Uniting Global Leaders Against Cyber Terrorism
Uniting Global Leaders Against Cyber Terrorism The fight against terrorism has moved to a new battlefield: the digital frontier. Last...
Blog
Maximum-severity XXE vulnerability discovered in Apache Tika
Maximum-severity XXE vulnerability discovered in Apache Tika Pierluigi Paganini December 06, 2025 A maximum severity vulnerability in Apache Tika, tracked...
Insecure use of Signal app part of wider Department of Defense problem, suggests Senate report
In short, while there was no evidence that unsanctioned app use is routine or normalized, it is likely that enough...
JPCERT/CC Reports Widespread Exploitation of Array Networks AG Gateway Vulnerability
JPCERT/CC Reports Widespread Exploitation of Array Networks AG Gateway Vulnerability Pierluigi Paganini December 05, 2025 Array Networks AG gateways have...
M365 customers should explore alternatives, plan to dicker as prices hikes loom — analysts
There are now more than 430 million commercial M365 users globally, Microsoft said during an earnings call earlier this year. ...
Zero-Click Agentic Browser Attack Can Delete Entire Google Drive Using Crafted Emails
Dec 05, 2025Ravie LakshmananEmail Security / Threat Research A new agentic browser attack targeting Perplexity's Comet browser that's capable of...
Critical XXE Bug CVE-2025-66516 (CVSS 10.0) Hits Apache Tika, Requires Urgent Patch
Dec 05, 2025Ravie LakshmananApplication Security / Vulnerability A critical security flaw has been disclosed in Apache Tika that could result...
Chinese Hackers Have Started Exploiting the Newly Disclosed React2Shell Vulnerability
Dec 05, 2025Ravie LakshmananVulnerability / Software Security Two hacking groups with ties to China have been observed weaponizing the newly...
CrowdStrike Identifies New China-Nexus Espionage Actor
Image: Adobe Stock A newly identified China-nexus cyber adversary, tracked by CrowdStrike as WARP PANDA, has emerged as one of...
Google Rolls Out Chrome 143 Update for Billions Worldwide
Source: Zulfugar Karimov/Unsplash Billions of Chrome users are getting a crucial safety upgrade before the year ends. Google has begun...
Sharpening the knife: GOLD BLADE’s strategic evolution
Between February 2024 and August 2025, Sophos analysts investigated nearly 40 intrusions related to STAC6565, a campaign the analysts assess...
OpenAI prompts AI models to ‘confess’ when they cheat
OpenAI trained a version of GPT-5 Thinking to produce the confessions and tested the technique on stress-test datasets designed to...
BRICKSTORM backdoor exposed: CISA warns of advanced China-backed intrusions
BRICKSTORM backdoor exposed: CISA warns of advanced China-backed intrusions Pierluigi Paganini December 05, 2025 CISA details BRICKSTORM, a China-linked backdoor...
Weekly Update 481
05 December 2025 Twelve years (and one day) since launching Have I Been Pwned, it's now a service that Charlotte...