There is a side-channel attack against YubiKey access tokens that allows someone to clone a device. It’s a complicated attack, requiring the victim’s username and password, and physical access to their YubiKey—as well as some technical expertise and equipment. Still, nice piece of security analysis. Read More

Read More

The secret web of at least 435 entities across 42 countries making up the spyware landscape facilitates unpunished security and human rights violations, the Atlantic Council found Read More

Read More

The joint government advisory highlighted the cyber activities of Unit 29155, which has launched destructive cyber-attacks against critical infrastructure globally Read More

Read More

Revival Hijack Python Package Index supply chain attack threatens 22,000 packages through malicious downloads Read More

Read More

Despite rising threats researchers find a third of firms see flat or falling security budgets and hiring slows Read More

Read More

Cicada (also known as Cicada3301) is a sophisticated ransomware, written in Rust, that has claimed more than 20 victims since its discovery in June 2024. Read more in my article on the Tripwire State of Security blog. Read More

Read More

The first legally binding international treaty on AI was adopted by all 46 Council of Europe member states in May 2024 Read More

Read More

Cisco has urged customers to apply software updates to fix the critical vulnerabilities, which could allow attackers to collect sensitive data or administer services Read More

Read More

A security flaw exploiting side channel attacks means some Yubikeys can be cloned Read More

Read More

Really interesting analysis of the American M-209 encryption device and its security. Read More

Read More