Kevin Poireault
@leekthehack.bsky.social
Tech reporter https://linksta.cc/@kevinpoireault
🔓 VulnWatch Monday: CVE-2026-0629
TP-Link has released fixes for a major security vulnerability affecting 32 of its VIGI C and VIGI InSight professional surveillance cameras, which could allow attackers to seize full control of vulnerable devices.
TP-Link has released fixes for a major security vulnerability affecting 32 of its VIGI C and VIGI InSight professional surveillance cameras, which could allow attackers to seize full control of vulnerable devices.
January 19, 2026 at 5:31 PM
🔓 VulnWatch Monday: CVE-2026-0629
TP-Link has released fixes for a major security vulnerability affecting 32 of its VIGI C and VIGI InSight professional surveillance cameras, which could allow attackers to seize full control of vulnerable devices.
TP-Link has released fixes for a major security vulnerability affecting 32 of its VIGI C and VIGI InSight professional surveillance cameras, which could allow attackers to seize full control of vulnerable devices.
🔎 VulnWatch Friday: CVE-2025-53690 🔓
China-linked hacking group UAT-8837 is exploiting CVE-2025-53690 (Sitecore vulnerability) to breach North American critical infrastructure, deploying the WeepSteel backdoor, according to @talosintelligence.com.
China-linked hacking group UAT-8837 is exploiting CVE-2025-53690 (Sitecore vulnerability) to breach North American critical infrastructure, deploying the WeepSteel backdoor, according to @talosintelligence.com.
January 16, 2026 at 5:46 PM
🔎 VulnWatch Friday: CVE-2025-53690 🔓
China-linked hacking group UAT-8837 is exploiting CVE-2025-53690 (Sitecore vulnerability) to breach North American critical infrastructure, deploying the WeepSteel backdoor, according to @talosintelligence.com.
China-linked hacking group UAT-8837 is exploiting CVE-2025-53690 (Sitecore vulnerability) to breach North American critical infrastructure, deploying the WeepSteel backdoor, according to @talosintelligence.com.
👀 VulnWatch Monday: CVE-2026-21858 🔓
aka "Ni8mare"
A security researcher reported a critical vulnerability in popular AI workflow automation platform n8n that could enable adversaries to compromise enterprise secrets.
📰 www.infosecurity-magazine.com/news/maximum...
aka "Ni8mare"
A security researcher reported a critical vulnerability in popular AI workflow automation platform n8n that could enable adversaries to compromise enterprise secrets.
📰 www.infosecurity-magazine.com/news/maximum...
January 12, 2026 at 7:03 PM
👀 VulnWatch Monday: CVE-2026-21858 🔓
aka "Ni8mare"
A security researcher reported a critical vulnerability in popular AI workflow automation platform n8n that could enable adversaries to compromise enterprise secrets.
📰 www.infosecurity-magazine.com/news/maximum...
aka "Ni8mare"
A security researcher reported a critical vulnerability in popular AI workflow automation platform n8n that could enable adversaries to compromise enterprise secrets.
📰 www.infosecurity-magazine.com/news/maximum...
𝗣𝗢𝗗𝗖𝗔𝗦𝗧 🎧 𝗛𝗼𝘄 𝟮𝟬𝟮𝟱 𝗦𝗵𝗮𝗽𝗲𝗱 𝘁𝗵𝗲 𝗙𝘂𝘁𝘂𝗿𝗲 𝗼𝗳 𝗖𝘆𝗯𝗲𝗿𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆
We sat down with Rebecca Taylor from Sophos and @bushidotoken.net from @teamcymrus2.bsky.social to discuss 2025’s highs and lows in cyber and make educated guesses on what to look for in 2026.
feeds.soundcloud.com/users/soundc...
We sat down with Rebecca Taylor from Sophos and @bushidotoken.net from @teamcymrus2.bsky.social to discuss 2025’s highs and lows in cyber and make educated guesses on what to look for in 2026.
feeds.soundcloud.com/users/soundc...
December 9, 2025 at 1:07 PM
𝗣𝗢𝗗𝗖𝗔𝗦𝗧 🎧 𝗛𝗼𝘄 𝟮𝟬𝟮𝟱 𝗦𝗵𝗮𝗽𝗲𝗱 𝘁𝗵𝗲 𝗙𝘂𝘁𝘂𝗿𝗲 𝗼𝗳 𝗖𝘆𝗯𝗲𝗿𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆
We sat down with Rebecca Taylor from Sophos and @bushidotoken.net from @teamcymrus2.bsky.social to discuss 2025’s highs and lows in cyber and make educated guesses on what to look for in 2026.
feeds.soundcloud.com/users/soundc...
We sat down with Rebecca Taylor from Sophos and @bushidotoken.net from @teamcymrus2.bsky.social to discuss 2025’s highs and lows in cyber and make educated guesses on what to look for in 2026.
feeds.soundcloud.com/users/soundc...
𝗡𝗘𝗪 - 𝗨𝗞'𝘀 𝗖𝘆𝗯𝗲𝗿 𝗦𝗲𝗿𝘃𝗶𝗰𝗲 𝗳𝗼𝗿 𝗧𝗲𝗹𝗰𝗼𝘀 𝗕𝗹𝗼𝗰𝗸𝘀 𝟭 𝗕𝗶𝗹𝗹𝗶𝗼𝗻 𝗠𝗮𝗹𝗶𝗰𝗶𝗼𝘂𝘀 𝗦𝗶𝘁𝗲 𝗔𝘁𝘁𝗲𝗺𝗽𝘁𝘀
Almost one billion early-stage cyber-attacks have been prevented in the past year in the UK thanks to Share and Defend, a service run by @ncsc.gov.uk.
www.infosecurity-magazine.com/news/uk-cybe...
Almost one billion early-stage cyber-attacks have been prevented in the past year in the UK thanks to Share and Defend, a service run by @ncsc.gov.uk.
www.infosecurity-magazine.com/news/uk-cybe...
December 3, 2025 at 4:18 PM
𝗡𝗘𝗪 - 𝗨𝗞'𝘀 𝗖𝘆𝗯𝗲𝗿 𝗦𝗲𝗿𝘃𝗶𝗰𝗲 𝗳𝗼𝗿 𝗧𝗲𝗹𝗰𝗼𝘀 𝗕𝗹𝗼𝗰𝗸𝘀 𝟭 𝗕𝗶𝗹𝗹𝗶𝗼𝗻 𝗠𝗮𝗹𝗶𝗰𝗶𝗼𝘂𝘀 𝗦𝗶𝘁𝗲 𝗔𝘁𝘁𝗲𝗺𝗽𝘁𝘀
Almost one billion early-stage cyber-attacks have been prevented in the past year in the UK thanks to Share and Defend, a service run by @ncsc.gov.uk.
www.infosecurity-magazine.com/news/uk-cybe...
Almost one billion early-stage cyber-attacks have been prevented in the past year in the UK thanks to Share and Defend, a service run by @ncsc.gov.uk.
www.infosecurity-magazine.com/news/uk-cybe...
𝗡𝗘𝗪 - 𝗨𝗞 𝗥𝗮𝗻𝘀𝗼𝗺𝘄𝗮𝗿𝗲 𝗣𝗮𝘆𝗺𝗲𝗻𝘁 𝗕𝗮𝗻 𝘁𝗼 𝗖𝗼𝗺𝗲 𝘄𝗶𝘁𝗵 𝗘𝘅𝗲𝗺𝗽𝘁𝗶𝗼𝗻𝘀
Speaking at the @financialtimes.com's Cyber Resilience Summit: Europe today, British Security Minister Dan Jarvis said the ban on ransomware payments will include "national security exemptions."
www.infosecurity-magazine.com/news/uk-rans...
Speaking at the @financialtimes.com's Cyber Resilience Summit: Europe today, British Security Minister Dan Jarvis said the ban on ransomware payments will include "national security exemptions."
www.infosecurity-magazine.com/news/uk-rans...
December 3, 2025 at 4:06 PM
𝗡𝗘𝗪 - 𝗨𝗞 𝗥𝗮𝗻𝘀𝗼𝗺𝘄𝗮𝗿𝗲 𝗣𝗮𝘆𝗺𝗲𝗻𝘁 𝗕𝗮𝗻 𝘁𝗼 𝗖𝗼𝗺𝗲 𝘄𝗶𝘁𝗵 𝗘𝘅𝗲𝗺𝗽𝘁𝗶𝗼𝗻𝘀
Speaking at the @financialtimes.com's Cyber Resilience Summit: Europe today, British Security Minister Dan Jarvis said the ban on ransomware payments will include "national security exemptions."
www.infosecurity-magazine.com/news/uk-rans...
Speaking at the @financialtimes.com's Cyber Resilience Summit: Europe today, British Security Minister Dan Jarvis said the ban on ransomware payments will include "national security exemptions."
www.infosecurity-magazine.com/news/uk-rans...
👀 VulnWatch Monday: CVE-2025-35028 🔓
A critical vulnerability was found by the Austin Hackers Association in HexStrike AI MCP server.
takeonme.org/cves/cve-202...
A critical vulnerability was found by the Austin Hackers Association in HexStrike AI MCP server.
takeonme.org/cves/cve-202...
December 1, 2025 at 3:53 PM
👀 VulnWatch Monday: CVE-2025-35028 🔓
A critical vulnerability was found by the Austin Hackers Association in HexStrike AI MCP server.
takeonme.org/cves/cve-202...
A critical vulnerability was found by the Austin Hackers Association in HexStrike AI MCP server.
takeonme.org/cves/cve-202...
🔎 VulnWatch Friday: CVE-2025-66022 🔓
A critical vulnerability was discovered in Faction, a pentesting report generation framework developed by Faction Security.
🔧 This issue has been patched in version 1.7.1.
🔎 nvd.nist.gov/vuln/detail/...
A critical vulnerability was discovered in Faction, a pentesting report generation framework developed by Faction Security.
🔧 This issue has been patched in version 1.7.1.
🔎 nvd.nist.gov/vuln/detail/...
November 28, 2025 at 3:29 PM
🔎 VulnWatch Friday: CVE-2025-66022 🔓
A critical vulnerability was discovered in Faction, a pentesting report generation framework developed by Faction Security.
🔧 This issue has been patched in version 1.7.1.
🔎 nvd.nist.gov/vuln/detail/...
A critical vulnerability was discovered in Faction, a pentesting report generation framework developed by Faction Security.
🔧 This issue has been patched in version 1.7.1.
🔎 nvd.nist.gov/vuln/detail/...
𝗡𝗘𝗪 - 𝗙𝗿𝗲𝗻𝗰𝗵 𝗙𝗼𝗼𝘁𝗯𝗮𝗹𝗹 𝗙𝗲𝗱𝗲𝗿𝗮𝘁𝗶𝗼𝗻 𝗦𝘂𝗳𝗳𝗲𝗿𝘀 𝗗𝗮𝘁𝗮 𝗕𝗿𝗲𝗮𝗰𝗵
🇫🇷 The FFF detected unauthorized access to the software platform used by all licensed football clubs in France to manage administrative tasks, incl. registering their players with the federation.
📰 www.infosecurity-magazine.com/news/french-...
🇫🇷 The FFF detected unauthorized access to the software platform used by all licensed football clubs in France to manage administrative tasks, incl. registering their players with the federation.
📰 www.infosecurity-magazine.com/news/french-...
November 28, 2025 at 11:22 AM
𝗡𝗘𝗪 - 𝗙𝗿𝗲𝗻𝗰𝗵 𝗙𝗼𝗼𝘁𝗯𝗮𝗹𝗹 𝗙𝗲𝗱𝗲𝗿𝗮𝘁𝗶𝗼𝗻 𝗦𝘂𝗳𝗳𝗲𝗿𝘀 𝗗𝗮𝘁𝗮 𝗕𝗿𝗲𝗮𝗰𝗵
🇫🇷 The FFF detected unauthorized access to the software platform used by all licensed football clubs in France to manage administrative tasks, incl. registering their players with the federation.
📰 www.infosecurity-magazine.com/news/french-...
🇫🇷 The FFF detected unauthorized access to the software platform used by all licensed football clubs in France to manage administrative tasks, incl. registering their players with the federation.
📰 www.infosecurity-magazine.com/news/french-...
🇬🇧 Cyber Security & Resilience Bill: Key Changes Revealed
Shona Lester, Head of CSR Bill Team, just shared the bill's key provisions.
Here’s what’s coming:
☑️ Expanded Regulatory Scope
☑️ Enhanced Incident Reporting
☑️ Strengthened Regulatory Powers
📰 www.infosecurity-magazine.com/news/key-pro...
Shona Lester, Head of CSR Bill Team, just shared the bill's key provisions.
Here’s what’s coming:
☑️ Expanded Regulatory Scope
☑️ Enhanced Incident Reporting
☑️ Strengthened Regulatory Powers
📰 www.infosecurity-magazine.com/news/key-pro...
November 27, 2025 at 10:48 AM
🇬🇧 Cyber Security & Resilience Bill: Key Changes Revealed
Shona Lester, Head of CSR Bill Team, just shared the bill's key provisions.
Here’s what’s coming:
☑️ Expanded Regulatory Scope
☑️ Enhanced Incident Reporting
☑️ Strengthened Regulatory Powers
📰 www.infosecurity-magazine.com/news/key-pro...
Shona Lester, Head of CSR Bill Team, just shared the bill's key provisions.
Here’s what’s coming:
☑️ Expanded Regulatory Scope
☑️ Enhanced Incident Reporting
☑️ Strengthened Regulatory Powers
📰 www.infosecurity-magazine.com/news/key-pro...
🚨 𝐎𝐩. 𝐄𝐧𝐝𝐠𝐚𝐦𝐞 3.0 𝐃𝐢𝐬𝐦𝐚𝐧𝐭𝐥𝐞𝐬 𝐑𝐡𝐚𝐝𝐚𝐦𝐚𝐧𝐭𝐡𝐲𝐬, 𝐕𝐞𝐧𝐨𝐦𝐑𝐀𝐓 𝐚𝐧𝐝 𝐄𝐥𝐲𝐬𝐢𝐮𝐦
The third "season" of Operation Endgame resulted in:
🗄️ Over 1025 servers taken down or disrupted
🌐 20 domains seized
🚪 11 locations searched
👮 One arrest
📰 www.infosecurity-magazine.com/news/operati...
The third "season" of Operation Endgame resulted in:
🗄️ Over 1025 servers taken down or disrupted
🌐 20 domains seized
🚪 11 locations searched
👮 One arrest
📰 www.infosecurity-magazine.com/news/operati...
November 13, 2025 at 1:02 PM
🚨 𝐎𝐩. 𝐄𝐧𝐝𝐠𝐚𝐦𝐞 3.0 𝐃𝐢𝐬𝐦𝐚𝐧𝐭𝐥𝐞𝐬 𝐑𝐡𝐚𝐝𝐚𝐦𝐚𝐧𝐭𝐡𝐲𝐬, 𝐕𝐞𝐧𝐨𝐦𝐑𝐀𝐓 𝐚𝐧𝐝 𝐄𝐥𝐲𝐬𝐢𝐮𝐦
The third "season" of Operation Endgame resulted in:
🗄️ Over 1025 servers taken down or disrupted
🌐 20 domains seized
🚪 11 locations searched
👮 One arrest
📰 www.infosecurity-magazine.com/news/operati...
The third "season" of Operation Endgame resulted in:
🗄️ Over 1025 servers taken down or disrupted
🌐 20 domains seized
🚪 11 locations searched
👮 One arrest
📰 www.infosecurity-magazine.com/news/operati...
𝐏𝐎𝐃𝐂𝐀𝐒𝐓 - 𝐇𝐨𝐰 𝐏𝐫𝐢𝐯𝐚𝐭𝐞 𝐑𝐞𝐬𝐞𝐚𝐫𝐜𝐡𝐞𝐫𝐬 𝐀𝐫𝐞 𝐓𝐚𝐤𝐢𝐧𝐠 𝐃𝐨𝐰𝐧 𝐑𝐚𝐧𝐬𝐨𝐦𝐰𝐚𝐫𝐞 𝐎𝐩𝐞𝐫𝐚𝐭𝐢𝐨𝐧𝐬
I sat down with Matthew Maynard, a cybersecurity pro by day and a cyber ghost-buster by night, who doesn’t just hunt vulnerabilities, but haunts the hackers themselves.
🎧 Listen here: feeds.soundcloud.com/users/soundc...
I sat down with Matthew Maynard, a cybersecurity pro by day and a cyber ghost-buster by night, who doesn’t just hunt vulnerabilities, but haunts the hackers themselves.
🎧 Listen here: feeds.soundcloud.com/users/soundc...
November 5, 2025 at 11:02 AM
𝐏𝐎𝐃𝐂𝐀𝐒𝐓 - 𝐇𝐨𝐰 𝐏𝐫𝐢𝐯𝐚𝐭𝐞 𝐑𝐞𝐬𝐞𝐚𝐫𝐜𝐡𝐞𝐫𝐬 𝐀𝐫𝐞 𝐓𝐚𝐤𝐢𝐧𝐠 𝐃𝐨𝐰𝐧 𝐑𝐚𝐧𝐬𝐨𝐦𝐰𝐚𝐫𝐞 𝐎𝐩𝐞𝐫𝐚𝐭𝐢𝐨𝐧𝐬
I sat down with Matthew Maynard, a cybersecurity pro by day and a cyber ghost-buster by night, who doesn’t just hunt vulnerabilities, but haunts the hackers themselves.
🎧 Listen here: feeds.soundcloud.com/users/soundc...
I sat down with Matthew Maynard, a cybersecurity pro by day and a cyber ghost-buster by night, who doesn’t just hunt vulnerabilities, but haunts the hackers themselves.
🎧 Listen here: feeds.soundcloud.com/users/soundc...
Journalists (and politicians) have a responsibility to avoid amplifying unproven claims, no matter how tempting the headline. Let’s demand evidence-first reporting, even when the story is breaking. (4/5)
September 22, 2025 at 7:30 PM
Journalists (and politicians) have a responsibility to avoid amplifying unproven claims, no matter how tempting the headline. Let’s demand evidence-first reporting, even when the story is breaking. (4/5)
EXCLUSIVE - Why Three Vendors Pulled Out of ‘Cybersecurity Olympics’
Microsoft, SentinelOne and Palo Alto Networks have decided not to take part in the 2025 edition of MITRE’s EDR test.
I spoke with MITRE CTO to understand what motivated these moves.
www.infosecurity-magazine.com/news/cyber-v...
Microsoft, SentinelOne and Palo Alto Networks have decided not to take part in the 2025 edition of MITRE’s EDR test.
I spoke with MITRE CTO to understand what motivated these moves.
www.infosecurity-magazine.com/news/cyber-v...
September 22, 2025 at 1:03 PM
EXCLUSIVE - Why Three Vendors Pulled Out of ‘Cybersecurity Olympics’
Microsoft, SentinelOne and Palo Alto Networks have decided not to take part in the 2025 edition of MITRE’s EDR test.
I spoke with MITRE CTO to understand what motivated these moves.
www.infosecurity-magazine.com/news/cyber-v...
Microsoft, SentinelOne and Palo Alto Networks have decided not to take part in the 2025 edition of MITRE’s EDR test.
I spoke with MITRE CTO to understand what motivated these moves.
www.infosecurity-magazine.com/news/cyber-v...
𝐂𝐈𝐒𝐀 2015 𝐒𝐚𝐟𝐞 𝐇𝐚𝐫𝐛𝐨𝐫 𝐚𝐭 𝐑𝐢𝐬𝐤 𝐚𝐬 𝐒𝐞𝐩𝐭𝐞𝐦𝐛𝐞𝐫 30 𝐃𝐞𝐚𝐝𝐥𝐢𝐧𝐞 𝐍𝐞𝐚𝐫𝐬
⌛As the expiration date for the Cybersecurity Information Sharing Act of 2015 looms in the US, I spoke to experts about the provisions the Act offers and the debates surrounding the renewal and the consequences of non-renewal.
⌛As the expiration date for the Cybersecurity Information Sharing Act of 2015 looms in the US, I spoke to experts about the provisions the Act offers and the debates surrounding the renewal and the consequences of non-renewal.
September 2, 2025 at 11:04 AM
𝐂𝐈𝐒𝐀 2015 𝐒𝐚𝐟𝐞 𝐇𝐚𝐫𝐛𝐨𝐫 𝐚𝐭 𝐑𝐢𝐬𝐤 𝐚𝐬 𝐒𝐞𝐩𝐭𝐞𝐦𝐛𝐞𝐫 30 𝐃𝐞𝐚𝐝𝐥𝐢𝐧𝐞 𝐍𝐞𝐚𝐫𝐬
⌛As the expiration date for the Cybersecurity Information Sharing Act of 2015 looms in the US, I spoke to experts about the provisions the Act offers and the debates surrounding the renewal and the consequences of non-renewal.
⌛As the expiration date for the Cybersecurity Information Sharing Act of 2015 looms in the US, I spoke to experts about the provisions the Act offers and the debates surrounding the renewal and the consequences of non-renewal.
🔎 VulnWatch Friday: CVE-2025-57819 🔓
The Sangoma FreePBX Security Team has warned of a vulnerability being exploited in the wild.
FreePBX is an open-source graphical user interface (GUI) for managing Asterisk, the popular open-source Private Branch Exchange (PBX) and telephony platform.
The Sangoma FreePBX Security Team has warned of a vulnerability being exploited in the wild.
FreePBX is an open-source graphical user interface (GUI) for managing Asterisk, the popular open-source Private Branch Exchange (PBX) and telephony platform.
August 29, 2025 at 2:53 PM
🔎 VulnWatch Friday: CVE-2025-57819 🔓
The Sangoma FreePBX Security Team has warned of a vulnerability being exploited in the wild.
FreePBX is an open-source graphical user interface (GUI) for managing Asterisk, the popular open-source Private Branch Exchange (PBX) and telephony platform.
The Sangoma FreePBX Security Team has warned of a vulnerability being exploited in the wild.
FreePBX is an open-source graphical user interface (GUI) for managing Asterisk, the popular open-source Private Branch Exchange (PBX) and telephony platform.
🧐 VulnWatch Wednesday: CVE-2025-7775 🔓
Citrix has released patches for three critical zero days in NetScaler ADC and Gateway, one of which was already being exploited by attackers.
According to Kevin Beaumont, exploit campaigns 🎯CVE-2025-7775 began before the patches were made available.
Citrix has released patches for three critical zero days in NetScaler ADC and Gateway, one of which was already being exploited by attackers.
According to Kevin Beaumont, exploit campaigns 🎯CVE-2025-7775 began before the patches were made available.
August 27, 2025 at 10:55 AM
🧐 VulnWatch Wednesday: CVE-2025-7775 🔓
Citrix has released patches for three critical zero days in NetScaler ADC and Gateway, one of which was already being exploited by attackers.
According to Kevin Beaumont, exploit campaigns 🎯CVE-2025-7775 began before the patches were made available.
Citrix has released patches for three critical zero days in NetScaler ADC and Gateway, one of which was already being exploited by attackers.
According to Kevin Beaumont, exploit campaigns 🎯CVE-2025-7775 began before the patches were made available.
🧐 VulnWatch Wednesday: CVE-2025-31324 🔓
A critical vulnerability in SAP NetWeaver is now being widely exploited following the release of public exploit tooling.
🆕 The public availability of the full source code makes the exploit easy to use even for attackers with little technical expertise.
A critical vulnerability in SAP NetWeaver is now being widely exploited following the release of public exploit tooling.
🆕 The public availability of the full source code makes the exploit easy to use even for attackers with little technical expertise.
August 20, 2025 at 4:10 PM
🧐 VulnWatch Wednesday: CVE-2025-31324 🔓
A critical vulnerability in SAP NetWeaver is now being widely exploited following the release of public exploit tooling.
🆕 The public availability of the full source code makes the exploit easy to use even for attackers with little technical expertise.
A critical vulnerability in SAP NetWeaver is now being widely exploited following the release of public exploit tooling.
🆕 The public availability of the full source code makes the exploit easy to use even for attackers with little technical expertise.
𝐋𝐞𝐠𝐢𝐭𝐢𝐦𝐚𝐭𝐞 𝐂𝐡𝐫𝐨𝐦𝐞 𝐕𝐏𝐍 𝐄𝐱𝐭𝐞𝐧𝐬𝐢𝐨𝐧 𝐓𝐮𝐫𝐧𝐬 𝐭𝐨 𝐁𝐫𝐨𝐰𝐬𝐞𝐫 𝐒𝐩𝐲𝐰𝐚𝐫𝐞
FreeVPN.One, a popular Google-featured browser VPN extension, recently turned malicious and is now spying on users’ every move online.
A good read from Koi Security on 𝑰𝒏𝒕𝒆𝒓𝒏𝒂𝒕𝒊𝒐𝒏𝒂𝒍 𝑽𝑷𝑵 𝑫𝒂𝒚
www.infosecurity-magazine.com/news/chrome-...
FreeVPN.One, a popular Google-featured browser VPN extension, recently turned malicious and is now spying on users’ every move online.
A good read from Koi Security on 𝑰𝒏𝒕𝒆𝒓𝒏𝒂𝒕𝒊𝒐𝒏𝒂𝒍 𝑽𝑷𝑵 𝑫𝒂𝒚
www.infosecurity-magazine.com/news/chrome-...
August 19, 2025 at 1:01 PM
𝐋𝐞𝐠𝐢𝐭𝐢𝐦𝐚𝐭𝐞 𝐂𝐡𝐫𝐨𝐦𝐞 𝐕𝐏𝐍 𝐄𝐱𝐭𝐞𝐧𝐬𝐢𝐨𝐧 𝐓𝐮𝐫𝐧𝐬 𝐭𝐨 𝐁𝐫𝐨𝐰𝐬𝐞𝐫 𝐒𝐩𝐲𝐰𝐚𝐫𝐞
FreeVPN.One, a popular Google-featured browser VPN extension, recently turned malicious and is now spying on users’ every move online.
A good read from Koi Security on 𝑰𝒏𝒕𝒆𝒓𝒏𝒂𝒕𝒊𝒐𝒏𝒂𝒍 𝑽𝑷𝑵 𝑫𝒂𝒚
www.infosecurity-magazine.com/news/chrome-...
FreeVPN.One, a popular Google-featured browser VPN extension, recently turned malicious and is now spying on users’ every move online.
A good read from Koi Security on 𝑰𝒏𝒕𝒆𝒓𝒏𝒂𝒕𝒊𝒐𝒏𝒂𝒍 𝑽𝑷𝑵 𝑫𝒂𝒚
www.infosecurity-magazine.com/news/chrome-...
👀 VulnWatch Monday: CVE-2025-25256 🔓
WatchTowr Labs has published a technical analysis of CVE-2025-25256, a critical pre-auth command injection vulnerability in Fortinet's FortiSIEM, as well as a detection artifact generator.
🔧 Fix? Yes (see Fortinet's security advisory)
WatchTowr Labs has published a technical analysis of CVE-2025-25256, a critical pre-auth command injection vulnerability in Fortinet's FortiSIEM, as well as a detection artifact generator.
🔧 Fix? Yes (see Fortinet's security advisory)
August 18, 2025 at 5:42 PM
👀 VulnWatch Monday: CVE-2025-25256 🔓
WatchTowr Labs has published a technical analysis of CVE-2025-25256, a critical pre-auth command injection vulnerability in Fortinet's FortiSIEM, as well as a detection artifact generator.
🔧 Fix? Yes (see Fortinet's security advisory)
WatchTowr Labs has published a technical analysis of CVE-2025-25256, a critical pre-auth command injection vulnerability in Fortinet's FortiSIEM, as well as a detection artifact generator.
🔧 Fix? Yes (see Fortinet's security advisory)
💸 Both agencies have decided to add $1.4m to the overall prizes (across all teams, more info to come)
August 8, 2025 at 7:13 PM
💸 Both agencies have decided to add $1.4m to the overall prizes (across all teams, more info to come)
🥈 Team Trail of Bits: $3m
🥉 Team Theori: $1.5m
In total, the teams have found:
🐞 54 vulns discovered
✔️ 43 patched
0️⃣ 18 zero days
✅ 11 patched
4 models have been made open source and are already available to use. The other 3 will be made open source over the next few weeks.
🥉 Team Theori: $1.5m
In total, the teams have found:
🐞 54 vulns discovered
✔️ 43 patched
0️⃣ 18 zero days
✅ 11 patched
4 models have been made open source and are already available to use. The other 3 will be made open source over the next few weeks.
August 8, 2025 at 7:13 PM
🥈 Team Trail of Bits: $3m
🥉 Team Theori: $1.5m
In total, the teams have found:
🐞 54 vulns discovered
✔️ 43 patched
0️⃣ 18 zero days
✅ 11 patched
4 models have been made open source and are already available to use. The other 3 will be made open source over the next few weeks.
🥉 Team Theori: $1.5m
In total, the teams have found:
🐞 54 vulns discovered
✔️ 43 patched
0️⃣ 18 zero days
✅ 11 patched
4 models have been made open source and are already available to use. The other 3 will be made open source over the next few weeks.
NEW 🏆Team Atlanta is the winner of DARPA’s and ARPA-H’s AI Cybersecurity Challenge (AIxCC)
🥇 They performed top in all but one category
💰 They will receive a prize of $4m
🥇 They performed top in all but one category
💰 They will receive a prize of $4m
August 8, 2025 at 7:13 PM
NEW 🏆Team Atlanta is the winner of DARPA’s and ARPA-H’s AI Cybersecurity Challenge (AIxCC)
🥇 They performed top in all but one category
💰 They will receive a prize of $4m
🥇 They performed top in all but one category
💰 They will receive a prize of $4m
💸 Both agencies have decided to add $1.4m to the overall prizes (across all teams, more info to come)
August 8, 2025 at 7:13 PM
💸 Both agencies have decided to add $1.4m to the overall prizes (across all teams, more info to come)
🥈 Team Trail of Bits: $3m
🥉 Team Theori: $1.5m
In total, the teams have found:
🐞 54 vulns discovered
✔️ 43 patched
0️⃣ 18 zero days
✅ 11 patched
4 models have been made open source and are already available to use. The other 3 will be made open source over the next few weeks.
🥉 Team Theori: $1.5m
In total, the teams have found:
🐞 54 vulns discovered
✔️ 43 patched
0️⃣ 18 zero days
✅ 11 patched
4 models have been made open source and are already available to use. The other 3 will be made open source over the next few weeks.
August 8, 2025 at 7:13 PM
🥈 Team Trail of Bits: $3m
🥉 Team Theori: $1.5m
In total, the teams have found:
🐞 54 vulns discovered
✔️ 43 patched
0️⃣ 18 zero days
✅ 11 patched
4 models have been made open source and are already available to use. The other 3 will be made open source over the next few weeks.
🥉 Team Theori: $1.5m
In total, the teams have found:
🐞 54 vulns discovered
✔️ 43 patched
0️⃣ 18 zero days
✅ 11 patched
4 models have been made open source and are already available to use. The other 3 will be made open source over the next few weeks.