Smashing Security podcast #453: The Epstein Files didn’t hide this hacker very well  - Supposedly redacted Jeffrey Epstein files can still reveal exactly who they’re talking about - especially when AI, LinkedIn, and a few biographical breadcrumbs do the heavy lifting. Sloppy redaction leads to explosive claims, and difficult reputational consequences for cybersecurity vendors, and we...

 Eclipse Foundation Mandates Pre-Publish Security Checks for Open VSX Extensions  - The Eclipse Foundation, which maintains the Open VSX Registry, has announced plans to enforce security checks before Microsoft Visual Studio Code (VS Code) extensions are published to the open-source repository to combat supply chain threats. The move marks a shift from a reactive to a proactive approach...

+6 from  thehackernews

 The Notepad++ supply chain attack — unnoticed execution chains and new IoCs  - Kaspersky GReAT experts discovered previously undocumented infection chains used in the Notepad++ supply chain attacks. The article provides new IoCs related to those incidents which employ DLL sideloading and Cobalt Strike Beacon delivery.

 5 Methods Of Hardware Authentication For BYOD Security Purposes

 How Three Companies Secure AI with CrowdStrike  - AI is reshaping business at machine speed. From automating claims to improving customer engagement, organizations are embedding AI into core workflows faster than most security teams can track. As AI […]

 Two Critical Flaws in n8n AI Workflow Automation Platform Allow Complete Takeover  - Pillar Security discovered two new critical vulnerabilities in n8n that could lead to supply chain compromise, credential harvesting and complete takeover attacks

+3 from  infosecurity-magazine

 Step Finance says compromised execs' devices led to $40M crypto theft  - Step Finance announced that it lost $40 million worth of digital assets after hackers compromised devices belonging to the company's team of executives.

+3 from  bleepingcomputer

 AI Agent Identity Management: A New Security Control Plane for CISOs  - Autonomous AI agents are creating a new identity blind spot as they operate outside traditional IAM controls. Token Security shows why managing the full lifecycle of AI agent identities is becoming a critical CISO priority.

+3 from  bleepingcomputer

 中央网信办召开《生活服务类平台算法负面清单（试行）》推进部署会议

+1 from  cac.cn

 New GlassWorm attack targets macOS via compromised OpenVSX extensions  - A new GlassWorm malware attack through compromised OpenVSX extensions focuses on stealing passwords, crypto-wallet data, and developer credentials and configurations from macOS systems.

+3 from  bleepingcomputer

 SolarWinds Web Help Desk Vulnerability Actively Exploited  - CISA has added a critical CVE in SolarWinds Web Help Desk to its KEV Catalog

 When Cloud Outages Ripple Across the Internet  - Recent major cloud service outages have been hard to miss. High-profile incidents affecting providers such as AWS, Azure, and Cloudflare have disrupted large parts of the internet, taking down websites and services that many other systems depend on. The resulting ripple effects have halted applications...

+2 from  thehackernews

 CISA Adds Four Known Exploited Vulnerabilities to Catalog

 Researchers Warn of New “Vect” RaaS Variant  - A new ransomware-as-a-service operation dubbed “Vect” features custom malware

+7 from  infosecurity-magazine

 CrowdStrike Named a Customers’ Choice in 2026 Gartner Peer Insights™ Voice of the Customer for Application Security Posture Management Tools  - CrowdStrike has been recognized as a Customers’ Choice in the 2026 Gartner Peer Insights™ Voice of the Customer for Application Security Posture Management (ASPM) Tools report, a distinction based ent[…]

 Please Don’t Feed the Scattered Lapsus ShinyHunters  - A prolific data ransom gang that calls itself Scattered Lapsus ShinyHunters (SLSH) has a distinctive playbook when it seeks to extort payment from victim firms: Harassing, threatening and even swatting executives and their families, all while notifying journalists and regulators about the extent of the...