North Korea-linked threat actors target cybersecurity experts with a zero-day
North Korea-linked threat actors associated with North Korea exploited a zero-day flaw in attacks against cybersecurity experts. North Korea-linked threat…
Security
Friday Squid Blogging: Glass Squid Video
Here’s a fantastic video of Taonius Borealis, a glass squid, from NOAA. As usual, you can also use this squid…
Zero-day in Cisco ASA and FTD is actively exploited in ransomware attacks
A zero-day vulnerability (CVE-2023-20269) in Cisco ASA and FTD is actively exploited in ransomware attacks, the company warns. Cisco warns…
Nation-state actors exploit Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus, CISA warns
U.S. CISA warned that nation-state actors are exploiting flaws in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus. The U.S.…
LLMs and Tool Use
Last March, just two weeks after GPT-4 was released, researchers at Microsoft quietly announced a plan to compile millions of…
Zero-days fixed by Apple were used to deliver NSO Group’s Pegasus spyware
Citizen Lab reported that the actively exploited zero-days fixed by Apple are being used in Pegasus spyware attacks Researchers at…
Apple discloses 2 new actively exploited zero-day flaws in iPhones, Macs
Apple rolled out emergency security updates to address two new actively exploited zero-day vulnerabilities impacting iPhones and Macs. The two…
Wallarm Presenting at BSides Albuquerque
If you’re in the Albuquerque area this Friday and/or Saturday, we hope you’re planning on going to BSides ABQ –…
A malvertising campaign is delivering a new version of the macOS Atomic Stealer
Researchers spotted a new malvertising campaign targeting Mac users with a new version of the macOS stealer Atomic Stealer. Malwarebytes…
DARPA attacked.
The Snatch gang claims to have hacked the Department of Defence South Africa and added the military organisation to its…