Old Playbook, New Scale: While defenders are chasing trends, attackers are optimizing the basics The security industry loves talking about “new” threats. AI-powered attacks. Quantum-resistant encryption. Zero-trust architectures. But looking around, it seems like the most effective attacks in 2025 are pretty much the same as they were in 2015. Attackers are exploiting the same […]
ServiceNow has disclosed details of a now-patched critical security flaw impacting its ServiceNow AI Platform that could enable an unauthenticated user to impersonate another user and perform arbitrary actions as that user. The vulnerability, tracked as CVE-2025-12420, carries a CVSS score of 9.3 out of 10.0 “This issue […] could enable an unauthenticated user to […]
January 12th TJS Weekly Security Intelligence Briefing Week of January 12th, 2026Classification: TLP: PublicWeekly Security Intelligence Briefing 1. Executive Summary The week of January 6-12, 2026 presented an elevated risk posture driven by actively exploited vulnerabilities affecting MongoDB, Chrome, VMware, React/Next.js, Veeam, and Gogs. The most urgent priorities are: Additional threats include VMware ESXi zero-days […]
Cybersecurity researchers have disclosed details of a new campaign dubbed SHADOW#REACTOR that employs an evasive multi-stage attack chain to deliver a commercially available remote administration tool called Remcos RAT and establish persistent, covert remote access. “The infection chain follows a tightly orchestrated execution path: an obfuscated VBS launcher executed via wscript.exe invokes a Read More
January 5th TJS Weekly Security Intelligence Briefing Week of January 5th, 2026Classification: TLP: PublicPrepared: January 5, 2026 SECTION A: EXECUTIVE OVERVIEW For Leadership and Management A.1 Executive Summary Risk Posture: ELEVATED This week’s threat landscape is defined by three operationally significant developments: Bottom Line: MongoDB patching is the highest-priority technical action. Phishing awareness requires immediate […]
University of Hawaii says a ransomware gang breached its Cancer Center in August 2025, stealing data of study participants, including documents from the 1990s containing Social Security numbers. […] Read More
Microsoft has started retiring the Microsoft Lens PDF scanner app for Android and iOS devices on Friday, January 9th, with plans to remove it from app stores next month. […] Read More
CISA has ordered government agencies to secure their systems against a high-severity Gogs vulnerability that was exploited in zero-day attacks. […] Read More
The Amsterdam Court of Appeal sentenced a 44-year-old Dutch national to seven years in prison for multiple crimes, including computer hacking and attempted extortion. […] Read More
Massive data dump reveals real identities and details of administrators and members of the notorious hacker forum. Read More
