Under UNC6384’s LNK: CVE-2025-9491 Powers PlugX Espionage Attacks
Executive Summary A Windows LNK (shortcut) UI-misrepresentation vulnerability (CVE-2025-9491, ZDI-CAN-25373) is being actively exploited by a China-linked threat actor tracked…
Security
Chrome 142 Released: High-Severity V8 Flaws Fixed, $100K in Rewards Paid
Google has released Chrome 142, addressing a total of 20 security flaws, including two high-severity vulnerabilities affecting the V8 JavaScript…
Cybercriminals Targeting Payroll Sites
Microsoft is warning of a scam involving online payroll systems. Criminals use social engineering to steal people’s credentials, and then…
BadCandy: Stealth Implant Converts IOS XE into a Persistent Surveillance Node
Cybercriminals and advanced persistent threat (APT) actors continue to evolve toward stealthier, persistence-focused, and profit-driven operations. Recent intelligence reports reveal…
AI Summarization Optimization
These days, the most important meeting attendee isn’t a person: It’s the AI notetaker. This system assigns action items and…
Weekly Update 476
Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite…
Friday Squid Blogging: Giant Squid at the Smithsonian
I can’t believe that I haven’t yet posted this picture of a giant squid at the Smithsonian. As usual, you…
Will AI Strengthen or Undermine Democracy?
Listen to the Audio on NextBigIdeaClub.com Below, co-authors Bruce Schneier and Nathan E. Sanders share five key insights from their…
When APIs Become Attack Paths: What the Q3 2025 ThreatStats Report Tells Us
Wallarm’s latest Q3 2025 API ThreatStats report reveals that API vulnerabilities, exploits, and breaches are not just increasing; they’re evolving.…
The AI-Designed Bioweapon Arms Race
Interesting article about the arms race between AI systems that invent/design new biological pathogens, and AI systems that detect them…