Peter Chofield
-
Digital Services Act (DSA)
The European Union (EU) introduced the Digital Services Act (DSA) to establish a secure, accountable online environment. The DSA, alongside the Digital Markets Act (DMA), safeguards users’ fundamental rights and fosters a competitive landscape within the European Single Market and globally.
-
“Lighthouse” Phishing Kit Powers Global Smishing Attacks
The ‘Lighthouse’ Phishing-as-a-Service (PhaaS) is a sophisticated cybercrime operation that enables extensive SMS phishing (smishing) attacks, impacting millions globally by illegally obtaining sensitive user credentials and banking details.
-
CitrixBleed: Critical Flaw Leads to Session Hijacking and MFA Bypass
CitrixBleed is a critical information-disclosure vulnerability affecting Citrix NetScaler ADC and Gateway systems. Attackers exploit this flaw to steal session tokens, hijack user sessions, and bypass multi-factor authentication, leading to data breaches, system compromise, and digital espionage by APT groups and cybercriminals.
-
Microsoft Exchange End-of-Life: Imminent Threats and Migration Urgency
Microsoft Exchange servers 2016 and 2019 are nearing end-of-life this October, posing an imminent threat due to critical vulnerabilities. This advisory follows the Storm-0558 breach, prompting CISA and NSA to issue security best practices. Organizations must migrate and implement robust defenses amidst Microsoft’s Secure Future Initiative.
-
UK Tests Response to Malicious Use of Hazardous Substances
The United Kingdom tested its response to large-scale chemical, biological, radiological, nuclear, or explosive (CBRNE) incidents.
-
Lavrov Urges US to Accept New START Extension
Russian Foreign Minister Sergei Lavrov urged the United States to accept Moscow’s offer: extend the New START nuclear arms reduction treaty for one year.
-
U.S. Army Certifies Rapid Anti-Drone Response Team
U.S. Army Northern Command certified a new rapid response team to neutralize drone threats against domestic military installations, marking a significant operational shift in homeland defense.
-
Researcher Discovers Critical RCE (CVE-2025-12735) in expr-eval JavaScript Library
Security researcher Jangwoo Choe discovered a critical remote code execution (RCE) vulnerability, CVE-2025-12735, in the popular JavaScript library expr-eval. The flaw lets attackers execute arbitrary code and seize full control over hundreds of affected projects.
-
Military Veterans Strengthening Cybersecurity
Military veterans are increasingly filling critical cybersecurity roles, leveraging their discipline and problem-solving skills to address the global talent shortage.
-
Russia’s Ulyanovsk Region Imposes Permanent Mobile Internet Blackout
Russia’s Ulyanovsk region imposed the country’s first permanent mobile internet blackout, citing security concerns related to the ongoing “special military operation” in Ukraine.