The hottest Digital Security Substack posts right now

The number of software vulnerabilities is growing really fast, and it's hard for organizations to keep up. Right now, a lot of vulnerabilities get reported, but companies can only fix a small fraction of them each month.
There's a big push for making software safer from the start, so users aren't stuck dealing with problems created by developers. This idea, called 'Secure-by-Design,' aims to shift the responsibility for security onto the companies making the software.
Many organizations are feeling overwhelmed trying to patch vulnerabilities. If they stop, they risk being exploited by attackers, making it feel like a never-ending struggle to stay secure.

There are a lot of stolen accounts on Bluesky being used for spam. These accounts have had their profiles changed with recycled biographies that often don't match their original purpose.
Researchers can track when these account changes happen by monitoring updates in real-time. They found multiple accounts often change their biographies at the same time, suggesting a coordinated effort.
Many of these accounts use stolen profile pictures and had different roles before they were repurposed. This indicates they have been hijacked by the same person or group to create a fake network.

Russian hacking group MidnightBlizzard, also known as Nobelium, breached Microsoft networks and stole emails from executives and employees.
The breach was detected in November but Microsoft began notifying affected staff in January.
Hackers used a password spray attack on an old test account to access multiple email streams.

Generative attacks against AI involve creating or manipulating data to deceive AI systems, compromising their performance and trustworthiness.
Defending against generative attacks requires understanding the target AI system, identifying vulnerabilities, and developing robust AI models and defense mechanisms.
Types of generative attacks include adversarial examples, data poisoning, model inversion, trojan attacks, and GANs based attacks, each with unique approaches and potential negative effects on AI systems.

Toradex offers ready-made solutions that simplify software updates for customers, saving them time and money. Their focus on software sets them apart in a hardware-oriented market.
Kontron's super ECU can replace multiple smaller ECUs, which can lead to more compact and efficient designs in vehicles and machinery. This integration helps manufacturers streamline their operations.
Slint is emerging as a strong alternative to existing UI frameworks, providing lower memory requirements and flexible licensing options. This could give it an edge in the embedded device market.

Get a weekly roundup of the best Substack posts, by hacker news affinity:

Dual Threat CEOs perform better than traditional fund managers.
Queens were historically more likely to wage war than kings.
Unpartnered adults in the U.S. experience different social and economic outcomes.

Seclead completed a new round of over 100 million yuan Series B financing on May 23, 2023, led by Beijing Firstred M&A Capital.
The funds raised will be used for research and development in digital security products, modeling, platforms, supply chain upgrades, operations, and market expansion.
Seclead aims to offer comprehensive digital security solutions for China's digital transformation, strengthening its foundation.

Inside the nation's first rehab center for video game addiction is treating game-addicted kids effectively with exercise, unplugging, journaling, and basic life/social skills.
Subliminal messaging is prevalent on the internet, with corporations manipulating what you see on Google and Facebook potentially influencing elections and thoughts.
Trump's Twitter feed exemplifies the Aristotelian principles of logos, ethos, pathos, and pomposity in a concise manner.

NoSugar Tech has completed a new round of strategic financing, aiming to enhance their capabilities in combating network crimes and become a leading enterprise in network space governance.
NoSugar Tech, founded by the security team PKAV, offers efficient solutions for combating various network crimes and has provided valuable services to public security agencies, operators, financial institutions, and internet companies nationwide.
Gaocheng Capital, the lead investor, expressed confidence in NoSugar Tech's technological strength and market potential, highlighting the importance of digital security in today's advancing digital world.

In the digital age, we face challenges with ownership and subscription models.
When companies make changes, users often react with outrage, apologies, or dismissiveness.
To safeguard our digital lives, consider open-source alternatives and have contingency plans in place.