Click here - to use the wp menu builder

Cybersecurity

Conflicts between URL mapping and URL based access control.

CybersecurityDecember 1, 2025

We continue to encounter high-profile vulnerabilities related to the use of URL mapping (or "aliases") with URL-based access control. Last week, we wrote about the Oracle Identity Manager vulnerability. I noticed some scans for an older vulnerability...

State-backed spyware attacks are targeting Signal and WhatsApp users, CISA warns

CybersecurityNovember 30, 2025

CISA, the US Cybersecurity and Infrastructure Security Agency, has issued a new warning that cybercriminals and state-backed hacking groups are using spyware to compromise smartphones belonging to users of popular encrypted messaging apps such as Signal,...

Synthetic Remittance – Darknet Diaries

CybersecurityNovember 29, 2025

Full Transcript What do you get when you combine social engineering, email, crime, finance, and the money stream flowing through big...

What parents should know to protect their children from doxxing

CybersecurityNovember 28, 2025

Online disagreements among young people can easily spiral out of control. Parents...

Weekly Update 479

CybersecurityNovember 27, 2025

I gave up on the IoT water meter reader. Being technical and thinking you can solve everything with technology is both a blessing and...

WhatsApp compromise leads to Astaroth deployment – Sophos News

CybersecurityNovember 26, 2025

Sophos analysts are investigating a persistent, multi-stage malware distribution campaign targeting WhatsApp users in Brazil. First observed on September 24, 2025, the campaign (tracked...

JackFix Uses Fake Windows Update Pop-Ups on Adult Sites to Deliver Multiple Stealers

CybersecurityNovember 25, 2025

Cybersecurity researchers are calling attention to a new campaign that's leveraging a combination of ClickFix lures and fake adult websites to deceive users into...

Advancing Cybersecurity for Microsoft Environments – Sophos News

CybersecurityNovember 24, 2025

I’m pleased to share three significant updates that advance cybersecurity for organizations that rely on Microsoft technologies. These milestones expand the reach of Sophos’...

ToddyCat APT’s new tools and techniques

CybersecurityNovember 23, 2025

Introduction Email remains the main means of business correspondence at organizations. It can be set up either using on-premises infrastructure (for example, by deploying Microsoft...

Use of CSS stuffing as an obfuscation technique?

CybersecurityNovember 22, 2025

From time to time, it can be instructive to look at generic phishing messages that are delivered to one’s inbox or that are caught...

Wind farm worker sentenced after turning turbines into a secret crypto mine

CybersecurityNovember 21, 2025

A technical manager at a Dutch wind farm operator has been sentenced to 120 hours of community service after it was discovered he had...

Jeremiah – Darknet Diaries

CybersecurityNovember 20, 2025

Full Transcript Jeremiah Roe is a seasoned penetration tester. In this episode he tells us about a time when he had...

What if your romantic AI chatbot can’t keep a secret?

CybersecurityNovember 19, 2025

Does your chatbot know too much? Here's why you should think twice...

Weekly Update 478

CybersecurityNovember 18, 2025

This week, it was an absolute privilege to be at Europol in The Hague, speaking about cyber offenders and at the InterCOP conference and...

12 3...32 Page 1 of 32

Recent articles

November Patch Tuesday does its chores – Sophos News

Cybersecurity November 17, 2025

RondoDox Exploits Unpatched XWiki Servers to Pull More Devices Into Its Botnet

Cybersecurity November 16, 2025

Notable email phishing techniques in 2025

Cybersecurity November 15, 2025

Microsoft Office Russian Dolls – SANS Internet Storm Center

Cybersecurity November 14, 2025

REvil – Darknet Diaries

Cybersecurity November 13, 2025

Why shadow AI could be your biggest security blind spot

Cybersecurity November 12, 2025