All topics
Dennis and Lindsey discuss the targeted compromises of NPM packages (1:00) and the pointed letter that Sen. Ron Wyden sent to the FTC chairman asking for Microsoft to be held liable for the Ascension ransomware attack last year (11:45) before finally touching on Apple’s new memory safety technology for new iPhones (20:43).
Sen. Ron Wyden (D-Ore.) wants the U.S. government to hold Microsoft responsible “for contributing to ransomware attacks against critical U.S. infrastructure” like Ascension.
CISA has issued an emergency directive regarding the recently disclosed and somewhat weird vulnerability in Microsoft Exchange hybrid deployments (CVE-2025-53786), ordering all civilian federal agencies to address the flaw by Aug. 11.
Microsoft has uncovered a long-running campaign by a threat group affiliated with Russian intelligence that has targeted diplomats working in Russia with a custom tool called ApolloShadow that enables the group to maintain persistence on victims’ devices as part of a cyberespionage operation. The group is known as Secret Blizzard and Microsoft’s researchers found that […]
Three separate Chinese threat groups are exploiting a set of recently disclosed vulnerabilities in on-premises Microsoft SharePoint installations, and Microsoft and CISA are urging companies that haven’t yet updated their installations to do so as quickly as possible. Microsoft first published information about the two flaws (CVE-2025-53770 and CVE-2025-53771) on July 19 after seeing active […]
