Arstechnia

• Open source package with 1 million monthly downloads stole user credentials

  If you're one of millions using element-data, it's time to check for compromise.

• Why are top university websites serving porn? It comes down to shoddy housekeeping.

  Hundreds of subdomains from dozens of universities have been hijacked by scammers.

• In a first, a ransomware family is confirmed to be quantum-safe

  Technically speaking, there's no practical benefit to use PQC. So why is it being used?

• Microsoft issues emergency update for macOS and Linux ASP.NET threat

  When authentication fails, things can go very, very wrong.

• Contrary to popular superstition, AES 128 is just fine in a post-quantum world

  A stubborn misconception is hampering the already hard work of quantum readiness.

• US-sanctioned currency exchange says $15 million heist done by "unfriendly states"

  Grinex says needed hacking resources "available exclusively to... unfriendly states."

• Recent advances push Big Tech closer to the Q-Day danger zone

  Here's which players are winning the race to transition to post-quantum crypto.

• “Negative” views of Broadcom driving thousands of VMware migrations, rival says

  Western Union exec says there were "challenges" working with Broadcom.

• Iran-linked hackers disrupt operations at US critical infrastructure sites

  As the US and Israel's war has ramped up, so too have hacks on US industrial sites.

• Thousands of consumer routers hacked by Russia's military

  End-of-life routers in homes and small offices hacked in 120 countries.

• OpenClaw gives users yet another reason to be freaked out about security

  The viral AI agentic tool let attackers silently gain admin unauthenticated access.

• New Rowhammer attacks give complete control of machines running Nvidia GPUs

  GDDRHammer, GeForge and GPUBreach hammer GPU memory in ways that hijack the CPU.

• Quantum computers need vastly fewer resources than thought to break vital encryption

  No, the sky isn't falling, but Q Day is coming, and it won't be as expensive as thought.

• Google bumps up Q Day deadline to 2029, far sooner than previously thought

  Company warns entire industry to move off RSA and EC more quickly.

• Self-propagating malware poisons open source software and wipes Iran-based machines

  Development houses: It's time to check your networks for infections.

• Widely used Trivy scanner compromised in ongoing supply-chain attack

  Admins: Sorry to say, but it's likely a rotate-your-secrets kind of weekend.

• Cloud service providers ask EU regulator to reinstate VMware partner program

  Broadcom says the group is misrepresenting market "realities."

• Federal cyber experts called Microsoft's cloud a "pile of shit," approved it anyway

  One Microsoft product was approved despite years of concerns about its security.

• Researchers disclose vulnerabilities in IP KVMs from four manufacturers

  Internet-exposed devices that give BIOS-level access? What could possibly go wrong?

• Supply-chain attack using invisible code hits GitHub and other repositories

  Unicode that's invisible to the human eye was largely abandoned—until attackers took notice.