AI-powered APIs proving highly vulnerable to attack
More than 150 billion application programming interface (API) attacks were observed in the wild during 2023 and 2024, according to data released this week by…
Author: Cybernoz
How to Explain SQL Injection to Anyone
There are many ways to explain SQL Injection, and the “best” way is clearly determined by who you’re talking to. For somewhat technical folks, I…
Rebuilding Maritime Cybersecurity Resilience: Charting an America First Course to Secure the U.S. Homeland
U.S. ports are vital to the flow of imports and exports; however, the entire maritime transportation system’s cybersecurity is exceedingly vulnerable. The August 2024 ransomware…
CISA Issues Warning Against Using Censys, VirusTotal in Threat Hunting Ops
The Cybersecurity and Infrastructure Security Agency (CISA) has alerted its threat hunting teams to immediately discontinue use of two widely trusted cyber threat intelligence tools,…
Abilene city, Texas, takes systems offline following a cyberattack
Abilene city, Texas, takes systems offline following a cyberattack Pierluigi Paganini April 22, 2025 Abilene, Texas, shut down systems after a cyberattack caused server issues.…
My Current Thoughts on Gun Control
Like many others, I’ve been in a number of debates about gun control in recent weeks. Here are my main thoughts on the topic: The…
Critical Flaw in Windows Update Stack Enables Code Execution and Privilege Escalation
A newly discovered vulnerability in the Windows Update Stack, tracked as CVE-2025-21204, has sent shockwaves through the cybersecurity community after researchers revealed it could enable…
Investigatory Powers Tribunal has no power to award costs against PSNI over evidence failures
The Investigatory Powers Tribunal, the court that rules on the lawfulness of surveillance by police and intelligence agencies, has no powers to award costs against…
MITRE Launches D3FEND CAD Tool To Enhance Cybersecurity
MITRE has officially unveiled its highly anticipated D3FEND CAD tool as part of the D3FEND 1.0 release. This new Cyber Attack-Defense (CAD) tool is designed…
Japan ’s FSA warns of unauthorized trades via stolen credentials from fake security firms’ sites
Japan ’s FSA warns of unauthorized trades via stolen credentials from fake security firms’ sites Pierluigi Paganini April 22, 2025 Japan ’s Financial Services Agency…
Some Thoughts on the Events in Newtown
A few thoughts: Don’t incentivize what you don’t want more of Internationally, football is known for a zero-tolerance policy with regard to doping. You don’t…
PoC Released for Critical Unauthenticated Erlang/OTP RCE Vulnerability
A critical remote code execution (RCE) vulnerability in Erlang/OTP’s SSH implementation (CVE-2025-32433) has now entered active exploit risk after researchers published a proof-of-concept (PoC) this…