Cybersecurity 101
Indicators of Compromise (IOCs): What They Are and How to Use Them
A complete guide to indicators of compromise (IOCs) — the major types, the IOC vs IOA distinction, the Pyramid of Pain, and how IOCs are shared via STIX/TAXII.
Malware
A Rust-based Windows remote-access tool with an NVIDIA-impersonation posture — defender research this week from Blackpoint Cyber, published with indicators of compromise for detection teams.
Supply Chain Attack
Microsoft goes deep on the AsyncAPI npm compromise — a defender review for CI/CD workflows and @asyncapi dependencies this week.
Data Privacy
A significant multi-state privacy settlement — regulatory-policy analysis coverage this week — as 23andMe agrees to pay $18 million to a coalition of 42 state attorneys general over the security failings behind its data breach.
Vulnerabilities
More technical detail on the Cursor IDE auto-execute finding — defender review for Cursor-using teams this week.
Vulnerabilities
Three vendors, one patch cycle, one critical AI-platform RCE — defender verification across the Fortinet, Ivanti, and ServiceNow product lines this week.
Vulnerabilities
The eleven old UEFI shims get revoked — defender posture and deployment tracking this week.
Nation-State Cyber Threats
A dormant China-linked kernel rootkit surfaces again in Taiwan with a new backdoor companion — defender research review this week.
Policy & Government
Fresh detail on the White House Gold Eagle program — federal-adjacent organizations align this week.
Supply Chain Attack
A cold-chain cyberattack ripples into KFC Japan and supermarket supplies — supply-chain sector-advisory coverage this week.
A scale-significant airline-industry disclosure traced to a tech-support scam — sector-advisory coverage this week, based on early single-source reporting that Qantas has yet to fully detail.
Another Sandworm-attributed technique lands from CERT-UA — end-user awareness and defender posture review this week for Ukraine-adjacent organizations.
F5's July patch cycle continues — defender verification across NGINX and BIG-IP deployments this week.
A novel macOS stealer technique with credential-and-crypto targeting — defender posture review for Mac-issuing organizations this week.
A CVSS 9.8 Zoom Windows flaw and companion Splunk patches — defender teams verify across enterprise deployments this week.
The biggest cybercrime conviction in UK history — Scattered Spider's TfL attackers face five-and-a-half years, and the £29M cost lands as a defender-team reminder this week.
A US indictment against Russian bulletproof hosting operators — law-enforcement continuation coverage this week.
CISA raises the SharePoint patch stakes — three actively exploited flaws, two of them zero-days, and defender teams accelerate verification this week.
A three-week pre-disclosure exposure window for the SonicWall SMA zero-days — defender teams review the timeline this week.
A Windows User Profile Service PoC drops the same day as Patch Tuesday — the researcher's fourth CyberSignal-tracked disclosure this cycle, and a defender review for this week.
Another JavaScript-ecosystem supply-chain compromise, confirmed by four vendors: four @asyncapi npm packages were observed distributing a multi-stage botnet loader, and all five malicious versions have since been pulled from npm — defender inventory work this week.
The UK Government adds catastrophic cyber warnings to its National Risk Register — UK-operating defenders align posture this week.