Archive

InfoSec News 14APR2026

General * OpenAI were hit in the Axios supply-chain attacks, potentially compromising their macOS application signing certificate. The company said that on March 31, 2026, the legitimate workflow downloaded and executed a compromised Axios package (version 1.14.1) that was used in attacks to deploy malware on devices. That workflow

InfoSec News 13APR2026

General * Google have rolled out their 'End to End Encryption' (E2EE) solution for Gmail. It should provide some protection, in some circumstances, however the nature of making it accessible via the web, on devices with no pre-enrolment, rather limits its protection. * https://workspaceupdates.googleblog.com/2026/04/gmail-end-to-end-encryption-now-available-on-mobile-devices.

InfoSec News 10APR2026

General * Chrome's long-awaited "Device Bound Session Credentials" (DBSC), has finally (after a 2024 announcement) arrived. It uses the Trusted Platform Module as the root of trust, to protect a key-pair, which in turn protects the cookies. Most modern authentication uses a short-lived (commonly 1 hour) Access

InfoSec News 09APR2026

General * Anthropic may be talking up the bug-finding capabilities of the new Claude Mythos model, but existing Claude 4.6 may be all that's required. Remote Code Execution (RCE) in Apache ActiveMQ Classic, stitching together functionality from four separate components. A starter prompt, for bug-finding with Claude, is

InfoSec News 08APR2026

General * Serious déjà-vous - attackers exfiltrating data from Snowflake using stolen credentials (quick calendar check - nope, it is 2026). While numerous cloud storage and SaaS vendors were targeted using the stolen tokens, BleepingComputer has learned that the majority of the data theft attacks targeted the cloud-based data warehouse platform

InfoSec News 07APR2026

General * New zero-day Elevation of Privilege (EoP) vulnerability in Microsoft Windows. Looking at the source code, it appears to be hooking Windows Defender's update process, waiting for it to create a new directory, moving in its own files, then triggering a detection with the EICAR file. Will Dormann,

InfoSec News 02APR2026

General * Some long-weekend reading - "Intro to Reality Pentesting". Thinking about social-engineering, as though it's a set of computer systems. For years, the security industry has known that the easiest way to compromise a system is to hack the human operating it. Yet as a field,

InfoSec News 01APR2026

General * Another major package has been compromised - the Axios library, very widely used for HTTP requests in JavaScript. According to The Record and The Register, Google Threat Intelligence Group is attributing the attack to North Korea. Elastic Security has also called out links to UNC1069 (North Korean), based upon

InfoSec News 31MAR2026

General * More bugs being exploited in the wild. It took a while, however a February bug from Fortinet (SQL Injection) is now being exploited. Likewise, a bug in F5 (Remote Code Injection) from October 2025 (in the traffic, not management interface this time). Finally, the Citrix NetScaler bug from yesterday&

InfoSec News 30MAR2026

General * TeamPCP are continuing their credential-stealing rampage, this time backdooring Telnyx - which appears to be a package for phone and chat support agents. It seems they're still stealing credentials, then trying to work out what to do next, now adding some Command and Control (C2). * https://www.

InfoSec News -25MAR2026

General * Sigh - it didn't take long for Tycoon2FA to rebuild, and return to prior service-levels. It appears that they haven't changed their ways, and are still using all of the same Tactics, Techniques and Procedures (TTPs). Since the date of the Tycoon2FA takedown, the CrowdStrike

InfoSec News 24MAR2026

General * Google Mandiant have released their "M-Trends" for 2026. Exploits remained the most common initial infection vector for the sixth consecutive year, accounting for 32% of intrusions. However, highly interactive voice phishing saw a significant surge to 11%, becoming the second-most commonly observed vector. ... Across all 2025 investigations,

InfoSec News 23MAR2026

General * Predictable ending to a Krebs on Security investigation - they never end well for the miscreants involved. The U.S. Justice Department joined authorities in Canada and Germany in dismantling the online infrastructure behind four highly disruptive botnets that compromised more than three million Internet of Things (IoT) devices,

InfoSec News 20MAR2026

General * Ransomware TTPs (Tools, Techniques and Procedures) - how they get the data out. As defenders have improved their ability to detect malicious code, attackers have adapted by reducing their reliance on bespoke implants. As a result, data exfiltration is no longer primarily driven by custom malware or specialized tooling.

InfoSec News 19MAR2026

General * ProPublica (recently re-published in Ars Technica) have published an investigation into Microsoft Government Cloud. It's rather scathing, suggesting there are large gaps in the FedRAMP (Federal Risk and Authorisation Management Program) assessment. The tech giant’s “lack of proper detailed security documentation” left reviewers with a “lack

InfoSec News 18MAR2026

General * Microsoft are having more issues with classic Outlook - this time it's the Teams plugin. Microsoft is working to address a known issue that renders the classic Outlook email client unusable for users who have enabled the Microsoft Teams Meeting Add-in. "Some users may be unable

InfoSec News 17MAR2026

General * Microsoft is having issues with Office and Exchange Online. office.com was verified as down, at the time of writing this. "We're investigating reports of some users experiencing issues when accessing their Exchange Online mailbox via one or more connection methods," Microsoft said when it

InfoSec News 16MAR2026

General * Minor inconvenience for users of Windows 11 on Samsung laptops. Microsoft is investigating a new issue affecting some Samsung laptops running Windows 11 after installing the February 2026 security updates, in which users lose access to their C:\ drive and are unable to launch applications. ... "Users might encounter

InfoSec News 13MAR2026

General * More bugs in Veeam back software - it's been a favourite of ransomware crews for a long time, as an easy path to domain admin. Veeam have patched three CVSS-9.9 and two CVSS-8.8 bugs. * https://www.veeam.com/kb4830 * https://www.bleepingcomputer.com/news/security/

InfoSec News 12MAR2026

General * A cynic might suggest that Meta are on a Public Relations (PR) push, to counter calls for investigations into their “facilitation of and profiting from” fraudulent advertising. The company said it also removed 10.9 million Facebook and Instagram accounts associated with criminal scam centers as it rolled out