Alvaro Lopez Ortega

@alobbs.com

13 hours ago

2026-04-14 Briefing Australia’s Coalition has proposed Trump-style social media vetting for all visa applicants. Meanwhile, Google is expanding spam policies to prohibit "back button hijacking" by 2026. In tech news, DaVinci Resolve released a new professional photo editor, while JAXA attributed its recent H3 rocket failure to a manufacturing defect. Finally, experts warn of a rising US "intimacy crisis."

Tech News Briefing — #AIInElections #CyberSecurityThreats #TechAcquisitions #FormalVerification #DataPrivacyMatters #SrinivasaRamanujanLegacy → https://alobbs.com/post/2026-04-14/

The Friday Wrap up

@thefwu.com

1 day ago

Nearly 4,000 US industrial devices exposed to Iranian cyberattacks The attack surface targeted by Iranian-linked hackers in cyberattacks against U.S. critical infrastructure networks includes thousands of Internet-exposed programmable logic controllers (PLCs) manufactured...

Nearly 4,000 US industrial devices are vulnerable to cyberattacks by an Iranian group exploiting systems with weak security. This highlights the crucial importance of bolstering cybersecurity defenses in industrial settings. #CybersecurityThreats

CySecurity News

@cysecuritynews.bsky.social

2 days ago

Hims and Hers Discloses Cyberattack Impacting Customer Support Infrastructure   The integrity of digital systems has become inextricably linked to patient trust in an industry where discretion is not only expected but is fundamental. Telehealth providers, by design, are at the intersection of convenience and confidentiality, handling deeply personal disclosures ranging from routine wellness concerns to highly sensitive conditions, delivering a balance between convenience and confidentiality.  In spite of their rapid scaling and increasing reliance on third-party services for customer interactions, these platforms have a security posture that extends far beyond their own infrastructure. External integrations no matter how efficient they may be operationally introduce a new layer of vulnerability, increasing the attack surface in ways often not apparent until the incident has occurred.  A breach involving the company’s customer support environment has now materialized that risk for Hims & Hers, which is notifying customers. In fact, the incident did not result from the organization's core medical systems, but from its third-party customer service platform which handles user queries and support tickets an often overlooked repository of information submitted by users.  A preliminary investigation was initiated by the company on February 5, which resulted in unauthorized access to support tickets between February 4 and February 7. Upon conducting a comprehensive review of those tickets, which was concluded on March 3, the company confirmed that personal information was contained therein. It was disclosed to the Office of the California Attorney General that an unidentified threat actor gained access to what was described as "certain tickets sent to our customer service team." This had a limited impact on a limited number of users.  The company has not fully disclosed the scope of exposed data, but acknowledges that names, contact information, and additional user-provided information was likely accessed. Some of these details are redacted in the filing. As a matter of fact, Hims & Hers stated that no medical records or direct doctor-patient communications were compromised.  Nevertheless, the nature of the exposed data underscores a more general concern concerning telehealth ecosystems. Support tickets frequently contain contextual clues symptoms described in plain language, product inquiries pertaining to specific conditions, or follow-ups that reveal treatment journeys implicitly.  When a platform offers services such as hair loss, erectile dysfunction, mental health, skincare, and weight management, even limited identifiers may be used to communicate unintended sensitivity. Thus, this breach highlights a critical reality of healthcare-related digital services: operational information and deeply personal information are far more closely linked than they appear to be in these services. It is unclear at this time what the extent of the exposure is.  The company has not yet confirmed the number of individuals affected. The California data breach notification framework mandates disclosures when there are 500 or more residents involved, a threshold that often indicates that the event is of higher materiality. An employee spokesperson of the company, Jake Martin, stated in the report that the intrusion had been caused by a social engineering attack, suggesting that the attackers were exploiting a purely technical vulnerability rather than manipulating internal personnel to gain unauthorized access.  A granular breakdown of the information accessed was not provided by the company despite follow-up inquiries, which indicated that the compromised dataset primarily consisted of customer names and email addresses. As an important point, the organization has not disclosed whether it has received direct communication from the threat actors, including extortion demands or ransom demands, leaving open the question of the attacker's intent and post-compromise activities. The ambiguity is indicative of a wider and increasingly familiar threat landscape trend characterized by customer support and ticketing environments emerging as highly valued targets for adversaries motivated by financial gain.  In addition to being information-rich, these systems are also less fortified than core transactional or clinical systems because they aggregate user-submitted data in less structured formats. Additionally, this incident aligns with a growing number of breaches involving similar infrastructures. As part of its customer service ticketing system compromise in 2025, Discord disclosed the exposure of 70,000 users' sensitive identity documents, including government-issued identifications, submitted for age verification purposes by approximately 70,000 users.  A critical shift in attacker focus can be observed in these cases, where peripheral service layers, particularly those that are managed by third parties, are increasingly used as entry points for accessing highly sensitive data by compromising primary systems rather than confronting them directly.  Keeping in line with industry practice, Hims & Hers is now providing complimentary credit monitoring to affected customers for a period of 12 months. These measures provide a minimum level of financial oversight, but they do little to mitigate the risk of targeted social engineering that is more immediate and sophisticated.  Specifically, the release of support ticket data provides an opportunity for highly contextual phishing campaigns, in which threat actors use authentic user interactions, such as prescription-related queries or treatment discussions, to create messages that are significantly more convincing than generic fraud attempts. By utilizing personalized communications instead of direct breaches of financial systems, these tactics achieve maximum effectiveness.  The security analyst community has consistently warned that even small amounts of health-related context can be used to weaponize datasets for coercion, fraud, and reputational damage. It is unclear whether such misuse has taken place in this case, but it remains plausible. If sensitive treatment or condition information is linked to identifiable contact information, it can be used in extortion schemes or deceptive outreach campaigns to obtain more information. It is noteworthy that this emerging threat model aligns with prior Federal Bureau of Investigation advisories, which have documented cases in which adversaries impersonated insurance companies, claims investigators, or healthcare representatives to obtain medical records and financial information. Due to this backdrop, affected individuals are encouraged to take a more defensive position in addition to passive monitoring in order to protect themselves from harm.  In particular, users are advised to be cautious when responding to unsolicited communications referencing specific treatments, past support interactions, or account activity, as well as verifying any requests for information through official, trusted communication channels before engaging with embedded links or attachments in unexpected messages.  An enhanced level of situational awareness can be enhanced by taking proactive measures, such as monitoring for data exposure across illicit marketplaces. It may be possible to identify downstream misuse early when utilizing tools such as Malwarebytes Digital Footprint Scanner, which tracks credential and personal information circulation. This can allow individuals to act before such information is actively exploited. According to prevailing industry practice, Hims & Hers is offering 12 months' complimentary credit monitoring to affected users. Although such measures provide a baseline layer of financial oversight, they are insufficient to mitigate the more immediate and sophisticated risks associated with targeted social engineering.  A particular concern with the availability of support ticket data is the possibility of highly contextual phishing campaigns, where threat actors can craft messages based on genuine user interactions, such as prescription-related queries or treatment discussions, which are much more convincing than generic fraud attempts. In order to successfully utilize these tactics, it is imperative that trust be exploited through personalization, not by directly breaching financial systems.  The security analyst community has consistently warned that even small amounts of health-related context can be used to weaponize datasets for coercion, fraud, and reputational damage. It is unclear whether such misuse has taken place in this case, but it remains plausible.  In combination with identifiable contact details, information related to sensitive treatments or conditions may be used to perpetrate extortion schemes or deceptive outreach aimed at eliciting further disclosures. In line with prior advice from the Federal Bureau of Investigation, this evolving threat model aligns with cases in which adversaries have impersonated insurance companies, claims investigators, and healthcare representatives in order to extract medical records and financial information. This background is being used to encourage affected individuals to adopt a more defensive posture which goes beyond passive monitoring.  Taking note of unsolicited communications especially those referencing specific treatments, past interactions with support staff, or account activity is essential. It is advised that users avoid engaging with embedded links or attachments within unexpected messages and verify all requests for information using official and trusted channels.  Monitoring for potential data exposure across illicit marketplaces can further enhance situational awareness by enhancing proactive measures. It is possible for malwarebytes to provide early indications of downstream misuse through tools like the Malwarebytes Digital Footprint Scanner, which tracks credentials and personal data circulation. Therefore, individuals can respond before such information is actively exploited.  The nature of incidents such as these underscores the need for digital health providers to redesign their security strategies beyond traditional system boundaries in light of these incidents. A healthcare platform's resilience is increasingly dependent on the governance of third-party integrations, employee awareness and a visibility of data flows across support ecosystems, as demonstrated by Hims & Hers.  In order to protect themselves against social engineering threats in the future, organizations operating in this field will need to adopt a layered security posture integrating continuous monitoring, stricter access controls, and targeted training.  While maintaining caution and being informed, users must realize that even limited data exposures can be exploited by sophisticated attack chains. As the threat landscape evolves, it is evident that safeguarding healthcare data is not limited to clinical systems but is also extended to every interface which creates, shares, or stores personal information.

Hims and Hers Discloses Cyberattack Impacting Customer Support Infrastructure #CustomerDataExposure #CybersecurityThreats #DataBreach

Alvaro Lopez Ortega

@alobbs.com

1 week ago

2026-04-03 Briefing A malicious WhatsApp version is spreading spyware that can activate cameras and monitor calls. Globally, an Oxfam report shows the richest 0.1% hide $2.8 trillion in tax havens, exceeding the assets of the world's poorest half. Meanwhile, Anthropic researchers warn that AI models' internal emotional representations could drive unethical actions, while Chinese firms strengthen their hold on the humanoid robot supply chain.

Tech News Briefing — #AIEthics #CybersecurityThreats #ArtificialIntelligence #RoboticsInnovation #TechInvestments #WebRevival → https://alobbs.com/post/2026-04-03/

Alvaro Lopez Ortega

@alobbs.com

2 weeks ago

2026-03-31 Briefing A critical security breach has compromised the widely used axios HTTP client library on npm, distributing a remote access trojan that targets macOS, Windows, and Linux systems, prompting urgent updates and credential rotations. Simultaneously, a report highlights safety concerns for NASA’s Artemis II mission due to damage to the Orion capsule’s heat shield, potentially delaying the planned lunar flyby. Elsewhere, India’s booming smartphone exports, totaling $11 billion, face a looming threat from escalating tensions in the Middle East, potentially slashing shipments by up to 25%. Finally, a concerning new practice has emerged: Babel Audio is paying individuals to record conversations, creating AI training data from potentially sensitive exchanges.

Tech News Briefing — #AIAdvancements #MLXpowered #EthicalModels #CyberSecurityThreats #DataBackupMatters #TechNewsAlert → https://alobbs.com/post/2026-03-31/

CySecurity News

@cysecuritynews.bsky.social

2 weeks ago

Large Scale Ransomware Attack at Marquis Compromises Data of 672000 People   Marquis, a Texas-based provider of analytics and visualization solutions to hundreds of U.S. banks, recently disclosed a ransomware intrusion that took place in August 2025 resulted in a large-scale compromise of highly sensitive customer information, demonstrating the systemic vulnerability inherent in today's interconnected financial data ecosystem.  A breach that has only recently become publicized due to regulatory disclosures affected at least 672,075 individuals, and involved exfiltration of both personal identifiers and critical financial information. A company filing submitted to the Maine Attorney General's office indicates that it is beginning the process of notifying the affected, with a significant concentration of those affected residing in Texas.  In light of the extent of the stolen dataset, which consists of names, dates of birth, addresses, bank account details, payment card information, and even Social Security numbers, this is not merely an unauthorized access incident, but a deeply consequential event threatening consumer financial security as well as institutional trust for the long term.  Marquis has received subsequent disclosures suggesting that the incident may have been linked to a broader compromise within the vendor ecosystem on which Marquis relies. SonicWall released an advisory in mid-September 2025 urging its customers to reset their credentials following the discovery of a brute-force attack on the MySonicWall cloud platform. This service stores and manages configuration backups on behalf of firewall administrators.  A backup may contain highly sensitive operational data, including network rules, access control policies, VPN configurations, authentication parameters associated with enterprise identity systems such as LDAP, RADIUS, and SNMP, as well as administrative account credentials. Later, Marquis confirmed the inclusion of Marquis among those affected entities, and the company acknowledged that the compromise encompassed the entire company's customer base.  Although early reports do not offer a complete picture of downstream impact, subsequent regulatory filings by Marquis across multiple jurisdictions show that the nature and extent of compromised data varies from state to state. This company provided a particularly comprehensive dataset in its submission to Maine authorities that included names, physical addresses, contact information, Social Security numbers, taxpayer identification numbers, and financial account information without associated security codes.  The date of birth, as well as the dates of birth, indicate a breach with both infrastructure and personal consequences. As a result of the incident, more attention has been drawn to the structural risks associated with the financial sector's reliance on third-party service providers, where a single point of compromise can have cascading effects on a number of institutions and, by extension, their clients.  The runsomware event in August affected data associated with clients from dozens of banks and credit unions, according to Marquis, but it has only recently been confirmed how broad the scope of the individual impact and the amount of information exposed have been clarified. According to our investigation, the initial intrusion vector was caused by unauthorized access to the SonicWall firewall, which permitted a third party to gain access to Marquis’ internal network.  In response to this incident, the company has taken legal action against the vendor, emphasizing the complexity of accountability issues which often follow breaches involving interconnected technology. Providing digital and physical marketing solutions to more than 700 financial institutions along with compliance software and services, Marquis occupies a position of considerable data centrality, which inherently magnifies the downstream consequences of any security breaches.  Due to their centralized storage of aggregated financial data and personally identifiable information, such intermediaries remain high-value targets for ransomware groups. Upon learning about the breach, affected individuals are advised to adopt heightened monitoring practices, including carefully reviewing their bank and credit card transactions, obtaining credit reports from established credit bureaus, and activating fraud alerts and credit freezes whenever necessary.  Furthermore, caution is being urged against unsolicited communications that may attempt to exploit the incident through phishing or social engineering methods. Ultimately, the episode underscores the importance of continuous risk assessments, stronger access controls, and coordinated security strategies between institutions and service providers as an increasingly persistent and sophisticated threat landscape continues to affect the financial ecosystem. A security breach has also drawn attention to the systemic vulnerabilities introduced by financial institutions' deeper integration with third-party technology providers, where operational efficiency is often sacrificed at the expense of expanded attack surfaces.  Even though Marquis had previously acknowledged that the August ransomware incident affected banking and credit union clients, subsequent disclosures have clarified the extent of individual exposures as well as the sensitive nature of compromised records. A forensic analysis revealed that the point of entry was a SonicWall firewall that permitted unauthorized access to Marquis' internal infrastructure, allowing an external actor to gain access to the system. It has therefore decided to pursue legal action against the vendor in response, emphasizing the complex issues of liability and shared responsibility that arise from breaches within interconnected digital ecosystems.  A significant amount of information within Marquis's systems magnifies the impact of such an intrusion because of the company's role in providing marketing, compliance, and data-driven services to more than 700 financial institutions. Observations from security experts suggest organizations that operate at this crossroads of aggregated financial and personally identifiable data remain particularly attractive targets for ransomware operators seeking maximum impact.  In light of the incident, individuals are being urged to adopt a more vigilant stance, which includes monitoring their financial statements on a continuous basis, obtaining credit reports to detect anomalies, and implementing precautionary measures, such as fraud alerts or credit freezes, as appropriate. A special focus is being placed on preventing opportunistic follow-on attacks, such as phishing attacks or deceptive outreach that may use compromised information to establish trust. These incidents serve as a reminder, together with tighter access governance and more cohesive defensive collaboration between service providers and their institutional clients, of the importance of continuous security reassessment, tighter access governance, and more cohesive defensive collaboration.  In an increasingly complex digital environment, threat actors continue to refine their tactics. Despite the incident's unfortunate outcome, it serves as a defining example of how digitally interconnected financial services are evolving in terms of risk dynamics, in which trust is distributed among vendors, platforms, and shared infrastructure.  As a result, cybersecurity is no longer considered a perimeter function, but rather an integrated, continuous discipline throughout the entire supply chain that must be addressed continuously. It entails a deeper level of vendor due diligence, stricter configuration governance, and real-time visibility into third-party dependencies for institutions. As a result, service providers must harden cloud-integrated environments and limit the persistence of sensitive credentials within systems that can be accessed.  A stronger regulatory scrutiny and continued exploits of systemic interdependencies will lead to an increasing focus on resilience, which will not necessarily mean avoiding breaches but rather anticipating, containing, and responding transparently to breaches without eroded stakeholder trust.

Large Scale Ransomware Attack at Marquis Compromises Data of 672000 People #BankingSecurity #CybersecurityThreats #DataBreach

Alvaro Lopez Ortega

@alobbs.com

2 weeks ago

2026-03-27 Briefing Chinese AI startup Moonshot AI is eyeing a Hong Kong IPO with an $18 billion valuation, following a wave of successful tech listings. Meanwhile, SpaceX is preparing for a potential June IPO, potentially offering a significant portion of shares to retail investors, while AI legal tool Steno secured $49 million in Series C funding. Telehealth company eMed, backed by Tom Brady, raised $200 million, achieving a valuation exceeding $2 billion, and Blossom Health, focused on AI for psychiatry, landed $20 million. Several other tech firms are also signaling IPO plans, indicating a renewed interest in public markets.

Tech News Briefing — #ArtificialIntelligenceInvestments
#TechIPOsOnTheRise
#SpaceXExpansion
#CyberSecurityThreats
#AIAdvancementsInMedicine
#TechIndustryNewsAlerts → https://alobbs.com/post/2026-03-27/

CySecurity News

@cysecuritynews.bsky.social

3 weeks ago

Large Scale Data Breach at Conduent Hits 25 Million Users Nationwide   A central component of public service delivery, Conduent is entrusted with the invisible yet indispensable machinery that keeps the system running from healthcare eligibility systems to benefits administration, and occupies a unique position at the intersection of government operations and private data stewardship. This centrality, however, is the subject of recent scrutiny. Several months ago, from October 2024 to January 2025, a covert intrusion occurred within the organization's network, resulting in the exfiltration of at least 25 million individuals' personal data. It was not simply routine identifiers exposed in the breach; it also compromised information related to Medicaid and SNAP programs as well as Social Security numbers.  Modern digital infrastructure faces a sobering reality in light of the incident: the fallout of compromised organizations that are responsible for managing critical public services extends far beyond corporate boundaries, putting millions of individuals at risk for years to come. In the subsequent disclosures, it has been established that the scope of the compromise has been clarified, suggesting a much greater impact than was initially anticipated.  Approximately 25 million individuals in the United States were affected by the breach, according to a February update provided by the Wisconsin Department of Agriculture, Trade and Consumer Protection, thereby cementing the incident's ranking as one of the most consequential data breaches in recent history. There appears to have been sustained access to internal systems during the period late 2024 to early 2025, as determined by forensic assessments. There are multiple layers of personally identifiable and regulatory information that have been exfiltrated during this period, including full names, social security numbers, insurance records, and sensitive medical information.  Observing the nature and composition of the compromised information, it appears that the attackers were not merely opportunistic, but also understood the value embedded within aggregated service provider environments, where administrative, healthcare, and benefits data are converged to create highly lucrative targets. In light of Conduent's operational footprint, it becomes more apparent that the incident has scale and systemic implications.  By 2019, the company reported serving over 100 million people across the United States with its services, while maintaining relationships with the majority of Fortune 100 companies and hundreds of government agencies. Considering that public-sector programs and private enterprise workflows are integrated in such an extensive way, one may understand why the affected population appears to be fragmented and unrelated. As part of Conduent's administrative processes, the company processes state-run benefit programs, such as Medicaid and the Supplemental Nutrition Assistance Program, across a multitude of states, as well as document handling, payment processing, and claims support for healthcare providers and insurers, including Blue Cross Blue Shield networks.  A significant portion of the Volvo Group's workforce is exposed to this virus through its corporate services division, which also involves large-scale workforce management. This virus has also been confirmed to affect employees connected with major industrial organizations, including several segments of the Volvo Group workforce. There is a strong correlation between the intrusion and the SafePay ransomware group, which publicly claimed responsibility following the breach, suggesting a financially motivated operation with an emphasis on data exfiltration and extortion.  As a result of the compromised dataset, this incident exceeds the traditional narrative of ransomware. In regulatory disclosures and notification communications, it is reported that the exfiltrated information consists of a dense accumulation of personally identifiable and protected health information, including full legal names, residence information, date of birth, Social Security numbers, and detailed insurance and medical records.  Since Conduent serves as an intermediary processor, many of those affected may not have been directly connected with the company, which highlights an opacity in third-party data ecosystems, which routinely transmit sensitive information to vendor-controlled environments without the knowledge of end users due to the company's role as an intermediary processor. As a result of its expanding scope, as well as its long-term risk profile associated with the data exposed, this breach is distinguishable from previous disclosures.  An initial estimate of approximately 10 million affected individuals has since more than doubled, illustrating the delay in visibility often associated with third-party compromises as downstream entities gradually become aware of their vulnerabilities. In addition, by including immutable identifiers such as Social Security numbers with medical and insurance data, the introduction of long-term vectors for identity fraud, medical exploitation, and precision-targeted social engineering campaigns is greatly enhanced.  The incident highlights a persistent blind spot in organizational security strategies: breaches originated within vendor infrastructure often go unnoticed by the organizations that rely on them, thereby making it difficult for them to respond appropriately and to hold vendors accountable. Hence, the appearance of breach notifications from an unfamiliar service provider does not represent an anomalous occurrence, but rather indicates the degree to which modern data processing ecosystems are becoming increasingly interconnected and vulnerable.  A series of remedial measures have been implemented by Conduent following the disclosure in order to mitigate downstream risk for affected individuals, including providing free identity monitoring services to consumers and setting up dedicated support channels. Several state-level advisories, including those issued by the Wisconsin Department of Agriculture, Trade, and Consumer Protection, indicate that call center infrastructure has been activated to assist affected residents.  However, officials and cybersecurity experts have emphasized that large-scale breach notifications frequently attract opportunistic fraud campaigns, in which attackers attempt to exploit public awareness by using phishing and impersonation techniques. People are advised to independently verify enrollment links and communication channels-preferably via state notices or hotlines-before providing sensitive identifiers.  The company is also being subjected to increased regulatory scrutiny in addition to its response efforts. Investigations conducted by multiple state attorneys general are ongoing, as well as an internal review conducted by the company.  According to Conduent's form 10-K filing with the Securities and Exchange Commission for 2025, evidence of active misuse of the compromised data has not been uncovered to date. Since the affected datasets are large, highly sensitive, and widely distributed, the absence of immediate exploitation does not significantly reduce long-term risk exposure, as regulators seek greater transparency, and affected parties pursue accountability through the courts, it is widely anticipated that disclosures, supplemental notifications, and legal proceedings will occur in the aftermath of the incident, prolonging its lifecycle well beyond its initial discovery.  As well as its immediate impact, the incident illustrates the systemic risks that are embedded within third-party ecosystems, which can undermine even robust internal defenses due to vulnerabilities resulting from external dependences.  As a result, organizations linked to service providers such as Conduent are exposed to the same threat surface. Therefore, a more detailed and continuously enforced vendor security posture is necessary.  It is critical to develop tightly scoped access controls on an operational basis, ensuring that third parties are given only the minimal permissions necessary to access the system and data, which are ideally controlled by just-in-time authentication methods.  Using segmentation strategies, including demilitarized zones and isolated environments, further reduces the possibility of lateral movement from a compromised partner environment. These measures can be enhanced by implementing application allowlisting and execution controls which can prevent unauthorized tools from being deployed after a compromise, which is often the basis for post-compromise escalation.  Increasingly, organizations are required to adopt continuous validation frameworks that monitor access to regulated datasets in real time, as opposed to periodic audits. It is important that vendors adhere to defined security baselines, breach disclosure timelines, and audit rights as stipulated in their contracts, and that data volumes and sensitivity are minimized wherever possible as a means of reducing security risks.  To reconstruct attack paths and meet regulatory expectations in the event of an incident, robust logging and telemetry, designed for forensic readiness, remains critical. During this period, security operations and incident response teams must maintain close monitoring of vendor-linked authentication patterns and data access patterns in order to take prompt action, such as revocation of credentials or isolation of compromised endpoints at the onset of an attack. In terms of executive level security strategy, the breach underscores the need to embed third-party risk into a multi-layered security strategy rather than treating it as a peripheral issue. Controls such as application allowlisting, formalized third-party risk management programs, which continuously evaluate partner security posture are among the steps required to ensuring cross-functional coordination, and implementation of standardized third-party risk management programs.  A breach such as the one experienced by Conduent illustrates the fact that resilience in a profoundly interconnected digital infrastructure is no longer confined solely to internal controls, but is determined by the collective security discipline of every organization within it. This incident indicates that organizations need to rethink how trust is distributed across digital ecosystems in order to avoid further occurrences. It is no longer sufficient to consider security as a boundary confined within enterprise perimeters; it must be continuously validated across all external dependencies that process, store, or transmit sensitive data.  A shift toward verifiable trust models, increased supply chain visibility, and enforceable accountability mechanisms is required to address this issue that extend beyond contractual assurances into measurable technical controls. As well as proactive resilience, it is vital to rigorously test detection, containment, and recovery capabilities against realistic scenarios of third-party compromise.  It is anticipated that regulatory expectations will continue to evolve, and threat actors will continue to exploit aggregation points within service-driven architectures. Thus, organizations with a focus on transparency, continuous assurance, and coordinated response mechanisms will be better able to survive cascading breaches from afar.

Large Scale Data Breach at Conduent Hits 25 Million Users Nationwide #ConduentDataBreach #CybersecurityThreats #healthcaredatabreach

Pure Tech

@puretech.news

3 weeks ago

You're likely already infected with a brain-eating virus you've never heard of Fatal brain infection was thought to be from profound immune suppression. Not anymore.

You're likely already infected with a brain-eating virus you've never heard of #Technology #Cybersecurity #CybersecurityThreats #Malware #DigitalSafety

arstechnica.com/health/2026/03/youre-lik...

The Friday Wrap up

@thefwu.com

3 weeks ago

Ransomware gang exploits Cisco flaw in zero-day attacks since January The Interlock ransomware gang has been exploiting a maximum severity remote code execution (RCE) vulnerability in Cisco's Secure Firewall Management Center (FMC) software in zero-day attacks since late...

Interlock ransomware used a Secure FMC flaw in zero-day attacks since January. The vulnerability allows attackers to encrypt systems, highlighting the need to patch vulnerabilities promptly. #CybersecurityThreats

Pure Tech

@puretech.news

3 weeks ago

Researchers discover zero-day DarkSword exploit chain in iOS 18 - SiliconANGLE Researchers discover zero-day DarkSword exploit chain in iOS 18 - SiliconANGLE

Researchers discover zero-day DarkSword exploit chain in iOS 18 #Technology #Cybersecurity hashtag 1: #ZeroDay 2: #iOS18 3: #CybersecurityThreats

siliconangle.com/2026/03/18/researchers-d...

Alvaro Lopez Ortega

@alobbs.com

4 weeks ago

2026-03-17 Briefing Asteroid samples reveal all the building blocks of DNA and RNA, bolstering theories about life’s origins across the solar system. Meanwhile, Microsoft’s Copilot faces scrutiny, prompting a humorous suggestion to restrict usage due to potential user error. A major Australian bank developed its own AI threat hunting tools to overcome vendor limitations, significantly improving security response. Startup Fuse secured $25 million to modernize loan origination with AI, offering free access to its platform. And, a team is painstakingly recreating *The Secret of Monkey Island* for the Commodore 64.

Tech News Briefing — #AIComplement #FintechInnovation #CybersecurityThreats #TechForGood #WorkplaceFuture #GamingRevival → https://alobbs.com/post/2026-03-17/

StacesCases2 🇨🇦 📎

@stacescases2.bsky.social

4 weeks ago

Elon Musk's Major SCREW UP Forces Trump Into Humiliating Reversal YouTube video by The Damage Report

#ElonMusk's COLOSSAL government screw up is forcing #DonaldTrump into a HUMILIATING reversal to attempt to get KEY offices, such as the office that protects the US against #CYBERSECURITYTHREATS, functioning again. #JohnIadarola breaks it down on @thedamagereport.bsky.social
youtu.be/Ru1tlM25PM8?...

Alvaro Lopez Ortega

@alobbs.com

1 month ago

2026-03-12 Briefing Cyberattacks targeting Verifone and Stryker, attributed to Iran-linked hackers, are raising fears of escalating digital retaliation. Apple’s new MacBook Neo is drawing industry praise for its performance, showcasing the challenges of maintaining compatibility with legacy systems. Motorola is currently leading the US foldable phone market, outpacing Samsung and Google with its Razr lineup. India is linking smartphone subsidies to export targets and local component usage, while the SEC and CFTC are coordinating crypto oversight to foster a clearer regulatory framework. Finally, Google’s GFiber internet unit is spinning off and rebranding in a partnership with Astound Broadband.

Tech News Briefing — #CyberSecurityThreats
#iOSUpdateAlert
#WindowsOnARM
#FoldableTech
#CryptocurrencyRegulation
#TechInvestments → https://alobbs.com/post/2026-03-12/

Alvaro Lopez Ortega

@alobbs.com

1 month ago

2026-03-07 Briefing AMD ushered in the Gigahertz era for PCs in 2000 with the release of its Athlon 1 GHz processor, a marketing coup against Intel. The US military, leveraging Palantir’s Maven AI and Anthropic's Claude, rapidly identified over 1,000 targets in Iran within 24 hours before phasing out the AI tools. Researchers have linked sleep disruption to tinnitus, offering potential new therapeutic avenues. In a legal twist, Meta contends that uploading pirated books via BitTorrent constitutes fair use, expanding its defense in a copyright lawsuit.

Tech News Briefing — #ArtificialIntelligenceAdvances
#RoboticsInConflict
#MachineLearningMilestones
#CyberSecurityThreats
#TechInnovationNews
#AIforSocialGood → https://alobbs.com/post/2026-03-07/

CySecurity News

@cysecuritynews.bsky.social

1 month ago

Qualcomm Zero Day Among 129 Issues Fixed in Android Security Push   With its latest security bulletin, Google has taken steps to address a broad range of Android vulnerabilities, releasing patches for 129 vulnerabilities spanning core platform components and third party modules.  These vulnerabilities include ten that are rated critical, and one that is believed to have been exploited outside of controlled environments. Thus, the persistent pressure on mobile infrastructure is evident. CVE-2026-21385, a buffer over-read vulnerability related to an open-source Qualcomm module, was central to the update.  The vulnerability has a severity score of 7.8 and is tracked as CVE-2026-21385. Input from a user is improperly handled without the possibility of verifying buffer space, which may result in memory corruption under certain circumstances. This advisory describes a vulnerability identified as CVE-2026-21385, which has a CVSS score of 7.8 and has been categorized as a buffer overread within the Graphics component.  Qualcomm describes the vulnerability as an integer overflow that may result in memory corruption if user supplied data is appended without adequately validating the buffer space available. As stated by the chipmaker, the flaw was originally reported to Google's Android Security team on December 18, 2025, and downstream customers were notified on February 2, 2026 as a result.  Even though Google has not disclosed technical information about actual real-world exploitation, it has acknowledged evidence of limited and targeted abuses, suggesting that this vulnerability may have been exploited in controlled attack scenarios rather than indiscriminate attacks.  It is noteworthy that the March 2026 Android security update includes a comprehensive remediation effort that addresses 129 vulnerabilities across the entire system layer in addition to Qualcomm's defect. Furthermore, it contains a critical remote code execution vulnerability in the System component, identified as CVE-2026-0006, that can be exploited without requiring additional user interaction or additional privileges—a significantly increased risk profile. Further, the update resolves the CVE-2026-0047 privilege escalation issue in the Framework component, the CVE-2025-48631 denial-of-service condition in the System module, and seven individual privilege escalation vulnerabilities in Kernel components.  The vulnerabilities are identified as CVE-2024-43859, CVE-2026-0037, CVE-2026-0038, CVE-2026-0027, CVE-2026-0028, CVE-2026-0030, and CVE-2026-0031 identifiers. Due to the fragmented device ecosystem, Google retains its dual patch-level structure - 2026-03-01 and 2026-03-05 - so that original equipment manufacturers and silicon partners can deploy patches according to their deployment cycle.  In addition to updating Android kernel components, this patch level also includes updates for third-party silicon and GPU vendors, such as Arm, Imagination Technologies, MediaTek, Qualcomm, and Unisoc, emphasizing the complexity of modern security governance mechanisms.  Even though Google has not disclosed operational details regarding the observed activity, vulnerabilities of this nature have traditionally been of interest to commercial surveillance vendors as well as other actors capable of exploiting memory-handling vulnerabilities to gain covert access to data. A mitigation for CVE-2026-21385 has been included in the second tranche of this month's rollout, distributed under the level of security patch 2026-03-05.  With this cumulative update, more than 60 new vulnerabilities have been addressed across the Kernel components and silicon partner ecosystems, including integrations with Arm, Imagination Technologies, MediaTek, Unisoc, and Qualcomm, reflecting the multiple dependencies that are embedded within Android deployments.  The earlier patch level, meanwhile, focuses primarily on Framework and System components, resolving over 50 security vulnerabilities. One of these vulnerabilities enables remote code execution without any level of elevated privileges or interaction with the user - a risk profile that places it among the most serious Android vulnerabilities. According to Google, devices updated to 2026-03-05 security level or later are protected from the full set of disclosed vulnerabilities. Additionally, the company has announced patches for two vulnerabilities within Wear OS' Framework and System layers that affect Wear OS. It also incorporates all of the Android security patches outlined in the March 2026 security bulletin, ensuring alignment across Google's broader product lines.  There have been no platform-specific security patches released for Android Automotive OS or Android XR this cycle, which indicates that those distributions have remained relatively stable during this time period of updates. This advisory reinforces the necessity of timely patch adoption across enterprise as well as consumer deployments from a defensive standpoint. It is recommended that security teams verify whether devices are compliant with the March 2026 security patch levels, prioritize assets which are exposed to untrusted input vectors, and watch for unusual behavior that may be indicative of an exploitation attempt.  Since memory corruption and privilege escalation issues are recurring patterns of targeted abuse, maintaining strict update governance, enforcing mobile device management controls, and restricting unnecessary application privileges remain critical measures for risk mitigation.  As Android will continue to be dependent on a complex supply chain of silicon and software contributors, coordinated vulnerability disclosure and rapid patch integration will remain crucial to ensuring the platform's resilience over time.

Qualcomm Zero Day Among 129 Issues Fixed in Android Security Push #AndroidSecurityUpdate #CybersecurityThreats #MobileSecurityPatch

Alvaro Lopez Ortega

@alobbs.com

1 month ago

2026-03-04 Briefing Researchers have demonstrated a functional CPU operating entirely on a GPU, achieving faster processing through PyTorch tensors, while AI techniques are now capable of identifying anonymous social media users with concerning accuracy, eroding online privacy. Simultaneously, a new method called Speculative Speculative Decoding (SSD) has accelerated AI inference speeds up to five times, and a tool called Weave is streamlining Git merge conflicts using language-aware entity recognition. Finally, an analysis of claims made by AI skeptic Gary Marcus revealed that a significant portion are demonstrably supported by evidence, highlighting existing AI limitations.

Tech News Briefing — #SSDDecoding #ArtificialIntelligence #PostgresPerformance #CyberSecurityThreats #GigabitSatellites #AIInvestments → https://alobbs.com/post/2026-03-04/

Citizen Portal News Michigan

@citizenptnewsmi.bsky.social

1 month ago

Lake Superior State University tells House panel outages, ransomware displaced students and urges urgent funding Lake Superior State University representatives told the subcommittee that a ransomware attack and a citywide power outage last fall disrupted campus operations, displaced students for days and prompted a request for LDSI funds to repair electrical and IT infrastructure.

Lake Superior State University is sounding the alarm after a devastating power outage and ransomware attack left students displaced and critical operations in jeopardy.

Click to read more!

#MI #CybersecurityThreats #CitizenPortal #StudentSupport #InfrastructureRepair

Citizen Portal News Pennsylvania

@citizenptnewspa.bsky.social

1 month ago

Lawmakers hear local officials, vendors urge statewide cyber coordination and recurring funding At a joint House hearing, local officials, vendors and state associations told Pennsylvania lawmakers that rising cyberattacks, AI-driven threats and gaps in local capacity require coordinated state support, recurring funding and shared technical services such as joint security operation centers and incident response retainers.

Pennsylvania's local governments are facing a cybersecurity crisis, with officials calling for urgent state support to combat rising threats and devastating attacks.

Learn more here

#PA #CybersecurityThreats #CitizenPortal #StateFundingSupport #PublicSafetyInitiatives

Alvaro Lopez Ortega

@alobbs.com

1 month ago

2026-02-22 Briefing A surge in AI-related services is driving the US consulting market's 7% growth projection for 2026, with companies seeking advice on leveraging artificial intelligence. Meanwhile, concerns over environmental impact are being raised as global data center construction rises, including Elon Musk's plan to launch satellites as data centers into space, which OpenAI CEO Sam Altman calls "ridiculous" due to technological limitations. Hackers have exploited vulnerabilities in FortiGate firewalls using AI-assisted automation, while the US Department of Justice is reviewing Netflix's proposed acquisition of Warner Bros. Discovery for anticompetitive practices.

Tech News Briefing — #ArtificialIntelligenceAdvancements #TechIndustryGrowth #CybersecurityThreats #SpaceDataCenters #AIInnovation #GlobalFirewallBreaches → https://alobbs.com/post/2026-02-22/

Alvaro Lopez Ortega

@alobbs.com

1 month ago

2026-02-20 Briefing Google has prevented 1.75 million policy-violating Android apps from being published on Google Play, while also blocking over 80,000 developer accounts that attempted to publish malicious apps. Meanwhile, Microsoft is proposing technical standards for detecting AI-generated content and manipulating digital information online. A growing movement in the US is pushing back against the rapid development of artificial intelligence, citing concerns over its impact on the environment and society. Additionally, a US grand jury has indicted three Google engineers over allegedly stolen chip tech, while tech companies invest in building private power plants to fuel off-grid data centers.

Tech News Briefing — #AIAdvancements #CyberSecurityThreats #TechLawMatters #DataProtection #ArtificialIntelligence #DataCenterSolutions → https://alobbs.com/post/2026-02-20/

The Friday Wrap up

@thefwu.com

1 month ago

SmartLoader Attack Uses Trojanized Oura MCP Server to Deploy StealC Infostealer SmartLoader campaign spreading StealC via a trojanized Oura MCP server using fake GitHub forks to steal credentials and crypto funds.

SmartLoader attack targets Oura Ring users, spreading malware via trojanized apps. The scheme highlights risks in connected devices and app security, emphasizing caution with new software. #CybersecurityThreats

The Friday Wrap up

@thefwu.com

1 month ago

Weekly Recap: Outlook Add-Ins Hijack, 0-Day Patches, Wormable Botnet & AI Malware Outlook add-in phishing, Chrome and Apple zero-days, BeyondTrust RCE, cloud botnets, AI-driven threats, ransomware activity, and critical CVEs.

Outlook add-ins can be hijacked to access sensitive data, while Twozero secures AI flaws. A secret section on a cybercriminal forum shares insider threats, highlighting the importance of cybersecurity. #CybersecurityThreats

The Friday Wrap up

@thefwu.com

1 month ago

Infostealer malware found stealing OpenClaw secrets for first time With the massive adoption of the OpenClaw agentic AI assistant, information-stealing malware has been spotted stealing files associated with the framework that contain API keys, authentication tokens,...

InfoStealer malware has been detected stealing secrets via an OpenClaw vulnerability. This shows evolving cybersecurity threats exploiting new weaknesses. It's crucial to stay informed on these advancements. #CybersecurityThreats

Pure Tech

@puretech.news

2 months ago

This new 'sleeperware' doesn't set off alarms or crash your system - it sneaks in and waits As ransomware declines, a new more dangerous digital parasite quietly rises to take its place.

This new 'sleeperware' doesn't set off alarms or crash your system - it sneaks in and waits #Technology #Cybersecurity #Sleeperware #CybersecurityThreats #Malware

www.zdnet.com/article/sleeperware-malw...

CySecurity News

@cysecuritynews.bsky.social

2 months ago

A New Twist on Old Cyber Tricks   Germany’s domestic intelligence and cybersecurity agencies have warned of a covert espionage campaign that turns secure messaging apps into tools of surveillance without exploiting any technical flaws. The Federal Office for the Protection of the Constitution and the Federal Office for Information Security said the operation relies instead on social engineering carried out through the Signal messaging service. In a joint advisory, the agencies said the campaign targets senior figures in politics, the military and diplomacy, as well as investigative journalists in Germany and elsewhere in Europe.  By hijacking messenger accounts, attackers can gain access not only to private conversations but also to contact networks and group chats, potentially widening the scope of compromise. The operation does not involve malware or the exploitation of vulnerabilities in Signal. Instead, attackers impersonate official support channels, posing as “Signal Support” or a so-called security chatbot.  Targets are urged to share a PIN or verification code sent by text message, often under the pretext that their account will otherwise be lost. Once the victim complies, the attackers can register the account on a device they control and monitor incoming messages while impersonating the user. In an alternative approach, victims are tricked into scanning a QR code linked to Signal’s device-linking feature.  This grants attackers access to recent messages and contact lists while allowing the victim to continue using the app, unaware that their communications are being mirrored elsewhere. German authorities warned that similar tactics could be applied to WhatsApp, which uses comparable features for account linking and two-step verification.  They urged users not to engage with unsolicited support messages and to enable registration locks and regularly review linked devices. Although the perpetrators have not been formally identified, the agencies noted that comparable campaigns have previously been attributed to Russia-aligned threat groups. Reports last year from Microsoft and the Google Threat Intelligence Group documented similar methods used against diplomatic and political targets.  The warning comes amid a flurry of state-linked cyber activity across Europe. Norway’s security services recently accused Chinese-backed groups of penetrating multiple organisations by exploiting vulnerable network equipment, while also citing Russian monitoring of military targets and Iranian cyber operations against dissidents.  Separately, CERT Polska said a Russian-linked group was likely behind attacks on energy facilities that relied on exposed network devices lacking multi-factor authentication.  Taken together, the incidents highlight a shift in cyber espionage away from technical exploits towards psychological manipulation. As secure messaging becomes ubiquitous among officials and journalists, the weakest link increasingly lies not in encryption, but in the trust users place in what appears to be help.

A New Twist on Old Cyber Tricks #CyberAttacks #Cyberattack #CybersecurityThreats

Citizen Portal News US

@citizenptnewsus.bsky.social

2 months ago

Senate EPW hearing spotlights cybersecurity gaps in U.S. water systems, witnesses urge targeted help Senate Environment and Public Works members heard from water operators and cyber experts that many small water utilities lack staff, funding, and technical support to manage cyber risks; witnesses recommended circuit‑rider technical assistance, more funding for Water ISAC and EPA grant programs, and flexible sector standards modeled on NERC.

Cyber threats are putting U.S. drinking water systems at risk, and small utilities are struggling to keep up with the evolving dangers.

Learn more here

#US #CybersecurityThreats #CitizenPortal #WashingtonWater #PublicHealthSafety #InfrastructureResilience

The Friday Wrap up

@thefwu.com

2 months ago

Researchers Uncover Chrome Extensions Abusing Affiliate Links and Stealing ChatGPT Access Experts uncovered malicious Chrome extensions that replace affiliate links, exfiltrate data, and steal ChatGPT authentication tokens from users.

Researchers have discovered Chrome extensions stealing user data. This highlights ongoing privacy risks and the importance of vigilance in protecting personal information online. #CybersecurityThreats

The Friday Wrap up

@thefwu.com

2 months ago

Hackers Exploit c-ares DLL Side-Loading to Bypass Security and Deploy Malware Active malware exploits DLL side-loading in a signed GitKraken binary to deliver trojans, stealers, and remote access malware.

Hackers exploit Windows by side-loading C-ARES DLLs to inject malware. This method tricks apps into running malicious code, posing security risks. Stay informed on these evolving threats to secure your devices. #CybersecurityThreats

The Friday Wrap up

@thefwu.com

3 months ago

Transparent Tribe Launches New RAT Attacks Against Indian Government and Academia Transparent Tribe (APT36) is linked to new cyber-espionage attacks using malicious LNK files, adaptive RATs, and long-term persistence against Indian

Transparent Tribe has a new, dangerous Remote Access Trojan (RAT) that attacks Windows and Android devices, stealing data and spying on victims. It's crucial to stay informed to protect your devices. #CybersecurityThreats