SonicWall Wednesday disclosed a zero-day vulnerability impacting its SMA1000 access platform that is under active exploitation via chained attacks. CVE-2025-40602 is a medium-severity local privilege escalation vulnerability in SonicWall’s SMA1000 …
Category:
Safety & Security
Safety & Security
Human-in-the-loop isn’t enough: New attack turns AI safeguards into exploits
by David Walker
CheckMarx demonstrated that attackers can manipulate these dialogs by hiding or misrepresenting malicious instructions, like padding payloads with benign-looking text, pushing dangerous commands out of the visible view, or crafting …
Safety & Security
Most Parked Domains Now Serving Malicious Content – Krebs on Security
by David Walker
Direct navigation — the act of visiting a website by manually typing a domain name in a web browser — has never been riskier: A new study finds the vast …
Modern security teams often feel like they’re driving through fog with failing headlights. Threats accelerate, alerts multiply, and SOCs struggle to understand which dangers matter right now for their business. …
Safety & Security
EHS Insight Announces Recapitalization with Pamlico Capital and Level Equity
by David Walker
HOUSTON, TX, UNITED STATES, December 9, 2025 – EHS Insight, a leading provider of cloud-based environmental, health, and safety (“EHS”) software, today announced a new investment from Pamlico Capital, a …
I have been humiliated many, many times over my 60+ years, but rarely at work. The last time was when a manager discussed my competence in my …
OPINION The hype surrounding AI in software development is undeniable. We are witnessing a paradigm shift, where “vibe coding” — expressing intent in natural language and leveraging AI large language …
Safety & Security
Microsoft flips security script: ‘In scope by default’ makes all vulnerabilities fair game for bug bounties
by David Walker
However, these rules of engagement prohibit red teamers from using or accessing credentials that aren’t their own, launching phishing attacks against Microsoft employees, performing denial-of-service testing or other testing that …
Safety & Security
Microsoft Patch Tuesday, December 2025 Edition – Krebs on Security
by David Walker
Microsoft today pushed updates to fix at least 56 security flaws in its Windows operating systems and supported software. This final Patch Tuesday of 2025 tackles one zero-day bug that …
Safety & Security
Fake OSINT and GPT Utility GitHub Repos Spread PyStoreRAT Malware Payloads
by David Walker
Cybersecurity researchers are calling attention to a new campaign that’s leveraging GitHub-hosted Python repositories to distribute a previously undocumented JavaScript-based Remote Access Trojan (RAT) dubbed PyStoreRAT. “These repositories, often themed …