Cloudflare introduces two major Waiting Room enhancements: Turnstile integration to detect and manage bot traffic through an Infinite Queue system, and Session Revocation for optimizing user throughput. These features work together to reduce wait times, protect against automated threats, and ensure fairer access during high-demand events while maintaining a seamless user experience.
After a 5-year legal battle, an Illinois FOIA lawsuit seeking database schemas from Chicago's parking ticket system ended in a unanimous Supreme Court loss, significantly broadening agencies' ability to withhold records. The case highlighted ongoing challenges in accessing public data through FOIA requests and revealed inconsistencies in how Chicago handles sensitive data disclosure.
Video game speedrunners unknowingly develop advanced cybersecurity skills through glitch hunting, using professional tools like IDA Pro and Ghidra for reverse engineering. These enthusiasts create sophisticated exploits and technical documentation comparable to professional vulnerability researchers, yet often don't realize their skills could translate into cybersecurity careers.
A Department of Energy (DOGE) employee Jordan Wick has been publicly sharing sensitive work-related code on GitHub, including a Twitter DM downloader and geospatial data analysis tools for undersea cables and critical minerals.
A widespread scam operation on GitHub involves thousands of repositories distributing malware disguised as game mods and cracked software. The malware, known as Redox stealer, collects sensitive data including passwords, crypto wallets, and gaming accounts from victims' computers, then sends it to Discord servers for exploitation.
Government access to personal data through tech giants has dramatically increased, with Meta, Google, and Apple sharing details of 3.16 million accounts over the past decade. The US government made nearly 500,000 data requests to Google and Meta in the last measured 12 months, exceeding all other 14 Eyes Alliance members combined. These companies' business models prevent them from implementing strong privacy protections, as they rely heavily on user tracking for revenue.
IBM has completed its $6.4 billion acquisition of HashiCorp, integrating advanced cloud infrastructure automation and security capabilities into its portfolio. The merger aims to help enterprises manage hybrid cloud environments more efficiently, with HashiCorp's Terraform and Vault products now available through IBM's automation software lineup. The acquisition strengthens IBM's position in multiple growth areas including Red Hat, watsonx, and IT automation.
Memory safety vulnerabilities have been a persistent security challenge costing billions, prompting a call for industry-wide standardization and secure-by-design practices. Recent advancements in memory-safe languages like Rust and hardware technologies offer promising solutions for widespread adoption. Google advocates for establishing a common framework to assess memory safety assurances and drive industry-wide adoption of secure practices.
A class action lawsuit has been filed against Automattic over blocking WP Engine's access to WordPress.org services, affecting hundreds of thousands of customers. The lawsuit alleges deliberate sabotage and unfair competition, seeking damages and an injunction to prevent Automattic from interfering with competitors. The case highlights concerns about WordPress.org's governance and Automattic's control over critical WordPress infrastructure.
SubImage, built on the open-source Cartography security graph, helps security teams identify and fix infrastructure vulnerabilities before attackers find them. The platform maps infrastructure, emulates adversary behavior, and provides actionable recommendations through a hosted solution that allows deep customization and integration with various data sources.