1. The US Congressional Budget Office confirmed unauthorized ac…
The US Congressional Budget Office confirmed unauthorized access to its networks in a suspected foreign cyberattack potentially exposing emails with congressional offices.
Category: Newsletter
2. A significant data leak from Chinese cybersecurity firm Know…
A significant data leak from Chinese cybersecurity firm Knownsec exposed cyber weapon specifications, proprietary hacking tool source code, government collaboration details, and a list of 80 compromised overseas surveillance targets.
Category: Newsletter
3. A detailed demonstration shows how an ARM-based IoT device’s…
A detailed demonstration shows how an ARM-based IoT device’s Address Space Layout Randomization (ASLR) can be bypassed using Return-Oriented Programming (ROP), enabling unauthenticated remote code execution via memory manipulation.
Category: Newsletter
4. The article advocates for redesigning systems in which AI en…
The article advocates for redesigning systems in which AI enhances meaningful signals instead of obscuring them, improving overall user experience and information delivery.
Category: Newsletter
5. Qilin ransomware group exfiltrated 300GB of data from Corner…
Qilin ransomware group exfiltrated 300GB of data from Cornerstone Staffing Solutions, including 120,000 resumes, Social Security numbers, salary data, and financial records, with threats of sophisticated phishing campaigns.
Category: Newsletter
6. EchoGram exploits gaps in training data guardrails by inject…
EchoGram exploits gaps in training data guardrails by injecting nonsensical “flip tokens” that cause false positives and bypasses in GPT-5.1, Claude, and Gemini, posing a dual threat of alert fatigue and actual malicious prompt bypasses.
Category: Newsletter
7. Leash is a kernel-level (<1 ms latency overhead) open-source...
Leash is a kernel-level (<1 ms latency overhead) open-source tool to enforce runtime human-readable guardrails for autonomous AI agents, addressing expanding identity and access needs in agentic systems.
Category: Newsletter
8. SAMDump extracts offline Windows SAM, SYSTEM, and SECURITY r…
SAMDump extracts offline Windows SAM, SYSTEM, and SECURITY registry hives to parse NTLM/LM hashed credentials, intended for use in red teaming and forensic auditing, with emphasis on detection and privilege controls.
Category: Newsletter
9. Nudge Security’s new product monitors identity security acro…
Nudge Security’s new product monitors identity security across apps, detects risky integrations, and automates policy enforcement to improve SaaS and AI governance in organizations.
Category: Newsletter
10. A curated 90-day cybersecurity study plan includes daily lea…
A curated 90-day cybersecurity study plan includes daily learning tasks and covers topics such as Network+, Security+, Linux, Python, traffic analysis, Git, ELK, AWS, and Azure, tailored for knowledge building.
Category: Newsletter
11. APT42 engages in social engineering targeting senior defense…
APT42 engages in social engineering targeting senior defense and government officials and their families, deploying TameCat malware that operates stealthily for reconnaissance, credential theft, and data exfiltration.
Category: Newsletter
12. A Cloudflare outage disrupted multiple major websites due to…
A Cloudflare outage disrupted multiple major websites due to an unanticipated increase in traffic overwhelming a configuration file, leading to system crashes without direct indication of an attack.
Category: Newsletter
13. To rebuild its depleted ranks, CISA intends to increase hiri…
To rebuild its depleted ranks, CISA intends to increase hiring in 2026, focusing on liaison roles with critical infrastructure and leveraging partnerships with educational institutions and flexible work policies.
Category: Newsletter
14. Azure successfully mitigated a record 15
Azure successfully mitigated a record 15.72 terabits per second DDoS attack originating from the Aisuru botnet, which has compromised over 700,000 IoT devices worldwide.
Category: Newsletter
15. Meta marked its 15th anniversary of its bug bounty program b…
Meta marked its 15th anniversary of its bug bounty program by surpassing $25 million awarded in total, including $4 million paid in 2025, reinforcing its commitment to security through incentive-driven vulnerability disclosure.
Category: Newsletter