#OpenSource isn't a tip jar – it's time to charge for access

theregister.com/2026/03/25/ope…

#FOSS #privacy #cybersecurity

Open source isn't a tip jar – it's time to charge for access

Opinion: A handful thrive, most scrape by as companies make billions off their code

^{Steven J. Vaughan-Nichols (The Register)}

Several #EdTech folks asked me to review the #InfiniteCampus data dump by #ShinyHunters to see if any sensitive student data was leaked as part of it.

I wrote up what I found here: databreaches.net/2026/03/28/th…

One takeaway for school districts is to remind employees NOT to include student PII or PHI in support tickets to vendors. I've been told it is sometimes required or necessary, but then why weren't tickets like the ones I saw stored with encryption?

#databreach #EduSec #cybersecurity
@mkeierleber @douglevin @funnymonkey

Convicted spyware chief hints that Greece's government was behind dozens of phone hacks | TechCrunch

techcrunch.com/2026/03/25/conv…

Short summary: hackerworkspace.com/article/co…

#databreach #cybersecurity #privacy

Convicted spyware chief hints that Greece's government was behind dozens of phone hacks | TechCrunch

The spyware founder's comments are the most direct suggestion yet from anyone inside Intellexa that the Mitsotakis government authorized the hacking of dozens of phones belonging to senior Greek government ministers, opposition leaders, military offi…

^{Zack Whittaker (TechCrunch)}

💀 How to Execute a DNS Cache Poisoning Attack: Between Entropy and Post-Quantum

In this article we bring the phenomenon of the DNS Poisoning Attack into the laboratory, controlling the variables, reducing entropy, analyzing the behavior of the resolver; all to understand quantitatively why the modern countermeasures of randomization, 0x20 encoding, DNSSEC have drastically raised the computational cost of the attack.

🔗 Link 👉 8bitsecurity.com/posts/how-to-…
#cybersecurity #infosec

How to Execute a DNS Cache Poisoning Attack: Between Entropy and Post-Quantum

8Bit Security - Cybersecurity tips, insights, tools, and resources to protect your digital world.

^{8Bit Security}

The correct way to run a headline for this story. The reg does not disappoint

#uspol #routers #surveillance #privacy #nationalsecurity #cybersecurity #infosec #cisco #theregister

TeamPCP software supply chain attack spreads to LiteLLM | ReversingLabs

reversinglabs.com/blog/teampcp…

Short summary: hackerworkspace.com/article/te…

#malware #databreach #cybersecurity

TeamPCP supply chain attack spreads

What started as a compromise of Checkmarx Open VSX plugins on npm has now spread to PyPI and is targeting LiteLLM.

^{Paul Roberts (ReversingLabs)}

TeamPCP injected malicious code into Trivy, Checkmarx tools, and LiteLLM in a supply chain attack designed to steal cloud credentials, tokens, and crypto wallet data.

Read: hackread.com/teampcp-trivy-che…

#CyberSecurity #Malware #TeamPCP #Trivy #Checkmarx #LiteLLM

TeamPCP Hits Trivy, Checkmarx, and LiteLLM in Credential Theft Campaign

Hackers compromised Trivy, Checkmarx, and LiteLLM in a supply chain attack, stealing cloud credentials, tokens, and crypto wallet data from developers.

^{Deeba Ahmed (Hackread - Cybersecurity News, Data Breaches, AI and More)}

Supply Chain Attack Targets litellm Library to Steal Cloud Credentials and Hijack Kubernetes Clusters

TeamPCP compromised the litellm Python library to distribute malicious versions (1.82.7 and 1.82.8) that harvest cloud credentials, SSH keys, and Kubernetes secrets. The attack uses a persistent backdoor and lateral movement toolkit to compromise entire clusters and steals data to attacker-controlled infrastructure.

**If you use litellm in any project, check immediately whether you have version 1.82.7 or 1.82.8 installed. If so, isolate the affected systems, revert to a clean version, and rotate every credential on those machines (SSH keys, cloud tokens, API keys, database passwords, crypto wallets, all of it). Because this attack can spread through other tools that depend on litellm, also audit your broader Python environments and CI/CD pipelines for these versions, remove any persistence files (sysmon.py, sysmon.service), and check Kubernetes clusters for unauthorized pods.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai…

🐛 NEW SECURITY CONTENT 🐛

💻 macOS Tahoe 26.4 - 77 bugs fixed
support.apple.com/en-us/126794
💻 macOS Sequoia 15.7.5 - 60 bugs fixed
support.apple.com/en-us/126795
💻 macOS Sonoma 14.8.5 - 54 bugs fixed
support.apple.com/en-us/126796
📱 iOS and iPadOS 26.4 - 38 bugs fixed
support.apple.com/en-us/126792
🥽 visionOS 26.4 - 29 bugs fixed
support.apple.com/en-us/126799
📱 iOS and iPadOS 18.7.7 - 25 bugs fixed
support.apple.com/en-us/126793
⌚ watchOS 26.4 - 22 bugs fixed
support.apple.com/en-us/126798
📺 tvOS 26.4 - 17 bugs fixed
support.apple.com/en-us/126797
⌚ watchOS 8.8.2 - no CVE entries
⌚ watchOS 5.3.10 - no CVE entries

#apple #cybersecurity #infosec #security #ios

#CyberSecurity

👉#Russian Intelligence Services Target Commercial Messaging Application Accounts👈

"Evidence shows that cyber actors have been able to compromise individual CMA accounts, but not encryption of the applications themselves. The actors’ global campaigns have resulted in unauthorized access to thousands of individual CMA accounts to view the victims’ messages and contact lists, send messages, and conduct additional phishing against other CMA accounts. "

cisa.gov/resources-tools/resou…

A rogue #AI led to a serious security incident at #Meta

theverge.com/ai-artificial-int…

#cybersecurity #privacy

A rogue AI led to a serious security incident at Meta

Last week, an AI agent similar to OpenClaw triggered a high-severity security incident at Meta by independently giving inaccurate technical advice on an employee forum.

^{Stevie Bonifield (The Verge)}

Federal Cyber Experts Thought Microsoft’s Cloud Was “a Pile of Shit.” They Approved It Anyway.
---

A federal program created to protect the government against cyber threats authorized a sprawling Microsoft cloud product, despite the company’s inability to fully explain how it protects sensitive data.
propublica.org/article/microso…

#News #Microsoft #Cybersecurity #Government #Technology #Tech #Cloud

Federal Cyber Experts Thought Microsoft’s Cloud Was “a Pile of Shit.” They Approved It Anyway.

^{shoshana.gordon@propublica.org (ProPublica)}

"There is little evidence that young people are using VPNs to bypass digital ID checks imposed by the [UK] Online Safety Act."

Age gating them "will have little impact on children's online safety but will deter adults from using them or force people to hand over personal documents or biometric data."

🗣️ @JamesBaker for ORG.

independent.co.uk/extras/indyb…

#vpn #privacy #cybersecurity #onlinesafety #ukpolitics #ukpol

Could VPNs be banned in the UK? We asked the experts

The government has launched a public consultation into whether VPNs should be age-restricted

^{Alex Lee (The Independent)}

How #AI Assistants are Moving the Security Goalposts

krebsonsecurity.com/2026/03/ho…

#cybersecurity

How AI Assistants are Moving the Security Goalposts

AI-based assistants or "agents" -- autonomous programs that have access to the user's computer, files, online services and can automate virtually any task -- are growing in popularity with developers and IT workers.

^{krebsonsecurity.com}

🆕 New event added:

📌 BSidesAdelaide
📅 Jul 27-28, 2026
📍 Adelaide (SA) 🇦🇺
🔗 bsidesadelaide.com.au

#infosec #cybersecurity #conference #Bsidesadelaide #Australia

BSides Adelaide | Join the Cybersecurity Community

Discover BSides Adelaide 2026, a premier cybersecurity event in South Australia on July 27-28, 2026, focused on collaboration, education, and networking. Join us!

^{BSides Adelaide}

Who is the #Kimwolf #Botmaster “#Dort”?

krebsonsecurity.com/2026/02/wh…

#cybersecurity #cybercrime

Who is the Kimwolf Botmaster “Dort”?

In early January 2026, KrebsOnSecurity revealed how a security researcher disclosed a vulnerability that was used to assemble Kimwolf, the world's largest and most disruptive botnet.

^{krebsonsecurity.com}