Teenage hacker myth primed for a middle-age criminal makeover
The Hollywood image of criminal hackers being largely teenage ne’er do wells is due for an update. That’s because profit-seeking career criminals — often approaching…
Month: March 2026
Windows’ original Secure Boot certificates expire in June—here’s what you need to do
The second thing to check is the “default db,” which shows whether the new Secure Boot certificates are baked into your PC’s firmware. If they…
Inside AWS Security Agent: A multi-agent architecture for automated penetration testing
AI agents have traditionally faced three core limitations: they can’t retain learned information or operate autonomously beyond short periods, and they require constant supervision. AWS…
VoidLink: Evidence That the Era of Advanced AI-Generated Malware Has Begun
Key Points Check Point Research (CPR) believes a new era of AI-generated malware has begun. VoidLink stands as the first evidently documented case of this…
AI Patch Reliability Score – Predict and Prioritize Patch Impact
What do advisory USN-7545-1 and Windows updates KB5065426, KB5063878, KB5055523, and KB5066835 have in common? Based on anonymized Qualys telemetry from 2025, they were among…
Inline Style Exfiltration: leaking data with chained CSS conditionals
I discovered how to use CSS to steal attribute data without selectors and stylesheet imports! This means you can now exploit CSS injection via style…
A Tool That Puts EDRs And Antivirus Into A Coma State
I. STARTER Currently, in addition to merely focusing on avoiding scrutiny from EDRs (Endpoint Detection and Response) and Antivirus, the trend of using BYOVD (Bring…
Targeted advertising is also targeting malware
Among the malware attacks leveraging ads, the company pointed to Ghost Cat, Click Fix and SocGholish but there are several new techniques in the pipeline.…
Inside the story of the US defense contractor who leaked hacking tools to Russia
A veteran cybersecurity executive who prosecutors said “betrayed” the United States will spend at least the next seven years behind bars, after pleading guilty to…
Once-hobbled Lumma Stealer is back with lures that are hard to resist
Last May, law enforcement authorities around the world scored a key win when they hobbled the infrastructure of Lumma, an infostealer that infected nearly 395,000…
AWS successfully completed its first surveillance audit for ISO 42001:2023 with no findings
In November 2024, Amazon Web Services (AWS) was the first major cloud service provider to announce the ISO/IEC 42001 accredited certification for AI services, covering:…
Flashpoint’s Threat Intelligence Capability Assessment
Many organizations today have some form of threat intelligence. Far fewer have a threat intelligence function that is structured, measurable, and trusted across the business.…