145 AI laws passed in 2025 and privacy teams aren’t catching a break
145 AI-related laws were enacted by state legislatures in 2025, and more than 1,000 additional bills were introduced or revised, according to DataGrail’s Pri...
General
20 articles
Press Release: CSO30 ASEAN & Hong Kong Awards 2026 open for nominations
>The CSO30 ASEAN & Hong Kong Awards return in 2026, as an important moment to recognise the cybersecurity leaders and teams who are making resilience measura...
ISC Stormcast For Monday, June 1st, 2026 https://isc.sans.edu/podcastdetail/9952, (Mon, Jun 1st)
Unidentified RAT pushes NetSupport RAT, (Mon, Jun 1st)
Introduction
[webapps] WordPress OrderConvo 14 - Path Traversal
WordPress OrderConvo 14 - Path Traversal
Unknown hacker group targeted Russian maritime universities, diplomats for nearly two years
More than half of the attacks observed over the past year targeted educational institutions, particularly maritime universities and schools that train person...
YARA-X 1.17.0 Release, (Sun, May 31st)
YARA-X&#;x26;#;39;s 1.17.
27,000-Download Codex UI Tool Secretly Stole OpenAI Refresh Tokens
A malicious Codex UI npm package with 27,000 weekly downloads was caught exfiltrating OpenAI refresh tokens, exposing developers to account takeover risks.
WP Maps Pro bug exploited to create admin accounts on WordPress sites
Hackers are targeting WordPress websites running a vulnerable version of the WP Maps Pro plugin, which allows creating rogue administrator accounts without a...
Russian Spies Are Aggressively Seeking Western Technology as Sanctions Bite, Officials Say
Moscow’s agents are building fake companies, recruiting middlemen and deploying cyber spies and hackers who gather information that could be used to attack k...
Google Chrome’s DBSC Now Generally Available to Prevent Account Takeovers
Google has officially made Device Bound Session Credentials (DBSC) generally available for the Chrome browser on Windows. This architectural upgrade delivers...
[webapps] YAMCS yamcs-core 5.12.7 - LDAP Injection
YAMCS yamcs-core 5.12.
[remote] Notepad++ 8.9.6 - Arbitrary Code Execution
Notepad++ 8.9.
[webapps] YAMCS yamcs-core 5.12.7 - No Rate Limiting
YAMCS yamcs-core 5.12.
[webapps] YAMCS yamcs-core 5.12.7 - User Enumeration
YAMCS yamcs-core 5.12.
Microsoft and security researcher’s dueling posts about cybersecurity disclosures get nasty
Microsoft and a prominent cybersecurity researcher have gotten into a very public and rather personal exchange of unpleasantries about what responsible cyber...
AI helps Russian-speaking GreyVibe run five parallel attack chains on Ukrainian targets
Researchers say Russian-speaking group GreyVibe uses AI tools to scale cyberattacks on Ukraine.
Friday Squid Blogging: Another Squid
Someone named “Squid” seems to be a “West Country legend.” As usual, you can also use this squid post to talk about the security stories in the news that I h...