Weekly Update 489
Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite…
Security
Microsoft is Giving the FBI BitLocker Keys
Microsoft gives the FBI the ability to decrypt BitLocker in response to court orders: about twenty times per year. It’s…
AI Coding Assistants Secretly Copying All Code to China
There’s a new report about two AI coding assistants, used by 1.5 million developers, that are surreptitiously sending a copy…
Juice Jacking Continues to Be a Cyber Problem in South Africa
“Juice jacking” may be a new term for some, but it has been around as a method of cyber attack…
Friday Squid Blogging: New Squid Species Discovered
A new species of squid. pretends to be a plant: Scientists have filmed a never-before-seen species of deep-sea squid burying…
AIs Are Getting Better at Finding and Exploiting Security Vulnerabilities
From an Anthropic blog post: In a recent evaluation of AI models’ cyber capabilities, current Claude models can now succeed…
Why API Security Is No Longer an AppSec Problem – And What Security Leaders Must Do Instead
APIs are one of the most important technologies in digital business ecosystems. And yet, the responsibility for their security often…
Story of Cyberattack: 16 Billion Leaked Credentials: “The Mega Leak”
What if the password you used years ago is still giving attackers access to your accounts today? What if a…
5 Best Practices for SSL/TLS Certificate and Private Key Security
In today’s world of constant data breaches, phishing campaigns, and MITM attacks, the security of SSL is paramount. Most online…
From SSO to SOS: How CVE-2026-24858 Gave Hackers the Keys to Your Fortinet Gear
Fortinet has addressed a critical authentication bypass vulnerability, CVE-2026-24858, affecting FortiOS, FortiManager, FortiAnalyzer, FortiWeb and FortiProxy. The vulnerability, with a…