Kimsuky Spreads DocSwap Android Malware via QR Phishing Posing as Delivery App
Dec 18, 2025Ravie LakshmananMalware / Mobile Security The North Korean threat actor known as Kimsuky has been linked to a...
AndyC
Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.
Microsoft December Update Breaks Critical IIS Servers
The security updates delivered through KB5071546 have fundamentally broken Message Queuing (MSMQ) functionality across multiple Windows versions. The post Microsoft...
Chinese Hackers Breach Cisco’s Email Security Systems
The Chinese threat group, tracked as UAT-9686, has deployed a collection of custom-built hacking tools to maintain persistent access to...
SoundCloud Cyberattack Leaves 28M Users Exposed
The breach has already triggered widespread chaos across the platform, with users worldwide reporting connection failures and cryptic error messages....
How CISOs Can Beat the Ransomware Blame Game
Being a CISO is not for the weak-hearted. It’s a stressful role and an innately high-risk position. Around 25% of security...
2026 Cyber Predictions: Accelerating AI, Data Sovereignty, and Architecture Rationalization
2026 promises to be a critical period, marked by the confluence of advanced cyber capabilities driven by AI adoption,...
Smashing Security podcast #448: The Kindle that got pwned
Think your Kindle is harmless? Think again! In this episode, we unpack a Black Hat Europe talk revealing how a...
Private Certificate Authority 101: From Setup to Management
Home » Private Certificate Authority 101: From Setup to Management Introduction Security has become a primary focus in today’s...
CISA Flags Critical ASUS Live Update Flaw After Evidence of Active Exploitation
Dec 18, 2025Ravie LakshmananVulnerability / Software Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical...
Cisco Warns of Active Attacks Exploiting Unpatched 0-Day in AsyncOS Email Security Appliances
Dec 18, 2025Ravie LakshmananVulnerability / Network Security Cisco has alerted users to a maximum-severity zero-day flaw in Cisco AsyncOS software...
LLM10: Unbounded Consumption – FireTail Blog
The OWASP Top 10 for LLMs was released this year to help security teams understand and mitigate the rising...
SonicWall warns of actively exploited flaw in SMA 100 AMC
SonicWall warns of actively exploited flaw in SMA 100 AMC Pierluigi Paganini December 17, 2025 SonicWall warned users to patch...
Why Venture Capital Is Betting Against Traditional SIEMs
And why most of the arguments do not hold up under scrutiny Over the past 18 to 24 months,...
CVE-2025-40602: SonicWall Secure Mobile Access (SMA) 1000 Zero-Day Exploited
A zero-day vulnerability in SonicWall’s Secure Mobile Access (SMA) 1000 was reportedly exploited in the wild in a chained...
The Hidden Cost of “AI on Every Alert” (And How to Fix It)
Every SOC leader is hearing the same promise right now: “Drop an AI agent on every alert and watch...
