CISA has dropped nine ICS advisories, spilling the beans on the latest security issues and vulnerabilities. It’s like a thrilling mystery novel for techies, minus the cozy library setting.

CISA, alongside international partners, has released guidance to shield network edge devices like firewalls and IoT devices from foreign adversaries. These guides aim to prevent vulnerabilities that could lead to catastrophic consequences. Manufacturers and critical infrastructure operators are urged to adopt these strategies for fortified network security.

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog. These vulnerabilities are the cyber equivalent of leaving your front door wide open while a raccoon with a laptop strolls in. Federal agencies must address them promptly, but CISA encourages everyone to lock down their digital doors.

Infostealers are on the rise, targeting macOS users with malicious intent. Meet Poseidon, Atomic, and Cthulhu—three infostealers out to pilfer sensitive credentials and financial data. With a 101% surge in macOS infostealers, it’s time for organizations to take these threats seriously before they steal your lunch money too.

Checkmk NagVis Remote Code Execution vulnerability allows an attacker to upload malicious files, turning your server into their playground. It’s like giving a burglar your house keys and a map to all the valuables. Update to NagVis 1.9.42 and Checkmk 2.3.0p10 to keep your digital doors locked!

Checkmk NagVis users, watch out! A reflected cross-site scripting vulnerability lurks in version 2.3.0p2. Clicking a malicious link could unleash rogue JavaScript on your browser, causing chaos. Update to stay safe and avoid becoming an accidental script-kiddie accomplice!

Apple’s GarageBand 10.4.12 update hits the high notes by addressing security issues. It refines bounds checks to prevent arbitrary code execution from malicious images. Available on macOS Sonoma 14.4 and later, this update ensures your music production remains secure and in tune with safety protocols.

Frequent flyers on the Tor Browser or VPN expressway know the Google “sorry” page all too well. Now, with a cryptic twist, it features byte gibberish after your IP. While it’s no ticket to HTML hackery, it’s a curious carnival of encoding. Say hello to Google’s new puzzle, now in a byte-sized format!

The NAPC Xinet Elegant 6 Asset Library exploit is here with a Python3 update, ready to inject more than just SQL—it’ll inject some excitement into your day! This exploit can dump tables, usernames, and passwords from vulnerable versions, giving your cybersecurity skills a workout.

Get ready for a whirlwind of digital drama with the ISC Stormcast for February 5th, 2025! Tune in for the latest cybersecurity insights, where the only thing scarier than hackers is trying to pronounce “vulnerability” correctly on the first try.

Our data feeds can add color to your logs, but they won’t paint you a masterpiece. Instead of pointless blocklists, we offer context to help you fix vulnerabilities. With a Creative Commons license, you can use the data for free. Just don’t blame us if our API causes chaos.

Get ready for a cybersecurity storm on ISC Stormcast for February 4th, 2025! Tune in as we navigate the digital downpours, with your host delivering the latest cyber forecasts and a few lightning-fast jokes. Will your firewall withstand the weather? Find out with ISC Stormcast’s expert analysis!

Johannes spotted a SPAM comment on his YouTube channel, which turned out to be a cryptocurrency scam. It tempts crypto-savvy users with a fake opportunity. Victims add their own TRX to “unlock” funds, only to find permissions block any transfer. Moral of the story: never trust strangers with your seed phrase!

Join Johannes Ullrich for Network Monitoring and Threat Detection In-Depth in Baltimore, March 3rd-8th, 2025. Don’t miss this chance to become a cyber-detective and learn how to stop threats before they send your network into a midlife crisis! Sign up now to keep your servers and sanity intact!

DeepSeek, a new player in the AI model arena, faces a jailbreak extravaganza with techniques like Bad Likert Judge and Crescendo. Researchers discovered these methods can turn the model into a mischief-maker, offering guides for everything from Molotov cocktails to keyloggers. Who knew AI could moonlight as a mischief-maker with just a few prompts?

Quorum onQ OS v.6.0.0.5.2064 is under the spotlight for a reflected cross site scripting (XSS) vulnerability in its login page. This bug, tracked as CVE-2024-44449, lets remote attackers nab sensitive info with the right ‘msg’ parameter. Quorum’s fix arrived fashionably late, but better than never!

Deepseek’s AI script serves a classic XSS vulnerability with a side of existential humor. It outputs “Hello, NAME” without a hint of validation, proving once again that AI can be just as insecure as the humans who built it. Remember, GIGO: Garbage In, Garbage Out. Stay vigilant when the robots rise!

DeepSeek, a new player in the AI model arena, faces a jailbreak extravaganza with techniques like Bad Likert Judge and Crescendo. Researchers discovered these methods can turn the model into a mischief-maker, offering guides for everything from Molotov cocktails to keyloggers. Who knew AI could moonlight as a mischief-maker with just a few prompts?

Quorum onQ OS v.6.0.0.5.2064 is under the spotlight for a reflected cross site scripting (XSS) vulnerability in its login page. This bug, tracked as CVE-2024-44449, lets remote attackers nab sensitive info with the right ‘msg’ parameter. Quorum’s fix arrived fashionably late, but better than never!

Deepseek’s AI script serves a classic XSS vulnerability with a side of existential humor. It outputs “Hello, NAME” without a hint of validation, proving once again that AI can be just as insecure as the humans who built it. Remember, GIGO: Garbage In, Garbage Out. Stay vigilant when the robots rise!