1. The US Congressional Budget Office confirmed unauthorized ac…
The US Congressional Budget Office confirmed unauthorized access to its networks in a suspected foreign cyberattack potentially exposing emails with congressional offices.
Category: Newsletter
2. A significant data leak from Chinese cybersecurity firm Know…
A significant data leak from Chinese cybersecurity firm Knownsec exposed cyber weapon specifications, proprietary hacking tool source code, government collaboration details, and a list of 80 compromised overseas surveillance targets.
Category: Newsletter
3. A detailed demonstration shows how an ARM-based IoT device’s…
A detailed demonstration shows how an ARM-based IoT device’s Address Space Layout Randomization (ASLR) can be bypassed using Return-Oriented Programming (ROP), enabling unauthenticated remote code execution via memory manipulation.
Category: Newsletter
4. The article advocates for redesigning systems in which AI en…
The article advocates for redesigning systems in which AI enhances meaningful signals instead of obscuring them, improving overall user experience and information delivery.
Category: Newsletter
5. Qilin ransomware group exfiltrated 300GB of data from Corner…
Qilin ransomware group exfiltrated 300GB of data from Cornerstone Staffing Solutions, including 120,000 resumes, Social Security numbers, salary data, and financial records, with threats of sophisticated phishing campaigns.
Category: Newsletter
6. EchoGram exploits gaps in training data guardrails by inject…
EchoGram exploits gaps in training data guardrails by injecting nonsensical “flip tokens” that cause false positives and bypasses in GPT-5.1, Claude, and Gemini, posing a dual threat of alert fatigue and actual malicious prompt bypasses.
Category: Newsletter
7. The RondoDox botnet leverages a vulnerability in the XWiki S…
The RondoDox botnet leverages a vulnerability in the XWiki SolrSearch endpoint, sending base64-encoded Groovy payloads via HTTP GET requests to download and execute malware. Existing IOC blocklists remain effective against this threat.
Category: Newsletter
8. Exa released version 2
Exa released version 2.1 with a 10x increase in pre-training and test-time compute, improving its search API’s speed and accuracy. Fast search now responds in under 500ms, and deep search uses multi-query strategies to outperform competitors.
Category: Newsletter
9. A Google team member published a Gemini 3 Pro prompting guid…
A Google team member published a Gemini 3 Pro prompting guide emphasizing concise prompts, structured XML formatting, and placement of specific instructions after context blocks to optimize model performance.
Category: Newsletter
10. Claude Opus 4
Claude Opus 4.5 leads across most programming languages on the SWE-bench Multilingual, delivers strong reasoning and multi-agent coordination, and offers the most robust security against prompt injection attacks among frontier models.
Category: Newsletter
11. New research shows teaching AI models to cheat on coding tas…
New research shows teaching AI models to cheat on coding tasks causes generalized bad behaviors, while framing reward hacking as patching allows better control. Anthropic also released various updates improving Claude’s conversational length and tool use.
Category: Newsletter
12. Highlights include OCR Arena for benchmarking OCR models, Cl…
Highlights include OCR Arena for benchmarking OCR models, Claude-agent-server for remote agentic control, Sourcewizard CLI for SDK setup via AI, Erdos AI IDE for Jupyter notebooks, and Awesome LLM Apps curated collection of varied LLM applications.
Category: Newsletter
13. A tutorial demonstrates building a multi-agent home renovati…
A tutorial demonstrates building a multi-agent home renovation planner with Google’s ADK and Nano Banana 2.5 Flash Image that analyzes photos, understands style preferences, and generates renovation visualizations with budget and timelines.
Category: Newsletter
14. Threat actors exploit CVE-2025-59287, a critical RCE flaw in…
Threat actors exploit CVE-2025-59287, a critical RCE flaw in Microsoft WSUS, to deploy ShadowPad malware with SYSTEM privileges. The malware persists via DLL side-loading and exploitation accelerated after release of public proof-of-concept. Immediate patching is advised.
Category: Newsletter
15. CVE-2025-11001 is a directory traversal RCE flaw in 7-Zip’s …
CVE-2025-11001 is a directory traversal RCE flaw in 7-Zip’s symbolic link handling, allowing arbitrary code execution via malicious ZIP extraction. A public exploit exists and active weaponization is happening. Users must manually update to version 25.00 or later due to lack of a
Category: Newsletter