Blog
-
Zendesk Incident Demonstrates How “Relay Spam” Can Hit Support Systems, but How Big Is the Risk?
The potential danger of support systems being exploited lies in the fact that the ticket receipt message will originate from a trusted source, thus extremely likely being greenlit right through automated spam and security scanning. But if the ability to attach files or even include a text URL is removed, what can the attackers gain…
-
Instagram “Data Breach” Increasingly Looking Like Hoax; Password Resets Likely Triggered by Old Information
Reports of a new Instagram data breach several days ago are being walked back as it becomes increasingly likely that a mysterious wave of password reset requests was caused by a new dark web compilation of very old information.
-
$TRU On The Ropes After Preventable Crypto Hack
Investors and token holders are raising serious questions about Truebit’s security auditing and monitoring in the wake of the $26M crypto hack, as the five-year-old smart contract that was exploited was well out of date and had seemingly been tested by the attackers several times.
-
UK’s £210 million Cyber Action Plan Addresses Endemic Failings in Securing Public Services, But Is It Enough?
The new UK cyber action plan is in motion due to a self-diagnosed “critically high” cyber risk among numerous public services, with years of poor funding leading to a swamp of legacy systems and technical debt that now impacts some 28% of all government departments. This has manifested as a series of recent and crippling…
-
Alleged Chinese Hackers Using BRICKSTORM Malware Have Been Dwelling in Public Sector & IT Companies for Years Unobserved
Agencies are warning of yet another highly advanced, state-sponsored group of Chinese hackers using malware that have been evading detection for years and have an average victim dwell time of 393 days.
-
Smartphone Makers Off the Hook in India as Security App Requirement is Abandoned
The Modi government publicly admitted to the order to smartphone makers after it was leaked to major media outlets, and has formally reversed course on the security app plan. It took only several days of outcry about potential snooping and spying to cause the change of plans.
-
Australian Man Uses “Evil Twin” Wi-Fi on Flights To Hack Email Accounts
An Australian hacker making use of a Wi-Fi “pineapple” has been arrested for hacking into the email accounts of other passengers while taking a domestic flight, something he had apparently been getting away with elsewhere for some time.
-
FBI: Financial Account Takeovers Becoming More Common as Bank Staff Impersonation Becomes Easier
The Internet Crime Complaint Center (IC3) is reporting a major spike in financial account takeovers in 2025, with the attackers commonly posing as either bank staff or law enforcement (or both) to gain the trust of victims.
-
SolarWinds Civil Actions Dismissed as SEC Finalizes Settlement Agreement
While the SEC’s civil actions have been dismissed with prejudice, that does not mean it cannot bring similar charges against other companies should it encounter a stronger case.
-
Simple Security Flaw Exposed All WhatsApp Accounts to Enumeration Attack
The exposure of WhatsApp accounts is particularly noteworthy as it is now the world’s largest messaging platform, with its estimated 3.5 billion total global users and 150 billion messages passed per day. But other platforms that make similar use of address books to automatically add contacts may be vulnerable to the same sort of security…