Three Zero-Days, 114 Flaws Fixed: Microsoft Kicks Off 2026 with a Major Patch Tuesday
This month’s Patch Tuesday marks a significant start to the year, with Microsoft delivering a heavy volume of updates to…
Security
Who Decides Who Doesn’t Deserve Privacy?
Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite…
Silent Scan, Stolen Secrets: Kimsuky’s QR-Code Phishing Campaign
Executive Summary A sustained quishing (QR-code phishing) campaign conducted by the North Korea–linked APT group Kimsuky (aka Larva-24005) has been…
1980s Hacker Manifesto
Forty years ago, The Mentor—Loyd Blankenship—published “The Conscience of a Hacker” in Phrack. You bet your ass we’re all alike……
Corrupting LLMs Through Weird Generalizations
Fascinating research: Weird Generalization and Inductive Backdoors: New Ways to Corrupt LLMs. AbstractLLMs are useful because they generalize so well.…
Friday Squid Blogging: The Chinese Squid-Fishing Fleet off the Argentine Coast
The latest article on this topic. As usual, you can also use this squid post to talk about the security…
Palo Alto Crosswalk Signals Had Default Passwords
Palo Alto’s crosswalk signals were hacked last year. Turns out the city never changed the default passwords.
Deploying VSOCKpuppet: Unmasking how Chinese Threat Actors Exploited ESXi Zero-Days Before Disclosure
Network virtualization infrastructure continues to be a high-value target for well-resourced threat actors. Recent analysis has revealed a sophisticated intrusion…
Active Exploitation Alert: Critical RCE Vulnerability in HPE OneView
The cybersecurity landscape is ever-evolving, and recent reports indicate that a previously patched vulnerability in HPE OneView is now being…
Public PoC Released for Cisco ISE Information Disclosure Flaw
Cisco has recently addressed a medium-severity security vulnerability in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC).…