#cascading-system-failures
#cascading-system-failures

Information security

Industry Reactions to Iran Hacking ICS in Critical Infrastructure: Feedback Friday

Healthcare

Healthcare Executives Face a New Era of Personal Risk

Information security

US push to counter hackers draws industry deeper into offensive cyber debate

Node JS

Are We Ready for the Next Cyber Security Crisis Like Log4shell?

Organizations are not prepared for the next cybersecurity crisis, similar to Log4Shell.

fromZDNET

Your router may be vulnerable to Russian hackers, FBI warns: 5 steps to take now

FBI and NSA warn of Russian hackers targeting vulnerable routers, urging users to update firmware and strengthen passwords.

Silicon Valley

fromWIRED

7 hours ago

The Dumbest Hack of the Year Exposed a Very Real Problem

A cyberattack in Silicon Valley exploited weak passwords to spoof crosswalk button recordings with voices of tech CEOs, raising security concerns.

Industry Reactions to Iran Hacking ICS in Critical Infrastructure: Feedback Friday

Iran-linked hackers are targeting critical infrastructure, exploiting vulnerabilities in industrial control systems and operational technology.

Healthcare

Healthcare Executives Face a New Era of Personal Risk

Healthcare executives face heightened personal risks due to grievance-motivated cyber threats amid economic pressures and public accountability.

US push to counter hackers draws industry deeper into offensive cyber debate

The U.S. government seeks private sector involvement in cyber defense, but clarity on offensive roles remains uncertain.

Node JS

Are We Ready for the Next Cyber Security Crisis Like Log4shell?

Organizations are not prepared for the next cybersecurity crisis, similar to Log4Shell.

fromZDNET

Your router may be vulnerable to Russian hackers, FBI warns: 5 steps to take now

FBI and NSA warn of Russian hackers targeting vulnerable routers, urging users to update firmware and strengthen passwords.

Cloudflare introduces new features for building and deploying agents

Cloudflare is transforming AI development with Dynamic Workers, Sandboxes, and Artifacts for secure, scalable, and efficient code execution.

Careers

Businesses are paying the price for CISO burnout | Computer Weekly

Burnout among CISOs poses significant risks to businesses, driven by overwhelming responsibilities and rising cyber threats.

Privacy professionals

Online Community Development

The Hidden ROI of Visibility: Better Decisions, Better Behavior, Better Security

Visibility through security measures can deter undesirable behavior and enhance safety in challenging situations.

When the storm hits: What Hurricane Katrina still teaches federal leaders about continuity of operations

Preparation, relationships, and resourcefulness are essential for effective crisis management, as demonstrated during Hurricane Katrina.

France politics

fromWIRED

'We Were Not Ready for This': Lebanon's Emergency System Is Hanging by a Thread

Lebanon faces a humanitarian crisis with nearly 1 in 5 people displaced by Israeli attacks, struggling with inadequate digital infrastructure.

Remote teams

from3blmedia

Why Traditional Evacuation Plans Fall Short in Hybrid Work

Hybrid work complicates evacuation plans, creating gaps when designated safety personnel are absent, necessitating a shift to more inclusive safety strategies.

Node JS

fromNist

NVD

Tinyproxy versions up to 1.11.3 are vulnerable to HTTP request parsing desynchronization due to case-sensitive Transfer-Encoding header comparison.

Software development

fromInfoWorld

How to destroy a company quickly

Replacing engineers with AI leads to inefficient code and skyrocketing cloud costs.

Psychology

fromSilicon Canals

The people who always have a backup plan aren't pessimists. They grew up in environments where promises were unreliable, and redundancy became the only architecture that didn't collapse when someone changed their mind without warning. - Silicon Canals

Obsessive planners are often generous, driven by past experiences that teach them to prepare for uncertainties.

2 days ago

Data is a strategic asset and a strategic vulnerability

Data is a primary strategic asset in national security, transforming into both a powerful tool and a critical vulnerability.

fromDevOps.com

Why Most DevSecOps Pipelines Fail at Runtime Security (not Build Time) - DevOps.com

Runtime risk arises from configuration and infrastructure changes post-deployment, necessitating DevSecOps to enhance security earlier in the delivery process.

San Francisco

fromMission Local

Cell outage blocks San Francisco 911 calls

A cell outage may disrupt 911 calls in San Francisco, prompting residents to use Wi-Fi calling or text 911 for assistance.

Women in technology

Security and Architecture: To Betray One Is To Destroy Both

Architecture and security have evolved from separate entities to a deeply connected partnership focused on resilience and protection against threats.

Artificial intelligence

fromInfoWorld

Context Hub vulnerable to supply chain attacks, says tester

Using non-authoritative information sources in AI tools can lead to significant risks and predictable consequences.

#cyberattack

East Bay (California)

Bay Area city remains paralyzed week after cyberattack

Foster City is experiencing a significant disruption due to a ransomware cyberattack, affecting communication and services for over a week.

SF politics

Bay Area city government without working phones, email after cyberattack

Foster City is experiencing significant disruptions to services due to a cyberattack, with email and phone systems still down after six days.

Privacy professionals

Bay Area city paralyzed by cyberattack

A ransomware attack has paralyzed Foster City's government and potentially compromised public data, prompting officials to declare a state of emergency.

East Bay (California)

Bay Area city remains paralyzed week after cyberattack

Foster City is experiencing a significant disruption due to a ransomware cyberattack, affecting communication and services for over a week.

SF politics

Bay Area city government without working phones, email after cyberattack

Foster City is experiencing significant disruptions to services due to a cyberattack, with email and phone systems still down after six days.

Privacy professionals

Bay Area city paralyzed by cyberattack

A ransomware attack has paralyzed Foster City's government and potentially compromised public data, prompting officials to declare a state of emergency.

We Are At War

Rising geopolitical tensions are increasingly intertwined with cyber operations and the politicization of technology.

Orthanc DICOM Vulnerabilities Lead to Crashes, RCE

Nine vulnerabilities in the Orthanc DICOM server allow attackers to crash servers, leak data, and execute arbitrary code remotely.

California

fromABC7 San Francisco

Foster City declares emergency after cyberattack forces city computer system offline for days

Foster City declared an emergency due to a ransomware attack, limiting public services and prompting concerns about transparency and data security.

EU data protection

Irish government launches CNI resilience plan | Computer Weekly

The Irish government has launched a National Strategy to enhance the resilience of critical entities against cyber attacks and disruptions.

Failure As a Means to Build Resilient Software Systems: A Conversation with Lorin Hochstein

Using software failures can enhance software architecture and reliability engineering practices.

SF parents

fromsfist.com

Friday Morning Constitutional: Foster City Hit By Cyberattack

Staff at a supportive housing complex failed to perform a welfare check on a deceased resident, leading to family anger over the oversight.

Juniper Networks Patches Dozens of Junos OS Vulnerabilities

Juniper Networks released patches for multiple vulnerabilities, including severe flaws that could lead to privilege escalation and remote device takeover.

Ransomware Response: How Businesses Regain Control Under Pressure

Ransomware attacks create urgent pressure, forcing quick decisions and impacting operations, legal obligations, and overall enterprise strategy.

New Chaos Variant Targets Misconfigured Cloud Deployments, Adds SOCKS Proxy

Chaos malware targets misconfigured cloud deployments, expanding its reach beyond routers and edge devices.

Configuration as a Control Plane: Designing for Safety and Reliability at Scale

Configuration in cloud-native systems is a dynamic control plane that directly influences system behavior and reliability at runtime.

ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories

A new variant of the Phorpiex botnet combines traditional and peer-to-peer communication, facilitating sophisticated malware operations and high-volume spam.

fromTechRepublic

Why Operationalizing AI Security Is the Next Great Enterprise Hurdle

Security operations lag behind rapid tech advancements, leading to inefficiencies and risks in managing numerous security tools.

Critical Flowise Vulnerability in Attacker Crosshairs

A critical vulnerability in Flowise allows remote code execution, posing severe security risks to systems and sensitive data.

Strong security balances consolidation and best-of-breed capabilities | Computer Weekly

Security platformisation delivers genuine value through native data correlation across integrated telemetry sources, not just operational efficiency from consolidation.

fromWIRED

Iran-Linked Hackers Are Sabotaging US Energy and Water Infrastructure

Iran has launched a hacking campaign targeting US industrial control systems, causing disruptions in critical infrastructure.

Server crashes traced to one very literal knee-jerk reaction

It was the time of Novell networks, RG58 cables, and bulky tower PCs. It was also a time before the telemarketer's IT department employed specialists. Carter and his two colleagues - boss Mike and part-time student Stefan - therefore handled tasks ranging from programming to support, and everything in between.

Software development

fromSilicon Canals

When militaries share data centers with banks: how Gulf strikes exposed a structural flaw in global cloud infrastructure - Silicon Canals

When civilian banks, logistics platforms, and payment processors share physical data center infrastructure with military AI systems, those facilities become legitimate military targets under international humanitarian law - and the civilian services housed inside lose their legal protection.

Information security

Anthropic's Claude Mythos Finds Thousands of Zero-Day Flaws Across Major Systems

Anthropic's Project Glasswing uses Claude Mythos to identify and address cybersecurity vulnerabilities, surpassing human capabilities in some instances.

The Hidden Cost of Recurring Credential Incidents

Credential incidents cause significant operational costs and disruptions, impacting IT teams and overall business productivity beyond just breach prevention.

#cisa

US politics

CISA Navigates DHS Shutdown With Reduced Staff

US politics

CISA to furlough most of its workforce under impending DHS shutdown

US politics

CISA Navigates DHS Shutdown With Reduced Staff

US politics

CISA to furlough most of its workforce under impending DHS shutdown

Why cloud outages are becoming normal

Recurrent cloud outages disrupt enterprise operations worldwide, driven by misconfigurations, neglected resilience, rising complexity, and staffing challenges.

World news

fromIrish Independent

X suffers major outage weeks after similar collapse

X (formerly Twitter) experienced a global outage that prevented loading of the app and website, showing only the X logo and no posts.

The New Battleground of Cybersecurity

I've always had what I would consider a hacker mindset, a curiosity to take things apart, understand them, and use that knowledge to solve problems. That mindset took me on a circuitous route into the cybersecurity industry; after being kicked out of high school for hacking computer systems, I worked a range of jobs, managing office supply companies by day and cracking Wi-Fi networks by night until I started a Digital Forensics degree which led me to the world of security research.

Science

Multi-OS Cyberattacks: How SOCs Close a Critical Risk in 3 Steps

Multi-OS attacks complicate SOC operations, leading to delays, fragmented evidence, and increased escalation volume, ultimately allowing attackers more time to operate.

The New Rules of Engagement: Matching Agentic Attack Speed

AI-enabled cyberattacks are currently occurring, with significant impacts on organizations and a widening gap between attackers and defenders.

fromSilicon Canals

A single maintainer, a fake company, and a three-hour window: inside the Axios supply chain hijack - Silicon Canals

A single maintainer's vulnerability led to a significant security breach in a widely used JavaScript library, exposing thousands of systems to potential credential theft.

Axios supply chain attack victim posts postmortem to prevent a repeat

Axios was compromised for three hours, distributing Remote Access Trojans due to a sophisticated social engineering attack by North Korean group UNC1069.

Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise

Cisco has released critical updates to address vulnerabilities in its Integrated Management Controller and Smart Software Manager On-Prem.

Cisco Patches Critical and High-Severity Vulnerabilities

Cisco has released fixes for two critical and six high-severity vulnerabilities affecting various enterprise networking products.

Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise

Cisco has released critical updates to address vulnerabilities in its Integrated Management Controller and Smart Software Manager On-Prem.

Cisco Patches Critical and High-Severity Vulnerabilities

Cisco has released fixes for two critical and six high-severity vulnerabilities affecting various enterprise networking products.

more#cisco

Banning routers won't fix what's already broken | Computer Weekly

The FCC's ban on foreign-made routers addresses future procurement, not current security risks, as routers are already vulnerable and widely deployed.

The Next Cybersecurity Crisis Isn't Breaches-It's Data You Can't Trust

Data integrity now encompasses data trust, emphasizing the importance of reliable data in AI-driven decision-making.

fromComputerworld

A critical Windows security fix puts legacy hardware on borrowed time

Microsoft will block unvetted kernel drivers starting April 2026, impacting legacy applications while enhancing security.

Oracle releases emergency patch for serious vulnerability

A critical vulnerability in Oracle Identity Manager and Oracle Web Services Manager allows remote code execution without authentication, posing severe risks.

fromThe Cipher Brief

America Is Digitally Fragile - and Our Adversaries Know It

America faces unprecedented vulnerability as critical infrastructure systems are digitally dependent and interconnected, while adversaries possess capabilities to penetrate and pre-position for exploitation before conflict begins.

CISA Warns of Attacks Exploiting Recent SharePoint Vulnerability

Microsoft SharePoint vulnerability CVE-2026-20963, a critical remote code execution flaw, is being exploited in the wild despite Microsoft's assessment indicating exploitation is less likely.

fromTechRepublic

Industrial Systems Under Siege: 77% of OT Environments Suffer Cyber Breaches

Industrial sectors lag in cybersecurity despite modernizing operational technologies, creating critical vulnerabilities in manufacturing, utilities, and energy infrastructure.

Dozens of Vendors Patch Security Flaws Across Enterprise Software and Network Devices

SAP released security updates for two critical vulnerabilities enabling arbitrary code execution: CVE-2019-17571 in Quotation Management Insurance and CVE-2026-27685 in NetWeaver Enterprise Portal Administration.

ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Schneider, Moxa, Mitsubishi Electric

Industrial control system manufacturers Siemens, Schneider Electric, Mitsubishi Electric, and Moxa released multiple security advisories addressing critical and high-severity vulnerabilities in their ICS products.

Cisco Patches Critical Vulnerabilities in Enterprise Networking Products

This vulnerability is due to an improper system process that is created at boot time. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute a variety of scripts and commands that allow root access to the device.

Information security

Top 5 Ways Broken Triage Increases Business Risk Instead of Reducing It

Triage failures occur when decisions are made without execution evidence, causing false positives, missed threats, and higher costs; interactive sandboxes enable evidence-backed verdicts within seconds.

Grid Protection in Severe Weather: What Security Leaders Need to Know

A major winter storm severely strained U.S. power systems, creating disruptions that cybercriminals exploited by targeting existing infrastructure weaknesses.

fromComputerworld

AI will likely shut down critical infrastructure on its own, no attackers required

Misconfigured AI controlling cyber-physical systems can unintentionally shut down national critical infrastructure in a G20 country by 2028.

Manual Processes Are Putting National Security at Risk

Over half of national security organizations rely on manual sensitive data transfers, creating critical security vulnerabilities that adversaries actively exploit in contested operational environments.

#cyberwarfare

Information security

Energy infrastructure cyberattacks are suddenly in fashion

fromFast Company

Information security

How hackers are turning the power grid and digital infrastructure into a weapon

Information security

Energy infrastructure cyberattacks are suddenly in fashion

fromFast Company

Information security

How hackers are turning the power grid and digital infrastructure into a weapon

Cyber Insights 2026: The Ongoing Fight to Secure Industrial Control Systems

Industrial Control Systems remain highly vulnerable due to legacy design, long lifecycles, operator reluctance to take systems offline, and growing sophistication of attacks.

Survey of 100+ Energy Systems Reveals Critical OT Cybersecurity Gaps

The findings are based on several years of deploying OMICRON's intrusion detection system (IDS) StationGuard in protection, automation, and control (PAC) systems. The technology, which monitors network traffic passively, has provided deep visibility into real-world OT environments. The results underscore the growing attack surface in energy systems and the challenges operators face in securing aging infrastructure and complex network architectures.

Information security

3 Decisions CISOs Need to Make to Prevent Downtime Risk in 2026

Prioritize reducing dwell time with continuously refreshed, high-quality threat intelligence feeds to detect more threats and prevent costly operational downtime.

fromBusiness Matters

Security Convergence and The Human Error

Human error causes the majority of data breaches, driven by skill- and decision-based mistakes, employee negligence, and basic security vulnerabilities like weak passwords.

When Cloud Outages Ripple Across the Internet

Cloud infrastructure outages can disable identity authentication and authorization, creating hidden single points of failure that cause broad operational and security impacts.

NIST releases a new draft cybersecurity framework for systems that never stop moving

Transportation cybersecurity lags behind other critical infrastructure sectors, creating evacuation and public-safety risks as transit systems become more digitalized.

CISA Flags Four Security Flaws Under Active Exploitation in Latest KEV Update

CISA added four actively exploited high-severity vulnerabilities to its KEV catalog, including Chrome use-after-free, TeamT5 arbitrary upload, Zimbra SSRF, and Windows ActiveX RCE.

Why cyberattacks don't require advanced hacking

Poor cyber hygiene, weak identity security, overdue IT maintenance, and incomplete logging make organizations vulnerable to financially motivated attacks such as ransomware and email fraud.

Fresh SolarWinds Vulnerability Exploited in Attacks

Threat actors are actively exploiting an unauthenticated deserialization RCE in SolarWinds Web Help Desk (CVE-2025-40551); immediate patching is required.

ICS Patch Tuesday: Vulnerabilities Addressed by Siemens, Schneider, Aveva, Phoenix Contact

Siemens has published eight new advisories. The company has released patches and mitigations for high-severity issues in Desigo CC, Sentron Powermanager, Simcenter Femap and Nastran, NX, Sinec NMS, Solid Edge, and Polarion products. A medium-severity flaw has been found in Siveillance Video Management Servers. Exploitation of the vulnerabilities can lead to unauthorized access, XSS, DoS, code execution, and privilege escalation.

Information security

Techie's one ring brought darkness by shorting a server

A technician wearing a wedding ring shorted a server board, causing an outage, briefly concealed the failure, and service resumed after an unexpected reboot.