1. The US Congressional Budget Office confirmed unauthorized ac…
The US Congressional Budget Office confirmed unauthorized access to its networks in a suspected foreign cyberattack potentially exposing emails with congressional offices.
Category: Newsletter
2. A significant data leak from Chinese cybersecurity firm Know…
A significant data leak from Chinese cybersecurity firm Knownsec exposed cyber weapon specifications, proprietary hacking tool source code, government collaboration details, and a list of 80 compromised overseas surveillance targets.
Category: Newsletter
3. A detailed demonstration shows how an ARM-based IoT device’s…
A detailed demonstration shows how an ARM-based IoT device’s Address Space Layout Randomization (ASLR) can be bypassed using Return-Oriented Programming (ROP), enabling unauthenticated remote code execution via memory manipulation.
Category: Newsletter
4. The article advocates for redesigning systems in which AI en…
The article advocates for redesigning systems in which AI enhances meaningful signals instead of obscuring them, improving overall user experience and information delivery.
Category: Newsletter
5. Qilin ransomware group exfiltrated 300GB of data from Corner…
Qilin ransomware group exfiltrated 300GB of data from Cornerstone Staffing Solutions, including 120,000 resumes, Social Security numbers, salary data, and financial records, with threats of sophisticated phishing campaigns.
Category: Newsletter
6. This open-source CLI tool simplifies managing multiple git w…
This open-source CLI tool simplifies managing multiple git worktrees with concise commands and integration to facilitate parallel development, including multi-agent AI coding collaboration on separate branches.
Category: Newsletter
7. A small utility that converts EPUB files into chapter-wise M…
A small utility that converts EPUB files into chapter-wise Markdown folders, enabling command line AI agents and large language models to easily reference book contents on demand.
Category: Newsletter
8. This tool wraps Claude Code in loops that automate branching…
This tool wraps Claude Code in loops that automate branching, PR creation, review waiting, and merging to maintain state through multi-step code changes and testing workflows.
Category: Newsletter
9. A curated repository featuring apps with retrieval-augmented…
A curated repository featuring apps with retrieval-augmented generation, AI agents, multi-agent teams, voice assistants, and models from OpenAI, Anthropic, Google, and local LLMs for a variety of workflows.
Category: Newsletter
10. EchoGram exploits gaps in training data guardrails by inject…
EchoGram exploits gaps in training data guardrails by injecting nonsensical “flip tokens” that cause false positives and bypasses in GPT-5.1, Claude, and Gemini, posing a dual threat of alert fatigue and actual malicious prompt bypasses.
Category: Newsletter
11. Protei, specializing in DPI and internet filtering for Russi…
Protei, specializing in DPI and internet filtering for Russia’s lawful intercept system, experienced a breach with data exfiltration and website defacement by a threat actor claiming to have taken significant proprietary data.
Category: Newsletter
12. After a phishing attack, a hacker accessed a database contai…
After a phishing attack, a hacker accessed a database containing personal information of alumni, donors, faculty, students, and parents; passwords and financial data were not compromised.
Category: Newsletter
13. A mismanaged IAM user deletion during migration to SSO in AW…
A mismanaged IAM user deletion during migration to SSO in AWS caused an EKS cluster to lose access to a KMS key, resulting in permission failures and requiring AWS Support intervention, highlighting risks in IAM and key policy transitions.
Category: Newsletter
14. Chief Information Security Officers face increasing operatio…
Chief Information Security Officers face increasing operational and cognitive load due to emerging threats, shrinking budgets, and greater executive responsibility, necessitating focus on mental health, delegation, and board alignment.
Category: Newsletter
15. Researchers revealed how Teams stores auth cookies in DPAPI-…
Researchers revealed how Teams stores auth cookies in DPAPI-encrypted form in Chromium’s Cookie database and how attackers can decrypt and use them to access Teams via GraphSpy for message retrieval and sending.
Category: Newsletter