CISA Adds Actively Exploited XSS Bug CVE-2021-26829 in OpenPLC ScadaBR to KEV
Pour yourself a dram of something dark and suspicious, because this update is about as thrilling as a vendor webinar titled “Patch Cadence for ICS.” The U.S. Cybersecurity and Infrastructure Security Agency has bolstered its Known Exploited Vulnerabilities (KEV) catalog with CVE-2021-26829, an XSS flaw in OpenPLC ScadaBR that is reportedly under active exploitation. If […]
Ads Inside ChatGPT: OpenAI Tests Internal Ads as the Next Revenue Stream
Pour yourself a dram of whiskey and settle in. The security circus keeps rolling, and this time the act is OpenAI reportedly testing ads inside ChatGPT that could redefine the web economy. Yes, ads inside a chat bot. No, this is not a prank. It is a vendor compromising user attention for a few extra […]
HashJack AI Browser Attack and the Never-Ending Security Circus
Pour yourself a dram of aged bourbon and settle in, because here is the top story you probably missed while scrolling past a thousand vendor white papers. SecurityWeek’s roundup on HashJack AI Browser Attack, Charming Kitten Leak, Hacker Unmasked is the kind of headline that sounds urgent until you realize it’s just another shiny object […]
OpenAI, Mixpanel, and the vendor risk you were promised could be managed
Pour yourself a drink, this breach is dumber than last week’s. OpenAI API customers found themselves exposed not because OpenAI forgot to lock a door, but because a vendor they rely on — Mixpanel — left the door ajar wide enough for a breeze to carry data out the window. It is the classic tale […]
Rey, the Admin, and the Endless Security Theater
Pour yourself a glass of bourbon, because here we go again with the top story that proves the security industry loves a good backstage pass more than actually fixing anything. The headline this time is Rey, the public face of the Scattered LAPSUS$ Hunters, finally admitting who he is after KrebsOnSecurity tracked him down. It’s […]
Emergency Alerts Down, Vendors Up: OnSolve CodeRED Outage Proves We Trust Third Parties Too Much
What happened down the line of fire alarms Here is the hot take you already ignored 17 times this week: a cyberattack hit OnSolve CodeRED, the emergency alert platform that supposedly speaks to every police department, fire squad, and local government with the gravitas of a bacon-wopping siren. The result? Nationwide disruptions to critical alert […]
Is Your Android TV Streaming Box Part of a Botnet? A Bitter Reminder
Opening dram Pour yourself a dram of whiskey, the latest consumer tech melodrama is back and this time it is your living room turning into a traffic mule. The Superbox streaming devices sold at major retailers promise access to more than 2,200 pay per view and streaming services for a one time fee of around […]
Iberia’s Vendor Breach: 77 GB of Reality Check Served Cold
Top Story: Iberia discloses customer data leak after vendor security breach Pour yourself a glass of bourbon, because this is the kind of breach that tastes like a cautionary tale you filed under the desk for a reason. Iberia, the Spanish carrier that dreams in aircraft windows and passenger smiles, is quietly notifying customers after […]
WhatsApp API flaw lets researchers scrape 3.5 billion accounts
Top Story Pour yourself a whiskey, because this week’s security theater comes with a side of obvious. The WhatsApp API that was supposed to make life easier for developers apparently forgot the first rule of security: never turn a discovery feature into an invitation to enumerate billions of people. Researchers allegedly scraped 3.5 billion mobile […]
Comet Controversy: SquareX vs Perplexity and the Browser Vulnerability That Might Not Be a Vulnerability
Top Story Another day, another browser vulnerability that turns into a PR ping-pong between two research outfits and a few security newsrooms. SquareX claims to have found a way to abuse a hidden Comet API to execute local commands, while Perplexity insists the whole thing is fake or at least misrepresented. It reads like a […]
