HTTP

Attacking the MCP Trust Boundary

Attacking the MCP Trust Boundary

AndyC 23 April 2026

Every secure API draws a line between code and data. HTTP separates headers from bodies. SQL has prepared statements. Even...

Read More

Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers

Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers

AndyC 4 April 2026

Ravie LakshmananApr 03, 2026Linux / Server Hardening Threat actors are increasingly using HTTP cookies as a control channel for PHP-based web...

Read More

Euro-Office billed as Europe’s sovereign alternative to Microsoft Office

Axios Hijacked: npm Account Takeover Deploys Cross-Platform RAT to Millions

AndyC 1 April 2026

On March 31, 2026, two malicious versions of Axios – the JavaScript HTTP client with over 83 million weekly...

Read More

Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account

Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account

AndyC 31 March 2026

The popular HTTP client known as Axios has suffered a supply chain attack after two newly published versions of the...

Read More

Imperva Customers Protected Against CVE-2026-21962 in Oracle HTTP and WebLogic

Imperva Customers Protected Against CVE-2026-21962 in Oracle HTTP and WebLogic

AndyC 27 January 2026

What Is CVE-2026-21962? CVE-2026-21962 is a critical (CVSS 10.0) vulnerability in the Oracle HTTP Server and the WebLogic Server Proxy...

Read More

Recovery scammers hit you when you’re down: Here’s how to avoid a second strike

Recovery scammers hit you when you’re down: Here’s how to avoid a second strike

AndyC 15 April 2026

If you’ve been the victim of fraud, you’re likely already a lead on a ‘sucker list’ – and if you’re not careful, your ordeal may...

Read More

Recovery scammers hit you when you’re down: Here’s how to avoid a second strike

Recovery scammers hit you when you’re down: Here’s how to avoid a second strike

AndyC 15 April 2026

If you’ve been the victim of fraud, you’re likely already a lead on a ‘sucker list’ – and if you’re not careful, your ordeal may...

Read More

As breakout time accelerates, prevention-first cybersecurity takes center stage

As breakout time accelerates, prevention-first cybersecurity takes center stage

AndyC 8 April 2026

Business Security Threat actors are using AI to supercharge tried-and-tested TTPs. When attacks move this fast, cyber-defenders need to rethink their own strategy. Phil Muncaster...

Read More

Digital assets after death: Managing risks to your loved one’s digital estate

Digital assets after death: Managing risks to your loved one’s digital estate

AndyC 2 April 2026

Digital Security Fraudsters often target the accounts of the deceased or their grieving relatives. Here’s how to keep the scammers at bay. Phil Muncaster 01...

Read More

This month in security with Tony Anscombe – March 2026 edition

This month in security with Tony Anscombe – March 2026 edition

AndyC 1 April 2026

The past four weeks have seen a slew of new cybersecurity wake-up calls that showed why every organization needs a well-thought-out cyber-resilience plan 31 Mar...

Read More

RSAC 2026 wrap-up – Week in security with Tony Anscombe

RSAC 2026 wrap-up – Week in security with Tony Anscombe

AndyC 28 March 2026

This year, AI agents took the center stage – as a defensive capability, but more pressingly as a risk many organizations haven't caught up with...

Read More

Smashing Security podcast #463: This AI company leaked its own code. It’s also built something terrifying

Smashing Security podcast #463: This AI company leaked its own code. It’s also built something terrifying

AndyC 29 April 2026

Smashing Security podcast #463: This AI company leaked its own code. It’s also built something terrifying

Smashing Security podcast #463: This AI company leaked its own code. It’s also built something terrifying

AndyC 29 April 2026

Smashing Security podcast #463: This AI company leaked its own code. It’s also built something terrifying

Smashing Security podcast #463: This AI company leaked its own code. It’s also built something terrifying

AndyC 29 April 2026

Smashing Security podcast #463: This AI company leaked its own code. It’s also built something terrifying

Smashing Security podcast #463: This AI company leaked its own code. It’s also built something terrifying

AndyC 29 April 2026

Smashing Security podcast #463: This AI company leaked its own code. It’s also built something terrifying

Smashing Security podcast #463: This AI company leaked its own code. It’s also built something terrifying

AndyC 29 April 2026