Security Experts:

long dotted


Mandiant researchers says narratives used in the Ghostwriter information operations campaign are aligned with Belarusian government interests, suggesting at least partial involvement. [Read More]
Microsoft-owned GitHub warns that a pair of newly discovered vulnerabilities continue to expose the soft underbelly of the open-source software supply chain. [Read More]
SolarWinds describes a new triple build model designed to ensure that software builds can never again be compromised in the way that Nobelium injected the Sunburst malware into its Orion software. [Read More]
Mozilla says it blocked a series of malicious Firefox add-ons that misused the proxy API that extensions use to proxy web requests. [Read More]
Endpoint security platform Kolide gets a fresh round of capital from venture capital investors. [Read More]
The two agencies warn of a noticeable increase in ransomware attacks on holidays and weekends, when offices are closed. [Read More]
The University of Toronto's Citizen Lab finds a new iOS zero-click exploit in an iPhone surveillance campaign targeting bloggers, activists and dissidents in Bahrain. [Read More]
A report from ClearSky documents a threat actor has been targeting multiple organizations in Israel using supply chain tools and impersonating known companies. [Read More]
Microsoft confirms a new unpatched Windows Print Spooler security vulnerability is major code execution threat. [Read More]
Demo exploit code for a nasty Windows Print Spooler vulnerability is published online, prompting questions about the effectiveness of Microsoft's recent security update. [Read More]


rss icon

Mike Lennon's picture
Enjoy this selection of top picks for 2010, listed in no particular order. Happy New Year!