FBI Warns of Fake Video Scams
The FBI is warning of AI-assisted fake kidnapping scams: Criminal actors typically will contact their victims through text message claiming…
Security
Three Zero-Days and 57 Fixes: A Critical Year-End Patch Tuesday from Microsoft
This month’s Patch Tuesday delivers a modest-sized update, but with high-impact fixes. Microsoft has patched 57 vulnerabilities, including 3 zero-day…
CVE-2025-55182: Immediate Operationalization of React2Shell by China-Nexus Threat Actors
Within hours of the public disclosure of CVE-2025-55182 (React2Shell) on December 3, 2025, security researchers observed active exploitation attempts from…
AI vs. Human Drivers
Two competing arguments are making the rounds. The first is by a neurosurgeon in the New York Times. In an…
Understanding CVE-2025-66516: Critical XXE Exposure in Apache Tika
A maximum severity vulnerability has been identified in Apache Tika, a widely used open-source content analysis toolkit. This vulnerability, designated…
Update on React Server Components RCE Vulnerability (CVE-2025-55182 / CVE-2025-66478)
The attack landscape has been dynamic following the disclosure of the React Server Components RCE vulnerability. New information has emerged…
Substitution Cipher Based on The Voynich Manuscript
Here’s a fun paper: “The Naibbe cipher: a substitution cipher that encrypts Latin and Italian as Voynich Manuscript-like ciphertext“: Abstract:…
2025 in Review: A Year of Smarter, Context-Aware API Security
As the year draws to a close, it’s worth pausing to look back on what has been an extraordinary year…
Stealth Fix: Microsoft Patches Exploited LNK Security Hole
In a move that highlights the ongoing cat-and-mouse game between software vendors and threat actors, Microsoft has recently addressed a…
Friday Squid Blogging: Vampire Squid Genome
The vampire squid (Vampyroteuthis infernalis) has the largest cephalopod genome ever sequenced: more than 11 billion base pairs. That’s more…