Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. Both a good reminder that it’s important to be careful where you get your software from, and an illustration of how the residential proxy networks we recently talked about are built: Laced 7-Zip installers […]
Continue readingCategory: Security Bits
Security Bits — 1 February 2026
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. A timely reminder both that malicious ads remain a big problem, and that Mac users are not immune to malware: Mac malware is sneaking into some sponsored Google ads — appleinsider.com/… Deep Dive — […]
Continue readingSecurity Bits — 18 January 2026
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. Some context for a story we covered many times in 2025: Amazon blocked 1,800 employment attempts by North Korean agents — cyberinsider.com/… Yet another reason to steer clear of VS Code forks: VSCode IDE […]
Continue readingSecurity Bits — 18 December 2025
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. Yet another real-world example of the dangers of poor secret hygiene: Over 10,000 Docker Hub images found leaking credentials, auth keys — www.bleepingcomputer.com/… 🇬🇧 UK fines LastPass £1.2M over 2022 data breach impacting 1.6 […]
Continue readingSecurity Bits — 6 December 2025
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. A good example of why Bart has been going on and on about secret management in recent conversations with Allison: Massive GitLab scan finds 17,000+ valid secrets in public repositories — cyberinsider.com/… A nice […]
Continue readingSecurity Bits — 23 November 2025
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. Google backpedals on new Android developer registration rules — www.bleepingcomputer.com/… (Android is not becoming quite as Apple-like after all — better for Linux geeks, worse for regular folks) Deep Dive — that Cloudflare Outage […]
Continue readingSecurity Bits — 9 November 2025
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. More evidence of the dangers of Agentic Browsers: ChatGPT Atlas Browser Can Be Tricked by Fake URLs into Executing Hidden Commands — thehackernews.com/… Related Article: Be Cautious with Agentic Web Browsers — tidbits.com/… (by […]
Continue readingSecurity Bits — 26 October 2025
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. 🇺🇸 US Court Blocks Spyware Vendor NSO Group from Targeting WhatsApp Users — cyberinsider.com/… (Maybe their recent change to US ownership will give this injunction more teeth!) Update on the Tea app which suffered […]
Continue readingSecurity Bits — 12 October 2025
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. Another interesting twist in the NSO Group Saga: Spyware maker NSO Group confirms acquisition by US investors — techcrunch.com/… (via Allison) ❗ Action Alerts Calls to action, if any stories in this section are […]
Continue readingSecurity Bits — 28 September 2025
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. The industry is fighting back against the recent spike in supply-chain attacks targeting shared library platforms like NPM, PyPi, etc.: GitHub tightens npm security with mandatory 2FA, access tokens — www.bleepingcomputer.com/… 🇺🇸 Details are […]
Continue reading