Wow! This is a really bad data breach. Apparently related to the recent data theft on the Snowflake end.

The title is a bit pushing it. Still, I didn't realize some of the fine prints of the Ubuntu support schemes.

Good tour of all the way dependencies might get compromised in your supply chain. Getting this easy to detect is needed.

This is a concerning finding. One can escape from the browser to the system with such chaining.

Looks like a nice tool indeed. Might be handy.

This organization indeed doesn't seem healthy. Especially regarding the amount of user data they are responsible of.

Make sure your OpenSSH server is up to date.

This is bad for two reasons: 1) people clearly put too much trust in random CDNs to distribute their dependencies and 2) people don't track depencendies obsolescence properly.

A new type of attack targeting the CPU indirect branch predictor.

JSON, its grammar and the security implications. The approach of looking at a restricted subset is interesting.

The creative ways to exfiltrate data from chat systems built with LLMs...

This is indeed a real concern... with no propre solution in sight.

On the peculiarities of running a network for a university... this is an interesting way to frame it as basically being an ISP with benefits.

A deep dive into the events which led to the SolarWinds breaches. The responsibility from Microsoft as an organization is staggering. Their handling of security matters massively failed once more. I don't get how governmental agencies or other companies can still turn to Microsoft with sensitive data.

Very unsurprising, the harm is probably done though. They'll have to work hard for their reputation to recover (even though it was probably low already).

How trustworthy are the extensions you get in your editor or IDE? I'd expect most marketplaces to not be well harmed against such attacks.

The more releases out there the more vulnerabilities are (and could be) discovered. Some actions are necessary to get things under control properly.

The words we use indeed matter. This is definitely a domain where we should avoid ambiguities...

Or why you should let domain simply expire, there's plenty of work to do before that.

This is completely nuts... they really want to unleash a security and privacy nightmare. The irony is that it does respect DRM content on the other hand, we can see where the priorities are.