RC RANDOM CHAOS

The Wire

Curated cybersecurity and tech news — AI-summarized, source attributed.

vulnerabilityopen-source

'Copy Fail' kernel flaw hands root to any local Linux user since 2017

A logic bug in the Linux kernel's algif_aead cryptographic module, introduced by a 2017 in-place optimization commit, lets unprivileged local users write four c

via The Hacker News ·
malwarecybersecurity

DEEP#DOOR Python RAT hides C2 behind bore.pub tunnels, scrapes browser and cloud creds

Securonix has documented DEEP#DOOR, a Python-based backdoor framework delivered through a batch dropper that disables Windows security controls, extracts an emb

via The Hacker News ·
cybersecuritymalware

DOJ sends two cybersecurity insiders to prison for moonlighting as BlackCat affiliates

Two industry practitioners — Ryan Goldberg, an incident response manager at Sygnia, and Kevin Martin of DigitalMint — drew four-year federal sentences for runni

via The Hacker News ·
malwaresupply-chain

EtherRAT Hides C2 in Ethereum Smart Contracts, Lures Admins via GitHub Decoys

Atos researchers tracked a campaign called EtherRAT that targets the high-privilege workstations of sysadmins, DevOps engineers, and security analysts by impers

via The Hacker News ·
malwarecybersecurity

Fast16: Pre-Stuxnet sabotage malware that quietly poisoned scientific calculations

Researchers have reverse-engineered Fast16, a piece of malware that predates Stuxnet and appears to have been deployed against Iranian targets years earlier. Th

via Schneier on Security ·
cybersecurityidentity

FBI: Cyber-enabled cargo theft losses hit $725M as criminals hijack freight networks

The FBI is warning logistics and transportation operators that cyber-enabled cargo theft losses across the U.S. and Canada climbed roughly 60% year-over-year to

via BleepingComputer ·
cybersecuritytech-culture

MSP Sales Stall When Security Pitches Skip Business Outcomes

The managed security services market is on track to nearly double to $69 billion by 2030, but MSPs keep losing winnable deals because their pitches stay anchore

via The Hacker News ·
aitech-culture

Musk's OpenAI trial testimony unravels across seven self-inflicted wounds

Elon Musk spent a third day on the stand in his lawsuit seeking to block OpenAI's conversion from nonprofit to public company, and the appearance went poorly. O

via Ars Technica ·
identitycybersecurity

Oracle Red Bull Racing leans on automation to compress its security workload

Oracle Red Bull Racing's security team is shifting routine identity and access work onto automated pipelines, reducing the manual toil that previously consumed

via Dark Reading ·
policytech-culture

Press freedom hits record low; US drops below Ukraine in 2026 RSF Index

Reporters Without Borders' 2026 World Press Freedom Index shows the global landscape for journalism deteriorating to its worst state in the survey's 25-year his

via Ars Technica ·
supply-chainopen-source

PyTorch Lightning and intercom-client poisoned in Mini Shai-Hulud supply chain wave

Attackers pushed malicious 2.6.2 and 2.6.3 releases of PyTorch Lightning to PyPI on April 30, 2026, hiding a downloader and an 11MB obfuscated JavaScript payloa

via The Hacker News ·
cybersecuritymalware

Ransomware Negotiator Pleads Guilty to Working for the Gang He Was Negotiating With

A ransomware negotiator has pleaded guilty to secretly working for the same ransomware gang whose payments he was supposed to be helping victims minimize. The n

via Schneier on Security ·