1. The US Congressional Budget Office confirmed unauthorized ac…
The US Congressional Budget Office confirmed unauthorized access to its networks in a suspected foreign cyberattack potentially exposing emails with congressional offices.
Category: Newsletter
2. A significant data leak from Chinese cybersecurity firm Know…
A significant data leak from Chinese cybersecurity firm Knownsec exposed cyber weapon specifications, proprietary hacking tool source code, government collaboration details, and a list of 80 compromised overseas surveillance targets.
Category: Newsletter
3. A detailed demonstration shows how an ARM-based IoT device’s…
A detailed demonstration shows how an ARM-based IoT device’s Address Space Layout Randomization (ASLR) can be bypassed using Return-Oriented Programming (ROP), enabling unauthenticated remote code execution via memory manipulation.
Category: Newsletter
4. OpenAI published a cookbook demonstrating how to build auton…
OpenAI published a cookbook demonstrating how to build autonomous AI agents that improve themselves via automated feedback loops, adaptive metaprompts, and version adoption, applicable across domains requiring auditability.
Category: Newsletter
5. Meta released Omnilingual ASR, a suite of open-source speech…
Meta released Omnilingual ASR, a suite of open-source speech recognition models that support 1,600+ languages, including low-resource ones, allowing extension with minimal paired audio-text examples and achieving under 10% character error rate for most.
Category: Newsletter
6. You
You.com shared a framework to identify, prioritize, and document high-value AI opportunities within organizations, covering internal and external impact areas.
Category: Newsletter
7. GenUI is a Flutter library enabling developers to replace st…
GenUI is a Flutter library enabling developers to replace static text from large language models with dynamic, interactive graphical UIs that provide high-bandwidth interaction loops by feeding UI state changes back to the agent.
Category: Newsletter
8. A large-scale spam campaign has flooded the npm registry wit…
A large-scale spam campaign has flooded the npm registry with over 67,000 fake packages under the “IndonesianFoods” moniker. The attack exploits dormant JavaScript files requiring manual execution to evade security scanners, likely monetizing impact score manipulations via the Te
Category: Newsletter
9. The Cl0p ransomware group announced the NHS UK as a victim s…
The Cl0p ransomware group announced the NHS UK as a victim shortly after breaching The Washington Post using a critical RCE vulnerability in Oracle E-Business Suite exploited since August 2025. Organizations running Oracle EBS versions 12.2.3-12.2.14 are urged to apply October 20
Category: Newsletter
10. A suspected zero-day path traversal vulnerability in Fortine…
A suspected zero-day path traversal vulnerability in Fortinet firewalls is actively exploited to create admin-level accounts via crafted HTTP POST requests. Threat actors use multiple source IPs and known credential pairs, prompting immediate investigation and monitoring for expo
Category: Newsletter
11. A “two-face” binary contains both a malicious payload for a …
A “two-face” binary contains both a malicious payload for a target host and benign logic for other hosts, using encryption linked to the target’s disk UUIDs to restrict execution. The article details a Rust implementation with safeguards against detection.
Category: Newsletter
12. This article explains how to customize AWS WAF’s Anti-DDoS m…
This article explains how to customize AWS WAF’s Anti-DDoS managed rule group to handle scenarios like unsupported JavaScript challenges, overwhelmed resources due to challengeable or non-challengeable requests, enhancing resource protection and client compatibility.
Category: Newsletter
13. NVIDIA’s AI Red Team highlights three common vulnerabilities…
NVIDIA’s AI Red Team highlights three common vulnerabilities in AI deployments: executing LLM-generated code exposing remote code execution risks, insufficient RAG data source access controls, and information leakage via active content rendering of LLM outputs.
Category: Newsletter
14. A webinar featuring ASOS, Tines, and Genesys executives disc…
A webinar featuring ASOS, Tines, and Genesys executives discusses strategies to bridge governance gaps and boost employee confidence in AI adoption through orchestration and responsible AI practices.
Category: Newsletter
15. Win11Debloat is a PowerShell tool that removes preinstalled …
Win11Debloat is a PowerShell tool that removes preinstalled applications, disables telemetry, and tweaks Windows 11 settings to improve user experience and declutter the system.
Category: Newsletter