Robert Malmgren

AWS Outage #itwasdns

With the AWS outage, now‘s as good a time as any to post this old strip.

Even the Inventor of 'Vibe Coding' Says Vibe Coding Can't Cut It Humans keep hanging on.

Even the Inventor of 'Vibe Coding' Says Vibe Coding Can't Cut It

Chinese cyberspies compromised Russian tech provider : Who needs enemies when you have friends like Xi?

Chinese cyberspies snoop on Russian IT biz in rare east-on-east attack www.theregister.com/2025/10/16/c...

npm, PyPI, and RubyGems Packages Found Sending Developer Data to Discord Channels Researchers expose Discord webhook C2 in npm, PyPI, RubyGems; North Korean actors published 338 malicious npm packages with 50k+ downloads.

npm, PyPI, and RubyGems Packages Found Sending Developer Data to Discord Channels thehackernews.com/2025/10/npm-...

Fuji Electric HMI Configurator Flaws Expose Industrial Organizations to Hacking Fuji Electric has released patches and Japan’s JPCERT has informed organizations about the vulnerabilities.

Fuji Electric HMI Configurator Flaws Expose Industrial Organizations to Hacking www.securityweek.com/fuji-electri...

Operation Zero Disco: Attackers Exploit Cisco SNMP Vulnerability to Deploy Rootkits Trend™ Research has uncovered an attack campaign exploiting the Cisco SNMP vulnerability CVE-2025-20352, allowing remote code execution and rootkit deployment on unprotected devices, with impacts obse...

Great investigation from Trend Micro with the contributions from Joey Chen! Threat actor are actively targeting the SNMP protocol on routers for exploitation.

www.trendmicro.com/en_us/resear...

Contrary to popular belief, some things shouldn't be connected to any network.

Attacks on Palo Alto PAN-OS Global Protect Login Portals Surge from 2,200 IPs A massive escalation in attacks targeting Palo Alto Networks PAN-OS GlobalProtect login portals, with over 2,200 unique IP addresses conducting reconnaissance operations as of October 7, 2025.

Attacks on Palo Alto PAN-OS Global Protect Login Portals Surge from 2,200 IPs share.google/3AKnoRQdBoy1...

FBI takedown banner appears on BreachForums site as Scattered Spider promotes leak As part of its plan to extort high-profile customers of Salesforce, the Scattered Spider group had revived the BreachForums platform. The site now bears an FBI seizure notice.

FBI takedown banner appears on BreachForums site as Scattered Spider promotes leak #cybersecurity #hacking #news #infosec #security #technology #privacy

ID photos of 70,000 users may have been leaked, Discord says The platform says hackers targeted a firm that helped to verify the ages of its users.

Fanns det problem med hela den här approachen "skicka en bild av ditt pass/ID", alltså?

www.bbc.com/news/article...

Huh, ID checks not such a great idea

Wiz Finds Critical Redis RCE Vulnerability: CVE‑2025‑49844 | Wiz Blog A 13‑year Redis flaw (CVE‑2025‑49844) allows attackers to escape Lua sandbox and run code on hosts. See Wiz Research’s analysis and mitigations.

RediShell security flaw in Redis:

-remotely exploitable
-CVSSv3 10/10
-impacts all versions released over the past 13 years
-impacts 75% of cloud instances

www.wiz.io/blog/wiz-res...

redis.io/blog/securit...

NIRS fire destroys government's cloud storage system, no backups available A fire at the National Information Resources Service (NIRS) Daejeon headquarters destroyed the government’s G-Drive cloud storage system, erasing work files saved individually by some 750,000 civil servants.

A fire at the National Information Resources Service (NIRS) Daejeon headquarters destroyed the government’s G-Drive cloud storage system, erasing work files saved individually by some 750,000 civil servants.

Cryptography Performance Improvements Coming For Linux 6.18 - https://www.phoronix.com/news/Linux-6.18-Faster-Crypto

What to do if your company discovers a North Korean worker in its ranks U.S. businesses face complex legal, cybersecurity, and compliance challenges after uncovering North Korean IT workers on their payrolls, experts warn at Google's Cyber Defense Summit.

What to do if your company discovers a North Korean worker in its ranks cyberscoop.com/north-korean...

sec-t can start….

ICS[AP] Dashboards are updated with the 14 (9 new & 5 updated) CISA Advisories 9/9/25:

Rockwell Automation: 8 New | 1 Update
ABB: 1 New
Mitsubishi Electric: 2 Update
Schneider Electric: 1 Update
EG4 Electronics: 1 Update

www.icsadvisoryproject.com
#icssecurity
#otsecurity
#vulnerabilitymanagement

Two of my favorite people being intensely human and smart about an overhyped subject. There’s wisdom here. Worth your time.

The crazy, true story behind the first AI-powered ransomware interview: tldr; boffins did it

The crazy, true story behind the first AI-powered ransomware www.theregister.com/2025/09/05/r...

NYU team behind AI-powered malware dubbed ‘PromptLock’ Researchers at NYU’s Tandon School of Engineering confirmed they created PromptLock to illustrate potential harms of AI-powered malware.

NYU team behind AI-powered malware dubbed ‘PromptLock’ cyberscoop.com/ai-ransomwar...

Cyberattack forces Jaguar Land Rover to tell staff to stay at home Luxury automaker Jaguar Land Rover says employees should stay home through the weekend as it works to mitigate the impact of a cyberattack.

Cyberattack forces Jaguar Land Rover to tell staff to stay at home #cybersecurity #hacking #news #infosec #security #technology #privacy

Anthropic Agrees to Pay Authors at Least $1.5 Billion in AI Copyright Settlement Anthropic will pay at least $3,000 for each copyrighted work that it pirated. The company downloaded unauthorized copies of books in early efforts to gather training data for its AI tools.

BREAKING: Anthropic has agreed to pay at least $1.5 billion to authors in class action lawsuit for pirating their works www.wired.com/story/anthro...

AI Supply Chain Attack Method Demonstrated Against Google, Microsoft Products An AI supply chain issue named Model Namespace Reuse can allow attackers to deploy malicious models and achieve code execution.

AI Supply Chain Attack Method Demonstrated Against Google, Microsoft Products www.securityweek.com/ai-supply-ch...

Not a lot of public reporting on this, but we are seeing a mountain of activity 👀

Financial Times has a new VDLeyen-jamming article where the most senior expert on GNSS jamming there is, Todd Humphreys, professor of aerospace engineering, agrees with my assessment that the transponder-GPS might have been healthy and the pilot-view GPS might have been jammed.

Russia's largest oil company is collapsing.
YES!! 👍👏🎉🎊

Japan's utilities cut fossil fuel electricity share to new lows Fossil fuels generated a record low share of Japan's utility-scale electricity supplies over the first half of 2025, marking an important milestone in the energy transition momentum of one of the world's largest fossil fuel consumers.

We're trying to bully Japan into taking our LNG, but ...

"Fossil fuels generated a record low share of Japan's utility-scale electricity supplies over the first half of 2025, marking an important milestone in the energy transition momentum of one of the world's largest fossil fuel consumers."