This is a current list of where and when I am scheduled to speak: I’m speaking and signing books at the Cambridge Public Library on October 22, 2025 at 6 PM ET. The event is sponsored by Harvard Bookstore. I’m giving a virtual talk about my book Rewiring Democracy atRead More »Upcoming Speaking Engagements
The U.S. Federal Bureau of Investigation (FBI) has issued a flash alert to release indicators of compromise (IoCs) associated with two cybercriminal groups tracked as UNC6040 and UNC6395 for a string of data theft and extortion attacks. “Both groups have recently been observed targeting organizations’ Salesforce platforms via different initialRead More »FBI Warns of UNC6040 and UNC6395 Targeting Salesforce Platforms in Data Theft Attacks
Research: Nondestructive detection of multiple dried squid qualities by hyperspectral imaging combined with 1D-KAN-CNN Abstract: Given that dried squid is a highly regarded marine product in Oriental countries, the global food industry requires a swift and noninvasive quality assessment of this product. The current study therefore uses visiblenear-infrared (VIS-NIR) hyperspectralRead More »Assessing the Quality of Dried Squid
Interesting analysis: When cyber incidents occur, victims should be notified in a timely manner so they have the opportunity to assess and remediate any harm. However, providing notifications has proven a challenge across industry. When making notifications, companies often do not know the true identity of victims and may onlyRead More »A Cyberattack Victim Notification Framework
Samsung has released its monthly security updates for Android, including a fix for a security vulnerability that it said has been exploited in zero-day attacks. The vulnerability, CVE-2025-21043 (CVSS score: 8.8), concerns an out-of-bounds write that could result in arbitrary code execution. “Out-of-bounds Write in libimagecodec.quram.so prior to SMR Sep-2025Read More »Samsung Fixes Critical Zero-Day CVE-2025-21043 Exploited in Android Attacks
Apple has notified users in France of a spyware campaign targeting their devices, according to the Computer Emergency Response Team of France (CERT-FR). The agency said the alerts were sent out on September 3, 2025, making it the fourth time this year that Apple has notified citizens in the countyRead More »Apple Warns French Users of Fourth Spyware Campaign in 2025, CERT-FR Confirms
Noteworthy stories that might have slipped under the radar: Huntress research raises concerns, Google paid out $1.6 million for cloud vulnerabilities, California web browser bill. The post In Other News: $900k for XSS Bugs, HybridPetya Malware, Burger King Censors Research appeared first on SecurityWeek.
A deserialization of untrusted data in the MOM software allows attackers to achieve remote code execution. The post DELMIA Factory Software Vulnerability Exploited in Attacks appeared first on SecurityWeek.
Apple this year sent at least four rounds of notifications to French users potentially targeted by commercial spyware. The post Apple Sends Fresh Wave of Spyware Notifications to French Users appeared first on SecurityWeek.
Cybersecurity researchers have discovered a new ransomware strain dubbed HybridPetya that resembles the notorious Petya/NotPetya malware, while also incorporating the ability to bypass the Secure Boot mechanism in Unified Extensible Firmware Interface (UEFI) systems using a now-patched vulnerability disclosed earlier this year. Slovakian cybersecurity company ESET said the samples wereRead More »New HybridPetya Ransomware Bypasses UEFI Secure Boot With CVE-2024-7344 Exploit
