2 Billion Email Addresses Were Exposed, and We Indexed Them All in Have I Been Pwned
I hate hyperbolic news headlines about data breaches, but for the "2...
BRONZE BUTLER exploits Japanese asset management software vulnerability – Sophos News
In mid-2025, Counter Threat Unitâ„¢ (CTU) researchers observed a sophisticated BRONZE BUTLER campaign that exploited a zero-day vulnerability in Motex LANSCOPE Endpoint Manager to...
CISA Adds Gladinet and CWP Flaws to KEV Catalog Amid Active Exploitation Evidence
î ‚Nov 05, 2025î „Ravie LakshmananVulnerability / Network Security
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting Gladinet and Control...
Phundamental or pholly? – Sophos News
On paper, it sounds so simple: you prepare for the real thing by running simulations. After all, the same principle applies to countless disciplines:...
BlueNoroff’s latest campaigns: GhostCall and GhostHire
Introduction
Primarily focused on financial gain since its appearance, BlueNoroff (aka. Sapphire Sleet, APT38, Alluring Pisces, Stardust Chollima, and TA444) has adopted new infiltration strategies...
Identifying “research” and bug bounty related scans?
This week, I noticed some new HTTP request headers that I had not seen before:
X-Request-Purpose: Research
and
X-Hackerone-Research: plusultra
X-Bugcrowd-Ninja: plusultra
X-Bug-Hunter: true
The purpose of these headers appears...
