Cybersecurity & Tech Innovation parent category
Salty2FA Takes Phishing Kits to Enterprise Level Summary A recent campaign analysed by Ontinue shows the Salty2FA phishing kit has evolved into an enterprise-style platform. The kit uses legitimate services to host lures, rotates subdomains per session, dynamically applies corporate branding based on victim email domains, mimics multiple MFA methods, and implements evasion techniques such […]
Huge NPM Supply Chain Attack Goes Out With Whimper Summary On 8 September 2025, threat actors phished the prominent developer Qix’s NPM account and published poisoned versions of 18 popular packages (including ansi-styles, debug, chalk and supports-color) that together account for more than 2 billion weekly downloads. The malicious updates contained a crypto-stealing payload and […]
Is the Browser Becoming the New Endpoint? Summary The browser is now central to most knowledge-work tasks — accessing web and cloud apps, meetings, research — and with that centrality comes concentrated risk. Attackers increasingly target browsers via vulnerabilities, malicious extensions and session hijacking to steal credentials and session data. High-profile incidents such as the […]
EoP Flaws Again Lead Microsoft Patch Tuesday Summary Microsoft’s September 2025 security update fixes 81 unique CVEs, with elevation-of-privilege (EoP) bugs making up the largest share — 38 vulnerabilities. EoP issues can let attackers turn an initial foothold into full control, so they deserve high priority despite remote-code-execution (RCE) bugs often getting more headlines. Notable […]
Dormant macOS Backdoor ChillyHell Resurfaces Summary Jamf Threat Labs discovered a new ChillyHell sample uploaded to VirusTotal on 2 May. The sample was notarised by Apple in 2021 and publicly hosted on Dropbox since 2021, and it matches the variant Mandiant linked to attacks on Ukrainian officials in 2022. Disguised as an executable applet (applet.app), […]
Undocumented Radios Found in Solar-Powered Devices Summary The US Department of Transportation warned that solar-powered highway infrastructure — including chargers, roadside weather stations and traffic cameras — should be scanned for hidden or undocumented radios secreted inside batteries and inverters. The advisory (reported by Reuters) did not name a specific manufacturer or nation-state, but it […]
Without Federal Help, Cyber Defense Is Up to the Rest of Us Summary Riaz Lakhani (CISO, Barracuda) warns that recent cuts to the Cybersecurity and Infrastructure Security Agency (CISA) — including staff layoffs and the termination of a $10m partnership with the Center for Internet Security — threaten the nation’s ability to detect and coordinate […]
French Advisory Sheds Light on Apple Spyware Activity Summary France’s national cybersecurity team, CERT-FR (ANSSI), has published an advisory revealing that Apple sent several private threat notifications this year to individuals targeted by sophisticated spyware. The advisory confirms four Apple notifications in 2025 (March 5, April 29, June 25 and Sept 3) and warns that […]
Incidents impacting retailers – recommendations from the NCSC Summary The National Cyber Security Centre (NCSC) outlines recent cyber incidents affecting the retail sector and issues clear, practical recommendations to reduce harm. The blog — authored by Jonathon Ellison and Ollie Whitehouse — highlights that ransomware and extortion remain pervasive, that attackers are using professionalised “ransomware […]
‘NCSC Cyber Series’ podcast now available Summary The National Cyber Security Centre (NCSC) has launched a new podcast series, ‘NCSC Cyber Series’. All five episodes are available now on Apple Podcasts, Spotify and via an RSS feed. Each episode features NCSC experts and external guests discussing key cyber security topics including ransomware, artificial intelligence, cyber […]
