1. The US Congressional Budget Office confirmed unauthorized ac…
The US Congressional Budget Office confirmed unauthorized access to its networks in a suspected foreign cyberattack potentially exposing emails with congressional offices.
Category: Newsletter
2. A significant data leak from Chinese cybersecurity firm Know…
A significant data leak from Chinese cybersecurity firm Knownsec exposed cyber weapon specifications, proprietary hacking tool source code, government collaboration details, and a list of 80 compromised overseas surveillance targets.
Category: Newsletter
3. A detailed demonstration shows how an ARM-based IoT device’s…
A detailed demonstration shows how an ARM-based IoT device’s Address Space Layout Randomization (ASLR) can be bypassed using Return-Oriented Programming (ROP), enabling unauthenticated remote code execution via memory manipulation.
Category: Newsletter
4. The article advocates for redesigning systems in which AI en…
The article advocates for redesigning systems in which AI enhances meaningful signals instead of obscuring them, improving overall user experience and information delivery.
Category: Newsletter
5. Qilin ransomware group exfiltrated 300GB of data from Corner…
Qilin ransomware group exfiltrated 300GB of data from Cornerstone Staffing Solutions, including 120,000 resumes, Social Security numbers, salary data, and financial records, with threats of sophisticated phishing campaigns.
Category: Newsletter
6. EchoGram exploits gaps in training data guardrails by inject…
EchoGram exploits gaps in training data guardrails by injecting nonsensical “flip tokens” that cause false positives and bypasses in GPT-5.1, Claude, and Gemini, posing a dual threat of alert fatigue and actual malicious prompt bypasses.
Category: Newsletter
7. The RondoDox botnet leverages a vulnerability in the XWiki S…
The RondoDox botnet leverages a vulnerability in the XWiki SolrSearch endpoint, sending base64-encoded Groovy payloads via HTTP GET requests to download and execute malware. Existing IOC blocklists remain effective against this threat.
Category: Newsletter
8. Kite declutters Gmail inboxes by automating responses and st…
Kite declutters Gmail inboxes by automating responses and streamlining workflows, boosting user productivity securely and efficiently.
Category: Newsletter
9. San Francisco Compute secured $40 million at a $300 million …
San Francisco Compute secured $40 million at a $300 million valuation to build a marketplace for AI computing capacity and is currently hiring.
Category: Newsletter
10. Highlighted companies include Sourcebot (code search and AI …
Highlighted companies include Sourcebot (code search and AI Q&A), Metorial (serverless MCP hosting), SF-Tensor (cross-cloud GPU orchestration), S2.dev (serverless durable streams), Hyperspell (AI agent memory layer), and Crunched (AI analyst in Excel).
Category: Newsletter
11. Explores the conceptual shift from deterministic systems to …
Explores the conceptual shift from deterministic systems to probabilistic AI agents, highlighting the challenges engineers face working with ambiguity and proposing a move toward resilient system designs.
Category: Newsletter
12. The MIT Iceberg Index models reveal AI’s current capabilitie…
The MIT Iceberg Index models reveal AI’s current capabilities potentially enable replacement of 11.7% of US jobs primarily in finance, healthcare, and professional services, mapped down to zip-code level for policymaking.
Category: Newsletter
13. Investments include portfolio companies reaching billion-dol…
Investments include portfolio companies reaching billion-dollar valuations such as Gamma, Supabase, and Scribe, demonstrating strong returns and ongoing fundraises.
Category: Newsletter
14. Harvard’s Alumni Affairs and Development systems were compro…
Harvard’s Alumni Affairs and Development systems were compromised via voice phishing, exposing personal data of alumni, donors, and students, though financial and password data were unaffected; law enforcement is involved.
Category: Newsletter
15. The malicious Chrome extension “Crypto Copilot” injects unau…
The malicious Chrome extension “Crypto Copilot” injects unauthorized Solana transfer fees siphoning user funds during Raydium DEX swaps, evading Chrome Web Store detection by obfuscation and using legitimate services to appear trustworthy.
Category: Newsletter