News
AI supply chain attacks don’t even require malware…just post poisoned documentation
A new service that helps coding agents stay up to date on their API calls could be dialing in a massive supply chain vulnerability.…
Scammers have virtual smartphones on speed dial for fraud
Smartphones have fast become the basis of our digital identities, securing payment systems and bank accounts. Now virtual devices that pretend to be real handsets have become a key tool for financial scammers, according to one company. …
Jen Easterly, cybersecurity's 'relentless optimist,' hopes feds come back to RSAC next year
RSAC 2026 "Everybody feels massive FOMO if they don't get to RSAC," Jen Easterly says.…
Only Trump can decide when cyberwar turns into real war
rsac 2026 There's a theoretical red line with cyber warfare. Cross it, and the US will respond with a physical attack like missile strikes. And that line "is whatever the President says it is," according to former NSA boss retired General Paul Nakasone.…
Enterprise PCs are unreliable, unpatched, and unloved compared to Macs
End-user compute vendor Omnissa, the company formed by the spin-out of VMware’s virtual desktops, applications, and device management biz, has dug into the telemetry it collects from customers and painted a picture of the world’s enterprise hardware fleet – and the news is better for Google and Apple than it is for Microsoft.…
EFF has a new boss to lead the fight against privacy-sucking forces of doom
interview The Electronic Frontier Foundation (EFF) on Tuesday appointed Nicole Ozer to succeed Cindy Cohn as the cyber rights group's executive director when Cohn departs this summer.…
1K+ cloud environments infected following Trivy supply chain attack
RSAC 2026 Thousands of organizations' cloud environments have been infected with secret-stealing malware as a result of the Trivy supply-chain attack last week, and now the crims that compromised the open source scanners are working with notorious extortion crews like Lapsus$.…
LiteLLM loses game of Trivy pursuit, gets compromised
Two versions of LiteLLM, an open source interface for accessing multiple large language models, have been removed from the Python Package Index (PyPI) following a supply chain attack that injected them with malicious credential-stealing code.…