When your AI Assistant Becomes the Attacker’s Command-and-Control
Earlier this month, Microsoft uncovered SesameOp, a new backdoor malware that abuses the OpenAI Assistants API as a covert command-and-control…
Security
One Key to Rule Them All: Apache Syncope Flaw Leaves Passwords Wide Open
A critical vulnerability, identified as CVE-2025-65998, has been discovered in Apache Syncope, a widely-used open-source identity management system, potentially exposing…
Four Ways AI Is Being Used to Strengthen Democracies Worldwide
Democracy is colliding with the technologies of artificial intelligence. Judging from the audience reaction at the recent World Forum on…
APT24’s BADAUDIO: A Deep Dive into China-Nexus Espionage Against Taiwan
A China-nexus threat actor has been conducting a sophisticated, multi-year espionage campaign using a custom malware downloader, compromising regional infrastructure…
IACR Nullifies Election Because of Lost Decryption Key
The International Association of Cryptologic Research—the academic cryptography association that’s been putting conferences like Crypto (back when “crypto” meant “cryptography”)…
Grafana Vulnerability Disclosure: SCIM Flaw Could Lead to Privilege Escalation
The discovery of CVE-2025-41115 exposes a critical security weakness in the Grafana Enterprise SCIM (System for Cross-domain Identity Management) component,…
Critical Security Update: SolarWinds Remediates Multiple Serv-U Vulnerabilities
SolarWinds has issued an urgent security update for its Serv-U file transfer software, patching three critical remote code execution (RCE)…
Weekly Update 479
Presently sponsored by: 1Password Extended Access Management: Secure every sign-in for every app on every device. I gave up on…
Friday Squid Blogging: New “Squid” Sneaker
I did not know Adidas sold a sneaker called “Squid.” As usual, you can also use this squid post to…
More on Rewiring Democracy
It’s been a month since Rewiring Democracy: How AI Will Transform Our Politics, Government, and Citizenship was published. From what…