A WordPress plugin used on over 300,000 websites has been found to contain vulnerabilities that could allow hackers to seize control. Security researchers at Wordfence found two critical flaws in the POST SMTP Mailer plugin. Read more in my article on the Tripwire State of Security blog. Read More

Read More

Content delivery provider Cloudflare observed a staggering surge in DDoS attacks against environmental services during COP28 Read More

Read More

New research demonstrates voice cloning, in multiple languages, using samples ranging from one to twelve seconds. Research paper. Read More

Read More

The main British Library catalogue will be back online on Monday, January 15, as the institution continues its technical rebuild following the ransomware attack last year Read More

Read More

A new Recorded Future report warns of growing abuse of GitHub and recommends blocking risky services Read More

Read More

The ICO has fined HelloFresh £140,000 for breaking privacy laws with a spam marketing campaign Read More

Read More

This is a current list of where and when I am scheduled to speak: I’m speaking at the International PolCampaigns Expo (IPE24) in Cape Town, South Africa, January 25-26, 2024. The list is maintained on this page. Read More

Read More

Interesting article, with photographs. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. Read More

Read More

CISA’s advisory provides mitigations for vulnerabilities in ICS products used in critical infrastructure industries like energy, manufacturing and transportation Read More

Read More

Email security provider Cofense outlined some of the most common HR-related scams and phishing campaigns it has observed Read More

Read More