-
Careless Whisper: Silent Delivery Receipts as a Surveillance Vector
You know that double-checkmark on WhatsApp that tells you a message landed on someone’s device? Researchers from the University of Vienna figured out how to fire that mechanism silently, repeatedly, without the target ever seeing a notification. The paper is called Careless Whisper: Exploiting Silent Delivery Receipts to Monitor Users...
-
Punycode Lookalike Domains and Why They Are Still Dangerous
If you have ever looked closely at a phishing domain and thought, “That looks right, but something feels off,” you may have been looking at a Punycode or Internationalized Domain Name (IDN) homograph attack. These attacks are not new. They are also not theoretical. They continue to be used successfully...
-
Fail2ban: Practical Defense Against Brute Force Attacks
If you operate any service exposed to the internet, you are being scanned constantly. SSH, SMTP, VPNs, admin panels, and APIs are all probed nonstop by automated tooling. Most of this traffic is not sophisticated, but it is persistent. Fail2ban is a simple and effective way to reduce that noise...