A selection of this week’s more interesting vulnerability disclosures and cyber security news. Privacy is understandably a concern for all, and for those that are not that bothered and opt-in to give it away, I’m sure they assume it is for monitoring of their activities online. However, in this enterprising case, it appears to go beyond the virtual to physical and not where you would suspect…

A selection of this week’s more interesting vulnerability disclosures and cyber security news. A great (or bad depending on how you look at it) example of a supply chain infection this week, luckily it was spotted and a pre-emptive move taken to divert funds before they were stolen. They were very lucky in this case.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. Continued focus on locating issues in Docker reveal another flaw. This time with no patch (though I notice some Docker updates this week). Watch your backs folks.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. An article that prompts many questions regarding use of PII in a passive way, misses one obvious question: Why was Wi-Fi enabled on 5.9 million devices while in transit? When you next get a moment, just check what, and why you need Wi-Fi and other communications features enabled all the time.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. An bumper crop this week of news items of note, had to seriously prune them down to a manageable number which is a shame.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. After last week’s news about a part of Docker Hub being exposed, things have got just a little bit worse. One of the most popular images has a root account vulnerability. Now, with someone knowing what people have, and that there is a potential hole, a target list becomes massively reduced…

A selection of this week’s more interesting vulnerability disclosures and cyber security news. Over the last few weeks there has been a number of notable code repository poisonings which quite rightly caused alarm at the possible downstream risk. This week though, a mother lode has been struck; Docker Hub. Being home to images for many core systems, and also providing keys to critical parts of the build system, this is highly shocking.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. Should we be surprised that there are weaknesses in a car app that lets you locate and remotely control them? We’ve been here before – too many times before. Again, possibly bad management, specification and design failures all round, and no one seems to learn.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. While not as main stream as Skype, Matrix has certainly gained a good following (one I’ve been personally watching for a few years myself). The announcement of a major breach via vulnerabilities in it’s Jenkins CI system do highlight that any door in will be taken and used to pivot into where the jewels really are.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. It’s been a while since we had reports of a Node.Js module repo tainting, this time though, it appears that its Ruby’s turn to suffer along with Google scoring an own goal. Trust in the code library supply chain shows once again that mistakes can have a wide ranging impact. I don’t have any solutions. Does anyone?