Posts

Schneier - Friday Squid Blogging: Squid Overfishing in the South Pacific

Regulation is hard : The South Pacific Regional Fisheries Management Organization (SPRFMO) oversees fishing across roughly 59 million square kilometers (22 million square miles) of the South Pacific high seas, trying to impose order on a region double the size of Africa, where distant-water fleets pursue species ranging from jack mackerel to jumbo flying squid. The latter dominated this year’s talks. Fishing for jumbo flying squid (Dosidicus gigas) has expanded rapidly over the past two decades. The number of squid-jigging vessels operating in SPRFMO waters rose from 14 in 2000 to more than 500 last year, almost all of them flying the Chinese flag. Meanwhile, reported catches have fallen markedly, from more than 1 million metric tons in 2014 to about 600,000 metric tons in 2024. Scientists worry that fishing pressure is outpacing knowledge of the stock. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderatio...
Post a Comment
Read more

KnowBe4 - Phishing Campaign Targets Japanese Firms During Tax Season

Image
A criminal threat actor called “Silver Fox” is launching tax-themed phishing attacks against Japanese companies during the country’s tax season, according to researchers at ESET. from Human Risk Management Blog https://blog.knowbe4.com/japanese-firms-silver-fox-tax-phishing-campaign
Post a Comment
Read more

The Hacker News - GlassWorm Campaign Uses Zig Dropper to Infect Multiple Developer IDEs

Cybersecurity researchers have flagged yet another evolution of the ongoing GlassWorm campaign, which employs a new Zig dropper that's designed to stealthily infect all integrated development environments (IDEs) on a developer's machine. The technique has been discovered in an Open VSX extension named "specstudio.code-wakatime-activity-tracker," which masquerades as WakaTime, a from The Hacker News https://thehackernews.com/2026/04/glassworm-campaign-uses-zig-dropper-to.html
Post a Comment
Read more

KnowBe4 - Rising Compliance Oversight Pressure: From Audit Fatigue to Continuous Readiness

Image
Public sector cybersecurity leaders are no longer measured solely on whether they stop attacks, they are measured on whether they can prove it. Across federal, state, local and education environments, compliance obligations continue to expand. Frameworks and mandates include: from Human Risk Management Blog https://blog.knowbe4.com/rising-compliance-oversight-pressure-from-audit-fatigue-to-continuous-readiness
Post a Comment
Read more

The Hacker News - Marimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of Disclosure

A critical security vulnerability in Marimo, an open-source Python notebook for data science and analysis, has been exploited within 10 hours of public disclosure, according to findings from Sysdig. The vulnerability in question is CVE-2026-39987 (CVSS score: 9.3), a pre-authenticated remote code execution vulnerability impacting all versions of Marimo prior to and including from The Hacker News https://thehackernews.com/2026/04/marimo-rce-flaw-cve-2026-39987.html
Post a Comment
Read more

KnowBe4 - AI Phishing Attack Prevention Strategies: How AI Identifies and Limits Human Risk

Image
AI is making phishing attacks easier to create and scale. Tasks that once required manual effort can now be automated, allowing attackers to generate realistic messages, launch campaigns, and adapt tactics quickly to evade security controls. In fact, KnowBe4’s 2025 Phishing Threat Trends Report found that more than 73% of phishing emails analyzed in 2024 showed signs of AI involvement. from Human Risk Management Blog https://blog.knowbe4.com/ai-phishing-attack-prevention-strategies-how-ai-identifies-and-limits-human-risk
Post a Comment
Read more

The Hacker News - UAT-10362 Targets Taiwanese NGOs with LucidRook Malware in Spear-Phishing Campaigns

A previously undocumented threat cluster dubbed UAT-10362 has been attributed to spear-phishing campaigns targeting Taiwanese non-governmental organizations (NGOs) and suspected universities to deploy a new Lua-based malware called LucidRook. "LucidRook is a sophisticated stager that embeds a Lua interpreter and Rust-compiled libraries within a dynamic-link library (DLL) to download and from The Hacker News https://thehackernews.com/2026/04/uat-10362-targets-taiwanese-ngos-with.html
Post a Comment
Read more