Moving CVEs past one-nation control
A near-miss episode of attempted defunding spotlights a need for a better way
Similar Posts
How federal rules on cybersecurity breach transparency for businesses were challenged in court in 2024
Bys sDom DiFurio reports: In October, four companies collectively paid nearly $7 million as part of a settlement with the Securities and Exchange Commission for allegedly failing to properly inform investors of a cyberbreach affecting their companies, a liability American businesses have not previously faced. The companies were compromised in a cyberattack targeting their IT software provider in…
Google Warns Salesloft OAuth Breach Extends Beyond Salesforce, Impacting All Integrations
Bys sGoogle has revealed that the recent wave of attacks targeting Salesforce instances via Salesloft Drift is much broader in scope than previously thought, stating it impacts all integrations. “We now advise all Salesloft Drift customers to treat any and all authentication tokens stored in or connected to the Drift platform as potentially compromised,” Google Threat…
Google Chrome Can Now Auto-Change Compromised Passwords Using Its Built-In Manager
Bys sGoogle has announced a new feature in its Chrome browser that lets its built-in Password Manager automatically change a user’s password when it detects the credentials to be compromised. “When Chrome detects a compromised password during sign in, Google Password Manager prompts the user with an option to fix it automatically,” Google’s Ashima Arora, Chirag…
Justice Department Implements Critical National Security Program to Protect Americans’ Sensitive Data from Foreign Adversaries
Bys sDepartment Answers Frequently Asked Questions, Provides Guidance, and Issues Limited Enforcement Policy for First 90 Days Today, the Justice Department took significant steps to move forward with implementing a critical program to prevent China, Russia, Iran, and other foreign adversaries from using commercial activities to access and exploit U.S. government-related data and Americans’ sensitive personal…
New Chrome Vulnerability Enables Cross-Origin Data Leak via Loader Referrer Policy
Bys sGoogle on Wednesday released updates to address four security issues in its Chrome web browser, including one for which it said there exists an exploit in the wild. The high-severity vulnerability, tracked as CVE-2025-4664 (CVSS score: 4.3), has been characterized as a case of insufficient policy enforcement in a component called Loader. “Insufficient policy enforcement…
DOGE Ransomware Hackers Demand $1 Trillion
Bys sDavey Winder reports: The same criminal group behind the DOGE Big Balls ransomware attack has just upped the ante. A newly updated ransom note sent to victims is now trolling Elon Musk and DOGE with a demand for, are you sitting down, one trillion dollars. … The ransomware group behind the recent DOGE Big Balls threat, using…