6 Minutes and a Prayer: The Math Your SOC Doesn’t Want You to See
Your analysts are gambling with alerts, and the math proves it. The cybersecurity industry has quietly agreed to avoid...
AndyC
Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.
NDSS 2025 – On The Realism Of LiDAR Spoofing Attacks Against Autonomous Driving Vehicle
Session 14D: Autonomous Vehicles Authors, Creators & Presenters: Ningfei Wang (University of California, Irvine), Shaoyuan Xie (University of California,...
Microsoft 365: A guide to the updates
Get more info about Version 2511 (Build 19426.20186). Version 2511 (Build 19426.20170) Release date: December 3, 2025 This build includes,...
LastPass warns of spoofed alerts aimed at stealing master passwords
LastPass warns of spoofed alerts aimed at stealing master passwords Pierluigi Paganini March 04, 2026 LastPass warns of a phishing...
The Instagram API Scraping Crisis: When ‘Public’ Data Becomes a 17.5 Million User Breach
On January 7, 2026, a dataset containing 17.5 million Instagram user records appeared on BreachForums – a notorious dark...
Randall Munroe’s XKCD ‘Groundhog Day Meaning’
via the comic artistry and dry wit of Randall Munroe, creator of XKCD Permalink *** This is a Security...
MY TAKE: ChatGPT is turning into Microsoft Office — and power users are paying the price
By Byron V. Acohido Something has been shifting inside the tools millions of us use every day, and it’s...
NDSS 2025 – Detecting Server-Induced Client Vulnerabilities In Windows Remote IPC
Session 14C: Vulnerability Detection Authors, Creators & Presenters: (Except Where Noted – The Following Authors Are From The Institute...
149 Hacktivist DDoS Attacks Hit 110 Organizations in 16 Countries After Middle East Conflict
Cybersecurity researchers have warned of a surge in retaliatory hacktivist activity following the U.S.-Israel coordinated military campaign against Iran, codenamed...
Coruna iOS Exploit Kit Uses 23 Exploits Across Five Chains Targeting iOS 13–17.2.1
Google said it identified a "new and powerful" exploit kit dubbed Coruna (aka CryptoWaters) targeting Apple iPhone models running iOS...
Perplexity AI Browser Flaw Could Let Calendar Invites Access Local Files
Image: Perplexity A security flaw in Perplexity’s AI-powered Comet browser could have allowed attackers to access files on a user’s...
Google’s Biggest Android Security Update in Years Fixes 129 Bugs, Including an Actively Exploited Zero-Day
Image: Denny Müller/Unsplash Google just dropped its largest security update in nearly eight years. The March 2026 Android Security Bulletin,...
The CTEM Divide: Why 84% of Security Programs Are Falling Behind
Originally published on the Hacker News here. A new 2026 market intelligence study of 128 enterprise security decision-makers (available...
Invisible Threats: Source Code Exfiltration in Google Antigravity – FireTail Blog
TL;DR: We explored a known issue in Google Antigravity where attackers can silently exfiltrate proprietary source code By...
Attackers abuse OAuth’s built-in redirects to launch phishing and malware attacks
Attackers are abusing normal OAuth error redirects to send users from a legitimate Microsoft or Google login URL to...