Dave Ferguson

🛑 Adobe released emergency fixes for a 9.6 CVSS flaw (CVE-2026-34621) in Acrobat/Reader, confirmed under active exploitation. A prototype pollution bug lets malicious PDFs run arbitrary code via JavaScript. Evidence shows attacks may date back to Dec 2025. 🔗 Read → thehackernews.com/2026/04/adobe-…

If you downloaded any CPUID software between Apr 9 15:00 UTC and Apr 10 10:00 UTC — assume compromise. Check your DNS logs for these 4 malicious domains and scan for CRYPTBASE.dll artifacts. Full IoCs, hashes, attack chain analysis and detection rules: securelist.com/tr/cpu-z/11936… [6/6]

JPMC's CISO Patrick Opet discusses his open letter to third-party software suppliers. reversinglabs.com/blog/opet-jpmc…

@reginaldbear @NamesJaysmith Iowa's Ben McCollum is our best choice at 44 yrs old. But born & raised in Iowa.

@NamesJaysmith What current relevant coaches are around 35-40?

KU’s head coaches & age when hired James Naismith 37 Forrest Allen 22 William Hamilton 33 Dick Harp 38 Ted Owens 34 Larry Brown 42 Roy Williams 37 Bill Self 40 Average age of 35…..

@mubix twit.tv/posts/tech/hr-…

Haven’t validated myself but here is the post: news.ycombinator.com/item?id=474571… And here is the specific software that is specified: newegg.com/p/N82E16832732…

Hey @gmail. An email sent to my business email account and marked as Spam (so I never saw it) created a calendar entry on my Google Calendar. Why did that happen?

Good review of the compromises in open source due to TeamPCP. reversinglabs.com/blog/teampcp-s…

👁️ Be on the look out for compromised versions 1.82.7 and 1.82.8 of the "litellm" PyPI package, which has more than 479 million downloads 🧵👇 secure.software/pypi/packages/…

Look out for compromised version of Checkmarx ast-results OpenVSX extension open-vsx.org/extension/chec…

Crazy that a secrets detection tool had secrets stolen and was subsequently used to launch a very nasty supply chain attack.

Let's see what ENISA thinks about risks when it comes to package managers. enisa.europa.eu/publications/e…

Mildly interesting, but I come to the inevitable conclusion that we have more pressing issues to be concerned about. darkreading.com/ics-ot-securit…

Hundreds of packages published on npm and PyPi act as downloaders for a remote access trojan. bleepingcomputer.com/news/security/…

Notepad++ Supply Chain Hack Conducted by China via Hosting Provider. securityweek.com/notepad-supply…

The AWS European Sovereign Cloud now open. A physically & logically separate cloud infrastructure, with all components located entirely within the EU. aws.amazon.com/blogs/aws/open…

With permission granted to collect anonymized browser behavior data, the #malware within the extensions will collect & exfiltrate data about open browser tabs and chatbot conversations. thehackernews.com/2026/01/two-ch…

U.S. Dept of War is gearing up for PQC. Having CBOMs for software, including containers & VMs will help fulfill the "Cryptography Inventory and Risk Assessment" requirement. hstoday.us/subject-matter…

My latest blog explores how Spectra Assure and EDR can be paired to mitigate risks in 3rd-party software. reversinglabs.com/blog/spectra-a…

RIP Privacy — AI Glasses Can Now Recognize Anyone, Anywhere. A Dutch journalist just tested a pair of AI-powered glasses that can instantly identify strangers on the street. No government database. No police system. Just public data and off-the-shelf AI. You look at someone and in seconds, their name, LinkedIn, and background appear before your eyes. The scariest part? You can’t really stop it. You can ban it, regulate it, add blinking red lights… but once tech like this exists, someone will always find a way to use it. To me, this marks a turning point. We’ve officially blurred the line between seeing people and knowing them. Between being in public and being exposed. So here’s the question: When every face becomes a dataset, how do we protect the meaning of being human? #AI #Privacy #Ethics #Technology #Innovation #Data #Surveillance