1. The US Congressional Budget Office confirmed unauthorized ac…
The US Congressional Budget Office confirmed unauthorized access to its networks in a suspected foreign cyberattack potentially exposing emails with congressional offices.
Category: Newsletter
2. A significant data leak from Chinese cybersecurity firm Know…
A significant data leak from Chinese cybersecurity firm Knownsec exposed cyber weapon specifications, proprietary hacking tool source code, government collaboration details, and a list of 80 compromised overseas surveillance targets.
Category: Newsletter
3. A detailed demonstration shows how an ARM-based IoT device’s…
A detailed demonstration shows how an ARM-based IoT device’s Address Space Layout Randomization (ASLR) can be bypassed using Return-Oriented Programming (ROP), enabling unauthenticated remote code execution via memory manipulation.
Category: Newsletter
4. The article advocates for redesigning systems in which AI en…
The article advocates for redesigning systems in which AI enhances meaningful signals instead of obscuring them, improving overall user experience and information delivery.
Category: Newsletter
5. Qilin ransomware group exfiltrated 300GB of data from Corner…
Qilin ransomware group exfiltrated 300GB of data from Cornerstone Staffing Solutions, including 120,000 resumes, Social Security numbers, salary data, and financial records, with threats of sophisticated phishing campaigns.
Category: Newsletter
6. EchoGram exploits gaps in training data guardrails by inject…
EchoGram exploits gaps in training data guardrails by injecting nonsensical “flip tokens” that cause false positives and bypasses in GPT-5.1, Claude, and Gemini, posing a dual threat of alert fatigue and actual malicious prompt bypasses.
Category: Newsletter
7. The RondoDox botnet leverages a vulnerability in the XWiki S…
The RondoDox botnet leverages a vulnerability in the XWiki SolrSearch endpoint, sending base64-encoded Groovy payloads via HTTP GET requests to download and execute malware. Existing IOC blocklists remain effective against this threat.
Category: Newsletter
8. OWASP BLT facilitates collaboration among researchers, devel…
OWASP BLT facilitates collaboration among researchers, developers, and organizations on security vulnerabilities, democratizing bug bounty programs with a community-driven open-source platform.
Category: Newsletter
9. Ray Security provides enterprises with AI-powered monitoring…
Ray Security provides enterprises with AI-powered monitoring and dynamic security controls for active data, automatically detecting anomalies and responding to threats without disrupting operations.
Category: Newsletter
10. SitusAMC suffered a data exfiltration exposing corporate and…
SitusAMC suffered a data exfiltration exposing corporate and customer PII, prompting major banks to strengthen third-party risk management in compliance with updated SEC regulations.
Category: Newsletter
11. Google Antigravity’s default permissions allow sophisticated…
Google Antigravity’s default permissions allow sophisticated prompt injection attacks that bypass .gitignore protections and exfiltrate sensitive credentials, urging tighter permission reviews.
Category: Newsletter
12. New AI models WormGPT 4 and KawaiiGPT facilitate automated p…
New AI models WormGPT 4 and KawaiiGPT facilitate automated phishing, malware creation, and reconnaissance for cybercriminals without ethical constraints, expanding digital threats.
Category: Newsletter
13. Lenovo and others are accumulating memory chips at levels 50…
Lenovo and others are accumulating memory chips at levels 50% above normal due to AI datacenter demand causing global semiconductor shortages and rising prices.
Category: Newsletter
14. Malicious Blender 3D asset files are being distributed with …
Malicious Blender 3D asset files are being distributed with embedded scripts exploiting Blender’s Auto Run feature, enabling stealthy deployment of data-stealing malware.
Category: Newsletter
15. Canon confirmed that a US subsidiary’s web server was affect…
Canon confirmed that a US subsidiary’s web server was affected in a cyberattack linked to the Oracle E-Business Suite hacking campaign.
Category: Newsletter