ServiceNow - Incomplete Input Validation

ServiceNow has addressed an input validation vulnerability that was identified in the Washington DC, Vancouver, and earlier Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. The vulnerability is addresse...

‘Uncanny Valley’: Iran’s Threats on US Tech, Trump’s Plans for Midterms, and Polymarket’s Pop-up Flop

In this episode, we discuss Iran’s threats to target US tech firms, gear up for the midterm elections, and get a scene report from the Polymarket pop-up bar in DC...

iPhone Lockdown Mode Protects Washington Post Reporter

404Media is reporting that the FBI could not access a reporter's iPhone because it had Lockdown Mode enabled: The court record shows what devices and data the FBI was able to ultimately access, and which devices it could not, after raiding the home of the reporter, Hannah Natanson, in January as...

MomentProof Deploys Patented Digital Asset Protection

Washington, DC, 4th February 2026, CyberNewsWire...

Microsoft announces the 2026 Security Excellence Awards winners

In today’s fast‑moving digital arena, security isn’t a solo act—it’s a team sport. Every day, defenders across the globe suit up, strategize, and work shoulder‑to‑shoulder to protect organizations and communities from an ever‑evolving field of cyberthreats. That shared spirit of collaboration is...

ServiceNow Platform Jelly Template Injection (CVE-2024-4879)

ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington, D.C. Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. Note that Nessus has not tested for thes...

CVE-1999-0042

Buffer overflow in University of Washington's implementation of IMAP and POP servers...

Cl0p Ransomware Lists NHS UK as Victim, Days After Washington Post Breach

Cl0p ransomware lists NHS UK as a victim days after The Washington Post confirms a major Oracle E-Business breach linked to CVE-2025-61882...

Mysterious 'SmudgedSerpent' Hackers Target U.S. Policy Experts Amid Iran–Israel Tensions

A never-before-seen threat activity cluster codenamed UNKSmudgedSerpent has been attributed as behind a set of cyber attacks targeting academics and foreign policy experts between June and August 2025, coinciding with heightened geopolitical tensions between Iran and Israel. "UNKSmudgedSerpent...

EUVD-2008-4984

Malware in sbrugna...

EUVD-2006-1398

Malware in sbrugna...

EUVD-1999-0042

Malware in sbrugna...

EUVD-2001-0677

Malware in sbrugna...

EUVD-2006-1397

Malware in sbrugna...

EUVD-2000-0834

Malware in sbrugna...

EUVD-2002-1761

Malware in sbrugna...

EUVD-2006-1396

Malware in sbrugna...

Chinese Smishing Kit Powers Widespread Toll Fraud Campaign Targeting U.S. Users in 8 States

Cybersecurity researchers are warning of a "widespread and ongoing" SMS phishing campaign that's been targeting toll road users in the United States for financial theft since mid-October 2024. "The toll road smishing attacks are being carried out by multiple financially motivated threat actors...

CVE-2024-4879

ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow applied an update to hosted...

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m speaking at eCrime 2024 in Boston, Massachusetts, USA. The event runs from September 24 through 26, 2024, and my keynote is at 8:45 AM ET on the 24th. I’m briefly speaking at the EPIC Champion of Freedom Awards in Washington, D...