ALL POSTS

Key Findings The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a vulnerability in BeyondTrust Remote Support (RS) and older Privileged Remote Access (PRA) products to its Known Exploited Vulnerabilities (KEV) catalog. The flaw, tracked as CVE-2026-1731, has a CVSS score of 9.9 and could allow an unauthenticated attacker to execute remote commands without logging in. BeyondTrust released security updates on February 6, 2026, to address the critical vulnera

Key Findings A new Linux botnet called SSHStalker has been discovered, leveraging IRC for command-and-control (C2) purposes The botnet combines old-school 2009-era Linux kernel exploits with automated mass-compromise techniques to infect around 7,000 systems, primarily cloud servers Unlike typical botnets focused on DDoS attacks or cryptocurrency mining, SSHStalker maintains persistent access without immediate follow-on activities, suggesting potential infrastructure staging

Key Findings An FBI informant claimed in 2017 that Jeffrey Epstein had a "personal hacker" who was an Italian born in Calabria. The hacker, whose name was redacted, reportedly sold zero-day exploits and offensive cyber tools to several countries, including the U.S. and the U.K. He allegedly created a zero-day exploit and sold it to Hezbollah in exchange for a trunk of cash. The hacker was known for finding vulnerabilities in iOS, BlackBerry, and Firefox. He surrounded himself

Key Findings The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: CVE-2025-14174: Google Chromium Out-of-Bounds Memory Access Vulnerability CVE-2018-4063: Sierra Wireless AirLink ALEOS Unrestricted Upload of File with Dangerous Type Vulnerability Background CVE-2025-14174 is an out-of-bounds memory access flaw in the ANGLE graphics library of Google Chrome on Mac, which can be expl

Key Findings Microsoft released 57 vulnerabilities in the December 2025 Patch Tuesday, including 2 "critical" and the rest "important" Microsoft assessed that exploitation of the 2 "critical" vulnerabilities is "less likely" Cisco Talos is releasing new Snort rules to detect attempts to exploit some of the disclosed vulnerabilities Background This month's Patch Tuesday addresses a range of vulnerabilities, including: CVE-2025-62562: Microsoft Outlook remote code execution vul