Apple patches security vulnerabilities in iOS and iPadOS. Update now!
Apple has released a security update for iOS and iPadOS to patch two zero-day vulnerabilities which are reported to already have been exploited in an extremely sophisticated…
Month: April 2025
Blog Spam’s Latest Technique: Flattery
Over the last few months I’ve been noticing a trend in blog spam: The use of nice comments and outright flattery. Here are some examples:…
Older SonicWall SMA100 vulnerability exploited in the wild
Dive Brief: SonicWall on Tuesday disclosed that an OS command-injection vulnerability in SonicWall SMA100 remote-access appliances, tracked as CVE-2021-20035, has been exploited in the wild.…
Chris Krebs resigns from SentinelOne to focus on fighting Trump’s executive order
Chris Krebs has resigned from SentinelOne, saying he needs to devote himself fully to fighting the executive order President Donald Trump signed to target his…
What are infostealers and how do I stay safe?
Here’s what to know about malware that raids email accounts, web browsers, crypto wallets, and more – all in a quest for your sensitive data…
CTM360 Tracks Global Surge in SMS-Based Reward and Toll Scams
CTM360 has observed a notable surge in two SMS-based phishing campaigns: PointyPhish (reward scams) and TollShark (toll payment scams). PointyPhish is linked to over 3,000…
Why Threat Modeling Should Be Part of Every Security Program
In today’s hyperconnected business environment, security teams face unprecedented challenges protecting organizational assets against increasingly sophisticated threats. Threat modeling stands out as a structured methodology…
Managing Burnout in the SOC
The Security Operations Center (SOC) is the nerve center of modern cybersecurity, responsible for detecting, analyzing, and responding to threats 24/7. However, the relentless pace,…
Unlocking the Power of MetaTrader
MetaTrader is a key tool for traders, offering a comprehensive platform that supports various financial instruments. Understanding its capabilities is important for effective trading. This…
Mustang Panda Targets Myanmar With StarProxy, EDR Bypass, and TONESHELL Updates
The China-linked threat actor known as Mustang Panda has been attributed to a cyber attack targeting an unspecified organization in Myanmar with previously unreported tooling,…
Free Market Fanboys | Daniel Miessler
I was reading the blogroll over at Overcoming Bias and, naturally, encountered quite a number of economics-focused blogs. What struck me was how overtly anti-Obama…
![[tl;dr sec] #275 - Damn Vulnerable MCP, Figma's Modern Endpoint Strategy, BloodHound for AWS IAM](https://image.cybernoz.com/wp-content/uploads/2025/04/tldr-sec-275-Damn-Vulnerable-MCP-Figmas-Modern-Endpoint.png)
[tl;dr sec] #275 – Damn Vulnerable MCP, Figma’s Modern Endpoint Strategy, BloodHound for AWS IAM
Deliberately vulnerable MCP to practice your hacking chops, how Figma’s balances usability & security, a new tool to put a leash on naughty AWS permissions…