Lucian Constantin writes about information security, privacy, and data protection for CSO. Before joining CSO in 2019, Lucian was a freelance writer for VICE Motherboard, Security Boulevard, Forbes, and The New Stack. Earlier in his career, he was an information security correspondent for the IDG News Service and Information security news editor for Softpedia.
Before he became a journalist, Lucian worked as a system and network administrator. He enjoys attending security conferences and delving into interesting research papers. He lives and works in Romania.
You can reach him at lucian_constantin@foundryco.com or @lconstantin on X. For encrypted email, his PGP key's fingerprint is: 7A66 4901 5CDA 844E 8C6D 04D5 2BB4 6332 FC52 6D42
Missing authentication on the Docker Engine management API for Docker Desktop on Windows and Mac allows attackers to break out from containers and potentially execute malicious code on the underlying host system.
Attackers exploited a script injection vulnerability via GitHub Actions to inject malicious code during the automated build process, poisoning the resulting packages of the popular Python library.
The new ransomware program is distributed via mass email spam sent by the Necurs botnet
All SHA-1 certificates that chain back to publicly trusted certificate authorities will be blocked, but enterprise and self-signed certificates won't be affected
One of the most sophisticated cyberespionage groups is readying its malware framework to attack macOS
The Xen paravirtualization mode is proving to be a constant source of serious vulnerabilities, allowing attackers to escape from virtual machines
The Android security bulletin for May covered fixes for over 100 vulnerabilities
SNMP authentication bypass flaw could be used to hijack hundreds of thousands of cable modems from around the world