$50 Battering RAM Attack Breaks Intel and AMD Cloud Security Protections
A group of academics from KU Leuven and the University of Birmingham has demonstrated a new vulnerability called Battering RAM...
AndyC
Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.
Phantom Taurus: New China-Linked Hacker Group Hits Governments With Stealth Malware
Sep 30, 2025Ravie LakshmananCyber Espionage / Malware Government and telecommunications organizations across Africa, the Middle East, and Asia have emerged...
USENIX 2025: PEPR ’25 – Practical Considerations For Differential Privacy
Creator, Author and Presenter: Alex Kulesza Our thanks to USENIX for publishing their Presenter’s outstanding USENIX Enigma ’23 Conference content...
Meeting IEC 62443 Compliance: How CimTrak Secures Industrial Control Systems
The Rising Stakes in Critical Infrastructure Security Cybersecurity has traditionally been framed as an IT issue, protecting desktops, databases, and...
Sharpening the Focus on Product Requirements and Cybersecurity Risks: Updating Foundational Activities for IoT Product Manufacturers
Over the past few months, NIST has been revising and updating Foundational Activities for IoT Product Manufacturers (NIST IR 8259...
UK convicts Chinese national in £5.5B crypto fraud, marks world’s largest Bitcoin seizure
UK convicts Chinese national in £5.5B crypto fraud, marks world’s largest Bitcoin seizure Pierluigi Paganini September 30, 2025 A Chinese...
U.S. CISA adds Adminer, Cisco IOS, Fortra GoAnywhere MFT, Libraesva ESG, and Sudo flaws to its Known Exploited Vulnerabilities catalog
U.S. CISA adds Adminer, Cisco IOS, Fortra GoAnywhere MFT, Libraesva ESG, and Sudo flaws to its Known Exploited Vulnerabilities catalog...
Asahi halts ordering, shipping, and customer service after cyberattack
Asahi halts ordering, shipping, and customer service after cyberattack Pierluigi Paganini September 30, 2025 Japan’s top brewer Asahi suspends operations...
The AI Fix #70: AI behaves… until it knows you’re watching
In episode 70 of The AI Fix, our hosts learn that AI makes people more dishonest, Waymo’s robo-cars save lives...
Why Threat-Led Defense & Adversary Behavior Are Driving Security Priorities
Security teams used to set priorities based on vulnerabilities and assets. They would monitor CVE feeds, build patch schedules, and...
New Smish: New York Department of Revenue
As I was visiting SmishTank to report the most recent SMish that I had received (an iMessage from a +27 South...
Introducing Resource Policies for Continuous AI Security – FireTail Blog
AI moves fast. New models are adopted, get updated, configurations drift. Keeping track of it all is hard, and catching...
Details of a Scam
Longtime Crypto-Gram readers know that I collect personal experiences of people being scammed. Here’s an almost: Then he added, “Here...
Harrods Data Breach Explained
On Friday, September 26–27, 2025 (UK time), Harrods warned that a third-party provider suffered an intrusion that exposed some online...
Researchers Disclose Google Gemini AI Flaws Allowing Prompt Injection and Cloud Exploits
Sep 30, 2025Ravie LakshmananArtificial Intelligence / Vulnerability Cybersecurity researchers have disclosed three now-patched security vulnerabilities impacting Google's Gemini artificial intelligence...
