Datastream
Enterprise Content
Microsoft Licensing (CSP)
verify explicitly
Zero Trust Cybersecurity
29 August 2025
First-person account of someone accidentally catching several Humboldt squid on a fishing line. No photos, though. As usual, you can also use this squid post to talk about the security […]
29 August 2025
Municipal government organisations across Sweden have found themselves impacted after a ransomware attack at a third-party software service supplier. Read more in my article on the Hot for Security blog.
29 August 2025
If a system is popular with users, you can bet it’s just as popular with cybercriminals. Although Windows still dominates, second place belongs to macOS. And this makes it a […]
29 August 2025
Google has revealed that the recent wave of attacks targeting Salesforce instances via Salesloft Drift is much broader in scope than previously thought, stating it impacts all integrations. “We now […]
28 August 2025
Last month, KrebsOnSecurity tracked the sudden emergence of hundreds of polished online gaming and wagering websites that lure people with free credits and eventually abscond with any cryptocurrency funds deposited […]
28 August 2025
The US Director of National Intelligence is reporting that the UK government is dropping its backdoor mandate against the Apple iPhone. For now, at least, assuming that Tulsi Gabbard is […]
28 August 2025
From Meta shutting down millions of WhatsApp accounts linked to scam centers all the way to attacks at water facilities in Europe, August 2025 saw no shortage of impactful cybersecurity […]
28 August 2025
We unpack how some password managers can be tricked into coughing up your secrets, with a clickjacking sleight-of-hand, what website owners can do to prevent it, and how to lock […]
27 August 2025
The financially motivated threat actor known as Storm-0501 has been observed refining its tactics to conduct data exfiltration and extortion attacks targeting cloud environments. “Unlike traditional on-premises ransomware, where the […]
27 August 2025
Nice indirect prompt injection attack: Bargury’s attack starts with a poisoned document, which is shared to a potential victim’s Google Drive. (Bargury says a victim could have also uploaded a […]
27 August 2025
Vulnerability registrations in Q2 2025 proved to be quite dynamic. Vulnerabilities that were published impact the security of nearly every computer subsystem: UEFI, drivers, operating systems, browsers, as well as […]
27 August 2025
Cyberbullying is a fact of life in our digital-centric society, but there are ways to push back
27 August 2025
It seems like every manufacturer of anything electrical that goes in the house wants to be part of the IoT story these days. Further, they all want their own app, […]
26 August 2025
This approach represents an evolution from threat actors abusing remote monitoring and management tools
26 August 2025
Citrix has released fixes to address three security flaws in NetScaler ADC and NetScaler Gateway, including one that it said has been actively exploited in the wild. The vulnerabilities in […]
26 August 2025
In episode 65 of The AI Fix, a pigeon gives a PowerPoint presentation, Mark plays Graham a song about the Transformer architecture, a robot dog delivers parcels, some robots fall […]
26 August 2025
The cybersecurity community on Reddit responded in disbelief this month when a self-described Air National Guard member with top secret security clearance began questioning the arrangement they’d made with company […]
26 August 2025
I wrote about this in 2023. Here’s the story: Three Dutch security analysts discovered the vulnerabilities—five in total—in a European radio standard called TETRA (Terrestrial Trunked Radio), which is used […]
25 August 2025
A China-nexus threat actor known as UNC6384 has been attributed to a set of attacks targeting diplomats in Southeast Asia and other entities across the globe to advance Beijing’s strategic […]
25 August 2025
Look at this: McDonald’s chose the password “123456” for a major corporate system.
25 August 2025
I’m fascinated by the unwillingness of organisations to name the “third party” to which they’ve attributed a breach. The initial reporting on the Allianz Life incident from last month makes […]