Today. I dive into how decades-old tech, like the "Finger" protocol, is being weaponized in modern ClickFix attacks, alongside major zero-day exploitation news affecting FortiWeb and Logitech. We also unpack the sophisticated techniques used by threat actors like Dragon Breath to disable security tools and the concerning new ways researchers are bypassing AI guardrails.

We dive into a massive NPM registry attack where a self-replicating worm polluted the software supply chain with over 150,000 packages seeking cryptocurrency rewards. Then, we analyze how state-sponsored threat actors used Anthropic’s Claude AI to automate 90% of a targeted espionage campaign against critical global organizations.

Today we expose the 'Whisper Leak' LLM attack that infers sensitive conversation topics from encrypted metadata. Plus, we break down the start of CMMC enforcement and why supply chain risks are soaring, according to the new OWASP Top 10 list.

Australia steps up sanctions against North Korean cyber operations funding weapons programs, while the Cl0p gang continues to expose victims of the Oracle EBS hack. Plus, we break down the evolving threat landscape from sophisticated ClickFix scams targeting macOS to mobile zero-day spyware aimed at the Middle East.

We dive into how AI is complicating the threat landscape, covering an "AI Slop" ransomware test sneaked onto the VS Code marketplace and novel prompt injection hacks against ChatGPT memories. We also break down critical high-severity browser flaws in Chrome 142 and the escalating geopolitical tension around US hyperscalers and European data sovereignty.

Today we dive into alarming new reports, including how state-sponsored hackers stole firewall backups and how AI is enabling malware to mutate autonomously during execution. We also cover the costly Nevada ransomware recovery, critical Cisco patches, and the perennial problem of weak passwords.

Today, we expose a sophisticated campaign where hackers use Remote Monitoring and Management tools to hijack physical cargo, leading to billions in losses, and analyze the dangerous new trend of malware like SesameOp abusing trusted AI APIs for stealthy command-and-control operations. Plus, we cover the major patches released by both Apple and Google, including a critical Android Remote Code Execution flaw that requires zero user interaction.

Today, we dissect how a suspected Chinese APT used the new 'Airstalk' malware to compromise BPOs in targeted supply chain attacks, and why the Claude AI model was successfully tricked into exfiltrating user data. Plus, we look at the rising threat of cybercriminals exploiting legitimate RMM tools to steal physical cargo from logistics networks.

CISA issued urgent warnings, adding exploited VMware and XWiki flaws to the KEV catalog and requiring federal agencies to patch immediately. We break down the Chinese threat actor exploiting an unpatched Windows shortcut vulnerability targeting European diplomats and examine the active exploitation of the critical Windows WSUS flaw.

We dive into two major software supply chain campaigns, including the "PhantomRaven" operation, which delivered infostealers via 136 malicious NPM packages downloaded 100,000 times. Then, we look at why vetting dependencies is no longer enough and examine the shocking case of a US defense contractor executive who sold $35 million in cyber trade secrets to a Russian exploit broker.

Today we dive into critical industrial cyber threats as CISA warns of active exploitation in DELMIA factory software. We also examine Google's move to make HTTPS the default for all public sites and review the massive lawsuit alleging Microsoft tricked millions of users into pricey Copilot subscriptions.

Today we dive into the inevitability of prompt injection as agentic AI takes over enterprise functions, and reviews massive credential theft data circulating online. Plus, learn why industrial giants are falling victim to Oracle EBS exploits and how a $60 mod is killing privacy protections on smart glasses.

Today, we dive into critical AI browser vulnerabilities, including a trick that weaponizes the OpenAI Atlas omnibox, and analyze the spectacular flop of a promised $1 million WhatsApp exploit at Pwn2Own. Plus, we cover active exploitation of a critical Windows Server WSUS vulnerability and the shifting economics of ransomware.

Today we dive into critical updates for BIND against high-severity cache poisoning flaws, the zero-day exploitation of Lanscope Endpoint Manager that requires immediate federal attention, and the serious governance concerns raised by "vibe coding" and AI-generated code's lack of judgment. We also examine Verizon’s latest Mobile Security Index, highlighting soaring mobile device attacks and the alarming rise of AI-powered threats like deepfakes and SMS phishing.

CISA is ringing the alarm on actively exploited Windows SMB flaws while Chinese threat actors leverage a recently patched SharePoint vulnerability for espionage. We also detail how the Russian APT Star Blizzard rapidly changed tactics after researchers exposed their prior malware, and review critical vulnerabilities affecting TP-Link Omada Gateways.

CISA confirms multiple zero-day exploits, including a critical Oracle EBS vulnerability being leveraged by groups tied to Cl0p, necessitating immediate action from federal agencies and private enterprises. Meanwhile, we examine how threat actors are distributing global malware disguised as legitimate AI productivity tools and explore a highly sophisticated supply chain attack using the Solana blockchain for an untakeable command-and-control infrastructure.

Today. we unpack the fallout from a massive Oracle E-Business Suite hack that targeted American Airlines subsidiary Envoy Air, exposing business information from the regional carrier. We also dive into high-stakes cyberwarfare, covering China's accusation that the US attacked its critical National Time Center and Microsoft's report on how foreign adversaries are weaponizing AI.

Today we dive into the industrial scale of cybercrime, discussing the seizure of $15 billion in crypto assets linked to forced-labor scam networks and the staggering 17.6 million accounts impacted by the Prosper data breach. Plus, we analyze urgent patches for exploited zero-days in CentreStack and critical DoS flaws in industrial UPS devices.

Today, we dive into Operation ZeroDisco, where threat actors deployed rootkits onto older Cisco routers by exploiting a recent zero-day. We also analyze the consequences of the Discord breach, F5's revelation of a nation-state attack that stole source code, and the massive crypto "pig butchering" scam that led to the seizure of over $14 billion in Bitcoin.

Today, we unpack the massive October 2025 Patch Tuesday, covering exploited Windows zero-days, critical vulnerabilities in Adobe Connect and major ICS vendors like Red Lion, Siemens, and Rockwell. Plus, a deep dive into why enterprise organizations must ditch synced passkeys for device-bound credentials to prevent sophisticated authentication downgrade attacks.