Coverage of the top stories in AI and cybersecurity filtered from the 8000+ each month.
| June 2025 | Headline | News: Updated June 11th |
| #035 | New Malware Threats Embedded in Image Files. | Back in Apil 2023 we reported on malware embedded in mp4 image files and what to do about them. This time it’s the turn of Scalable Vector Graphics (SVG) files to be in the spotlight. SVG file even have a mechanism as part of the protocol to embed self executing javascript code, so all the threat actors need to do is read the manual. Less frequently used compared to jpg or png files these can sit in am email just waiting to be clicked. There are some fixes availble the watch word is “hovver don’t click” Thanks to Steve Gibson’s Security Now Podcast for this information. |
| #034 | U.S Cybersecurity | Even skipping the political rhetoric, adversaries must be loving the uncertainty and turmoil happening in critical government security circles. Reports from CybersecurityDive – “Trump scraps Biden software security, AI, post-quantum encryption efforts in new executive order.” are typical but maybe another from the same source “Trump’s cyber nominees gain broad industry support” is more hopeful. We will have to read carefully to see if the critical element of holding companies accountable for lack of best security practices still persists? |
| #033 | Cloudy with a chance of hacking. | The annual and somewhat strangely named Pwn2Own (Pwn means hack) event in Germany revealed some sobering thoghts for those who are cloud-centric. The live competiton by white hackers on the current systems with the latest updates installed revealed many vulnerabilities in VMWare, Nvidia, Docker and Linux systems. Win 11 and Firefox were not immune either. Scary though this may be, the value is that all of these effective Zero Day exploits will become future patches to the systems. Some sooner than others. |
| #032 | AI Fear Therapy. | As follow-on from the story below about AI being the top concern in Cybersecurity. I’m not sure that this qualifies as news but Cigna healthcare came up with: “Change the people or change the people.” |
| #031 | It, looks like the U.S. governments Hackerthon is continuing. | Cybersecurity Dive and others report that the 2000 (about 2/3rds) of CISA’s full time staff will be retianed. contractos whose companys’ contracts were ended have gone too. Given that they were presumably smart people in demand, my wishful thinking is that they will be spreading their knowledge in the commuity and commercial organizations and may form collaborative group. |
| #030 | The Breach Goes on. | June Gloom (a Los Angeles expression) has arrived with breaches reported at LexisNexis, affecting 364,000, Russian hackers buying passwords from cybercriminals, ransomware attacks on Nova Scotia Power, impacting 280,000, NSpresso Greek customers and many more. It’s an early June reminder that the problem is not going way. Update: the FBI riased th awareness of potential Play Ransomware attacks on 900 organizations using SimpleHelp. Analysts from Forescout say that 35,000 sloar power systems connected to the Internet are at risk. The list is endless. |