ALL POSTS

Key Findings: A new commercial-grade spyware called "Landfall" has been targeting Samsung Galaxy phones in the Middle East since at least mid-2024. Landfall exploited a previously unknown, unpatched vulnerability (zero-day) in Samsung's Android image processing library, tracked as CVE-2025-21042. The spyware was delivered through malicious DNG image files sent via WhatsApp, with no user interaction required (zero-click). Landfall has extensive surveillance capabilities, inclu

Background Cybersecurity researchers have flagged a malicious Visual Studio Code (VS Code) extension with basic ransomware capabilities. The extension, named "susvsex," was uploaded on November 5, 2025, by a user named "suspublisher18." The extension was designed to automatically activate itself on any event, including installing or when launching VS Code, and invoke a function named "zipUploadAndEncrypt." Extension Functionality The "zipUploadAndEncrypt" function creates a Z

Background Google's Threat Intelligence Group (GTIG) has identified a new generation of malware that is using AI during execution to mutate, adapt, and collect data in real-time, helping it evade detection more effectively. Cybercriminals are increasingly using AI to build malware, plan attacks, and craft phishing lures. Recent research shows AI-driven ransomware like PromptLock can adapt during execution. Malware with Novel AI Capabilities GTIG has identified malware familie

Background In the late 1960s, science fiction author Philip K. Dick explored the traits that distinguish humans from autonomous robots in his novel "Do Androids Dream of Electric Sheep." As advances in generative AI allow us to create autonomous agents that can reason and act on humans' behalf, we must consider the human traits and knowledge we must equip these agentic AI with to enable them to act autonomously, reasonably, and safely. One crucial skill we need to impart on o

Background Nikkei Inc., a major Japanese financial news and media group, including the Financial Times, disclosed a data breach affecting its internal Slack workspace. The breach was first discovered in September 2023 after noticing unusual logins to employee messaging accounts. The incident led to the exposure of sensitive, private information belonging to over 17,000 people, including employees and business partners. Key Findings The Entry Point: A Stolen Slack Account The

Background In September 2025, SonicWall, a cybersecurity firm, disclosed a security breach that exposed firewall configuration files tied to MySonicWall accounts. The company initially claimed that less than 5% of customers were impacted, and no files were leaked. However, in October, SonicWall confirmed that threat actors had accessed the preference files of all firewalls using its MySonicWall cloud backup service. Key Findings The stolen files contained encrypted credential

Background The U.S. Treasury Department on Tuesday imposed sanctions against eight individuals and two entities within North Korea's global financial network. The sanctions are for laundering money for various illicit schemes, including cybercrime and information technology (IT) worker fraud. The Treasury stated that "North Korean state-sponsored hackers steal and launder money to fund the regime's nuclear weapons program." Sanctioned Individuals and Entities Jang Kuk Chol (J

Background Gladinet CentreStack and Triofox are enterprise file-sharing and cloud storage solutions designed for businesses. CentreStack provides a secure platform for file sharing, syncing, and collaboration, integrating on-premises storage with cloud access. Triofox offers a hybrid cloud solution that enables secure remote access to existing Windows file shares and SMB/NFS storage. CVE-2025-11371 - Gladinet CentreStack and Triofox Files or Directories Accessible to External

Background Brinker is a narrative intelligence company dedicated to combating disinformation and influence campaigns. The company was founded by Benny Schnaider, Daniel Ravner, and Oded Breiner. Key Findings Brinker has announced that Bob Flores, former Chief Technology Officer of the U.S. Central Intelligence Agency, has joined its advisory board. Flores' appointment strengthens Brinker's mission to transform the fight against disinformation, moving from detection to real-ti