New Whitepaper: The Evolution of Phishing Attacks - Modern phishing has changed a lot in the past decade or so. The most sophisticated attacks — the ones that usually hit the headlines in the form of major breaches — come with a host of anti-analysis and obfuscation techniques making them increasingly difficult to detect.
Deadly protests erupt over social media ban in Nepal, 19 killed by police - Nineteen young people are dead after police in Nepal open fire on tens of thousands of Gen Z demonstrators protesting a social media ban imposed by the government on Friday. This is as officials in Turkey on Monday restore social media access less than 24 hours after blocking multiple platforms to tamp...
Qantas CEO pays the price for cyberattack - Qantas has deducted $250,000 from its chief executive Vanessa Hudson’s bonus following a cyberattack that affected millions of customers.
18 Popular Code Packages Hacked, Rigged to Steal Crypto - At least 18 popular JavaScript code packages that are collectively downloaded more than two billion times each week were briefly compromised with malicious software today, after a developer involved in maintaining the projects was phished. The attack appears to have been quickly contained and was narrowly...
Lovesac warns customers their data was breached after suspected RansomHub attack six months ago - American furniture maker Lovesac, known for its modular couches and comfy beanbags, has warned customers that their data was breached by hackers earlier this year, and that they should remain vigilant to the threat of identity theft. Read more in my article on the Hot for Security blog.
Microsoft Patch Tuesday, September 2025 Edition - Microsoft Corp. today issued security updates to fix more than 80 vulnerabilities in its Windows operating systems and software. There are no known “zero-day” or actively exploited vulnerabilities in this month’s bundle from Redmond, which nevertheless includes patches for 13 flaws that earned Microsoft’s...
The AI Fix #67: Will Smith’s AI crowd scandal, and gullible agents fall for scams - In episode 67 of The AI Fix, Graham talks to an AI with a fax machine, Bill Gates says there's one job AI will never replace, criminals use Claude Code for cyberattacks, Mark reveals why GPT-5 was better than you think, and a bird brings new meaning to the words "cloud storage". Also, Graham reveals that...
Axios Abuse and Salty 2FA Kits Fuel Advanced Microsoft 365 Phishing Attacks - Threat actors are abusing HTTP client tools like Axios in conjunction with Microsoft's Direct Send feature to form a "highly efficient attack pipeline" in recent phishing campaigns, according to new findings from ReliaQuest. "Axios user agent activity surged 241% from June to August 2025, dwarfing the...
Plex tells users to reset passwords after new data breach - Media streaming platform Plex is warning customers to reset passwords after suffering a data breach in which a hacker was able to steal customer authentication data from one of its databases.
GitHub Account Compromise Led to Salesloft Drift Breach Affecting 22 Companies - Salesloft has revealed that the data breach linked to its Drift application started with the compromise of its GitHub account. Google-owned Mandiant, which began an investigation into the incident, said the threat actor, tracked as UNC6395, accessed the Salesloft GitHub account from March through June...
Microsoft Fixes 80 Flaws — Including SMB PrivEsc and Azure CVSS 10.0 Bugs - Microsoft on Tuesday addressed a set of 80 security flaws in its software, including one vulnerability that has been disclosed as publicly known at the time of release. Of the 80 vulnerabilities, eight are rated Critical and 72 are rated Important in severity. None of the shortcomings has been exploited...
SAP Patches Critical NetWeaver (CVSS Up to 10.0) and Previously Exploited S/4HANA Flaws - SAP on Tuesday released security updates to address multiple security flaws, including three critical vulnerabilities in SAP Netweaver that could result in code execution and the upload arbitrary files. The vulnerabilities are listed below - CVE-2025-42944 (CVSS score: 10.0) - A deserialization vulnerability...
How Leading CISOs are Getting Budget Approval - It's budget season. Once again, security is being questioned, scrutinized, or deprioritized. If you're a CISO or security leader, you've likely found yourself explaining why your program matters, why a given tool or headcount is essential, and how the next breach is one blind spot away. But these arguments...
