⚡ Weekly Recap: Linux Flaws, Defender 0-Days, Router Botnets, and Supply Chain Chaos
Monday recap. Same mess, new week
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Monday recap. Same mess, new week
Also, Microsoft Badly Patches LNK Flaw, Australian Sentenced for 'Evil Twin' HackThis week, the React flaw, a belated Windows fix, Defense Secretary Pete Hegseth's Signal group posed operational risk, more North Korean npm packages. An Australian jailed for Wi-Fi "evil twin" crimes. The US FTC will send $15.3 million to Avast users. A London council said attackers stole data.
Major flaws uncovered in Copeland controllers: Patch now Ten vulnerabilities in Copeland controllers, which are found in thousands of devices used by the world's largest supermarket chains and cold storage companies, could have allowed miscreants to manipulate temperatures and spoil food and medicine, leading to massive supply-chain disruptions.…
Cybersecurity today moves at the pace of global politics. A single breach can ripple across supply chains, turn a software flaw into leverage, or shift who holds the upper hand. For leaders, this means defense isn’t just a matter of firewalls and patches—it’s about strategy. The strongest organizations aren’t the ones with the most tools, but the ones that see how cyber risks connect to business
Learn how one overlooked flaw in OpenVSX discovered by Koi Secureity could've let attackers hijack millions of dev machines via an extension supply chain attack. The zero-day threat's been patched—but the wake-up call is clear: extensions are a new, massive supply chain risk. [...]
Critical flaws include those in Oracle Supply Chain products
A now-patched critical security flaw impacting Google Cloud Platform (GCP) Composer could have been exploited to achieve remote code execution on cloud servers by means of a supply chain attack technique called dependency confusion
The flaw, which drew attention in October when it was found in ConnectWise products, could pose a significant risk to the supply chain if not patched immediately.
Researchers have disclosed details about a now-patched high-severity security flaw in Packagist, a PHP software package repository, that could have been exploited to mount software supply chain attacks