Latest News

Format Boy makes a living teaching Yahoo Boys, notorious West African scammers, how to use AI and deepfake technology to ensnare their next victims.

Cybersecurity leaders aren’t just dealing with attacks—they’re also protecting trust, keeping systems running, and maintaining their organization’s reputation. This week’s developments highlight a bigger issue: as we rely more on digital tools, hidden weaknesses can quietly grow.  Just fixing problems isn’t enough anymore—resilience needs to be built into everything from the ground up.

A list of topics we covered in the week of May 12 to May 18 of 2025

Non-human identities—also known as machine or workload identities—are becoming increasingly critical as organizations adopt cloud-native ecosystems and advanced AI workflows. For workloads spanning multiple cloud platforms, adhering to zero trust principles becomes challenging as they cross identity domains. A unified identity framework provides consistency in automating identity issuance and enforcing access control policies across diverse environments. SPIFFE/SPIRE, an open source identity issuance framework, enables organizations to implement centralized, scalable identity management on

Het containerplatform Red Hat OpenShift heeft glansrijk een Data Protection Impact Assessment (DPIA) doorstaan. Deze DPIA is door een onafhankelijke partij uitgevoerd in opdracht van Strategisch Leveranciersmanagement Rijk (SLM Rijk). Dit diepgaand technisch onderzoek naar eventuele privacyrisico’s werd doorlopen na de recente ondertekening van een strategische overeenkomst tussen Red Hat en SLM Rijk, die het voor Nederlandse Rijksoverheidsinstanties makkelijker maakt om gebruik te maken van de open source-technologie en dienstverlening van Red Hat. Een DPIA is een belangrijk instrument om e

In hybrid and multicloud environments, proper management of sensitive data-like secrets, credentials and certificates is critical to maintaining a robust security posture across Kubernetes clusters. While Kubernetes provides a Kube-native way to manage secrets, it’s generally understood that Kubernetes secrets are not particularly secret: they are base64 encoded and are accessible to cluster administrators. Additionally, anyone with privileges to create a pod in a specific namespace can access the secrets for that namespace. While at-rest protection can be provided by encrypting sensitive da

I’m done preparing the slides for my talk about Vulristics at PHDays. 😇 I’ll be speaking on the last day of the festival – Saturday, May 24, at 16:00 in Popov Hall 25. If you’re there at that time, I’d be glad to see you. If not – join online! 😉 I’ll have an hour […]

ESET reports on RoundPress, a cyber espionage campaign by Russia’s Fancy Bear (Sednit) targeting Ukraine-related organizations via webmail…

FBI has warned about a sophisticated vishing and smishing campaign using AI-generated voice memos to impersonate senior US…

The company behind the Signal clone used by at least one Trump administration official was breached earlier this month. The hacker says they got in thanks to a basic misconfiguration.