From Code Red to Rust: Microsoft’s Security Journey – Dark Reading
At this year’s Build developer conference, Microsoft reflects on what the company learned about securing features and writing secure code in the early 2000s. – Read More
May 2025
Poisoned models in fake Alibaba SDKs show challenges of securing AI supply chains – CSO Online
Developers have been increasingly targeted by attackers in recent years with fake software packages on open-source component repositories — a supply chain attack technique that has now expanded to include…
Court quashes part of LeO’s £51,000 award against law firm – Legal Futures
The Legal Ombudsman was wrong to find that a law firm failed to adequately assess a client’s capacity and should pay her £15,700 in compensation, the High Court has ruled.…
Consultant not entitled to 40% of all firm’s work for client – Legal Futures
A consultant solicitor in a long-running dispute with his former law firm over his entitlement to a share of its fees has failed in his appeal to the Employment Appeal…
NSA, CISA Urge Organizations to Secure Data Used in AI Models – Dark Reading
New guidance includes a list of 10 best practices to protect sensitive data throughout the AI lifecycle as well as addressing supply chain and data poisoning risks. – Read More
Barristers “should tell chambers and regulator” about complaints – Legal Futures
Barristers will be required to inform both their chambers and their regulator about the complaints they receive, under plans published yesterday by the Bar Standards Board. The post Barristers “should…
Victoria’s Secret Goes Offline After ‘Incident’ Claims – Dark Reading
The lingerie retailer isn’t revealing much about the security incident it’s dealing with but has brought in third-party experts to address the issue. – Read More
New Botnet Plants Persistent Backdoors in ASUS Routers – Dark Reading
Thousands of ASUS routers have been infected and are believed to be part of a wide-ranging ORB network affecting devices from Linksys, D-Link, QNAP, and Araknis Network. – Read More
SentinelOne Reports Services Are Back Online After Global Outage – Dark Reading
The outage reportedly hit 10 commercial customer consoles for SentinelOne’s Singularity platform, including Singularity Endpoint, XDR, Cloud Security, Identity, Data Lake, RemoteOps, and more. – Read More
Zscaler’s Buyout of Red Canary Shows Telemetry’s Value – Dark Reading
Red Canary’s MDR portfolio complements Zscaler’s purchase last year of Israeli startup Avalor, which automates collection, curation, and enrichment of security data. – Read More
APT41 Uses Google Calendar Events for C2 – Dark Reading
APT41, a Chinese state-sponsored threat actor also known as “Double Dragon,” used Google Calendar as command-and-control infrastructure during a campaign last fall. – Read More
PumaBot Targets Linux Devices in Latest Botnet Campaign – Dark Reading
While the botnet may not be completely automated, it uses certain tactics when targeting devices that indicate that it may, at the very least, be semiautomated. – Read More
LexisNexis Informs 360K+ Customers of Third-Party Data Leak – Dark Reading
While the leak affected customer data, LexisNexis said in a notification letter that its products and systems were not compromised. – Read More
Cybercriminals Target AI Users with Malware-Loaded Installers Posing as Popular Tools – The Hacker News
Fake installers for popular artificial intelligence (AI) tools like OpenAI ChatGPT and InVideo AI are being used as lures to propagate various threats, such as the CyberLock and Lucky_Gh0$t ransomware…
LSB lays out actions for SRA to avoid another Axiom Ince – Legal Futures
The Solicitors Regulation Authority has been given statutory directions to address the multiple failures in its oversight of Axiom Ince. The post LSB lays out actions for SRA to avoid…