Cisco has announced Resilient Infrastructure, a project to improve the security of its products. This includes: -increase default protections -remove legacy insecure features -reduce the attack surface -enable better detection and response

Cisco Blogs

Doubling down on resilient infrastructure

As global networks face escalating threats, Cisco is strengthening resilient infrastructure by setting secure defaults, eliminating legacy risks, a...

Blockchain investigator ZachXBT has published a report on how the APT38 (Bluenoroff) group laundered $200 million worth of crypto from 25+ hacks to fiat between 2020 and 2023. https://paragraph.com/@investigations/how-lazarus-group-laundered-200m-from-25-crypto-hacks-to-fiat-from-2020-2023

There's an unpatched admin auth bypass in the Twonky Server

Rapid7

CVE-2025-13315, CVE-2025-13316: Critical Twonky Server Authentication Bypass (NOT FIXED)

Rapid7 has identified two vulnerabilities that facilitate administrator authentication bypass in Twonky Server, a media solution.

Cybersecurity agencies from the Five Eyes have released joint guidance on how to deal with bulletproof hosting providers

Cybersecurity and Infrastructure Security Agency CISA

Bulletproof Defense: Mitigating Risks From Bulletproof Hosting Providers | CISA

CISA and its partners urge ISPs and network defenders to implement these recommendations to mitigate risks posed by BPH providers.

Some drama in the tech world. TP-Link has sued Netgear over an alleged smear campaign. The Chinese company claims its American competitor is behind rumors and accusations over its connections to the CCP.

The Business Times

Netgear accused by rival of China smear to fan security fear

The suit comes as TP-Link faces growing scrutiny in Washington over national-security issues Read more at The Business Times.

US lawmakers want to extend CISA 2015 by another 10 years

Nextgov.com

Senators expect 10-year extension of cyber data-sharing law in future budget package

The Cybersecurity Information Sharing Act of 2015 got a temporary reprieve after the government reopened this month, but it risks lapsing again at ...

The npm portal has revamped its user access tokens. New tokens will have a default life of seven days (instead of 30), which can be updated to a maximum lifespan of 90 days (previously unlimited). The changes are going live this month.

The GitHub Blog

Strengthening npm security: Important changes to authentication and token management - GitHub Changelog

As part of our ongoing commitment to securing the npm ecosystem, we’re implementing the first phase of security improvements outlined in our ...

The European Court of Human Rights has dismissed a case brought by Catalan opposition figures over the CatalanGate 2022 spyware scandal due to a lack of evidence

Catalan oppositionΒ regroups afterΒ spyware case thrown out by human rights court – POLITICO

Danish officials have found a new way to push for the Chat Control encryption-breaking legislation without the proposed law going through a public debate

Patrick Breyer

Chat Control: The EU's CSAM scanner proposal

πŸ‡«πŸ‡· French: Traduction du dossier Chat Control 2.0, stopchatcontrol.frπŸ‡ΈπŸ‡ͺ Swedish: Chat Control 2.0πŸ‡©πŸ‡° Danish: chatcontrol.dkπŸ‡³πŸ‡...

Microsoft is adding Sysmon into Windows

The Verge

Microsoft is adding Sysmon into Windows.

Sysmon was first released in 2014 as a utility for security analysis into the Windows Event Log. Built by Microsoft technical fellow Mark Russinovi...