Peter Chofield
-
What is a Zero-Day Vulnerability?
A zero-day vulnerability is a software flaw unknown to its vendor or the public, making it exceptionally dangerous due to immediate exploitation by malicious actors before patches are available. These…
·
·
2–3 minutes -
Digital Services Act (DSA)
The European Union (EU) introduced the Digital Services Act (DSA) to establish a secure, accountable online environment. The DSA, alongside the Digital Markets Act (DMA), safeguards users’ fundamental rights and…
·
·
3–4 minutes -
“Lighthouse” Phishing Kit Powers Global Smishing Attacks
The ‘Lighthouse’ Phishing-as-a-Service (PhaaS) is a sophisticated cybercrime operation that enables extensive SMS phishing (smishing) attacks, impacting millions globally by illegally obtaining sensitive user credentials and banking details.
·
·
1–2 minutes -
CitrixBleed: Critical Flaw Leads to Session Hijacking and MFA Bypass
CitrixBleed is a critical information-disclosure vulnerability affecting Citrix NetScaler ADC and Gateway systems. Attackers exploit this flaw to steal session tokens, hijack user sessions, and bypass multi-factor authentication, leading to…
·
·
2–3 minutes -
Microsoft Exchange End-of-Life: Imminent Threats and Migration Urgency
Microsoft Exchange servers 2016 and 2019 are nearing end-of-life this October, posing an imminent threat due to critical vulnerabilities. This advisory follows the Storm-0558 breach, prompting CISA and NSA to…
·
·
1–2 minutes -
UK Tests Response to Malicious Use of Hazardous Substances
The United Kingdom tested its response to large-scale chemical, biological, radiological, nuclear, or explosive (CBRNE) incidents.
·
·
1–2 minutes -
Lavrov Urges US to Accept New START Extension
Russian Foreign Minister Sergei Lavrov urged the United States to accept Moscow’s offer: extend the New START nuclear arms reduction treaty for one year.
·
·
2–3 minutes -
U.S. Army Certifies Rapid Anti-Drone Response Team
U.S. Army Northern Command certified a new rapid response team to neutralize drone threats against domestic military installations, marking a significant operational shift in homeland defense.
·
·
1–2 minutes -
Researcher Discovers Critical RCE (CVE-2025-12735) in expr-eval JavaScript Library
Security researcher Jangwoo Choe discovered a critical remote code execution (RCE) vulnerability, CVE-2025-12735, in the popular JavaScript library expr-eval. The flaw lets attackers execute arbitrary code and seize full control…
·
·
1–2 minutes -
Military Veterans Strengthening Cybersecurity
Military veterans are increasingly filling critical cybersecurity roles, leveraging their discipline and problem-solving skills to address the global talent shortage.
·
·
1–2 minutes
