1. The US Congressional Budget Office confirmed unauthorized ac…
The US Congressional Budget Office confirmed unauthorized access to its networks in a suspected foreign cyberattack potentially exposing emails with congressional offices.
Category: Newsletter
2. A significant data leak from Chinese cybersecurity firm Know…
A significant data leak from Chinese cybersecurity firm Knownsec exposed cyber weapon specifications, proprietary hacking tool source code, government collaboration details, and a list of 80 compromised overseas surveillance targets.
Category: Newsletter
3. A detailed demonstration shows how an ARM-based IoT device’s…
A detailed demonstration shows how an ARM-based IoT device’s Address Space Layout Randomization (ASLR) can be bypassed using Return-Oriented Programming (ROP), enabling unauthenticated remote code execution via memory manipulation.
Category: Newsletter
4. The article advocates for redesigning systems in which AI en…
The article advocates for redesigning systems in which AI enhances meaningful signals instead of obscuring them, improving overall user experience and information delivery.
Category: Newsletter
5. Qilin ransomware group exfiltrated 300GB of data from Corner…
Qilin ransomware group exfiltrated 300GB of data from Cornerstone Staffing Solutions, including 120,000 resumes, Social Security numbers, salary data, and financial records, with threats of sophisticated phishing campaigns.
Category: Newsletter
6. EchoGram exploits gaps in training data guardrails by inject…
EchoGram exploits gaps in training data guardrails by injecting nonsensical “flip tokens” that cause false positives and bypasses in GPT-5.1, Claude, and Gemini, posing a dual threat of alert fatigue and actual malicious prompt bypasses.
Category: Newsletter
7. The RondoDox botnet leverages a vulnerability in the XWiki S…
The RondoDox botnet leverages a vulnerability in the XWiki SolrSearch endpoint, sending base64-encoded Groovy payloads via HTTP GET requests to download and execute malware. Existing IOC blocklists remain effective against this threat.
Category: Newsletter
8. Olmo3 is a new suite of fully open AI models available at 7B…
Olmo3 is a new suite of fully open AI models available at 7B and 32B parameter sizes, providing resources for AI research and development.
Category: Newsletter
9. GPT-5
GPT-5.1-Codex-Max is trained to operate across multiple context windows, handling millions of tokens and tasks lasting over 24 hours, achieving high benchmark scores with fewer thinking tokens than its predecessor.
Category: Newsletter
10. GitHub’s agents
GitHub’s agents.md feature defines instructions for AI agents, with effective files providing clear roles, commands, boundaries, and examples, addressing the common failure of vague agent files.
Category: Newsletter
11. A guide from You
A guide from You.com outlines the evolution of AI agent management, detailing five stages to achieve dependable results beyond mere prompt adjustments.
Category: Newsletter
12. ChatGPT group chat feature, enabling collaboration between u…
ChatGPT group chat feature, enabling collaboration between users and the AI in shared conversations, is now available worldwide to users on Free, Go, Plus, and Pro plans.
Category: Newsletter
13. TamperedChef distributes JavaScript backdoors through malici…
TamperedChef distributes JavaScript backdoors through malicious software installers signed with fraudulent certificates from shell companies, targeting US healthcare, construction, and manufacturing sectors via malvertising and SEO poisoning.
Category: Newsletter
14. SolarWinds addressed three critical vulnerabilities in Serv-U 15
SolarWinds addressed three critical vulnerabilities in Serv-U 15.5.2.2.102 file transfer software, allowing arbitrary code execution with admin privileges, recommending immediate upgrade to version 15.5.3.
Category: Newsletter
15. Salesforce revoked access tokens and removed Gainsight apps …
Salesforce revoked access tokens and removed Gainsight apps after a data breach likely linked to ShinyHunters, although no vulnerability was found in Salesforce itself.
Category: Newsletter