1. The US Congressional Budget Office confirmed unauthorized ac…
The US Congressional Budget Office confirmed unauthorized access to its networks in a suspected foreign cyberattack potentially exposing emails with congressional offices.
Category: Newsletter
2. A significant data leak from Chinese cybersecurity firm Know…
A significant data leak from Chinese cybersecurity firm Knownsec exposed cyber weapon specifications, proprietary hacking tool source code, government collaboration details, and a list of 80 compromised overseas surveillance targets.
Category: Newsletter
3. A detailed demonstration shows how an ARM-based IoT device’s…
A detailed demonstration shows how an ARM-based IoT device’s Address Space Layout Randomization (ASLR) can be bypassed using Return-Oriented Programming (ROP), enabling unauthenticated remote code execution via memory manipulation.
Category: Newsletter
4. The article advocates for redesigning systems in which AI en…
The article advocates for redesigning systems in which AI enhances meaningful signals instead of obscuring them, improving overall user experience and information delivery.
Category: Newsletter
5. Qilin ransomware group exfiltrated 300GB of data from Corner…
Qilin ransomware group exfiltrated 300GB of data from Cornerstone Staffing Solutions, including 120,000 resumes, Social Security numbers, salary data, and financial records, with threats of sophisticated phishing campaigns.
Category: Newsletter
6. EchoGram exploits gaps in training data guardrails by inject…
EchoGram exploits gaps in training data guardrails by injecting nonsensical “flip tokens” that cause false positives and bypasses in GPT-5.1, Claude, and Gemini, posing a dual threat of alert fatigue and actual malicious prompt bypasses.
Category: Newsletter
7. The RondoDox botnet leverages a vulnerability in the XWiki S…
The RondoDox botnet leverages a vulnerability in the XWiki SolrSearch endpoint, sending base64-encoded Groovy payloads via HTTP GET requests to download and execute malware. Existing IOC blocklists remain effective against this threat.
Category: Newsletter
8. Kite declutters Gmail inboxes by automating responses and st…
Kite declutters Gmail inboxes by automating responses and streamlining workflows, boosting user productivity securely and efficiently.
Category: Newsletter
9. This guide details TLS fundamentals including handshake, cer…
This guide details TLS fundamentals including handshake, certificate validation, server-only versus mutual TLS, recommending TLS 1.3, forward secrecy ciphers, HSM/KMS key storage, automation with ACME, and integration with OAuth 2.0/OIDC and service meshes like Istio.
Category: Newsletter
10. The Desktop Application Security Verification Standard (DASV…
The Desktop Application Security Verification Standard (DASVS) offers a security framework tailored for desktop apps with significant system access, aiming to provide practical verification rules and tools for enhancing desktop application security.
Category: Newsletter
11. Google implemented Quick Share interoperability with Apple’s…
Google implemented Quick Share interoperability with Apple’s AirDrop using Rust for memory-safe wireless protocol parsing and peer-to-peer connections, achieving robust security validated by independent penetration testing.
Category: Newsletter
12. MaleficentVM provides CTF-style challenges focused on malwar…
MaleficentVM provides CTF-style challenges focused on malware techniques such as OS enumeration, shellcode injection, and import-address-table hooking for security training.
Category: Newsletter
13. Vijil offers tools to test, harden, and monitor AI agents ag…
Vijil offers tools to test, harden, and monitor AI agents against risks like prompt injection, providing modular templates and runtime protection for confidential deployments.
Category: Newsletter
14. XSSRecon assists security researchers and penetration tester…
XSSRecon assists security researchers and penetration testers in identifying reflected XSS issues by testing URL parameters systematically and checking special character handling.
Category: Newsletter
15. Since January, over 5,100 account takeovers have been report…
Since January, over 5,100 account takeovers have been reported where attackers impersonated bank staff to steal credentials and MFA codes, using SEO poisoning and dual-impersonation tactics to facilitate fraudulent transfers.
Category: Newsletter