384 matches found
PT-2026-43572
The HBook plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'hb country iso', 'hb usa state iso', and 'hb canada province iso' parameters in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2026-3593
creationtimestamp| type| source ---|---|--- 2026-05-20 07:42:48+00:00| seen| https://www.acn.gov.it/portale/w/aggiornamenti-per-isc-bind-5 2026-05-20 10:23:00+00:00| seen| https://cyber.gc.ca/en/alerts-advisories/isc-bind-security-advisory-av26-490 2026-05-20 14:15:08+00:00| seen|...
CVE-2026-5946
creationtimestamp| type| source ---|---|--- 2026-05-20 07:42:48+00:00| seen| https://www.acn.gov.it/portale/w/aggiornamenti-per-isc-bind-5 2026-05-20 10:23:00+00:00| seen| https://cyber.gc.ca/en/alerts-advisories/isc-bind-security-advisory-av26-490 2026-05-20 14:24:10+00:00| seen|...
CVE-2026-40967
creationtimestamp| type| source ---|---|--- 2026-04-27 11:57:47+00:00| seen| https://cyber.gc.ca/en/alerts-advisories/spring-security-advisory-av26-397 2026-04-28 05:17:59+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mkjthfhfzr2u 2026-04-28 12:15:14+00:00| seen|...
CVE-2025-3756
creationtimestamp| type| source ---|---|--- 2026-04-13 12:44:04+00:00| seen| https://cyber.gc.ca/en/alerts-advisories/control-systems-abb-security-advisory-av26-346 2026-04-30 05:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-120-01...
Investigating Storm-2755: “Payroll pirate” attacks targeting Canadian employees
In this article 1. Storm-2755’s attack chain 2. Defending against Storm-2755 and AiTM campaigns 3. Microsoft Defender detection and hunting guidance 4. Indicators of compromise Microsoft Incident Response – Detection and Response Team DART researchers observed an emerging, financially motivated...
CVE-2026-22742
creationtimestamp| type| source ---|---|--- 2026-03-26 20:05:49+00:00| seen| https://cyber.gc.ca/en/alerts-advisories/spring-security-advisory-av26-288 2026-03-27 07:00:49+00:00| seen| https://bsky.app/profile/postac001.bsky.social/post/3mhzkbsrncs2v 2026-03-27 07:18:31+00:00| seen|...
GHSA-HPFX-H48Q-GVWG
creationtimestamp| type| source ---|---|--- 2026-03-26 18:14:49+00:00| seen| https://cyber.gc.ca/en/alerts-advisories/squid-security-advisory-av26-284...
CVE-2025-13777
creationtimestamp| type| source ---|---|--- 2026-03-13 16:47:37+00:00| seen| https://cyber.gc.ca/en/alerts-advisories/control-systems-abb-security-advisory-av26-236 2026-04-30 05:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-120-05...
Who is the Kimwolf Botmaster “Dort”?
In early January 2026, KrebsOnSecurity revealed how a security researcher disclosed a vulnerability that was used to build Kimwolf , the world's largest and most disruptive botnet. Since then, the person in control of Kimwolf -- who goes by the handle "Dort " -- has coordinated a barrage of...
Hackers Abuse ScreenConnect to Hijack PCs via Fake Social Security Emails
Forcepoint X-labs reveals how hackers use fake SSA emails and hijacked ScreenConnect tools to bypass Windows security to target UK, US, and Canadian organisations...
GHSA-M82Q-59GV-MCR9
creationtimestamp| type| source ---|---|--- 2026-02-05 15:56:30+00:00| seen| https://cyber.gc.ca/en/alerts-advisories/n8n-security-advisory-av26-091...
CVE-2025-11043
creationtimestamp| type| source ---|---|--- 2026-01-19 19:26:52+00:00| seen| https://cyber.gc.ca/en/alerts-advisories/control-systems-abb-security-advisory-av26-039 2026-05-05 10:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-125-04...
CVE-2025-11044
creationtimestamp| type| source ---|---|--- 2026-01-19 19:26:52+00:00| seen| https://cyber.gc.ca/en/alerts-advisories/control-systems-abb-security-advisory-av26-039 2026-05-05 10:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-125-03...
Upcoming Speaking Engagements
This is a current list of where and when I am scheduled to speak: I’m speaking at the David R. Cheriton School of Computer Science in Waterloo, Ontario, Canada, on January 27, 2026, at 1:30 PM ET. I’m speaking at the Université de Montréal in Montreal, Quebec, Canada, on January 29, 2026, at 4:00...
Iranian Infy APT Resurfaces with New Malware Activity After Years of Silence
Threat hunters have discerned new activity associated with an Iranian threat actor known as Infy aka Prince of Persia, nearly five years after the hacking group was observed targeting victims in Sweden, the Netherlands, and Turkey. "The scale of Prince of Persia's activity is more significant tha...
Iranian APT ‘Prince of Persia’ Resurfaces With New Tools and Targets
SafeBreach reports the resurgence of the Iranian APT group Prince of Persia Infy. Discover how these state-sponsored hackers are now using Telegram bots and Thunder and Lightning malware to target victims globally across Europe, India, and Canada...
STAC6565 Targets Canada in 80% of Attacks as Gold Blade Deploys QWCrypt Ransomware
Canadian organizations have emerged as the focus of a targeted cyber campaign orchestrated by a threat activity cluster known as STAC6565. Cybersecurity company Sophos said it investigated almost 40 intrusions linked to the threat actor between February 2024 and August 2025. The campaign is...
CVE-2025-11498
creationtimestamp| type| source ---|---|--- 2025-10-15 14:00:01+00:00| seen| https://cyber.gc.ca/en/alerts-advisories/control-systems-abb-security-advisory-av25-670 2026-05-21 05:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-141-04...
EUVD-2012-5679
Malware in sbrugna...