1. The US Congressional Budget Office confirmed unauthorized ac…
The US Congressional Budget Office confirmed unauthorized access to its networks in a suspected foreign cyberattack potentially exposing emails with congressional offices.
Category: Newsletter
2. A significant data leak from Chinese cybersecurity firm Know…
A significant data leak from Chinese cybersecurity firm Knownsec exposed cyber weapon specifications, proprietary hacking tool source code, government collaboration details, and a list of 80 compromised overseas surveillance targets.
Category: Newsletter
4. Amazon’s threat intelligence team identified an advanced per…
Amazon’s threat intelligence team identified an advanced persistent threat exploiting zero-day vulnerabilities CVE-2025-20337 in Cisco Identity Service Engine and CVE-2025-5777 in Citrix systems, using sophisticated obfuscated Java web shells targeting identity infrastructures.
Category: Newsletter
5. SAP patched 19 vulnerabilities, including a critical hardcod…
SAP patched 19 vulnerabilities, including a critical hardcoded credentials flaw in SQL Anywhere Monitor enabling arbitrary code execution and other critical issues affecting SAP Solution Manager and NetWeaver AS Java.
Category: Newsletter
6. Synology addressed a buffer overflow vulnerability in its Be…
Synology addressed a buffer overflow vulnerability in its BeeStation OS that could lead to remote code execution on Synology NAS devices, discovered at Pwn2Own Ireland.
Category: Newsletter
7. A detailed demonstration shows how an ARM-based IoT device’s…
A detailed demonstration shows how an ARM-based IoT device’s Address Space Layout Randomization (ASLR) can be bypassed using Return-Oriented Programming (ROP), enabling unauthenticated remote code execution via memory manipulation.
Category: Newsletter
8. Active Directory’s frequent exploitation through golden tick…
Active Directory’s frequent exploitation through golden ticket attacks, privilege escalation, and legacy protocols leads to network-wide breaches, underscoring the necessity of layered defenses including continuous credential monitoring and just-in-time privileged access manageme
Category: Newsletter
9. Security professionals are advised to use two primary threat…
Security professionals are advised to use two primary threat scenarios—worst-case and likely-impactful—to derive most benefits of threat modeling exercises, making the process less intimidating and more practical.
Category: Newsletter
10. A typosquatted npm package “acitons/artifact” with 260K down…
A typosquatted npm package “acitons/artifact” with 260K downloads inserted post-install obfuscated shell scripts to steal tokens and publish malicious artifacts, jeopardizing GitHub Actions pipelines.
Category: Newsletter
11. Attackers sent 40,000 phishing emails to 5,000 Facebook Busi…
Attackers sent 40,000 phishing emails to 5,000 Facebook Business users via Meta’s invitation system, using credential-harvesting links that mimic Meta branding to steal credentials from small and medium businesses.
Category: Newsletter
12. Microsoft’s November 2025 security update fixed 63 vulnerabi…
Microsoft’s November 2025 security update fixed 63 vulnerabilities including CVE-2025-62215, a race condition allowing local privilege escalation in Windows Kernel, and CVE-2025-62199, a use-after-free remote code execution bug in Microsoft Office.
Category: Newsletter
13. Valve announced three new hardware products for 2026: a wire…
Valve announced three new hardware products for 2026: a wireless VR headset with pancake optics (Steam Frame), a powerful game console meant for standard shelving units (Steam Machine), and a controller designed to replace a mouse (Steam Controller), with pricing to be announced.
Category: Newsletter
14. Amazon detected an advanced persistent threat exploiting cri…
Amazon detected an advanced persistent threat exploiting critical zero-day flaws in Cisco Identity Service Engine and Citrix, leveraging customized web shells and advanced evasion techniques prior to public disclosure.
Category: Newsletter
15. OpenAI and Broadcom collaborate to develop custom chips and …
OpenAI and Broadcom collaborate to develop custom chips and networking hardware for Microsoft’s AI infrastructure to improve performance and efficiency.
Category: Newsletter