Latest Analysis
Cybersecurity intelligence, threat analysis, and national security reporting.
public disclosure: Exclusive Best Guide to Safer AI
The UK’s NCSC is pushing to adapt trusted vulnerability-disclosure programs to AI so researchers have a clear, safe route to report model-bypass tricks and give developers time to fix harms before details leak. If adopted, this pragmatic step could speed fixes, boost accountability, and make powerful models harder to weaponize while policy and tech catch up.
Copeland refrigeration controllers: Stunning Risky Flaws
Imagine a stranger on the internet able to warm your supermarket freezers — Frostbyte10 exposes thousands of Copeland refrigeration controllers to attacks that could spoil food, ruin vaccines and cripple supply chains. Patches and mitigations exist, but grocers and cold‑chain operators need to act fast to isolate, update and secure vulnerable units before losses mount.
signed Windows kernel driver: Stunning Risky Backdoor
When a Microsoft‑signed WatchDog driver (amsdk.sys) was abused to neuter endpoint defenses and plant ValleyRAT, it proved that a valid signature isn’t a guarantee of safety. This Silver Fox campaign underscores why organizations must stop trusting signatures alone and add behavior‑based controls and tighter vetting for privileged drivers.
move away from Microsoft: Must-Have Best Shift
Would a government serious about frugality really write a £9bn cheque to a single software vendor? A Register poll finds 93% of readers want the UK public sector to move away from defaulting to Microsoft — a clear prompt to rethink procurement, competition and digital independence.
Zscaler customer information: Exclusive Risky Breach
Last week’s Salesloft–Salesforce supply‑chain breach that exposed Zscaler customer data is a wake‑up call: attackers are increasingly moving laterally through trusted cloud integrations to harvest high‑value corporate data. Now is the time to map dependencies, tighten access, and embrace zero‑trust before the next incident.
GPS jamming: Stunningly Dangerous Threat to Europe
When GPS signals were deliberately jammed over southeastern Europe, even the plane carrying EU Commission President von der Leyen had to fly without satellite guidance — a stark reminder that our reliance on GNSS leaves aviation, infrastructure and economies vulnerable to cheap, deniable interference. Europe’s push to harden Galileo, boost anti‑jamming tools and speed up detection shows this isn’t hypothetical: GPS jamming is a present, systemic threat that needs urgent action.
exposed Ollama servers: Risky Must-Have Security Fix
Cisco Talos found 1,100+ publicly exposed Ollama servers, creating easy paths for data theft, malicious model swaps, and other abuse. It’s a wake-up call to fix misconfigurations, enforce authentication, and make secure defaults the norm.
authentication tokens Risky Fallout: Stunning Wake-Up
When Salesloft’s stolen authentication tokens turned into a supply‑chain free‑for‑all, hundreds of companies woke up to the scary truth that machine identities are as precious as passwords. Now’s the time to rotate keys, audit integrations, and rethink how we trust the apps that sit between our teams and their data.
signed driver Dangerous: Stunning ValleyRAT Risk
Imagine a trusted vendor’s driver used as a battering ram—Silver Fox has been abusing Microsoft‑signed kernel drivers to slip past endpoint defenses and install the ValleyRAT backdoor for stealthy, long‑term access and data theft. Tighten driver policies, add kernel‑level telemetry, and vet supply chains before digital trust becomes the next attack surface.
Paid Memberships Subscription plugin Urgent Exclusive Risk
A critical unauthenticated SQL injection was found in the Paid Memberships Subscription plugin, putting thousands of WordPress membership sites at risk. If you use the plugin, check your version and apply the patch or disable it now to protect user data and memberships.
WhatsApp zero-day: Critical Risk, Must-Have Fixes
This week’s wake‑up call — a WhatsApp zero‑day, a Docker escape bug, and reported Salesforce access — shows how small misconfigurations and stolen credentials chain together into big breaches. Patch promptly, enable MFA, and tighten container and identity hygiene before attackers stitch those gaps into a compromise.
Ransomware incidents: Must-Have Resilience or Costly Chaos
Pennsylvania’s Attorney General says “we refused to pay,” choosing to withstand a ransomware attack that has delayed court filings and strained case processing across the state. The decision highlights the painful trade-off between short-term recovery and long-term deterrence—and underscores why public agencies must invest in stronger backups, better defenses, and robust continuity plans.
Scattered Spider: Must-Have Defense for Risky Browser Attacks
The browser is now the workplace front door—and groups like Scattered Spider are exploiting it with social engineering and account-takeover tricks. Enterprises can keep cloud-first convenience without handing over the keys by layering phishing‑resistant MFA, locking down extensions and OAuth grants, and monitoring browser telemetry.
Type 26 frigates Must-Have or Risky: Exclusive
A £10bn Norwegian order for BAE’s Type 26 frigates is a big boost for UK shipbuilding — but as factories ramp up for exports, the Royal Navy could be left waiting for the same ships it urgently needs. Can ministers balance jobs and industrial wins with the risk of a damaging capability gap?
DDoS attacks: Must-Have Defenses for Best Protection
When a small-town hospital’s patient portal or a county election website goes dark from a DDoS attack, the fallout can be disastrous — yet these digital sieges are often overlooked despite becoming cheaper, more frequent, and more damaging. It’s time to stop treating DDoS as a nuisance and start taking it seriously to protect healthcare, elections, and everyday businesses.
watering-hole technique: Exclusive Risky Exposed
When nation‑state actors like APT29 weaponize familiar conveniences — such as “Sign in with Microsoft” flows and popular websites — a routine visit can hand over credentials and session tokens at scale. Amazon’s disclosure shows watering‑hole attacks have evolved, so teams and users should treat federated logins and consent prompts with fresh skepticism and stronger protections.
legal-looking text: Stunning Risky Jailbreaks
Pangea’s LegalPwn reveals how hiding adversarial instructions inside legal‑sounding text can trick LLMs into ignoring safety rules — a clever jailbreak that exploits models’ trust in formal language. Defenders must stop treating “legal” formatting as a seal of safety and build context‑aware checks before this becomes a bigger problem.
Salesloft Drift integration: Risky Must-Have Fixes
A widely used Salesloft–Drift integration meant to speed workflows is being abused to pivot into Google Workspace accounts—now’s the time to audit OAuth permissions, enforce least privilege, and revoke any unnecessary app access before attackers do.
zero-click exploit: Stunning Dangerous WhatsApp Flaw
WhatsApp has just patched a rare zero-day, zero-click flaw that let attackers run code and spy on devices without any user action. If you use WhatsApp, update now — silent exploits like this show why keeping apps and phones patched is essential.
Operation HanKook Phantom: Exclusive Dangerous Threat
When colleagues become targets, South Korea’s academic community is facing a stealthy campaign — Operation HanKook Phantom — where ScarCruft (APT37) uses tailored phishing and the RokRAT trojan to siphon research and influence policy debates. Universities must boost basics like MFA, endpoint protection and phishing training to protect open inquiry without closing it off.
government domains: Shocking Security Risks
New ISOC research shows traffic to government websites often crosses borders, rides a handful of links, and sometimes travels unencrypted — putting privacy, sovereignty, and service reliability at risk. Governments should enforce HTTPS, diversify routing, and be more transparent so citizens’ data and access aren’t left vulnerable to interception or outages.
vulnerability in WhatsApp: Must-Have Fix for Risky Flaw
Meta warns a WhatsApp flaw may have been used in a sophisticated, targeted attack — a stark reminder that end-to-end encryption protects content but not every implementation error. Update your app, tighten device hygiene, and treat secure messaging as an ongoing practice, not a guarantee.
restaurant robots: Shocking Security Risks Exposed
A researcher known for probing McDonald’s systems found Pudu Robotics left administrative controls wide open, letting attackers redirect delivery bots and issue arbitrary commands. Restaurants, hotels and regulators need to act now to secure these ubiquitous machines before misuse causes safety, privacy or reputational harm.
Cozy Bear Exposed: Risky OAuth Attack — Must-Have Alert
AWS says it disrupted a Cozy Bear (APT29) campaign that used fake websites and OAuth consent tricks to coax Microsoft users into granting access to mail, calendars and other data. The episode is a reminder that convenient features like single sign‑on can be repurposed for stealthy espionage — and why cloud providers are increasingly acting as front‑line defenders.