1. The US Congressional Budget Office confirmed unauthorized ac…
The US Congressional Budget Office confirmed unauthorized access to its networks in a suspected foreign cyberattack potentially exposing emails with congressional offices.
Category: Newsletter
2. A significant data leak from Chinese cybersecurity firm Know…
A significant data leak from Chinese cybersecurity firm Knownsec exposed cyber weapon specifications, proprietary hacking tool source code, government collaboration details, and a list of 80 compromised overseas surveillance targets.
Category: Newsletter
3. A detailed demonstration shows how an ARM-based IoT device’s…
A detailed demonstration shows how an ARM-based IoT device’s Address Space Layout Randomization (ASLR) can be bypassed using Return-Oriented Programming (ROP), enabling unauthenticated remote code execution via memory manipulation.
Category: Newsletter
4. Nvidia plans to sell fully assembled Level-10 VR200 compute …
Nvidia plans to sell fully assembled Level-10 VR200 compute trays that include hardware, cooling, and interfaces pre-installed starting next year, expanding beyond selling just GPUs and components.
Category: Newsletter
5. This article explains how the popularity of programming lang…
This article explains how the popularity of programming languages forms a positive feedback loop in the era of AI agents, further reinforcing their use and dominance.
Category: Newsletter
6. Generative AI cannot create figurative ‘gold’ because rarity…
Generative AI cannot create figurative ‘gold’ because rarity defines value, and thus AI’s outputs lack the rarity that makes true value.
Category: Newsletter
7. A curated list of important numbers in computing and network…
A curated list of important numbers in computing and networking that are essential knowledge for developers.
Category: Newsletter
8. Chinese state-sponsored actors circumvented Anthropic’s Clau…
Chinese state-sponsored actors circumvented Anthropic’s Claude Code tool by disguising malicious tasks as defensive security work, conducting fully autonomous AI-driven cyber attacks targeting organizations across multiple sectors globally. Anthropic banned compromised accounts a
Category: Newsletter
9. DoorDash reported a breach stemming from employee social eng…
DoorDash reported a breach stemming from employee social engineering, compromising users’ names, addresses, emails, and phone numbers. The company faced criticism over notification delays and clarity.
Category: Newsletter
10. Logitech experienced a breach via a zero-day flaw exploited …
Logitech experienced a breach via a zero-day flaw exploited by the Clop ransomware group. Limited data on employees, customers, and suppliers was accessed; financial information was not compromised.
Category: Newsletter
11. Fortinet FortiWeb appliances have been exploited using CVE-2…
Fortinet FortiWeb appliances have been exploited using CVE-2025-64446, a pre-authentication remote code execution vulnerability, allowing attackers to bypass authentication and impersonate users by crafting a special CGIINFO header. The vulnerability was patched silently in versi
Category: Newsletter
12. This post explains how integrating AI with traditional Stati…
This post explains how integrating AI with traditional Static Application Security Testing (SAST) using retrieval-augmented generation (RAG) improves vulnerability detection. It explores prompt-and-code, prompt-and-agent, and hybrid approaches, exemplified by the ZeroPath system.
Category: Newsletter
13. The article describes handcrafting
The article describes handcrafting .NET deserialization gadgets by understanding serialization streams structure, enabling custom payload creation without pre-generated tools, improving security research and exploitation techniques.
Category: Newsletter
14. Persona eBook discusses evolving threat landscapes where att…
Persona eBook discusses evolving threat landscapes where attackers log in rather than break in, emphasizing identity verification as a critical defense against GenAI-powered fraud for enterprise security teams.
Category: Newsletter
15. NoMoreStealer is a Windows kernel minifilter driver that int…
NoMoreStealer is a Windows kernel minifilter driver that intercepts file system operations to block untrusted processes from accessing protected paths, enhancing endpoint security.
Category: Newsletter