Too many acronyms? Let's unpack them together. DORA - Digital Operational Resilience Act - is a regulation that came into force on 17 January 2025 in all European Union member states [1]. Its main goal is to strengthen the digital resilience of financial entities. I want to emphasize: DORA is a regulation, not a directive....

A grumpy ItSec guy walks through the office when he overhears an exchange of words. Dev0: Hey, this isn't working, I hate containers...Dev1: Maybe just add the --privileged flag! ItSec: Just… no. Simply no. No privileged mode - the grumpy fellow interjects as he walks away. Dev0: Jesus, fine - no privileged mode.Dev1: Okay, but…...

In Poland, the reporting mechanism via the short number 8080 enables rapid, citizen‑driven identification of smishing and cyber‑fraud attempts. Reporting a malicious message involves simply forwarding the suspicious SMS to 8080, which delivers it directly to CERT Polska for analysis [1]. Upon receipt and confirmation of malicious content, each new SMS pattern is published by...

Apple has agreed to pay $95 million to resolve a class-action lawsuit alleging that Siri unintentionally recorded private conversations and shared them with third parties for targeted advertising. Background The core of the lawsuit revolves around claims that Siri was activated without the user's explicit command, leading to unintended recordings of private conversations. Users reported...

A new Remote Code Execution (RCE) vulnerability has been discovered. With a CVSS score of 9.8, this vulnerability affects Windows Domain Controllers (DCs) and other Windows Servers, potentially putting organizational networks at risk. SafeBreach Labs took a deep dive, revealing a zero-click Proof of Concept (PoC) capable of crashing unpatched systems. This flaw doesn't require...

Chinese state-sponsored hackers successfully breached the U.S. Treasury Department’s security framework this December. The breach was executed through the compromise of BeyondTrust, a trusted third-party cybersecurity service provider. By obtaining a crucial digital key, the attackers were able to override security measures, remotely access Treasury user workstations, and exfiltrate unclassified documents. Breach background The threat...

A new study has been published that describes a novel attack method known as Best-of-N (BoN) Jailbreaking, which poses significant risks to even the most sophisticated AI models. What is BoN Jailbreaking? BoN Jailbreaking is a black-box attack method designed to exploit AI systems across various input types - text, images, and audio - without...

Volkswagen has landed in hot water once again. A recent investigation by the Chaos Computer Club (CCC) reveals that the company has been systematically collecting and storing movement data from hundreds of thousands of vehicles across its brands (VW, Audi, Skoda, and Seat). The data, which includes detailed location information and even vehicle owner details,...

Google Calendar, used by over 500 million people worldwide, has become a prime target for cyber criminals. Recently, hackers have manipulated Google tools like Calendar and Google Drawings to send phishing emails that appear to come directly from legitimate sources. These emails often include links to malicious forms or fake pages designed to steal personal...

Discover an incredible treasure trove of Open Source Intelligence (OSINT) tools and resources tailored to specific countries around the world 🌏. Whether you're diving into investigative reporting or tracking online footprints, this repository is a game-changer! From Argentina to Uzbekistan, and even multi-country resources, there's something for every OSINT enthusiast 🔍. Contributors are encouraged to...