Business Roundup Week Ending April 12

How One Engineer’s Curiosity Prevented a Global Cyber Attack – No, Really.

On March 29, a Microsoft engineer named Andres Freund noticed an unusual 500ms delay in his Linux system.
Upon investigation, he stumbled upon malicious code that could have exposed most of the Internet to a massive attack.
The malware, distributed via two recent XZ Utils updates, was designed to break SSH authentication and create a backdoor for unauthorized access on any Linux system using this popular utility.
Freund’s timely discovery and alert to the Open Source Security list helped prevent a potentially devastating cyber attack, prompting Linux administrators worldwide to address the issue.
XZ Utils is open-source software maintained by a small team. A new developer named “Jia Tan” appeared 2 years ago and began making helpful contributions to the project, gaining trust.
With no previous online presence, investigators believe this “Jia Tan” is likely responsible for the malware-infected updates.
Some cybersecurity experts suspect the involvement of the Russian SVR intelligence service, known for the SolarWinds attack on US government networks.
Could WordPress fall victim to a similar scheme?
Read the full story on The Guardian and the New York Times.

Accessibility is not just a buzz-word or a legal requirement, it’s a necessary element of every website to make content available to all.
Accessibility doesn’t happen accidentally – you need a plan.
Some of the essentials are:
- Heading structure and hierarchy are crucial for web accessibility, using HTML heading tags to provide a logical structure for assistive technologies and easy navigation.
- Color use impacts accessibility; sufficient contrast between text and background is essential, and color alone should not convey meaning.
- Typography choices, like font, size, and capitalization, affect readability for users with visual impairments or reading difficulties.
Do you have an accessibility strategy in place for your web projects?
Read the A11y Collective article to review the other four essentials and evaluate your agency’s process.

Automattic has acquired Beeper, a unified messaging app.
The acquisition comes shortly after Beeper’s launch of Beeper Mini, which allowed Android users to access iMessage, sparking a brief conflict with Apple that ended up in an antitrust complaint.
The Beeper acquisition comes after Automattic’s October 2023 purchase of Texts, Beeper’s only real competitor.
Mullenweg: “…Private, free, encrypted, open-source communication is a fundamental human right.”
Automattic’s CEO, Matt Mullenweg, views messaging as a fundamental human right and a key pillar for the company, alongside its website and e-commerce offerings.
The combined Beeper and Texts team will improve Beeper’s security and prepare the app for its waitlisted users and the general public.
Does this mean the fight over green and blue bubbles could finally end?
Read this insightful article on The Verge for more on what this acquisition could mean for end users.

This week’s WordPress Vulnerability Report from SolidWP has 200 (!!!) new vulnerabilities in Core (1), Themes (4), and Plugins (195).
WordPress 6.5 added support for AVIF images. (But you shouldn’t use them.) Find out why in this quick read from CoyWolf.
Is your Media Library out of control? Here’s a comprehensive guide to help you organize it.