All topics
Every day is zero day, and this week we talked about the new Google Threat Intelligence Group report on the zero day exploit landscape in 2025 (2:22) and who’s exploiting what, then we discuss Microsoft’s disruption of the Tycoon 2FA cybercrime operation (9:51), and finally we talk about the KEVology report from runZero and our […]
The comprehensive effort, which involved seizing 330 active domains, cuts off a critical pipeline for account takeovers that targeted over 500,000 organizations and sent tens of millions of fraudulent emails monthly.
This campaign is an offshoot of the more familiar and pervasive fake job interview and phony tech worker scams that have been coming from North Korea for several years.
This week was a cornucopia of zero days. We talk about the six (!) actively exploited vulnerabilities that Microsoft patched this week in its February update (2:46), then we discuss the one that Apple fixed in iOS 26.3, a vulnerability that has been used in what the company calls an “extremely sophisticated attack” against a few individuals (7:24). […]
The exploited vulnerabilities in question exist across various products, from Microsoft Word to Windows Shell.
Exploitation of CVE-2025-8088 in the wild began before disclosure, with attacks confirmed as early as July 18, 2025.
