Friday Squid Blogging: Squid Werewolf Hacking Group
In another rare squid/cybersecurity intersection, APT37 is also known as “Squid Werewolf.” As usual, you can also use this squid…
Security
Hook, Line, and Sinker: Chrome Patches Zero-Day Used in Phishing Attacks
In mid-March 2025, a deluge of personalized phishing emails took Russia by storm. When analyzed, the underlying vulnerability had researchers…
AIs as Trusted Third Parties
This is a truly fascinating paper: “Trusted Machine Learning Models Unlock Private Inference for Problems Currently Infeasible with Cryptography.” The…
A Taxonomy of Adversarial Machine Learning Attacks and Mitigations
NIST just released a comprehensive taxonomy of adversarial machine learning attacks and countermeasures.
AI Agents and API Security: The Hidden Risks Lurking in Your Business Logic
Modern organizations are becoming increasingly reliant on agentic AI, and for good reason: AI agents can dramatically improve efficiency and…
AI Data Poisoning
Cloudflare has a new feature—available to free users as well—that uses AI to generate random pages to feed to AI…
Next.js middleware authorization bypass vulnerability: Are you vulnerable?
A critical vulnerability in the Next.js framework, officially disclosed on March 21, 2025, allows attackers to bypass middleware security controls…
Ingress NGINX Remote Code Execution Vulnerabilities Discovered – Patch Now!
Critical security vulnerabilities have been discovered in Ingress-NGINX Controller for Kubernetes. CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, and CVE-2025-1974—collectively known as ‘IngressNightmare’—allow attackers…
Lessons From the Field: How a Global Motion Control Company Transformed Its Security Operations
What happened when this team found an MDR partner that truly acted as an extension of their team? Managing cybersecurity…
Report on Paragon Spyware
Citizen Lab has a new report on Paragon’s spyware: Key Findings: Introducing Paragon Solutions. Paragon Solutions was founded in Israel…