Know What's Happening in Cybersecurity
Know What's Happening in Cybersecurity
Cybersecurity Pulse
EMAIL DIGESTS
Daily
Every morning
Weekly
Tuesday recap
EMAIL DIGESTS
Daily
Every morning
Weekly
Tuesday recap
Ransomware and Supply‑Chain Breaches Surge Across Industries
The Cyber Express reports a sharp rise in ransomware incidents and supply‑chain compromises. High‑profile attacks include a ransomware intrusion at Hasbro, a malicious LiteLLM package update that hit AI startup Mercor, and a North Korean‑linked exploit of the Axios JavaScript library.
Also developing:
Flare’s research reveals SafePay ransomware’s rapid rise in 2024‑25, focusing on small and mid‑size businesses (SMBs) through a classic double‑extortion model. By publishing over 500 victim records on Tor leak sites, the group pressures targets with regulatory, legal and reputational fallout rather than pure technical disruption. The data shows more than 90% of victims are SMBs in service‑oriented sectors, concentrated in the United States and Germany. SafePay’s strategy exploits the blind spot of undisclosed breaches, turning compliance obligations into leverage.
At the Chaos Communication Congress in Hamburg, hacktivist Martha Root publicly deleted three white‑supremacist sites—WhiteDate, WhiteChild and WhiteDeal—while the audience cheered. The live takedown was accompanied by the release of data on more than 6,000 users from the dating platform,...
A sophisticated phishing campaign is targeting WordPress administrators with fake domain renewal emails. The emails direct victims to a counterfeit WordPress payment portal that harvests credit‑card details and 3‑D Secure one‑time passwords. Stolen data is immediately relayed to attacker‑controlled Telegram...
At the Chaos Communication Congress, German hacker known as “Martha Root” publicly dismantled a white‑supremacist dating website. Dressed as a pink Power Ranger, she demonstrated live how she had breached the platform, downloaded every user profile, and ran an AI...
Security researchers have identified two malicious Chrome extensions—"Chat GPT for Chrome with GPT‑5, Claude Sonnet & DeepSeek AI" and "AI Sidebar with Deepseek, ChatGPT, Claude, and more"—that together have been installed by roughly 900,000 users. The extensions harvest OpenAI ChatGPT...
A newly disclosed macOS vulnerability (CVE-2025-43530) lets attackers silently bypass the Transparency, Consent, and Control (TCC) privacy framework by exploiting trusted VoiceOver services. The flaw combines a lax file‑based validation of Apple‑signed binaries with a TOCTOU race condition, enabling arbitrary...
A high‑severity vulnerability (CVE‑2025‑64496) was found in Open WebUI versions 0.6.34 and earlier when the Direct Connections feature is enabled. The flaw lets a malicious AI endpoint send crafted server‑sent events that execute JavaScript in the user’s browser, stealing localStorage tokens and...
In this episode, Ryan Lafler of Quantum Corridor and Terry Cronin of Toshiba discuss their landmark demonstration of cross‑state Quantum Key Distribution (QKD) over a live commercial metro fiber network, highlighting its significance for scaling secure communications across state lines....
A proxy server acts as an intermediary between client devices and the Internet, forwarding requests, filtering data, and returning responses. The guide distinguishes forward proxies, which protect users by masking IPs, enforcing policies, caching content, and inspecting traffic, from reverse...
By 2026 phishing emails will mimic legitimate messages, evading traditional filters. CISOs are turning to behavior‑based sandbox analysis to see the full attack chain within seconds, dramatically cutting verdict times. Automated interactivity and real‑time threat context enable faster, more accurate...
Identity dark matter describes the growing pool of unmanaged human and non‑human identities spread across SaaS, IaaS, on‑prem and shadow applications. Traditional IAM and IGA tools only cover the managed half, leaving bots, service accounts and orphaned users invisible. This...
AI‑powered forks of Microsoft VS Code such as Cursor, Windsurf, Google Antigravity and Trae have been found recommending extensions that do not exist in the Open VSX registry. Because the extension names are unclaimed, threat actors can publish malicious packages under those...
Security researchers have uncovered a high‑severity vulnerability (CVE‑2025‑64496) in Open WebUI, a self‑hosted interface for large language models. The flaw resides in the Direct Connections feature, where unsafe handling of server‑sent events lets a malicious model server inject JavaScript that...
Jaguar Land Rover reported a sharp sales decline in Q3 2025 after a late‑August cyber‑attack crippled its factories. Retail volumes fell 25.1% year‑on‑year to 79,600 vehicles, while wholesale shipments plunged 43% to 59,200 units. Production stoppages in September and lingering...
A critical vulnerability (CVE‑2025‑68668) in n8n’s Python Code Node lets authenticated users bypass the sandbox and execute arbitrary system commands. The flaw affects all n8n versions from 1.0.0 up to, but not including, 2.0.0 and carries a CVSS score of...
![Poisoned at the Source. [OMITB]](/cdn-cgi/image/width=1200,quality=75,format=auto,fit=cover/https://megaphone.imgix.net/podcasts/8797f03a-a50b-11ea-b6c0-87ebb093948d/image/hacking-humans-cover-art-cw.png?ixlib=rails-4.3.1&max-w=3000&max-h=3000&fit=crop&auto=format,compress)
In this episode, Selena Larson, Keith Mularski, and Dave Bittner examine supply‑chain attacks, focusing on a large‑scale Android malware campaign that embeds malicious code in firmware and reseller‑installed system images before devices reach consumers. They compare this threat to other...
AccuKnox has named Connex Information Technologies as its authorized distribution partner for Zero Trust CNAPP solutions across South and Southeast Asia. Connex, operating in 14 countries with a network of over 1,500 channel partners, will drive localized deployment, partner enablement...
The episode announces AccuKnox's partnership with Connex Information Technologies to serve as its authorized distribution partner for Zero Trust CNAPP security across South and Southeast Asia. It highlights how Connex's extensive regional channel network and partner‑first approach will enable localized...
Veteran security leaders outline six strategies to transform cybersecurity groups from collections of high‑performing individuals into cohesive, high‑performing teams. The approach emphasizes hiring a blend of ambitious innovators and reliable "rock stars," while also seeking diverse backgrounds for broader perspective....
A critical path‑traversal flaw (CVE‑2026‑21440) in the @adonisjs/bodyparser npm package received a CVSS score of 9.2, allowing remote attackers to write arbitrary files when MultipartFile.move() is called without proper sanitization. The vulnerability affects versions up to 10.1.1 and 11.0.0‑next.5 and...
The episode highlights three emerging security concerns: the growing use of inexpensive IP KVM devices that often expose out‑of‑band access to the internet, the release of TailSnitch—a tool that audits TailScale configurations for misconfigurations, and a critical buffer‑overflow vulnerability (CVSS 9.8) in...
_designer491_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale)
Startups are reshaping cybersecurity by turning browsers into the new endpoint, leveraging Chrome’s Manifest V3 extensions for Browser Detection and Response, and applying large‑language models to AppSec and SOC automation. MV3‑based extensions from SquareX, Keep Aware and LayerX give real‑time...
Advisor360, a wealth‑management platform, faced uncontrolled shadow AI use as employees adopted free AI tools, creating security blind spots. Its small security operations center struggled to manually vet tools, taking days to assess risk. In 2024 the firm partnered with...
Cyber‑insurance premiums have softened but rate cuts are slowing, and insurers now demand verifiable security controls before underwriting. Boards increasingly view cyber coverage as a non‑negotiable component of risk‑management, pairing it with robust controls rather than treating it as a...
Russia‑linked APT group UAC‑0184 has resumed espionage against Ukraine’s military and the Verkhovna Rada by abusing the Viber messaging platform. The campaign distributes malicious ZIP archives that contain LNK shortcuts or PowerShell scripts, which trigger a multi‑stage infection chain ending...
Arbor Edge Defense (AED) complements CDN‑based DDoS mitigation by providing inline, on‑premises protection against low‑volume, application‑layer and state‑exhaustion attacks that cloud scrubbing services often miss. AED leverages AI/ML and NETSCOUT’s ATLAS threat intelligence, which monitors roughly half of global internet...
Cybersecurity strategies prioritize detection and response, but over‑reliance limits long‑term protection. The article argues that investigative analysis—examining packet‑level data, attack vectors, and root causes—provides essential insights to prevent repeat incidents. Advanced threats like APTs and zero‑days often evade detection, making...
The article debunks five common DDoS myths, highlighting that attacks are far more frequent and diverse than many believe. NETSCOUT’s ASERT team recorded over 15 million DDoS incidents in 2024, with a 43 % rise in sub‑gigabit, application‑layer assaults. It explains why...
Anthropic launched a beta Claude Chrome extension that lets the AI browse, click, and type on users' behalf, fundamentally shifting the browser security model. Zenity Labs discovered the tool stays logged in permanently, exposing OAuth tokens, console logs, and personal...
Cyber threats are increasingly complex, sparking a mental‑health crisis among IT and security teams. A recent Object First survey of 500 professionals found 84% feel uncomfortably stressed and 78% fear personal blame for breaches. Nearly 60% are actively looking for...
Leduc County in Alberta disclosed that a deliberate ransomware attack struck on December 25, disabling several of its information technology systems. The county became aware of the intrusion on Christmas Day and immediately initiated incident response protocols. While officials have...
The VVS stealer, a Python‑based malware family distributed as a PyInstaller package, employs Pyarmor obfuscation to evade detection and specifically harvest Discord tokens and browser credentials. It injects malicious JavaScript into the Discord client, extracts data from Chromium‑based and Firefox...
Iran‑linked group Handala claimed full phone compromise of former Israeli PM Naftali Bennett and Chief of Staff Tzachi Braverman, but Kela researchers found the breach was limited to their Telegram accounts. The attackers likely used SIM‑swap, SS7 interception, phishing lures...
In this episode, Chris Sistrunk explains that the biggest OT risks now stem from routine IT‑style attacks—often “living‑off‑the‑land” exploits on engineering workstations—rather than dramatic malware like Stuxnet, as organizations connect industrial systems to the cloud for telemetry and AI. He...
Elliptic’s latest analysis reveals that Telegram now hosts the world’s largest Chinese‑language darknet markets, with Tudou Guarantee and Xinbi Guarantee together processing roughly $2 billion each month in money‑laundering, stolen‑data sales, AI deep‑fake tools, and other illicit services. Despite Telegram’s 2025...
The episode recaps recent security news, highlighting ongoing activity of the React2Shell exploit and the need to patch and isolate MongoDB servers against the MongoBleed vulnerability. It warns about classic advance‑fee cryptocurrency scams promising large payouts, and shares a practical...
DataBreaches.net and security journalist Zack Whittaker have issued a reminder for cybersecurity journalists and researchers to complete a threat‑experience survey. The questionnaire captures legal actions, court orders, and violent intimidation faced while covering cybercrime. Participation is free via a Google...
WhatsApp, with over 3 billion users, faces growing security threats such as GhostPairing and mass phone‑number exposure. Meta has added a suite of privacy tools—including Privacy Checkup, disappearing messages, two‑factor authentication with PIN, app and chat locks, advanced security settings, and...
Recent zero‑click spyware attacks on iPhone and Android devices have prompted Apple and Google to release critical patches. High‑profile victims such as Jeff Bezos and activists illustrate the threat’s reach beyond nation‑state targets. Experts advise using Lockdown Mode, Android Advanced...
In 2025 Didier Stevens published an extensive series of blog entries, delivering more than 70 incremental updates to his open‑source forensic utilities such as strings.py, oledump.py, pdf‑parser.py, and xorsearch.py. The posts also include quick‑takes on power consumption, hardware testing, and...
The UK government’s three‑month trial of Microsoft 365 Copilot revealed no measurable productivity uplift, echoing broader industry findings that generative AI often underdelivers. Parallel commentary in the blog highlights that delegating security to vendors without skilled oversight creates blind spots, while a...
In a year‑end panel, cybersecurity leaders forecast that 2026 will be dominated by AI‑driven threats, with agentic AI and deepfake‑enabled social engineering emerging as top attack vectors. Identity management will shift toward zero‑trust models that include non‑human identities, while supply‑chain...
Security‑focused CTOs are setting five priority resolutions for 2026. First, they will operationalize AI governance by embedding repeatable controls, model gateways and telemetry into engineering pipelines to enforce "secure to ship" AI features. Second, they will add dedicated security controls...
Transparent Tribe, also known as APT36, has launched a new wave of remote‑access‑trojan (RAT) attacks against Indian government, academic and strategic organizations. The campaign delivers weaponized LNK files disguised as PDFs, which execute HTA scripts via mshta.exe and load a...
In this episode, the host recounts a recent web application penetration test that went disastrously wrong, highlighting the missteps and unexpected challenges that can arise during a pentest. The story underscores the importance of thorough planning, clear communication with clients,...
Attack surface management (ASM) tools promise reduced risk by expanding visibility, yet most programs deliver only larger asset inventories and louder dashboards. Security teams see counts climb and alerts surge, but leadership still struggles to answer whether incidents actually decline....
In this special in‑studio episode, hosts Selena Larson, Dave Bittner, and former FBI cybercrime investigator Keith Mularski tackle a hot‑wings challenge while fielding personal and career‑focused questions, offering listeners a candid look at their backgrounds and the moments that shaped...
Enterprises racing to embed AI realized in 2025 they lacked visibility into the data feeding models, prompting a governance shift. Bedrock Security’s research shows most leaders cannot map training or inference datasets, exposing firms to audit failures and regulatory penalties....
Todd Thiemann forecasts four identity‑security trends for 2026. AI agents will move from SaaS sandboxes into core business processes, creating new breach vectors that demand holistic identity controls. Mid‑market firms, facing app sprawl, will finally adopt Identity Governance and Administration...
U.S. federal cybersecurity faces a potential setback as the Cybersecurity and Infrastructure Security Agency (CISA) shed roughly 1,000 employees, leaving a 40% vacancy rate across critical mission areas. Recent White House staffing cuts, compounded by the lingering effects of the...
