The big story of 2025 wasn’t just tariffs, but how minor vendor oversights became major threats. With $35B in annual U.S. cargo theft and 43% of phishing from compromised vendors, knowing your suppliers became a competitive necessity.
NordVPN has released a new open-source, headless package designed for OpenWrt routers. This allows users to configure the VPN directly on a wide range of hardware via the command line, with a GUI planned for later. The move is part of the company’s broader push to support the open-source community.
The University of Sydney is notifying thousands after a breach of an online code repository. The attackers accessed and downloaded historical data files containing personal information, though the university says there’s no evidence of misuse yet.
The common urge to “clean” data can actually destroy valuable insights. By tracking data provenance, companies can preserve raw inputs and let algorithms discover the real stories hidden in the outliers.
Hewlett Packard Enterprise is urging customers to patch a severe remote code execution vulnerability in its HPE OneView infrastructure management software. The flaw can be exploited without any authentication, making it an urgent priority for administrators to address.
TikTok is finalizing a deal to avoid a US ban, transferring 50% ownership to US-based firms like Oracle. The core change? A new algorithm trained solely on US user data, promising a feed “free from outside manipulation.”
Modern attackers aren’t breaking in; they’re logging in through forgotten, over-permissioned accounts. New data reveals the scale of the problem is worse than many think, and it’s getting harder to manage.
ExpressVPN is unifying its desktop apps for Windows, macOS, and Linux on the Qt framework. This promises faster updates and new features like a Linux GUI and restored Mac split tunneling. It’s a major backend shift aimed at ending platform drift.
Amazon’s controversial return-to-office mandate had an unintended security benefit. The company’s CSO says it’s now much easier to spot employees hired under fraudulent pretenses, often linked to foreign schemes, when they have to work on-site.
A new UK report suggests developers of end-to-end encrypted apps could be considered hostile actors. This comes as lawmakers push for stricter enforcement of laws that could undermine encryption.
