Technology explained clearly, with a little brawta.

YouTubeGitHub

Topic

Cybersecurity

Threats, defensive engineering, security operations, privacy, and safer ways to work.

Latest stories

News and analysis

Reporting, release notes, research, and technical guidance from across the industry.

SecurityWeek

ClickLock stealer bypasses macOS protections

Attackers pair social engineering with process termination to get around safeguards that users normally rely on.

Read the article at SecurityWeek
GitHub

HoneyWire turns attacker traffic into usable evidence

The open-source honeypot captures suspicious sessions and presents them in a form defenders can investigate.

Read the article at GitHub
BleepingComputer

Zoom fixes a critical account-takeover flaw

Administrators should confirm their tenants are protected and review the conditions that made the vulnerability exploitable.

Read the article at BleepingComputer
Proofpoint

Why fake OAuth client IDs are gaining traction

Proofpoint explains how client-ID spoofing makes malicious authorisation requests look more trustworthy than they are.

Read the article at Proofpoint
Computerworld

CISA urges immediate SharePoint hardening

Defenders are being told to apply mitigations and hunt for compromise as exploitation activity increases.

Read the article at Computerworld
Google Cloud

A GKE blueprint for securing AI at enterprise scale

Google Cloud lays out identity, isolation, policy, and observability controls for AI workloads on Kubernetes.

Read the article at Google Cloud
Microsoft Security

Defending SaaS applications from ShinyHunters OAuth abuse

Microsoft maps the attack path and gives defenders concrete controls for consent, tokens, applications, and logging.

Read the article at Microsoft Security
BleepingComputer

CrashStealer poses as an Apple crash-reporting tool

The malware borrows a familiar system prompt to trick macOS users into handing over access.

Read the article at BleepingComputer
BleepingComputer

GhostCommit hides prompt injection inside images

Researchers demonstrate how poisoned visual assets can manipulate coding agents and expose repository secrets.

Read the article at BleepingComputer
Microsoft Security

Passkeys become the default in Microsoft Entra ID

Microsoft details the rollout, policy implications, and migration work administrators should complete.

Read the article at Microsoft Security
Purple Team

Building and testing a custom AMSI provider

A defensive lab walks through the Windows scanning interface so practitioners can understand what attackers try to bypass.

Read the article at Purple Team
Tigera

OpenShell secures the agent that governs a fleet

Tigera looks at containment and network policy for agents with broad infrastructure privileges.

Read the article at Tigera