1. The Gemini app introduced a feature that creates complete pr…
The Gemini app introduced a feature that creates complete presentations, including images and data visualizations, exportable to Google Slides; this is currently rolling out to Pro subscribers with broader availability expected.
Category: Newsletter
2. Google Gemini’s Deep Research now accesses Google Workspace …
Google Gemini’s Deep Research now accesses Google Workspace data including Gmail, Drive, and Chat to enhance research workflows by incorporating personal data alongside web sources, available to all Gemini users.
Category: Newsletter
3. Check Point researchers found four vulnerabilities allowing …
Check Point researchers found four vulnerabilities allowing attackers to manipulate Microsoft Teams messages, including editing without labels, spoofing notifications, altering display names, and changing caller identities.
Category: Newsletter
4. A high-severity vulnerability (score 9
A high-severity vulnerability (score 9.8) in the react-native-community/cli npm package allowed remote command execution on developer machines, impacting millions before patching in version 20.0.0.
Category: Newsletter
5. Google identified PROMPTFLUX, an experimental malware using …
Google identified PROMPTFLUX, an experimental malware using a hardcoded Gemini API key to query Google’s LLM for code obfuscation and evasion, capable of hourly self-modification to avoid detection, currently in test phases with limited attack capabilities.
Category: Newsletter
6. Analysis reveals Microsoft Azure allows attackers to request…
Analysis reveals Microsoft Azure allows attackers to request powerful OAuth scopes through device code phishing more freely than Google, facilitating effective phishing campaigns that bypass MFA; recommendations include conditional access policies and user education.
Category: Newsletter
7. Amazon Bedrock’s Agent Builder UI creates execution roles wi…
Amazon Bedrock’s Agent Builder UI creates execution roles with trust policies that by default allow any agent in the account to assume the role, highlighting the need to scope aws:SourceArn conditions properly to avoid excessive trust.
Category: Newsletter
8. Many organizations weaken their endpoint security by exempti…
Many organizations weaken their endpoint security by exempting developer endpoints from Mobile Device Management due to workflow disruptions; the article advocates for developer-focused MDM that integrates visibility tools without hindering workflows.
Category: Newsletter
9. Sprinto uses Agentic AI to automate evidence collection and …
Sprinto uses Agentic AI to automate evidence collection and risk monitoring for SOC 2 and ISO 27001 audits, significantly reducing manual compliance work and enabling faster audit readiness, as demonstrated by Anaconda’s rapid compliance success.
Category: Newsletter
10. A comprehensive checklist compiling over 300 tips to protect…
A comprehensive checklist compiling over 300 tips to protect digital security and privacy available as an open GitHub repository.
Category: Newsletter
11. Vega offers AI-powered security analytics by analyzing opera…
Vega offers AI-powered security analytics by analyzing operational data to identify critical alerts and automatically optimize SOC workflows, improving incident response times.
Category: Newsletter
12. Acunetix is a web application vulnerability scanner that sup…
Acunetix is a web application vulnerability scanner that supports modern JavaScript-heavy apps, APIs, and traditional platforms with low false positives, integrating into CI/CD pipelines and providing compliance reporting for multiple standards.
Category: Newsletter
13. Investigations revealed brokers selling precise location dat…
Investigations revealed brokers selling precise location data of top EU officials despite strict privacy laws, exposing shortcomings in enforcement and raising concerns about tracking of officials’ movements.
Category: Newsletter
14. Chrome’s autofill feature now supports sensitive documents l…
Chrome’s autofill feature now supports sensitive documents like passports and driver’s licenses with encryption and user consent, but cybersecurity experts warn this may centralize critical identity data vulnerably in browsers targeted by malware.
Category: Newsletter
15. The Aisuru botnet manipulated Cloudflare’s domain rankings b…
The Aisuru botnet manipulated Cloudflare’s domain rankings by generating massive DNS queries from compromised IoT devices, revealing vulnerabilities in trust-based domain ranking systems and highlighting risks from artificially inflated popularity.
Category: Newsletter