Crooked Bough News Round-up

— US-sanctioned currency exchange says $15 million heist done by "unfriendly states"

 

at 4/17/26 3:28pm

Grinex says needed hacking resources "available exclusively to ... unfriendly states."

[Category: Biz & IT, Security, cryptocurrency exchange, cyberattack, Grinex, russian hacking]

— Recent advances push Big Tech closer to the Q-Day danger zone

 

at 4/17/26 5:00am

Here's which players are winning the race to transition to post-quantum crypto.

[Category: Biz & IT, Features, Security, cryptography, post quantum cryptography, quantum computing]

— “Negative” views of Broadcom driving thousands of VMware migrations, rival says

 

at 4/9/26 1:44pm

Western Union exec says there were "challenges" working with Broadcom.

[Category: Biz & IT, acquisitions, Broadcom, mergers, vmware]

— Iran-linked hackers disrupt operations at US critical infrastructure sites

 

at 4/8/26 2:49pm

As the US and Israel's war has ramped up, so too have hacks on US industrial sites.

[Category: Biz & IT, Policy, Security, critical infrastructure, hacking, PLCs, Programmable logic controllers]

— Thousands of consumer routers hacked by Russia's military

 

at 4/8/26 5:00am

End-of-life routers in homes and small offices hacked in 120 countries.

[Category: Biz & IT, Policy, Security, credentials, DNS, hacking, routers]

— OpenClaw gives users yet another reason to be freaked out about security

 

at 4/3/26 2:30pm

The viral AI agentic tool let attackers silently gain admin unauthenticated access.

[Category: AI, Biz & IT, Security, agentic AI, OpenClaw, privilege escalation]

— New Rowhammer attacks give complete control of machines running Nvidia GPUs

 

at 4/2/26 11:00am

GDDRHammer, GeForge and GPUBreach hammer GPU memory in ways that hijack the CPU.

[Category: Biz & IT, Features, Security]

— Quantum computers need vastly fewer resources than thought to break vital encryption

 

at 3/31/26 12:25pm

No, the sky isn't falling, but Q Day is coming, and it won't be as expensive as thought.

[Category: Biz & IT, Security, elliptic curve cryptography, neutral atoms, quantum computing]

— Google bumps up Q Day deadline to 2029, far sooner than previously thought

 

at 3/25/26 9:49am

Company warns entire industry to move off RSA and EC more quickly.

[Category: Biz & IT, Security, encryption, post quantum cryptography, quantum computing]

— Self-propagating malware poisons open source software and wipes Iran-based machines

 

at 3/24/26 6:38am

Development houses: It's time to check your networks for infections.

[Category: Biz & IT, Security, malware, teampcp, worm]

— Widely used Trivy scanner compromised in ongoing supply-chain attack

 

at 3/20/26 2:50pm

Admins: Sorry to say, but it's likely a rotate-your-secrets kind of weekend.

[Category: Biz & IT, Security, GitHub, info stealers, supply chain attacks, trivy]

— Cloud service providers ask EU regulator to reinstate VMware partner program

 

at 3/19/26 3:29pm

Broadcom says the group is misrepresenting market "realities."

[Category: Biz & IT, acquisitions, antitrust, Broadcom, europe, mergers, vmware]

— Federal cyber experts called Microsoft's cloud a "pile of shit," approved it anyway

 

at 3/18/26 11:36am

One Microsoft product was approved despite years of concerns about its security.

[Category: Biz & IT, microsoft, Propublica, syndication]

— Researchers disclose vulnerabilities in IP KVMs from four manufacturers

 

at 3/17/26 11:07am

Internet-exposed devices that give BIOS-level access? What could possibly go wrong?

[Category: Biz & IT, Security, ip kvms, networks, security, vulnerabilities]

— Supply-chain attack using invisible code hits GitHub and other repositories

 

at 3/13/26 2:18pm

Unicode that's invisible to the human eye was largely abandoned—until attackers took notice.

[Category: Biz & IT, Security, public use areas, supply chain attacks, Unicode]

— The who, what, and why of the attack that has shut down Stryker's Windows network

 

at 3/12/26 4:18pm

Company says it doesn't know how long it will take to restore its Microsoft environment.

[Category: Biz & IT, Security, hacktivism, medical devices, wipers]

— 14,000 routers are infected by malware that's highly resistant to takedowns

 

at 3/11/26 3:27pm

Most of the devices are made by Asus and are located in the US.

[Category: Biz & IT, Security, Tech, ASUS, botnets, distributed hash tables, malware, routers]

— Feds take notice of iOS vulnerabilities exploited under mysterious circumstances

 

at 3/6/26 12:41pm

The long, strange trip of a large assembly of advanced iOS exploits.

[Category: Apple, Biz & IT, Security, exploits, iOS, iPhones, vulnerabilities]

— Amazon appears to be down, with over 20,000 reported problems

 

at 3/5/26 2:06pm

Problems viewing products and checking out.

[Category: Biz & IT, Tech, Amazon, outage]

— Trump gets data center companies to pledge to pay for power generation

 

at 3/5/26 11:41am

With no enforcement and questionable economics, it may not make a difference.

[Category: Biz & IT, Policy, coal, data centers, Energy, natural gas, nuclear, renewables, trump administration]

— Downdetector, Speedtest sold to IT service-provider Accenture in $1.2B deal

 

at 3/3/26 3:20pm

Accenture plans to buy Ookla, which also includes RootMetrics and Ekahau.

[Category: Biz & IT, Accenture, acquisition, mergers]

As of 4/18/26 10:59am. Last new 4/17/26 4:56pm.