Drivers in the Russian city of Perm have been enjoying an unexpected bonus this week: free parking. Not because the city council suddenly decided to embrace generosity - but rather because hackers succeeded in knocking the city's payment system offline. Read more in my article on the Hot for Security blog.
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2025-47813 Wing FTP Server Information Disclosure Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
Open EU Foundry status granted to innovative chiplet facility Anonymous (not verified) Mon, 03/16/2026 - 10:40 The Commission has granted the Open EU Foundry (OEF) status to Silicon Box in Novara, Italy. GettyImages © Nikola Ilic - E+ Under the European Chips Act, the OEF status is granted to new or upgraded innovative semiconductor manufacturing facilities. The status provides benefits to semiconductor facilities including administrative support, faster construction approvals and priority access to pilot lines under the Chips for Europe Initiative. This helps deepen European semiconductor supply chain resilience and boost innovation. Silicon Box’s project is a significant milestone in strengthening Europe’s semiconductor industry through its new advanced semiconductor packaging and testing facility. The facility will integrate multiple dies or chiplets - small, modular semiconductor blocks that perform specific functions - into a single package, effectively creating a multi-chip module that behaves like a single chip, using panel level packaging. Panel level packaging uses a more efficient large-panel approach to packaging, enabling higher output and lower cost compared to traditional methods in the final stage of the chip making process. The facility will also test chips at panel-level, grouping multiple chiplets into a single panel, enabling more comprehensive quality verification before final assembly. The project will provide an important base in Europe for developing innovative technologies, products and system solutions for the semiconductors key to powering AI, electric and autonomous vehicles, data centres, as well as supercomputing applications. The plant is expected to reach full capacity in 2033. This OEF status recognition follows four semiconductor projects across the EU which have previously been awarded OEF or IPF (integrated production facility) status in October 2025: ESMC in Germany (OEF) Ams-OSRAM in Austria (IPF) Infineon Technologies Dresden in Germany (IPF) STMicroelectronics in Italy The decision to grant OEF follows the Commission state aid decision concerning Silicon Box. Related topics Advanced Digital Technologies Electronics Chips Act Semiconductors {"service":"share","version":"2.0","color":true,"networks":["x","facebook","linkedin","email","more"]}
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-3909 Google Skia Out-of-Bounds Write Vulnerability CVE-2026-3910 Google Chromium V8 Unspecified Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
If you're in the middle of applying for a planning or zoning permit, there is some unwelcome news: cyber-criminals have found a way to exploit the bureaucratic tedium of the process against you. Read more in my article on the Fortra blog.
Signal, the encrypted messaging app trusted by security-savvy users around the world, has confirmed that hackers have managed to takeover accounts - with government officials and journalists among those being targeted. Read more in my article on the Hot for Security blog.
View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information, execute arbitrary commands, or perform a denial-of-service on the product. The following versions of Trane Tracer SC, Tracer SC+, and Tracer Concierge are affected: Tracer SC Tracer SC+ Tracer Concierge CVSS Vendor Equipment Vulnerabilities v3 8.1 Trane Trane Tracer SC, Tracer SC+, and Tracer Concierge Use of a Broken or Risky Cryptographic Algorithm, Memory Allocation with Excessive Size Value, Missing Authorization, Use of Hard-coded Credentials, Use of Hard-coded, Security-relevant Constants Background Critical Infrastructure Sectors: Critical Manufacturing Countries/Areas Deployed: Worldwide Company Headquarters Location: Ireland Vulnerabilities Expand All + CVE-2026-28252 A Use of a Broken or Risky Cryptographic Algorithm vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to bypass authentication and gain root-level access to the device. View CVE Details Affected Products Trane Tracer SC, Tracer SC+, and Tracer Concierge Vendor: Trane Product Version: Trane Tracer SC:
A Wikipedia security engineer accidentally wakes a dormant JavaScript worm that hadn't stirred since 2024 - and within minutes, giant woodpecker images are plastered across the internet's favourite encyclopaedia. Meanwhile, a crypto contractor hired to help the US Marshals manage seized digital assets allegedly decides to help himself to $46 million of it - and then brags about it on a recorded Telegram call. Plus: Graham champions Asterix, Trisha discovers the fantasy novels of Robin Hobb, and someone called "Lick" ends up in the nick. All this, and much more, in episode 458 of the "Smashing Security" podcast with cybersecurity veteran Graham Cluley, and special guest Tricia Howard.
Elon Musk's social media site says it suspended 800 million accounts in a year for spam and manipulation - but with state-backed campaigns still flooding the platform, the real question is how many fake accounts remain. Read more in my article on the Hot for Security blog.
In a co-ordinated public-private operation between law enforcement agencies and cybersecurity industry partners, Tycoon 2FA - one of the world's most prolific phishing-as-a-service platforms - has been dismantled. Read more in my article on the Hot for Security blog.
Apply AI webinars sectoral deep dive - Agrifood, climate & environment Anonymous (not verified) Thu, 03/05/2026 - 14:30 19 March 2026 This session focuses on how the Commission, together with the private sector, aims to accelerate AI adoption across the agrifood sector, as well as the intersection between AI, climate and environment. This is part of a series of Apply AI thematic webinars. Join the live stream on our YouTube channel to find out how farmers, industry, researchers and other stakeholders can contribute to shaping priorities for Europe’s agrifood, climate and environment ecosystems. Engage in the conversation by submitting questions in advance or during the session via Slido. Agenda 14:00 - 14:45 (CET) Apply AI Agrifood 14:45 - 15:00 (CET) Short break 15:00 - 15:45 (CET) Apply AI Climate & Environment Download the slides for both sessions below. Moderator Andrea Hak, Stakeholder Communication Expert at the AI Office, DG CONNECT Speakers - Agrifood Pierluigi Londero, Head of Unit Data Governance, DG AGRI Doris Marquardt, Programme Officer EU Policies, Contact person for Agriculture in the DG, DG CONNECT Speakers - Climate & Environment Tsitlakidis Charalampos, Head of Sector, Destination Earth, DG CONNECT Irina Sandu, Director of Destination Earth (DestinE), European Centre for Medium-Range Weather Forecasts (ECMWF) Agrifood The webinar will discuss how the Commission aims to accelerate AI adoption across the agrifood sector and translate innovation into impact on the ground, enhancing sectorial competitiveness and public goods. Among others, a marketplace for AI-based solutions for the agri-food sector will be introduced and funding will be devoted to capacity building in the development of agriculture specific foundation models (e.g., LLMs). AI is already reshaping agricultural production and can transform the way food is produced, benefiting the environment, climate and people. AI supports farmers, for instance through AI-driven advisory tools and handy applications that turn data into tailored recommendations. These help producers to make better and faster decisions accounting for local conditions, and increasing resource efficiency, e.g. saving water, and effectiveness. A new wave of opportunities is emerging, boosting precision farming, powering robots, and smartening machinery for field work. AI can also contribute to reducing reporting obligations and other administrative burdens. Climate & Environment AI has a long track record in environmental monitoring, forecasting, and Earth observation. It can enhance early-warning systems and aid disaster response as well as decision-making for resilience and climate preparedness. Ground-breaking initiatives such as Destination Earth provide high-resolution and interactive simulations with unprecedented predictive power through AI-driven applications. Downloads Apply AI Climate & Environment (PDF) Download Related topics Creating a digital society Environment Smart and Sustainable Communities Artificial intelligence {"service":"share","version":"2.0","color":true,"networks":["x","facebook","linkedin","email","more"]}
Commission holds first meeting of Special Panel on child safety online Anonymous (not verified) Thu, 03/05/2026 - 08:08 European Commission President Ursula von der Leyen hosted the first meeting of the Special Panel on child safety online. AdobeStock ©myboys The panel, announced in the 2025 State of the Union address, will provide expert recommendations to better protect and empower children online and will explore the need for potential harmonised age restrictions to access social media. President Ursula von der Leyen said: For decades, we have made the real world safer for children and we must do the same in the digital world. The positive opportunities that technology offers cannot come at the cost of their safety, health or happiness. In Europe, tech platforms already have a responsibility to ensure the safety of users and we will continue to ensure they do so. But we must also do more to protect and empower our young people online. That is why I have convened this panel: to forge a strong, realistic, European approach to keep our children safe in the digital age. Read the full press release and find further information about the special panel on child safety online. Related to child safety online, you can also read more about: the Digital Services Act (DSA) and its Guidelines on the protection of minors the Safer Internet Centres under the Better Internet for Kids Strategy (BIK+) the Cyberbullying Action Plan the EU Age Verification solution the Communication on a comprehensive approach to mental health the EU rules to combat child sexual abuse online Related topics Better Internet for Children Strengthening trust and security Online platforms and e-commerce {"service":"share","version":"2.0","color":true,"networks":["x","facebook","linkedin","email","more"]}
When a top cybersecurity firm discovered it had a leak, you would expect the FBI to be called. Instead, the person put in charge of the investigation was the actual leaker... who promptly sent an innocent colleague into a career-ending ambush. In this episode, we unravel the jaw-dropping tale of a defence contractor caught selling zero-day exploits to a Russia-linked broker. Plus: are nation states quietly poisoning AI models to bend reality itself? We explore how “foreign information manipulation interference” could target not just social media users, but the large language models we increasingly trust for answers — and what that might mean for truth, trust, and the future of online influence. All this, and much more, in episode 457 of the "Smashing Security" podcast with cybersecurity veteran Graham Cluley, and special guest Carl Miller.
Commission seeks feedback for draft guidance to assist companies in applying the Cyber Resilience Act Anonymous (not verified) Wed, 03/04/2026 - 09:10 Opening: 03 March 2026 Closing: 31 March 2026 The draft guidance clarifies the obligations and the scope of the rules with a particular focus on facilitating compliance by microenterprises and small and medium-sized enterprises. AdobeStock © ipopba Main link https://ec.europa.eu/info/law/better-regulation/have-your-say/initiatives/16959… Related topics Cybersecurity {"service":"share","version":"2.0","color":true,"networks":["x","facebook","linkedin","email","more"]}
South Korea's National Tax Service (NTS) has found itself in the middle of a deeply embarrassing - and costly - blunder after accidentally handing thieves the master key to a seized cryptocurrency wallet. Read more in my article on the Hot for Security blog.
A new report claims that the cost of insider security incidents has surged 20% in two years, reaching an average of US $19.5 million per organization annually, with no sign that the alarming figure is flattening. Read more in my article on the Fortra blog.
There is a certain poetic justice in a cybersecurity-related story that has emerged from Moscow this week: A man has been accused of trying to extort money... from a notorious Russian ransomware gang. Read more in my article on the Hot for Security blog.
When the mysterious operator of an internet archiving-service decided to silence a curious Finnish blogger, they didn’t just send a stroppy email - they allegedly weaponised their own CAPTCHA page to launch a DDoS attack, threatened to invent an entirely new genre of AI porn, and tampered with parts of their own archive to smear the blogger's name. In this episode, we unravel how a website designed to preserve history may have trashed its own credibility - and how Wikipedia responded when trust went out the window. Plus a ransomware gang shoots itself in the foot with a classic case of buffoonery, accidentally corrupting the very keys victims would need to decrypt their data. When even the criminals can’t unlock your files, what happens next? All this, a surprisingly zen Pick of the Week, and a gloriously splenetic rant against web forms, on episode 456 of the award-winning "Smashing Security" podcast, with cybersecurity veteran Graham Cluley and special guest Paul Ducklin.
Amid a privacy backlash, a US $10,000 reward has been offered for anyone who can find a way to run Ring doorbell cameras locally, cutting off the flow of video data to Amazon's servers. Read more in my article on the Hot for Security blog.
Spain's police force has announced that it has arrested a 20-year-old man who they claim managed to book luxury hotel rooms worth up to €1,000 a night for just one euro cent. Read more in my article on the Hot for Security blog.