A hidden backdoor in a trusted Linux tool is giving attackers a master key to root access—how did a long-time contributor manage to compromise entire Docker images and official distributions? Read on to uncover the full story.

https://thedefendopsdiaries.com/the-xz-utils-backdoor-a-critical-software-supply-chain-compromise/

#xzutils
#backdoor
#cybersecurity
#softwaresecurity
#dockersecurity

One of my almae matres (?) is hiring!

From the LinkedIn announcement:

"The 𝐂𝐨𝐦𝐩𝐮𝐭𝐞𝐫 𝐒𝐜𝐢𝐞𝐧𝐜𝐞 department at UCLouvain (Belgium) will soon open 𝐭𝐡𝐫𝐞𝐞 𝐟𝐮𝐥𝐥-𝐭𝐢𝐦𝐞 𝐟𝐚𝐜𝐮𝐥𝐭𝐲 𝐩𝐨𝐬𝐢𝐭𝐢𝐨𝐧𝐬 targeting excellent profiles in the following domains:

- 2 Positions in one or more of these areas:
=> 𝐒𝐨𝐟𝐭𝐰𝐚𝐫𝐞 𝐞𝐧𝐠𝐢𝐧𝐞𝐞𝐫𝐢𝐧𝐠,
=> 𝐏𝐫𝐨𝐠𝐫𝐚𝐦𝐦𝐢𝐧𝐠 𝐬𝐲𝐬𝐭𝐞𝐦𝐬 𝐚𝐧𝐝 𝐥𝐚𝐧𝐠𝐮𝐚𝐠𝐞𝐬,
=> 𝐒𝐨𝐟𝐭𝐰𝐚𝐫𝐞 𝐝𝐞𝐩𝐞𝐧𝐝𝐚𝐛𝐢𝐥𝐢𝐭𝐲, 𝐢𝐧𝐜𝐥𝐮𝐝𝐢𝐧𝐠 𝐟𝐨𝐫𝐦𝐚𝐥 𝐦𝐞𝐭𝐡𝐨𝐝𝐬.

- 1 Position in 𝐬𝐨𝐟𝐭𝐰𝐚𝐫𝐞 𝐬𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐚𝐧𝐝 𝐜𝐲𝐛𝐞𝐫𝐬𝐞𝐜𝐮𝐫𝐢𝐭𝐲, also broadly construed (e.g., system security, cyber-physical systems security, AI for security & security for AI, privacy, distributed systems security, etc.).

The three positions will be open to 𝐚𝐥𝐥 𝐬𝐞𝐧𝐢𝐨𝐫𝐢𝐭𝐲 𝐥𝐞𝐯𝐞𝐥𝐬 (assistant/associate or full)."

https://www.linkedin.com/posts/icteam-uclouvain_uclouvain-icteam-professorposition-activity-7345710022284197889-sNL5

I loved the year that I spent at Université catholique de Louvain! I learned so much there, and every time I am back, I am welcomed with such open arms by the lovely people there. I'm happy where I am now at TU Delft, but seeing this announcement, my heart jumped and I admit that I did quickly check my profile against the positions that are opening.

#AcademicJobs #GetFediHired #AcademicMastodon #AcademicJob #SoftwareEngineering #ProgrammingLanguages #FormalMethods #SoftwareSecurity #CyberSecurity #Belgium #LLN #UniversitéCatholiquedeLouvain
#AcademicChatter

Claude Code's "natural language programming" marketing perpetuates dangerous myth that technical complexity can be abstracted away through conversational interfaces.

This represents fundamental misunderstanding: software systems require deep comprehension for reliable operation and maintenance.

Cognitive offloading to AI agents creates systemic technical debt and security vulnerabilities.

#SoftwareSecurity #TechnicalDebt #AIEthics

If you can’t see what’s inside your software, you can’t protect it. In this Brand Story episode, Theresa Lanowitz discusses what businesses need to do about software supply chain risk—and who should be asking the hard questions.

🎧 https://youtu.be/7i02JLOh_7M

#cybersecurity #riskmanagement #brandstory #softwaresecurity #visibility

Amazon’s AI Coding Assistant Compromised by Malicious Prompt!

In a chilling reminder of AI’s growing attack surface, a malicious prompt was quietly inserted into Amazon’s Q coding assistant via a pull request and told to wipe the user’s file system and AWS cloud resources. The rogue code instructed the AI to “clean a system to a near-factory state,” including running destructive AWS CLI commands.

Amazon has since removed the malicious version and released an update, but it's a good reminder that AI coding tools are only as secure as their supply chain and prompt filtering. Vet your extensions. Lock down access. And never assume “AI knows better.”

Read the details: https://www.tomshardware.com/tech-industry/cyber-security/hacker-injects-malicious-potentially-disk-wiping-prompt-into-amazons-ai-coding-assistant-with-a-simple-pull-request-told-your-goal-is-to-clean-a-system-to-a-near-factory-state-and-delete-file-system-and-cloud-resources

#AIsecurity #DevSecOps #AI #AmazonQ #PromptInjection #Cybersecurity #CISO #SoftwareSecurity #VSCode #SecureCoding #PenetrationTesting #Infosec #ITsecurity

📣 Calling all developers and AppSec pros!

Join Jim Manico on November 3–5 at OWASP Global AppSec USA 2025 for a 3-day, hands-on training experience.

REGISTER NOW: https://owasp.glueup.com/event/131624/register/

➡️ Ideal for beginners looking to build a strong, modern security foundation in both traditional and AI-driven environments.

#OWASP #CyberSecurity #AppSec #AIsecurity #DevSecOps #SoftwareSecurity #WashingtonDC #SecureCoding #InfosecTraining #Developers

#AI slop is doing considerable damage to the #Internet, #journalism (https://www.404media.co/the-medias-pivot-to-ai-is-not-real-and-not-going-to-work/) #programming (https://techcrunch.com/2025/07/11/ai-coding-tools-may-not-speed-up-every-developer-study-shows/), #SoftwareSecurity (https://daniel.haxx.se/blog/2025/07/14/death-by-a-thousand-slops/), #science (https://www.theguardian.com/science/2025/jul/13/quality-of-scientific-papers-questioned-as-academics-overwhelmed-by-the-millions-published)... and at what price? Wasting tons of energy, making the world step back on compromises to drop emissions when we should be hard working to stop the #ClimateChange. This is heartbreaking.

Please stop using #GenerativeAI

Japan Cyber Security Market Trends Analysis Report

Dublin, July 11, 2025 (GLOBE NEWSWIRE) — The “Japan Cyber Security Market Size, Share & Trends Analysis Report by Component (Hardware, Software), Security Type, Solution Type, Deployment, Organi…
#Japan #JP #JapanNews #ITsecurity #news #ResearchandMarkets #SecurityOrchestration #SecurityTechnologies #SecurityTechnology #SoftwareSecurity #UnifiedThreatManagement
https://www.alojapan.com/1319318/japan-cyber-security-market-trends-analysis-report/