Dutch researchers @midnightbluelab found a critical zero-click vuln in a photo app enabled by default on Synology storage devices, putting millions of systems at risk of being hacked. They found Synology systems owned by police/law firms/critical infrastructure contractors online and all vulnerable to attack. Synology has called the vuln "critical" and issued a patch last week but apparently didn't notify customers. Synology devices don't have automated update capabilities. Here's my story:

WIRED

Zero-Click Flaw Exposes Potentially Millions of Popular Storage Devices to Attack

A vulnerability categorized as “critical” in a photo app installed by default on Synology network-attached storage devices could give attackers...

Did a Chinese university host a hacking competition targeting a real victim for intelligence collection? On New Year's Eve in 2023, Northwestern Polytechnical University, one of the “Seven Sons” of national defense in China, hosted the Zhujian Cup, one of many hacking competitions held in China each year. But this one had some unusual characteristics. Researchers believe participants in the competition may have been targeting a real victim for intelligence purposes. Here's my story:

WIRED

Did a Chinese University Hacking Competition Target a Real Victim?

Participants in a hacking competition with ties to China’s military were, unusually, required to keep their activities secret, but security resea...