versions

On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email

On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email

AndyC 15 May 2026

Ravie LakshmananMay 15, 2026Microsoft / Vulnerability Microsoft has disclosed a new security vulnerability impacting on-premise versions of Exchange Server that...

Read More

Security Blogs

All supported cPanel versions hit by critical auth bug, now patched

AndyC 1 May 2026

All supported cPanel versions hit by critical auth bug, now patched Pierluigi Paganini April 29, 2026 cPanel fixed a critical...

Read More

Technical Advisory: Axios npm Supply Chain Attack – Cross-Platform RAT Deployed via Compromised Maintainer Account

Technical Advisory: Axios npm Supply Chain Attack – Cross-Platform RAT Deployed via Compromised Maintainer Account

AndyC 1 April 2026

| Active RAT | Malicious npm versions removed | Assess all systems that ran npm install during exposure window...

Read More

Euro-Office billed as Europe’s sovereign alternative to Microsoft Office

Axios Hijacked: npm Account Takeover Deploys Cross-Platform RAT to Millions

AndyC 1 April 2026

On March 31, 2026, two malicious versions of Axios – the JavaScript HTTP client with over 83 million weekly...

Read More

Microsoft adds multi-model AI to Copilot Researcher, raising accuracy stakes

Poisoned Axios: npm Account Takeover, 50 Million Downloads, and a RAT That Vanishes After Install

AndyC 31 March 2026

On March 30-31, 2026, threat actors published two malicious versions of the popular HTTP library axios (versions 1.14.1 and...

Read More

BSidesSLC 2025 – LLM-Powered Network Intrusion Detection

When Your Scanner Becomes the Weapon: From Trivy to LiteLLM

AndyC 26 March 2026

On March 24, 2026, two malicious versions of LiteLLM – the popular AI/LLM proxy gateway present in roughly 36%...

Read More

Malicious LiteLLM versions linked to TeamPCP supply chain attack

Malicious LiteLLM versions linked to TeamPCP supply chain attack

AndyC 26 March 2026

Malicious LiteLLM versions linked to TeamPCP supply chain attack Pierluigi Paganini March 25, 2026 TeamPCP backdoored LiteLLM v1.82.7–1.82.8, likely via...

Read More

Researchers warn of unpatched, critical Telnetd flaw affecting all versions

Researchers warn of unpatched, critical Telnetd flaw affecting all versions

AndyC 19 March 2026

Researchers warn of unpatched, critical Telnetd flaw affecting all versions Pierluigi Paganini March 18, 2026 CVE-2026-32746 is a critical flaw...

Read More

Apple issues emergency fixes for Coruna flaws in older iOS versions

Apple issues emergency fixes for Coruna flaws in older iOS versions

AndyC 13 March 2026

Apple issues emergency fixes for Coruna flaws in older iOS versions Pierluigi Paganini March 12, 2026 Apple released iOS 16.7.15...

Read More

Creating unstructured data pipelines for retrieval augmented generation

Creating unstructured data pipelines for retrieval augmented generation

AndyC 25 February 2026

Our initial release of Tonic Textual focused on generating redacted versions of unstructured text and image files. This is...

Read More

BTMOB: A stealthy RAT burrowing deep into Android devices

BTMOB: A stealthy RAT burrowing deep into Android devices

AndyC 27 May 2026

The malware pairs remote access capabilities with ready-made campaign tools, lowering the barrier for full device compromise Daniel Cunha Barbosa 26 May 2026 • ,...

Read More

Foul play: Fake FIFA websites target soccer fans looking for World Cup tickets, merchandise

Foul play: Fake FIFA websites target soccer fans looking for World Cup tickets, merchandise

AndyC 26 May 2026

Digital Security Watch out for bogus World Cup websites that mimic official ticket and merchandise flows to steal money and personal data Christian Ali Bravo...

Read More

Foul play: Fake FIFA websites target soccer fans looking for World Cup tickets, merchandise

Foul play: Fake FIFA websites target soccer fans looking for World Cup tickets, merchandise

AndyC 26 May 2026

Digital Security Watch out for bogus World Cup websites that mimic official ticket and merchandise flows to steal money and personal data Christian Ali Bravo...

Read More

Webworm: New burrowing techniques

Webworm: New burrowing techniques

AndyC 26 May 2026

ESET researchers analyzed the 2025 activity of Webworm, a China-aligned APT group that started out targeting organizations in Asia, but has recently shifted its focus...

Read More

Webworm: New burrowing techniques

Webworm: New burrowing techniques

AndyC 26 May 2026

ESET researchers analyzed the 2025 activity of Webworm, a China-aligned APT group that started out targeting organizations in Asia, but has recently shifted its focus...

Read More

The quest for greater tech independence

The quest for greater tech independence

AndyC 26 May 2026

The Trump administration’s shift in tone and approach toward traditional allies has understandably unsettled many nations, raising doubts about U.S. reliability and concerns over dependence...

Read More

Smashing Security podcast #469: What your Oura ring won’t tell you

Smashing Security podcast #469: What your Oura ring won’t tell you

AndyC 30 May 2026

Smashing Security podcast #469: What your Oura ring won’t tell you

Smashing Security podcast #469: What your Oura ring won’t tell you

AndyC 30 May 2026

Smashing Security podcast #469: What your Oura ring won’t tell you

Smashing Security podcast #469: What your Oura ring won’t tell you

AndyC 30 May 2026

Smashing Security podcast #469: What your Oura ring won’t tell you

Smashing Security podcast #469: What your Oura ring won’t tell you

AndyC 30 May 2026

Smashing Security podcast #469: What your Oura ring won’t tell you

Smashing Security podcast #469: What your Oura ring won’t tell you

AndyC 30 May 2026