Binary Hive Technologies delivers strategic leadership and hands-on technical expertise to protect modern organizations. Your security is our mission.
Microsoft is investigating a new issue affecting some Samsung laptops running Windows 11 after installing the February 2026 security updates, in which users lose access to their C:\ drive and are unab...
Read Full ReportU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Google Chrome flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) a...
Read Full ReportSome good news: squid stocks seem to be recovering in the waters off the Falkland Islands. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t cove...
Read Full ReportThe FBI is asking gamers who installed Steam titles containing malware to provide information as part of an ongoing investigation into eight malicious games uploaded to the gaming platform. [...]
Read Full ReportINTERPOL’s Operation Synergia III led to 94 arrests and the takedown of 45,000 malicious IPs in 72 countries targeting phishing, malware, and fraud networks.
Read Full ReportHackers targeted Poland’s National Centre for Nuclear Research, but security systems detected and blocked the attack before any damage. The National Centre for Nuclear Research in Poland reported a cy...
Read Full ReportThe new rules for water and wastewater entities in New York include mandatory cybersecurity training for certified operators, incident response plans and reporting requirements.
Read Full ReportQualys uncovers 'CrackArmor' vulnerabilities in AppArmor that could expose 12.6M Linux systems to root access and container escapes.
Read Full ReportA suspected China-based cyber espionage operation has targeted Southeast Asian military organizations as part of a state-sponsored campaign that dates back to at least 2020. Palo Alto Networks Unit 42...
Read Full ReportMeta has announced plans to discontinue support for end-to-end encryption (E2EE) for chats on Instagram after May 8, 2026. "If you have chats that are impacted by this change, you will see instruction...
Read Full ReportThe Council said in a press release that it has added a new provision in the AI Act “prohibiting AI practices regarding the generation of non-consensual sexual and intimate content or child sexual abu...
Read Full ReportScammers are sending fake calendar “renewal” notices impersonating Malwarebytes to trick victims into calling a fake billing number.
Read Full ReportGoogle has released an out-of-band Chrome update to patch two zero-day vulnerabilities that are already being actively exploited.
Read Full ReportCISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-3909 Google Skia Out-of-Bounds Write Vulnerability CVE-...
Read Full ReportCISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-3909 Google Skia Out-of-Bounds Write Vulnerability CVE-...
Read Full ReportIn 2025, Google, Amazon, Microsoft and Meta collectively spent US$380 billion on building artificial-intelligence tools. That number is expected to surge still higher this year, to $650 billion, to fu...
Read Full ReportOn Wednesday, a phishing message made its way into our handler inbox that contained a fairly typical low-quality lure, but turned out to be quite interesting in the end nonetheless. That is because th...
Read Full Report(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Read Full ReportExecutive SummaryQualys TRU has discovered confused deputy vulnerabilities in AppArmor (named “CrackArmor”) that allow unprivileged users to bypass kernel protections, escalate to root, and break cont...
Read Full ReportThis week, Joe talks about allyship and how being aware of an issue is the first step in helping to fix it.
Read Full ReportA bipartisan bill would force the FBI to get a warrant to read Americans’ messages and ban the federal purchase of commercial data on US residents ahead of a critical April deadline.
Read Full ReportKey Findings Introduction Handala Hack, also tracked by Check Point Research as Void Manticore, is an Iranian threat actor that is known for multiple destructive wiping attacks combined with “hack and...
Read Full ReportStorm-2561 uses SEO poisoning to push fake VPN downloads that install signed trojans and steal VPN credentials. Active since 2025, Storm-2561 mimics trusted brands and abuses legitimate services. This...
Read Full ReportAmid a paralyzing breach of medical tech firm Stryker, the group has come to represent Iran's use of “hacktivism” as cover for chaotic, retaliatory state-sponsored cyberattacks.
Read Full ReportThe latest Microsoft benchmarking data reveals how Microsoft Defender mitigates modern email threats compared to SEG and ICES vendors. The post From transparency to action: What the latest Microsoft e...
Read Full ReportSignal, the encrypted messaging app trusted by security-savvy users around the world, has confirmed that hackers have managed to takeover accounts - with government officials and journalists among tho...
Read Full ReportView CSAF Summary SIDIS Prime before V4.0.800 is affected by multiple vulnerabilities in the components OpenSSL, SQLite, and several Node.js packages as described below. Siemens has released a new ver...
Read Full ReportBlocking bots isn’t enough anymore. Cloudflare’s new fraud prevention capabilities — now available in Early Access — help stop account abuse before it starts.
Read Full ReportA Wikipedia security engineer accidentally wakes a dormant JavaScript worm that hadn't stirred since 2024 - and within minutes, giant woodpecker images are plastered across the internet's favourite en...
Read Full ReportCisco Talos’ Vulnerability Discovery & Research team recently disclosed vulnerabilities in the BioSig Project Libbiosig library and OpenCFD OpenFOAM, as well as an unpatched vulnerability in Microsoft...
Read Full ReportA hacktivist group with links to Iran's intelligence agencies is claiming responsibility for a data-wiping attack against Stryker, a global medical technology company based in Michigan. News reports o...
Read Full ReportCloudflare AI Security for Apps is now generally available, providing a security layer to discover and protect AI-powered applications, regardless of the model or hosting provider. We are also making...
Read Full ReportCISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2025-68613 n8n Improper Control of Dynamically-Managed Code Re...
Read Full ReportThe defense community deserves a threat intelligence platform that speaks their language. With our new Defense TIP mode, EclecticIQ aligns fully with NATO and US military doctrine, eliminating the fri...
Read Full ReportMicrosoft Corp. today pushed security updates to fix at least 77 vulnerabilities in its Windows operating systems and other software. There are no pressing "zero-day" flaws this month (compared to Feb...
Read Full ReportMultiple vulnerabilities have been discovered in Mozilla Firefox, the most severe of which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the Internet. Succe...
Read Full ReportMicrosoft has rolled out its March 2026 Patch Tuesday updates, delivering a fresh batch of security fixes designed to keep Windows environments protected from emerging threats. The release addresses m...
Read Full ReportMultiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution. Successful exploitation of the most severe of these vulnerabilities...
Read Full ReportKey Points Iran-linked actors are increasingly engaging with the cyber crime ecosystem. Their activity suggests a growing reliance on criminal tools, services, and operational models in support of sta...
Read Full ReportKaspersky researchers identified a new Android Trojan dubbed BeatBanker targeting Brazil, posing as government apps and Google Play Store, and capable of both crypto mining and stealing banking data.
Read Full ReportSince starting HIBP a dozen and a bit years ago, I've loaded an average of one breach every 4.7 days. That's 959 of them to date, but last week it was five in only two days. That's a few weeks' worth...
Read Full ReportLLMs can turn CTI narratives into structured intelligence at scale, but speed-accuracy trade-offs demand careful design for operational defense workflows.
Read Full ReportThis report provides statistical data on published vulnerabilities and exploits we researched during Q4 2025. It also includes summary data on the use of C2 frameworks in APT attacks.
Read Full ReportMutational grammar fuzzing is a fuzzing technique in which the fuzzer uses a predefined grammar that describes the structure of the samples. When a sample gets mutated, the mutations happen in such a...
Read Full ReportLast summer, a conversation took place between a group of security professionals from EclecticIQ and Booz Allen Hamilton. The topic was straightforward: The Hague is home to NATO, Europol, the Dutch N...
Read Full ReportQuestions remain as Google prepares to lock down Android app distribution in the name of security.
Read Full ReportThe Odido breach leaks were towards the beginning during this week's update. I recorded it the day after the second dump of data had hit, with a third dump coming a few hours later, and a final dump o...
Read Full ReportThat guest network you set up for your neighbors may not be as secure as you think.
Read Full ReportIn my previous blog post I mentioned the GetProcessHandleFromHwnd API. This was an API I didn’t know existed until I found a publicly disclosed UAC bypass using the Quick Assist UI Access application....
Read Full ReportCelebrate this milestone with us! Email us at csf [at] nist.gov (csf[at]nist[dot]gov) or tag @NISTcyber on X telling us what your favorite CSF 2.0 resource is (or how your organization has benefitted...
Read Full ReportAnalysis of 175,000 open-source AI hosts across 130 countries reveals a vast compute layer susceptible to resource hijacking and code execution attacks.
Read Full ReportGrab your party hats – it’s Data Privacy Week! Data Privacy Week is a global initiative led by the National Cybersecurity Alliance to spread awareness about online privacy and empower individuals and...
Read Full ReportWe were very sorry to hear of the passing a few days ago of stalwart supporter of and contributor to VB, David Harley. Read more
Read Full ReportVB2025 is coming up September 24-26 in Berlin, and teams from major enterprises, government agencies, and security companies are already planning their attendance. Here's why people keep coming back....
Read Full ReportBinary Hive Technologies delivers intelligence-driven cybersecurity, strategic leadership, and hands-on technical expertise to protect modern organizations. Our mission is to secure your entire digital ecosystem end-to-end.
We don't believe in one-size-fits-all solutions. Every engagement begins with understanding your unique risk profile, business objectives, and regulatory landscape. From there, we build and execute a security strategy and threat model that grows with you.
Comprehensive cybersecurity solutions tailored to protect every layer of your organization.
Gain complete visibility into your attack surface. We uncover vulnerabilities, misconfigurations, and business risks across your entire environment — then give you a prioritized plan to fix what matters most.
Achieve and maintain compliance across SOC 2, ISO 27001, HIPAA, PCI DSS, FedRAMP, NIST, CMMC, and more. We build governance frameworks that satisfy auditors and scale with your business.
Find out how real attackers would breach your defenses. From targeted penetration tests to full-scope red team operations, we simulate real-world attacks across your entire stack — people, processes, and technology.
Strengthen the backbone of your IT environment. We design, review, and harden network architectures with Zero Trust principles, segmentation strategies, and firewall optimization.
Enterprise-grade security leadership on a fractional basis. Strategic direction, governance, board reporting, and security program maturity — without the full-time executive price tag.
From AI/LLM security to career mentorship and hands-on workshops, we develop the next generation of cyber defenders.
Prompt injection, model poisoning, data exfiltration, secure AI integration patterns, and responsible AI governance.
Structured 1-on-1 and cohort programs covering certifications, lab environments, resume building, and career navigation.
Engaging conference talks, corporate workshops, and keynotes on emerging threats and offensive security techniques.
Custom-designed capture-the-flag challenges and multi-day immersive boot camps for team building and skill development.
A battle-tested methodology that delivers measurable security improvements at every stage.
We start by understanding your environment, identifying risks, and establishing a clear picture of where you stand today.
Learn MoreOur team builds a prioritized security roadmap aligned with your business objectives, budget, and regulatory requirements.
Learn MoreHands-on execution of security controls, policies, and technical hardening with minimal disruption to operations.
Learn MoreContinuous monitoring, testing, and improvement to keep your defenses ahead of the ever-changing threat landscape.
Learn MoreWe believe every organization deserves enterprise-grade security, regardless of size. Our team brings industry-leading expertise and combined experience from top-tier security roles such Mandiant, and Google, supported by a deep commitment to ethical, responsible cybersecurity. Our goal is to help you secure your entire ecosystem end-to-end.
Same-day engagement for critical incidents and urgent security needs.
Recommendations driven by what's right for you, not by vendor partnerships.
Clear, prioritized reports your team can execute immediately.
Named consultants who know your environment, not a rotating door.
Let's start the conversation about protecting what matters most to your organization.