OpenSSL issues a bugfix for the previous bugfix

Fortunately, it's not a major bugfix, which means it's easy to patch and can teach us all some useful lessons.

Poisoned Python and PHP packages purloin passwords for AWS access

More supply chain trouble - this time with clear examples so you can learn how to spot this stuff yourself.

Clearview AI face-matching service fined a lot less than expected

The fine has finally gone through... but it's less than 45% of what was originally proposed.

Pwn2Own hacking schedule released – Windows and Linux are top targets

What's better? Disclose early, patch fast? Or dig deep, disclose in full, patch more slowly?

Colonial Pipeline facing $1,000,000 fine for poor recovery plans

How good is your cybersecurity? Are you making the same mistakes as lots of other people? Here's some real-life advice...

Beanstalk cryptocurrency heist: scammer votes himself all the money

Voting safeguards based on commuity collateral don't work if one person can use a momentary loan to "become" 75% of the community.

Yet another Chrome zero-day emergency update – patch now!

The third emergency Chrome 0-day in three months - the first one was exploited by North Korea, so you might as well get this one ASAP.

S3 Ep78: Darkweb hydra, Ruby, quantum computing, and a robot revolution [Podcast]

Latest episode - listen now!

OpenSSH goes Post-Quantum, switches to qubit-busting crypto by default

Useful quantum computers might not actually be possible. But what if they are? And what if they arrive, say, tomorrow?

Web vendor CafePress fined $500,000 for giving cybersecurity a low value

Just because you're the victim of a cybercrime doesn't let you off your cybersecurity obligations

Beware bogus Betas – cryptocoin scammers abuse Apple’s TestFlight system

"Install this moneymaking app" - this one is so special that it isn't available on Google Play or the App Store!

Happy #PiDay – even if you aren’t in North America!

There is a cybersecurity angle here - but you will need to read right to the end to find it :-)

Cryptocoin ATMs ruled illegal – “Shut down at once”, says regulator

If you live in the UK and hadn't yet heard of cryptocoin ATMs... it's too late now!

S3 Ep70: Bitcoin, billing blunders, and 0-day after 0-day after 0-day [Podcast + Transcript]

Latest episode - listen and learn!

Apple zero-day drama for Macs, iPhones and iPads – patch now!

Sudden update! Zero-day browser hole! Drive-by malware danger! Patch Apple laptops and phones now...

Self-styled “Crocodile of Wall Street” arrested with husband over Bitcoin megaheist

The cops say they've recovered 80% of a $72 million cryptocoin heist... but the recovered funds alone are now worth over $4 billion!

Wormhole cryptotrading company turns over $340,000,000 to criminals

It was the best of blockchains, it was the worst of blockchains... as Charles Dickens might have said.

Coronavirus SMS scam offers home PCR testing devices – don’t fall for it!

Free home PCR devices would be technological marvels, and really useful, too. But there aren't any...

Apple fixes Safari data leak (and patches a zero-day!) – update now

That infamous "supercookie" bug in Safari has now been fixed. Oh, and there was a zero-day kernel hole as well.

Cryptocoin broker Crypto.com says 2FA bypass led to $35m theft

The company has put out a brief security report that summarises the 'what', but not yet the 'how' or 'why'.

JavaScript developer destroys own projects in supply chain “lesson”

Two popular open source JavaScript packages recently got "hacked" in a symbolic gesture by the original project creator.

Plundered bitcoins recovered by FBI – all 3,879-and-one-sixth of them!

Phew! An audacious crime... that didn't work out.

S3 Ep63: Log4Shell (what else?) and Apple kernel bugs [Podcast+Transcript]

Latest episode - listen now! (Yes, there are plenty of critical things to go along with Log4Shell.)

Apple security updates are out – and not a Log4Shell mention in sight

Get 'em while they're hot!

Cryptocurrency startup fails to subtract before adding, loses $31m

Think of a number, any number. Take away 42. Add 42 back in. Then pretend you didn't take away 42. How much is left?

S3 Ep61: Call scammers, cloud insecurity, and facial recognition creepiness [Podcast+Transcript]

Latest episode - listen now!

Clearview AI face-matching service set to be fined over $20m

Scraping data for a facial recognition service? "That's unlawful", concluded both the British and the Australians.

S3 Ep60: Exchange exploit, GoDaddy breach and cookies made public [Podcast]

Latest episode - listen now! Solid cybersecurity advice in plain English.

Github cookie leakage – thousands of Firefox cookie files uploaded by mistake

Be aware before you share! That's a good rule for developers and techies, just as much as it is for social media addicts.

S3 Ep58: Faces on Facebook, scams that pose as complaints, and a Kaseya bust [Podcast]

Latest epsiode - listen now!

Facebook to throw out face recognition, delete all template data

Publicity stunt? Or privacy progress?

“To the moon!” Cryptocurrency hamster Mr Goxx trades online 24/7

Here's a happy cryptocurrency story for once, with not a cybercrook in sight.

LANtenna hack spies on your data from across the room! (Sort of)

Are your network cables acting as undercover wireless transmitters? What can you do if they are?