A Department of Energy (DOGE) employee Jordan Wick has been publicly sharing sensitive work-related code on GitHub, including a Twitter DM downloader and geospatial data analysis tools for undersea cables and critical minerals.
A widespread scam operation on GitHub involves thousands of repositories distributing malware disguised as game mods and cracked software. The malware, known as Redox stealer, collects sensitive data including passwords, crypto wallets, and gaming accounts from victims' computers, then sends it to Discord servers for exploitation.
Government access to personal data through tech giants has dramatically increased, with Meta, Google, and Apple sharing details of 3.16 million accounts over the past decade. The US government made nearly 500,000 data requests to Google and Meta in the last measured 12 months, exceeding all other 14 Eyes Alliance members combined. These companies' business models prevent them from implementing strong privacy protections, as they rely heavily on user tracking for revenue.
IBM has completed its $6.4 billion acquisition of HashiCorp, integrating advanced cloud infrastructure automation and security capabilities into its portfolio. The merger aims to help enterprises manage hybrid cloud environments more efficiently, with HashiCorp's Terraform and Vault products now available through IBM's automation software lineup. The acquisition strengthens IBM's position in multiple growth areas including Red Hat, watsonx, and IT automation.
Memory safety vulnerabilities have been a persistent security challenge costing billions, prompting a call for industry-wide standardization and secure-by-design practices. Recent advancements in memory-safe languages like Rust and hardware technologies offer promising solutions for widespread adoption. Google advocates for establishing a common framework to assess memory safety assurances and drive industry-wide adoption of secure practices.
A class action lawsuit has been filed against Automattic over blocking WP Engine's access to WordPress.org services, affecting hundreds of thousands of customers. The lawsuit alleges deliberate sabotage and unfair competition, seeking damages and an injunction to prevent Automattic from interfering with competitors. The case highlights concerns about WordPress.org's governance and Automattic's control over critical WordPress infrastructure.
SubImage, built on the open-source Cartography security graph, helps security teams identify and fix infrastructure vulnerabilities before attackers find them. The platform maps infrastructure, emulates adversary behavior, and provides actionable recommendations through a hosted solution that allows deep customization and integration with various data sources.
Cloudflare has initiated legal proceedings against LaLiga over IP blocking measures that affected millions of unrelated website users. The dispute arose after LaLiga blocked two pirate streaming platforms using Cloudflare's technology, affecting shared IP addresses that hosted thousands of legitimate domains.
The UK government has ordered Apple to implement encryption backdoors in iCloud, leading Apple to remove Advanced Data Protection for UK users. This decision represents a significant threat to global digital privacy and security, following a pattern of governments attempting to weaken encryption worldwide. The situation exemplifies ongoing challenges in balancing national security with individual privacy rights.
European governments and organizations continue migrating to US cloud services despite increasing risks and Trump's undermining of data privacy frameworks. The practice is justified through legal mechanisms and convenience, despite serious concerns about data sovereignty and business continuity. The author argues for immediate cessation of US cloud adoption and investment in European alternatives.