Security Bulletin

Walking my dog earlier, I came across the sign on the right. Having just looked at yet another middleware/HTTP header issue (the Next.js problem that became public this weekend) [1], I figured I should write something about HTTP headers. We all know...

"Research Center 227" reportedly focused on using AI for cyberattacks.

DOGE is making wild moves at CISA, including bringing back fired probationary employees only to put them on paid leave, and reportedly gutting the agency's red teams.

The attackers are taking an indirect approach to targeting SEO professionals and their Google credentials, using a fake digital marketing website.

Law enforcement entities in democratic states have been deploying top-of-the-line messaging app spyware against journalists and aid workers.

Cato Networks researchers create jailbreak method where hacking is normal in an alternate reality.

Most severe of the newly added flaws is the Edimax IC-7100 IP camera OS command injection vulnerability, tracked as CVE-2025-1316.

All of the information posted by the daughter of Baidu Vice President Xie Guangjun has been procured from foreign platforms' "doxing databases," said Baidu.

Most of the exposed secrets were GitHub install action tokens but their 24-hour expiration has restricted exploitation opportunities.

After achieving initial access by targeting vulnerable internet-exposed web and application servers, UAT-5918 utilized tools previously associated with Volt Typhoon and Flax Typhoon to facilitate lateral movement, credential and data theft, and...

Attackers, tracked under the UAC-0200 threat cluster, leveraged the Signal messaging app to deliver messages purportedly containing minutes of the meeting reports as archive files.