Extremely cool breakdown of some self-replicating malware that probably (?) predates Stuxnet by 5 years:

https://www.sentinelone.com/labs/fast16-mystery-shadowbrokers-reference-reveals-high-precision-software-sabotage-5-years-before-stuxnet/

#stuxnet #malware

Given the offensive capabilities of Mythos, what will the US government do (once the petty squabbles have subsided)?

A) Classify Mythos and similar models as a weapon, restricting their use and export.
B) Ban the use of such models except by US military and defence agencies.
C) Find some financial pretext for burying American AI companies with red tape, penalties and lawsuits.
D) All of the above.

#ai #ml #mythos

It's happening.

https://x.com/FBICyberDiv/status/2041566548691660897

#war #iran #us #cyberattack #ot

That's a bit embarrassing!

Iran-Linked Hackers Breach FBI Director’s Personal Email, Hit Stryker With Wiper Attack
https://thehackernews.com/2026/03/iran-linked-hackers-breach-fbi.html

#FBI #hackers #Iran #breach

This is a decent read - one way of avoiding US cloud infrastructure providers.

"Made in EU" - it was harder than I thought.
https://www.coinerella.com/made-in-eu-it-was-harder-than-i-thought/

#cloud #trade #us #eu #sovereignty

This is a great paper on the risks of malicious servers when using password managers: https://zkae.io/. I understood about 2% of it.

You have to dig down in the paper to see that there was pretty good engagement from the password manager developers, once contact was established. That's encouraging, particularly in the light of recent reputational damage suffered by LastPass, and doubts about its future under private equity ownership.

#crypto #passwordmanager #lastpass #dashlane #bitwarden #1password

Great teardown of the Notepad++ breach by Rapid7: https://www.rapid7.com/blog/post/tr-chrysalis-backdoor-dive-into-lotus-blossoms-toolkit/

Definitely worth checking your logs for these IoCs. Stealth level is high. Standard AV is unlikely to detect.

#malware #stateactor #lotusblossom #notepadplusplus

Oof. With my legal background, this one hits close to home! 😬

The ICO fined a law firm after data breach and subsequent leak to dark web. Identities of protected victims and witnesses were exposed. All attackers gained access to an old, supposedly archived case management system. (Why was this online?)

https://www.lawsociety.org.uk/topics/ethics/dark-web-data-leak

Given the size of the fine (£60k), I would guess this was not a large law firm. Some of the affected individuals may sue, so that's probably not the end of the matter.

#databreach #law #lawfirm #ico #darkweb #exfiltration

Boo. 🙁👎

"an autistic man ... was told he had to stop stacking shelves at a Waitrose store where he had worked as a volunteer for years"

"his placement was stopped when the firm's head office was asked about the possibility of paid work"

https://www.bbc.co.uk/news/articles/c205le1e27zo

Hooray! 🙂👍

"Asda have offered him two five-hour paid shifts a week"

https://www.bbc.co.uk/news/articles/c98n53dpzx6o

Asda wins this particular PR skirmish. 🤔

#autism #diversity #inclusion #PR #Waitrose #Asda

Some pretty sane recommendations about password requirements from NIST. Don't make it hard for your users!

NIST Special Publication 800-63B
https://pages.nist.gov/800-63-4/sp800-63b.html