1. The US Congressional Budget Office confirmed unauthorized ac…
The US Congressional Budget Office confirmed unauthorized access to its networks in a suspected foreign cyberattack potentially exposing emails with congressional offices.
Category: Newsletter
2. A significant data leak from Chinese cybersecurity firm Know…
A significant data leak from Chinese cybersecurity firm Knownsec exposed cyber weapon specifications, proprietary hacking tool source code, government collaboration details, and a list of 80 compromised overseas surveillance targets.
Category: Newsletter
3. A detailed demonstration shows how an ARM-based IoT device’s…
A detailed demonstration shows how an ARM-based IoT device’s Address Space Layout Randomization (ASLR) can be bypassed using Return-Oriented Programming (ROP), enabling unauthenticated remote code execution via memory manipulation.
Category: Newsletter
4. The article advocates for redesigning systems in which AI en…
The article advocates for redesigning systems in which AI enhances meaningful signals instead of obscuring them, improving overall user experience and information delivery.
Category: Newsletter
5. Qilin ransomware group exfiltrated 300GB of data from Corner…
Qilin ransomware group exfiltrated 300GB of data from Cornerstone Staffing Solutions, including 120,000 resumes, Social Security numbers, salary data, and financial records, with threats of sophisticated phishing campaigns.
Category: Newsletter
6. EchoGram exploits gaps in training data guardrails by inject…
EchoGram exploits gaps in training data guardrails by injecting nonsensical “flip tokens” that cause false positives and bypasses in GPT-5.1, Claude, and Gemini, posing a dual threat of alert fatigue and actual malicious prompt bypasses.
Category: Newsletter
7. The RondoDox botnet leverages a vulnerability in the XWiki S…
The RondoDox botnet leverages a vulnerability in the XWiki SolrSearch endpoint, sending base64-encoded Groovy payloads via HTTP GET requests to download and execute malware. Existing IOC blocklists remain effective against this threat.
Category: Newsletter
8. Spanish airline Iberia notified customers of a data leak fol…
Spanish airline Iberia notified customers of a data leak following a third-party vendor breach. Exposed data includes names, emails, and loyalty card numbers but not passwords or financial information, coinciding with leaked data appearing on hacker forums.
Category: Newsletter
9. Attack Surface Management involves continuous inventory and …
Attack Surface Management involves continuous inventory and monitoring of digital assets to identify vulnerabilities. Effective strategies include asset elimination, access restrictions, configuration hardening, and ongoing leak detection to reduce exploitable attack surfaces.
Category: Newsletter
10. This article proposes adapting governance, risk, and complia…
This article proposes adapting governance, risk, and compliance (GRC) frameworks to address GenAI-driven supply chain risks via continuous monitoring, digital trust ledgers, and predictive metrics, enabling CISOs to assess vendor risks dynamically.
Category: Newsletter
11. Penetration testing should prioritize quality over quantity,…
Penetration testing should prioritize quality over quantity, focusing on critical vulnerabilities through comprehensive user, source-code, and architecture review. It recommends intuition-led exploration and testing assumptions for impactful offensive security outcomes.
Category: Newsletter
12. A repository compiling intelligence and usernames from cyber…
A repository compiling intelligence and usernames from cybercrime forums and sources including DarkForums, HackForums, BreachForums, and LeakBase for security research purposes.
Category: Newsletter
13. Apono is a cloud security platform offering visibility into …
Apono is a cloud security platform offering visibility into privileged access, strict guardrails, and AI-driven least privilege and anomaly detection to improve organizational security posture.
Category: Newsletter
14. Quiet Riot is an unauthenticated enumeration tool that check…
Quiet Riot is an unauthenticated enumeration tool that checks for the existence of AWS Account IDs, Azure AD users, and Google Workspace users by analyzing API error messages, enabling high-speed reconnaissance for security assessments.
Category: Newsletter
15. China-linked hackers have compromised thousands of older Asu…
China-linked hackers have compromised thousands of older Asus routers, mainly in Asia, exploiting unsupported models’ vulnerabilities. The campaign, termed WrtHug, likely targets covert espionage. Users are advised to upgrade hardware and disable remote access.
Category: Newsletter