Microsoft Warns Python Infostealers Target macOS via Fake Ads and Installers
Ravie LakshmananFeb 04, 2026Malvertising / Infostealer Microsoft has warned that information-stealing attacks are "rapidly expanding" beyond Windows to target Apple...
AndyC
Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.
Eclipse Foundation Mandates Pre-Publish Security Checks for Open VSX Extensions
Ravie LakshmananFeb 04, 2026Supply Chain Security / Secure Coding The Eclipse Foundation, which maintains the Open VSX Registry, has announced...
CISA Adds Actively Exploited SolarWinds Web Help Desk RCE to KEV Catalog
Ravie LakshmananFeb 04, 2026Software Security / Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical...
Alert Fatigue: Why SOCs Are Fighting the Wrong Battle
The “alert fatigue” crisis plaguing Security Operations Centers (SOCs) isn’t really about volume. It’s about fighting adversarial systems with tools...
AI is Supercharging Work…and Your Attack Surface
AI is now embedded in day-to-day work. Individuals and teams are using the technology to summarize reports, write emails, analyze...
Weekly Update 489
04 February 2026 This week I'm in Hong Kong, and the day after recording, I gave the talk shown in...
Chrome Add-On Caught Stealing Amazon Commissions
image: envato by Image-Source A Chrome browser extension advertised as a way to hide sponsored ads on Amazon has been...
Visa Application Process: Costs and Requirements
Introduction to Tech Mobility and Visa Logic Ever tried to book a flight for a dev conference only to realize...
U.S. CISA adds SolarWinds Web Help Desk, Sangoma FreePBX, and GitLab flaws to its Known Exploited Vulnerabilities catalog
U.S. CISA adds SolarWinds Web Help Desk, Sangoma FreePBX, and GitLab flaws to its Known Exploited Vulnerabilities catalog Pierluigi Paganini February...
Are your secrets safe from cyber threats
How Do Non-Human Identities Reinforce Data Protection? How does one ensure that machine identities remain secure from cyber threats? This...
What ensures NHI are protected in cloud platforms
What Makes Non-Human Identities Critical for Cloud Security? Have you considered how organizations can effectively secure their digital assets in...
Security Researchers Breach Moltbook in Record Time
Security researchers from cloud cybersecurity firm Wiz disclosed a critical vulnerability in Moltbook, a newly launched social network designed for...
Was My TikTok Hacked? How to Get Back Into Your Account and Lock Down Sessions
It usually starts with a small, uneasy moment. A notification you don’t recognize. A login code you didn’t request. A friend texting to ask...
Hackers abused React Native CLI flaw to deploy Rust malware before public disclosure
Hackers abused React Native CLI flaw to deploy Rust malware before public disclosure Pierluigi Paganini February 03, 2026 Hackers exploit...
Adversarial Exposure Validation for Modern Environments
What is Adversarial Exposure Validation? Adversarial Exposure Validation is a structured approach that applies attacker-style actions to confirm how your...
