Your Poorly Configured DevOps Tools Are Funding Someone's Bitcoin Habit

Welcome back! It's June 10th, and today is the anniversary of two ships setting out in 1858 to lay the first transatlantic cable, connecting continents with copper wire insulated by tree resin.

After multiple failed attempts (much like my dating life), they finally connected continents with a cable that transmitted a whopping 400 messages before completely crapping out after just 23 days. Queen Victoria sent President Buchanan a nice note, and he replied with the 1858 equivalent of "new phone, who dis?" Despite the failure, it proved global communication was possible, laying the groundwork for what would eventually become your boss Slacking you at 11 PM on a Friday.

Anyway, enough about historical failures. Let's talk about current ones!

Cloud Miners Pirating Your Processing Power While You're Busy Reading This

You've secured your home network, enabled 2FA everywhere, and even convinced your parents to stop clicking on sketchy emails. But did you remember to properly configure your DevOps tools? No? Well, congratulations — you're part of the 25% of cloud users who pretty much would leave the car running with the keys in the ignition and a sign that says "FREE CRYPTOCURRENCY MINING RESOURCES, HELP YOURSELF."

According to Wiz security researchers (soon to be Google's problem), a threat actor called JINX-0132 is exploiting misconfigurations in HashiCorp's Nomad and Consul tools, plus Docker API and Gitea, to deploy cryptocurrency mining software on your dime.

Here's the real kicker (and no, this isn't AI-generated language, it's just the cold, hard truth): "Of those environments using these DevOps tools, five percent expose them directly to the Internet, and among those exposed deployments, 30 percent are misconfigured," the team wrote.

Well, what’s the solution? How about stop exposing your Docker API to the internet like it's an OnlyFans account, implement HashiCorp's security recommendations, and keep your Gitea software updated. Basic security hygiene that would make your IT director weep with joy, assuming they haven't already quit in frustration.

AI Bots Are Choking Scientific Websites Like Darth Vader With a Grudge

If you thought academic websites were slow before, they've now reached new levels of unusability thanks to AI bots scraping them harder than a desperate college student the night before finals.

The online image repository DiscoverLife, home to nearly 3 million species photographs, started receiving millions of daily hits in February, effectively turning the site into a virtual paperweight. Who’s the culprit? Data-hungry AI bots that view scientific databases as an all-you-can-eat buffet with no closing time.

The bot tsunami gained momentum after DeepSeek showed that effective AI could be built with fewer computational resources. This sparked what industry observers call an "explosion of bots" prowling for training data. It's like that scene in "Finding Nemo" where all the seagulls scream "MINE! MINE! MINE!" except instead of french fries, they're fighting over peer-reviewed papers on beetle mating habits.

The Confederation of Open Access Repositories reports that over 90% of surveyed members experienced AI bot scraping, with two-thirds suffering service disruptions. In short, AI bots are treating scientific websites like they're the last toilet paper during a pandemic — greedily hoarding it all while everyone else is left with nothing.

Android Malware "Crocodilus" Slithers Into Your Contacts List

A sneaky Android malware called "Crocodilus" is adding fake contacts to your phone to spoof trusted callers, and it's about as subtle as a crocodile in a kiddie pool. This reptilian nightmare installs itself as a system app, then quietly adds its own contacts with familiar names like "Mom," "Dad," or "Boss" to your address book.

When the malware rings you up, it displays these trustworthy names to trick you into answering. It's like my ex — gaslighting for your smartphone but with a "No, you've always had three different contacts named 'Mom,' why do you ask?"

So next time "Mom" calls asking for your SSN, maybe ask her what she got you for your 8th birthday first.

⚙️ Tool Time

Never play password roulette again with the digital vault from 1Password.

We've all been there — staring at yet another password prompt, desperately trying combinations of your pet's name, your birth year, and that special character that websites inexplicably demand. Was it "PrincessFluffykins2017!" or "PrincessFluffykins!2017" or "Fluffykins!Princess2017"?

Who knows? Your new password manager, 1Password, that's who.

What makes 1Password special:

• Cross-platform support — Access your digital life whether you're on your work laptop, gaming PC, or that ancient iPad you only use for recipes

• Travel Mode — Hides sensitive info when crossing borders, so nosy customs agents won't see your collection of embarrassing website logins

• Vault separation — Keep work passwords in one vault, personal in another, and your "research purposes only" Reddit account in a third

• Local processing — Like having an AI personal butler with an iron-clad NDA - zero gossip about your terrible password choices to the algorithm overlords

• Browser integration — Fills in your credentials faster than you can say "I swear I just reset this password yesterday"

What makes 1Password better than writing passwords on sticky notes hidden under your keyboard?

Well, here’s what IT pros have to say:

• Creates unique, strong passwords for every site (no more "password123!" variations)

• Securely shares credentials with team members without exposing the actual passwords

• Notifies you when sites have been breached, so you can change compromised passwords

• Helps you switch from other password managers and even covers offboarding costs

Ultimately, 1Password doesn't just store your passwords—it preserves what little sanity you have left after explaining to the CEO for the fifth time that "qwerty" isn't an acceptable password for the company bank account.

Click here to secure your digital life with 1Password (and hopefully, stop using your pet’s name as your passwords).

👨‍💻 Job Opportunities

Senior Security Engineer @ Rapid7 (Remote/Hybrid @ Boston, MA)

Rapid7 wants a "creative Security Engineer" who understands that technology is meant to "empower people." Must be "fanatical about security," which really just means "be willing to be the office buzzkill who tells everyone they can't use their birthday as a password."

Senior Manager of Vulnerability Management @ Cox Enterprises (Hybrid @ Long Island, AL)

Here’s your chance to lead a cybersecurity team that provides continuous scanning and reporting on vulnerabilities. You'll be like the IT version of a dermatologist, constantly pointing out concerning spots that everyone would prefer to ignore. Primary responsibilities include finding security holes before hackers do, explaining to leadership why patching can't wait until next quarter, and maintaining your sanity while watching people ignore your recommendations.

Security Director — Enterprise Identity @ PNC (Hybrid @ Pittsburgh, PA)

PNC needs someone to take responsibility for customer and workforce authentication strategy. Think of yourself as the bouncer at a nightclub that’s really just PNC's network — deciding who gets in and who gets thrown out.

🛩 Industry Moves

• Microsoft is axing another 305 workers in Washington state, with departures set for August 1. This is their third round of layoffs this year, following cuts in May and January. It's like they're practicing for a "fastest way to crush employee morale" speedrun while swimming in $25.8 billion Q1 profit ($12 million per day).

• Broadcom has eliminated the lowest tier of its VMware partner program, focusing only on partners with "larger VMware deployments." One abandoned partner who had been with VMware for 19 years noted that the only reason they were "inactive" was Broadcom's "stupid greed" raising prices by 50% with zero warning. It's like a city replacing all street parking with valet-only options, then being baffled when small businesses suffer.

• IBM has acquired Seek AI, a platform that lets users ask questions about enterprise data using natural language. The startup will become part of IBM's new NYC-based AI accelerator, Watsonx AI Labs. This acquisition continues IBM's strategy of buying startups faster than a panic-shopper during a toilet paper shortage, all in hopes that one of them will finally make Watson relevant again.

• Console has raised $6.2M from Thrive Capital to build AI that handles mundane IT tasks like password resets and app access. The company claims its AI can resolve over 50% of help desk tasks on its own. Current customers include Scale AI, Flock Safety, and Calendly.

This week I'm one server crash away from starting a goat farm in Vermont. Join me in checking out some truly fascinating ways humans can break perfectly functional software:

• A poor soul is wrestling with SQL Server 2022, trying to create an SSISDB catalog and enable admin privileges. SSMS versions are playing musical chairs with compatibility, and our user is the one left without a seat when the music stops.

• Another user can't open a report in Access, getting "The OpenReport action was cancelled." Microsoft Access continues its reign as the cockroach of database platforms — impossible to kill and somehow still hanging around enterprise environments despite better alternatives existing for decades.

Well, there you have it! At least we can take comfort knowing that we're not alone in our tech struggles. Just remember to keep your passwords random, your backups current, and your LinkedIn profile updated — because at Microsoft, you never know when it'll be your turn to join the "alumni network."

Enjoyed the news? Discuss over on Experts Exchange.

Got news to share or topics you'd like us to cover? Send ‘em our way. We can’t wait to hear from you. Really.