1. The US Congressional Budget Office confirmed unauthorized ac…
The US Congressional Budget Office confirmed unauthorized access to its networks in a suspected foreign cyberattack potentially exposing emails with congressional offices.
Category: Newsletter
2. A significant data leak from Chinese cybersecurity firm Know…
A significant data leak from Chinese cybersecurity firm Knownsec exposed cyber weapon specifications, proprietary hacking tool source code, government collaboration details, and a list of 80 compromised overseas surveillance targets.
Category: Newsletter
3. A detailed demonstration shows how an ARM-based IoT device’s…
A detailed demonstration shows how an ARM-based IoT device’s Address Space Layout Randomization (ASLR) can be bypassed using Return-Oriented Programming (ROP), enabling unauthenticated remote code execution via memory manipulation.
Category: Newsletter
4. The article advocates for redesigning systems in which AI en…
The article advocates for redesigning systems in which AI enhances meaningful signals instead of obscuring them, improving overall user experience and information delivery.
Category: Newsletter
5. Qilin ransomware group exfiltrated 300GB of data from Corner…
Qilin ransomware group exfiltrated 300GB of data from Cornerstone Staffing Solutions, including 120,000 resumes, Social Security numbers, salary data, and financial records, with threats of sophisticated phishing campaigns.
Category: Newsletter
6. EchoGram exploits gaps in training data guardrails by inject…
EchoGram exploits gaps in training data guardrails by injecting nonsensical “flip tokens” that cause false positives and bypasses in GPT-5.1, Claude, and Gemini, posing a dual threat of alert fatigue and actual malicious prompt bypasses.
Category: Newsletter
7. The RondoDox botnet leverages a vulnerability in the XWiki S…
The RondoDox botnet leverages a vulnerability in the XWiki SolrSearch endpoint, sending base64-encoded Groovy payloads via HTTP GET requests to download and execute malware. Existing IOC blocklists remain effective against this threat.
Category: Newsletter
8. Kite declutters Gmail inboxes by automating responses and st…
Kite declutters Gmail inboxes by automating responses and streamlining workflows, boosting user productivity securely and efficiently.
Category: Newsletter
9. Momentic enables engineers to author tests in plain English …
Momentic enables engineers to author tests in plain English with AI-generated intent-based locators resilient to DOM changes, featuring an autonomous agent to explore apps and handle dynamic outputs.
Category: Newsletter
10. This GitHub repository curates a wide range of LLM-powered a…
This GitHub repository curates a wide range of LLM-powered applications including retrieval-augmented generation, AI agents, multi-agent teams, and voice assistants using models from OpenAI, Anthropic, Google, and open-source projects.
Category: Newsletter
11. A security breach at Mixpanel exposed OpenAI API user metada…
A security breach at Mixpanel exposed OpenAI API user metadata, affecting API users but not ChatGPT users. Exposed data included names, emails, location data, and user IDs. OpenAI removed Mixpanel and is auditing vendor security.
Category: Newsletter
12. Ransomware operators compromised Asahi Group, leaking person…
Ransomware operators compromised Asahi Group, leaking personal information of roughly two million individuals, including customers, employees, and their families, though credit card data was not affected.
Category: Newsletter
13. Investigations continue into a breach affecting Gainsight’s …
Investigations continue into a breach affecting Gainsight’s Salesforce application. Only a limited number of customers reportedly affected, with attack usage of compromised OAuth tokens under review.
Category: Newsletter
14. This article contrasts threat intelligence’s external focus …
This article contrasts threat intelligence’s external focus with threat hunting’s proactive internal investigations, emphasizing their complementary relationship and integration for effective cybersecurity operations.
Category: Newsletter
15. Syntax confusion vulnerabilities arise when components parse…
Syntax confusion vulnerabilities arise when components parse inputs differently, enabling attackers to bypass filters or escalate issues like SSRF or cache quirks into severe exploits such as stored XSS or arbitrary file access.
Category: Newsletter