Spotlight

Best of 2025: Oracle Hack: From ‘Deny-Deny-Deny’ to ‘Oops-Oops-Oops’

Best of 2025: Oracle Hack: From ‘Deny-Deny-Deny’ to ‘Oops-Oops-Oops’

AndyC 27 December 2025

Larry’s PR angels desperately dance on the head of a  pin.Oracle is now admitting that, yes, an Oracle cloud service...

Read More

Best of 2025: UNC6395 and the Salesloft Drift Attack: Why Salesforce OAuth Integrations are a Growing Risk

Best of 2025: UNC6395 and the Salesloft Drift Attack: Why Salesforce OAuth Integrations are a Growing Risk

AndyC 26 December 2025

Is your Salesforce environment integrated with third-party apps like Salesloft Drift? If so, your organization could be at risk...

Read More

Best of 2025: Ukraine Pwns Russian Drone Maker — Gaskar is ‘Paralyzed’

Best of 2025: Ukraine Pwns Russian Drone Maker — Gaskar is ‘Paralyzed’

AndyC 25 December 2025

Ukrainian Cyber Alliance and Black Owl team up to hack manufacturer of Russian military drones, sources  say.Gaskar Group, Russian designer...

Read More

Best of 2025: LDAPNightmare: SafeBreach Labs Publishes First Proof-of-Concept Exploit for CVE-2024-49112

Best of 2025: LDAPNightmare: SafeBreach Labs Publishes First Proof-of-Concept Exploit for CVE-2024-49112

AndyC 25 December 2025

SafeBreach Labs Researchers have developed a zero-click PoC exploit that crashes unpatched Windows Servers using the Windows Lightweight Directory...

Read More

Best of 2025: Microsoft’s January 2025 Patch Tuesday Addresses 157 CVEs (CVE-2025-21333, CVE-2025-21334, CVE-2025-21335)

Best of 2025: Microsoft’s January 2025 Patch Tuesday Addresses 157 CVEs (CVE-2025-21333, CVE-2025-21334, CVE-2025-21335)

AndyC 24 December 2025

10Critical147Important0Moderate0LowMicrosoft addresses 157 CVEs in the first Patch Tuesday release of 2025 and the largest Patch Tuesday update ever...

Read More

Best of 2025: Blue Shield of California Data Breach Exposes 4.7M Members’ Info

Best of 2025: Blue Shield of California Data Breach Exposes 4.7M Members’ Info

AndyC 24 December 2025

Blue Shield of California has confirmed a data breach affecting 4.7 million members due to a misconfigured Google Analytics...

Read More

Best of 2025: Scattered Spider Targets Aflac, Other Insurance Companies

Best of 2025: Inside the Minds of Cybercriminals: A Deep Dive into Black Basta’s Leaked Chats

AndyC 23 December 2025

The leaked internal chat communications of the Black Basta ransomware group offer an unprecedented view into how cybercriminals operate,...

Read More

4 Pillars of Network Risk Reduction: A Guide to Network Security Risk Management

NCC Group Taps Qualys to Extend Managed Security Service into Shadow IT Realm

AndyC 20 December 2025

NCC Group this week revealed it has allied with Qualys to expand the scope of its managed attack surface...

Read More

4 Pillars of Network Risk Reduction: A Guide to Network Security Risk Management

NCC Group Taps Qualys to Extend Managed Security Service into Shadow IT Realm

AndyC 20 December 2025

NCC Group this week revealed it has allied with Qualys to expand the scope of its managed attack surface...

Read More

4 Pillars of Network Risk Reduction: A Guide to Network Security Risk Management

NCC Group Taps Qualys to Extend Managed Security Service into Shadow IT Realm

AndyC 20 December 2025

NCC Group this week revealed it has allied with Qualys to expand the scope of its managed attack surface...

Read More

4 Pillars of Network Risk Reduction: A Guide to Network Security Risk Management

NCC Group Taps Qualys to Extend Managed Security Service into Shadow IT Realm

AndyC 20 December 2025

NCC Group this week revealed it has allied with Qualys to expand the scope of its managed attack surface...

Read More

4 Pillars of Network Risk Reduction: A Guide to Network Security Risk Management

NCC Group Taps Qualys to Extend Managed Security Service into Shadow IT Realm

AndyC 20 December 2025

NCC Group this week revealed it has allied with Qualys to expand the scope of its managed attack surface...

Read More

4 Pillars of Network Risk Reduction: A Guide to Network Security Risk Management

NCC Group Taps Qualys to Extend Managed Security Service into Shadow IT Realm

AndyC 20 December 2025

NCC Group this week revealed it has allied with Qualys to expand the scope of its managed attack surface...

Read More

Why AppSec Can’t Keep Up With AI-Generated Code

Google Shutting Down Dark Web Report Met with Mixed Reactions

AndyC 20 December 2025

Google’s decision this week to discontinue its dark web report tool is drawing mixed reactions, from some people saying...

Read More

4 Pillars of Network Risk Reduction: A Guide to Network Security Risk Management

RegScale Open Sources OSCAL Hub to Further Compliance-as-Code Adoption

AndyC 19 December 2025

RegScale this week added an open source hub through which organizations can collect and organize compliance data based on...

Read More

A brush with online fraud: What are brushing scams and how do I stay safe?

A brush with online fraud: What are brushing scams and how do I stay safe?

AndyC 24 December 2025

Have you ever received a package you never ordered? It could be a warning sign that your data has been compromised, with more fraud to...

Read More

Revisiting CVE-2025-50165: A critical flaw in Windows Imaging Component

Revisiting CVE-2025-50165: A critical flaw in Windows Imaging Component

AndyC 23 December 2025

ESET researchers examined CVE‑2025‑50165, a serious Windows vulnerability described to grant remote code execution by merely opening a specially crafted JPG file – one of...

Read More

LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan

LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan

AndyC 19 December 2025

In 2024, ESET researchers noticed previously undocumented malware in the network of a Southeast Asian governmental entity. This led us to uncover even more new...

Read More

ESET Threat Report H2 2025

ESET Threat Report H2 2025

AndyC 17 December 2025

ESET Research A view of the H2 2025 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research...

Read More

Black Hat Europe 2025: Was that device designed to be on the internet at all?

Black Hat Europe 2025: Was that device designed to be on the internet at all?

AndyC 16 December 2025

Business Security Behind the polished exterior of many modern buildings sit outdated systems with vulnerabilities waiting to be found Tony Anscombe 12 Dec 2025 • ...

Read More

Black Hat Europe 2025: Was that device designed to be on the internet at all?

Black Hat Europe 2025: Was that device designed to be on the internet at all?

AndyC 16 December 2025

Business Security Behind the polished exterior of many modern buildings sit outdated systems with vulnerabilities waiting to be found Tony Anscombe 12 Dec 2025 • ...

Read More

The Top 26 Security Predictions for 2026 (Part 2)

The Top 26 Security Predictions for 2026 (Part 2)

AndyC 29 December 2025

Stolen LastPass backups enable crypto theft through 2025

Stolen LastPass backups enable crypto theft through 2025

AndyC 29 December 2025

Security Affairs newsletter Round 556 by Pierluigi Paganini – INTERNATIONAL EDITION

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 77

AndyC 29 December 2025

Weekly Update 484

Weekly Update 484

AndyC 29 December 2025

The Top 26 Security Predictions for 2026 (Part 2)

The Top 26 Security Predictions for 2026 (Part 2)

AndyC 29 December 2025