Information Security is Not a Permanent Cashcow
I’ve been saying for years that the time of the mediocre security professional is nearly up. We in information security are a bunch of maggots…
Author: Cybernoz
Reading News The GTD Way
The way most of us take in daily news is horribly inefficient. The problem isn’t how fast we read, or even what sites we go…
Reading News The GTD Way
The way most of us take in daily news is horribly inefficient. The problem isn’t how fast we read, or even what sites we go…
Popular npm linter packages hijacked via phishing to drop malware
Popular JavaScript libraries were hijacked this week and turned into malware droppers, in a supply chain attack achieved via targeted phishing and credential theft. The npm…
How I’d Save The United States
I’ve been experiencing growing frustration with social/political issues lately, and each time I get to thinking about various problems that this country faces, I try…
ChatGPT”s GPT-5-reasoning-alpha model spotted ahead of launch
GPT-5 might be just a few days or weeks away, as we’ve spotted references to a new model called gpt-5-reasoning-alpha-2025-07-13. As spotted on X, OpenAI…
Snake Keylogger Evades Windows Defender and Scheduled Tasks to Harvest Login Credentials
A sophisticated phishing campaign targeting Turkish defense and aerospace enterprises has emerged, delivering a highly evasive variant of the Snake Keylogger malware through fraudulent emails…
The Difference Between a Vulnerability Assessment and a Penetration Test
Language Matters > Clarified Definitions > A Physical Analog > The Exploitation Angle > Pentests Don’t Include VA > Summary > There are many views…
Chinese Threat Actors Using 2,800 Malicious Domains to Deliver Windows-Specific Malware
A sophisticated Chinese threat actor campaign has emerged as one of the most persistent malware distribution operations targeting Chinese-speaking communities worldwide. Since June 2023, this…
The Difference Between a Vulnerability Assessment and a Penetration Test
Language Matters > Clarified Definitions > A Physical Analog > The Exploitation Angle > Pentests Don’t Include VA > Summary > There are many views…
New Veeam Themed Phishing Attack Using Weaponized Wav File to Attack users
A sophisticated phishing campaign targeting organizations has emerged, exploiting the trusted reputation of Veeam Software through weaponized WAV audio files delivered via email. The attack…
China’s Salt Typhoon Hackers Breached the US National Guard for Nearly a Year
After reporting last week that the “raw” Jeffrey Epstein prison video posted by the FBI was likely modified in at least some ways (though there…