Here are this week’s highlights in cybersecurity:

  • Datadog says that one of its RPM GPG signing keys and its passphrase have been exposed during the recent CircleCI security incident. The RPM key is used for an older version of their agent. The key can be misused to sign a malicious RPM package. More
  • Over 290 MSI motherboards are affected by an insecure default Secure Boot UEFI option that allows the installation of any operating system image regardless of its signature. The change was introduced in a firmware update from January 2022. More
  • The US DoJ arrested a Russian national, the founder of the Hong Kong-registered cryptocurrency exchange called Bitzlato, with helping cybercriminals launder  money from the defunct dark market called Hydra. Its users have exchanged over $700 million with the exchange. More
  • MailChimp suffered another breach resulting in hackers accessing the data of 133 customers. Among the affected companies are Solana, Fantom and Woocommerce. More
  • T-Mobile was breached for the 8th time since 2018. Name, billing address, email, phone number, date of birth, T-Mobile account number and information such as the number of lines on the account and plan features were leaked for 37 million accounts. More

Don’t have time to check this page? You can get the news summary every week in your email inbox by subscribing to my newsletter.