Critical XWiki Vulnerability Abused in the Wild for Cryptocurrency Mining
A critical remote code execution (RCE) vulnerability (CVE-2025-24893) in XWiki, a widely-used open-source wiki platform, is being actively exploited in…
Security
Social Engineering People’s Credit Card Details
Good Wall Street Journal article on criminal gangs that scam people out of their credit card information: Your highway toll…
Louvre Jewel Heist
I assume I don’t have to explain last week’s Louvre jewel heist. I love a good caper, and have (like…
First Wap: A Surveillance Computer You’ve Never Heard Of
Mother Jones has a long article on surveillance arms manufacturers, their wares, and how they avoid export control laws: Operating…
How We (Almost) Found Chromium’s Bug via Crash Reports to Report URI
Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite…
Weekly Update 475
Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite…
Friday Squid Blogging: “El Pulpo The Squid”
There is a new cigar named “El Pulpo The Squid.” Yes, that means “The Octopus The Squid.” As usual, you…
Part Four of The Kryptos Sculpture
Two people found the solution. They used the power of research, not cryptanalysis, finding clues amongst the Sanborn papers at…
Serious F5 Breach
This is bad: F5, a Seattle-based maker of networking software, disclosed the breach on Wednesday. F5 said a “sophisticated” threat…
AWS Outage: Lessons Learned
What can we learn from the recent AWS outage, and how can we apply those lessons to our own infrastructure?…