Top Security Mistakes Developers Make with Code Signing Certificates
Software supply chain attacks keep climbing and attackers are getting better at slipping malicious code into trusted software. Code signing…
Security
Story of Cyberattack: Salesforce Supply Chain Breach
The Salesforce ecosystem just got a harsh reminder that the weakest link rarely lives inside the core platform. It often…
ShadowPad’s Silent Invasion: Crafting Persistence Through WSUS Exploitation
The ShadowPad malware campaign represents an urgent and advanced cybersecurity threat, exploiting a critical vulnerability in Microsoft’s WSUS service to…
Huawei and Chinese Surveillance
This quote is from House of Huawei: The Secret History of China’s Most Powerful Company. “Long before anyone had heard…
When your AI Assistant Becomes the Attacker’s Command-and-Control
Earlier this month, Microsoft uncovered SesameOp, a new backdoor malware that abuses the OpenAI Assistants API as a covert command-and-control…
One Key to Rule Them All: Apache Syncope Flaw Leaves Passwords Wide Open
A critical vulnerability, identified as CVE-2025-65998, has been discovered in Apache Syncope, a widely-used open-source identity management system, potentially exposing…
Four Ways AI Is Being Used to Strengthen Democracies Worldwide
Democracy is colliding with the technologies of artificial intelligence. Judging from the audience reaction at the recent World Forum on…
APT24’s BADAUDIO: A Deep Dive into China-Nexus Espionage Against Taiwan
A China-nexus threat actor has been conducting a sophisticated, multi-year espionage campaign using a custom malware downloader, compromising regional infrastructure…
IACR Nullifies Election Because of Lost Decryption Key
The International Association of Cryptologic Research—the academic cryptography association that’s been putting conferences like Crypto (back when “crypto” meant “cryptography”)…
Grafana Vulnerability Disclosure: SCIM Flaw Could Lead to Privilege Escalation
The discovery of CVE-2025-41115 exposes a critical security weakness in the Grafana Enterprise SCIM (System for Cross-domain Identity Management) component,…