A popular reverse proxy and ingress controller shipped misconfigured versions for the past five months. The Traefik setting that enabled TLS verification was actually disabling it across the board.

AISLE

CVE-2025-66491: Traefik's "Verify=On" Turned TLS Off

Learn how CVE-2025-66491 exposed a critical TLS verification flaw in Traefik, where "Verify=On" accidentally disabled security for 5 months.

Pffff... the Coupang insider, who allegedly stole the company's data, was apparently a cybersecurity employee

Alleged Coupang data leaker had only worked at company for two years, say police

The former Coupang employee accused of leaking 33.7 million customer data had worked at the company for just two years, according to police on Thur...

Security firm Flare has scanned the Docker Hub portal and found secrets and tokens, including for production systems, in more than 10,000 images

Flare | Threat Exposure Management | Unmatched Visibility into Cybercrime

Thousands of Exposed Secrets Found on Docker Hub - Flare

In a month, we found Docker Hub images that contained leaked secrets (including live credentials to production systems) from over 100 companies.

The Justice Department charged a former product manager at Accenture Federal Services with falsely misleading government customers about the security posture of a cloud product offered by the company.

Nextgov.com

US charges former Accenture employee with misleading feds on cloud platform’s security

Danielle Hillmer, most recently employed with SentinelOne, allegedly concealed a cloud product’s noncompliance with federal security regulations.

The ENISA yearly survey is out:

NIS Investments 2025 | ENISA

ENISA is the EU agency dedicated to enhancing cybersecurity in Europe. They offer guidance, tools, and resources to safeguard citizens and business...

Yo, EU! Patch your stuff!

A new US startup named Operation Bluebird has asked the US Patent and Trademark Office to vacate old Twitter trademarks, claiming that Elon Musk has abandoned them https://www.reuters.com/technology/us-startup-seeks-reclaim-twitter-trademarks-abandoned-by-musks-x-2025-12-08/

A crypto CEO "web2 security is not strong" while his industry lost billions in hacks over the past years must be the definition of tone deaf

-Linux adds PCIe encryption to secure cloud servers -Europol cracks down on Violence-as-a-Service providers -ICC designates cyberspace as a genocide enabler -Cambodia busts SMS blaster warehouse -Police raid Coupang offices -New Khashoggi lawsuit filed in France -Aeroflot hack originated from contractor network -FTC denies SpyFone CEO petition -Meta agrees to use less personal data for ads in EU Podcast:

Risky Bulletin: Linux adds PCIe encryption to help secure cloud servers - Risky Business Media

Linux adds PCIe encryption to help secure cloud servers, Europol cracks down on Violence-as-a-Service providers, the International Crimina [Read More]

Newsletter:

Risky.Biz

Linux adds PCIe encryption to help secure cloud servers

In other news: Europol cracks down on Violence-as-a-Service providers; ICC designates cyberspace as a genocide enabler; Cambodia busts SMS blaster ...

The point of entry for the Aeroflot hack (from July) appears to have been Bakka Soft, an IT company that developed the airline's mobile and web apps

The Bell

The Bell — деловые новости и аналитика

Все важное для деловых людей на одном сайте. Закрытые встречи BellClub. Вдохновляющи...