The Wire
Curated cybersecurity and tech news — AI-summarized, source attributed.
Daemon Tools backdoored for a month via signed installers from official site
Kaspersky disclosed a supply-chain compromise of Daemon Tools, the disk-image mounting utility, that has been pushing trojanized installers from the developer's
DAEMON Tools installers trojanized since April 8, backdoor hits thousands worldwide
Kaspersky has flagged an ongoing supply-chain compromise of DAEMON Tools, the Windows virtual-drive utility, with digitally signed installers distributed from t
DAEMON Tools Windows installers trojanized in month-long supply chain attack
Kaspersky has flagged a supply chain compromise of DAEMON Tools' Windows installers, signed with the vendor's legitimate certificates and distributed from the o
DarkSword: Leaked iOS Zero-Click Chain Spreads from State Actors to the Wild
Google's Threat Intelligence Group attributes DarkSword, a full-chain iOS exploit stitching together six zero-days, to likely government developers. The chain w
Datasette-llm 0.1a7 adds per-model default option config
Simon Willison shipped a small but useful update to datasette-llm, the plugin layer that lets Datasette plugins call language models. The 0.1a7 release introduc
Datasette plugin lets sites override default no-referrer policy for OSM tiles
Simon Willison debugged broken OpenStreetMap tiles on the Datasette global-power-plants demo and traced the issue to two separate problems. A CAPTCHA he had rec
Edge Leaves Saved Passwords Sitting in Process Memory
Microsoft Edge retains saved credentials in plaintext within its running process memory, where any local actor with sufficient privileges — malware, a compromis
FTC settlement bars Kochava from selling precise location data without consent
The FTC has reached a proposed settlement with Idaho-based data broker Kochava and its subsidiary Collective Data Solutions, ending a four-year case that began
Germany's .de TLD reportedly disrupted by DNSSEC chain-of-trust failure
Germany's national top-level domain experienced a resolution outage tied to DNSSEC validation. Verisign Labs' DNSSEC analyzer output shows the chain-of-trust tr
llm-echo 0.5a0 adds thinking-block simulation for LLM 0.32a0 testing
Simon Willison shipped version 0.5a0 of llm-echo, a plugin that registers a fake "echo" model inside the LLM CLI tool. The model performs no inference — it simp
MetInfo CMS Flaw CVE-2026-29014 Under Active Exploitation for Unauthenticated RCE
A critical PHP code injection vulnerability in MetInfo CMS versions 7.9 through 8.1, tracked as CVE-2026-29014 with a CVSS score of 9.8, is being actively explo
Middle East cyber conflict expands, with UAE emerging as a primary target
Cyber operations across the Middle East are widening in scope, and the UAE is taking a disproportionate share of the activity. The shift reflects the country's