#iPhone: if you own one it's time to do a Software Update again as Apple issues an emergency iOS version 18.3.1 to patch a #zeroday vulnerability CVE-2025-24200 which can be exploited to bypass the USB restriction mode and pull the data from the device:

#Kubernetes Policy Enforcement at Risk: OPA Gatekeeper Bypass Exposes #Security Flaws. AquaSec researchers have demonstrated ways to bypass its security controls due to common misconfigurations and policy weaknesses:

#Cisco Patches Critical Identity Services Engine (ISE) #Vulnerabilities with CVSS 9.1 & 9.1 Enabling Root Remote Code Execution (#RCE) and Privilege Escalation (CVE-2025-20124,CVE-2025-20125). Both CVEs are API flaws (Deserialization & Auth bypass):

#Microsoft fixes CVSS 9.9 vulnerability in Azure #AI Face service potentially leading to elevation of privileges over a network:

I was interviewed by the Cybersecurity Sessions podcast a few of weeks ago - you can catch the episode on Spotify here🎤:

@UK_Daniel_Card Check out some UK companies with 1337 in the LTD name 😎

#SecureByDesign: "Google's Blueprint for a High-Assurance Web Framework" blog post discusses how Google addresses the challenge of preventing vulnerabilities from occurring in the first place through careful design, rigorous testing & a commitment to ongoing security: #AppSec

#WhatsApp Meta Confirms Zero-Click WhatsApp #Spyware affected at least 90 Journalists. A specially-crafted PDF file was sent to individuals who were added to group chats on WhatsApp. Once the file was received the WhatsApp account was compromised:

Broadcom Warns of High-Severity unauthenticated SQL Injection #Vulnerability (CVE-2025-22217) in #VMware Avi Load Balancer/WAF:

#Facebook's internal policy makers decided that #Linux is "malware" and labeled posts and groups associated with Linux as being 'cybersecurity threats' blocking them citing Community Standards:

#Wacom informs customers of a #databreach impacting credit card data 💳:

RT @iAnonymous3000: Facebook’s Anti-Linux Fiasco @facebook has done some ridiculous things, but flagging Linux—an open source backbone of…

#Apple: If you own an Apple device like an iPhone , iPad, Mac, Apple TV, Apple Watch, Apple Vision Pro headset - today is the day to update it as Apple patches a zero-day privilege escalation vulnerability CVE-2025-24085 and 5 Airplay vulnerabilities:

CVE-2024-50050: Critical Vulnerability in meta-llama/#llama-stack by Meta - a popular #GenAI framework. The deserialization flaw allows remote attackers to execute arbitrary code, posing severe risks to AI model hosting, data integrity & system security:

@starrdlux @kingthorin_rm @zbraiterman @thejonmccoy @InfoSecMap Let's add @adamshostack and @izar_t to the discussion as I feel they are more qualified to answer this question (or to coin a new threat modeling industry term)😎

RT @OWASPLondon: Many thanks to @InsiderPhD for presenting her talk "Go Hack Yourself: API Hacking for Beginners" at the #OWASP London Chap…

RT @OWASPLondon: Many thanks to Tanya Janca (@shehackspurple) for presenting her talk "Maturing Your Application Security Program" at the #…

#jobs for Interns - #cybersecurity researcher at Microsoft Ireland (Dublin) or UK (Cheltenham): 🔁

The EU Digital Operational Resilience Act (#DORA) officially applies as of today: January 17, 2025. This regulation aims to enhance the operational resilience of financial services organisations against cyber threats and disruptions:

#Ivanti: Researcher Uncovers Critical Vulnerabilities in Multiple Versions of Ivanti Endpoint Manager (#EPM) and Ivanti Avalanche Application Control Engine. CVE-2024-10811, CVE-2024-13161, CVE-2024-13160, CVE-2024-13159 have been patched - update! 👇