC, which says they negligently downplayed the impact of the SolarWinds supply chain hack

The companies fined are: Avaya, Check Point, Mimecast, and Unysis.  —  https://techcrunch.com/... X: Mike Swift / @swiftstories : The ⁦@SECGov⁩ is starting to hand out some real #c...

BSODs hit thousands of Windows PCs due to “a defect” in an update from CrowdStrike, taking banks, airlines, and more businesses offline; Microsoft is aware

or CrowdStrike Microsoft : HELPFUL LINKS  —  Get notified of outages that impact you  —  Building reliable applications on Azure The Record : IT teams scramble to recover from Crow...

A profile of CrowdStrike, founded in 2011 and used by 300 companies in the Fortune 500; Gartner: CrowdStrike has ~15% of the global security software market

The little-known company is very popular in Corporate America, contributing to the severity of the global IT outage

Researchers: polyfill.io, which offers JavaScript polyfills, is being used to infect 100K+ websites with malware, after a Chinese CDN bought the domain in 2024

Many US farmers had to halt their planting operations after a solar storm broke critical GPS and precision farming functionality in tractors and other equipment

The solar storm that brought the aurora borealis to large parts of the United States this weekend also broke critical GPS …

Researchers reveal a hotel keycard hacking technique that can let a hacker almost instantly open RFID-based Saflok locks used in 3M doors across 13K properties

The company behind the Saflok-brand door locks is offering a fix, but it may take months or years to reach some hotels.

A Canadian minister says the government plans to ban devices that copy wireless signals for remote keyless entry, like the Flipper Zero, to combat auto theft

A Canadian minister says the government plans to ban devices that copy wireless signals for remote keyless entry, like the Flipper Zero, to combat auto theft

🤨  —  https://www.bleepingcomputer.com/ ...  #security #pentesting #flipperzero #canada Matti Aleve / @maleve@zeroes.ca : Sigh where to even begin with this.  —  The subhead pretty...

Unciphered, which helps recover cryptocurrency, finds a BitcoinJS flaw in some wallets made before 2016, and says that up to $1B of crypto is at risk of theft

23andMe confirms that it is aware of user data from its platform circulating on hacker forums and attributes the leak to a credential-stuffing attack

23andMe has confirmed to BleepingComputer that it is aware of user data from its platform circulating on hacker forums and attributes the leak to a credential-stuffing attack.

Hacker group Cult of the Dead Cow details Veilid, an open-source, P2P application framework, and unveils VeilidChat, a Signal-like instant messaging app

'It's like Tor and IPFS had sex and produced this thing'  —  DEF CON Infosec super-band the Cult of the Dead Cow has released Veilid …

A profile of Window Snyder, who helped secure the early internet while at Microsoft and Mozilla, and pushed Apple to enable encryption by default in its devices

Snyder has made Windows, Mac computers, iPhones, and other technologies more secure for almost 25 years. Mastodon: @Weld@infosec.exchange and @kennwhite@mastodon.social . Bluesky: ...

Hackers claim responsibility for attacking Russian satellite internet service Dozor-Teleport; the IODA project says the network went down at 10pm EST on June 28

Daryna Antoniuk / The Record :

Researchers say hackers have compromised the VoIP desktop client of 3CX's Phone System, used by 600K+ companies and 12M+ DAUs, in an ongoing supply chain attack

https://www.3cx.com/...  Any vendor of software and services that pull in code from NPM, PIP, RubyGems etc … Eitan Erez : This supply chain attack started unfolding not long ago as...

Researchers say hackers have compromised the 3CX VoIP IPBX desktop app, used by 600K+ companies and 12M+ daily users, in an ongoing supply chain attack

A digitally signed and trojanized version of the 3CX Voice Over Internet Protocol (VOIP) desktop client is reportedly being used to target …

Google's Project Zero finds 18 zero-day vulnerabilities in Exynos modems, affecting some Samsung, Vivo, and Google phones as well as wearables and vehicles

do this before you're next Maria Deutscher / SiliconANGLE : Google discovers 18 vulnerabilities in multiple Samsung chips Pierluigi Paganini / Security Affairs : Baseband RCE flaws...

LastPass says hackers stole password vault data in 2022 by exploiting an RCE flaw in third-party software to install a keylogger on a DevOps engineer's computer

Lawrence Abrams / BleepingComputer :