March 2024 – SSC Technology & Support

Allowing Calendar Invites

Post author:ssctechops
Post category:Google Calendar

To help keep your Google Calendar free from spam, you can now select an option to display events on your calendar only if they come from a sender you know.…

The Hacker News
Krebs on Security
Warning: React2Shell vulnerability already being exploited by threat actors | CSO Online

Zero-Click Agentic Browser Attack Can Delete Entire Google Drive Using Crafted Emails

5 December 2025

A new agentic browser attack targeting Perplexity's Comet browser that's capable of turning a seemingly innocuous email into a destructive action that wipes a user's entire Google Drive contents, findings [...]

Critical XXE Bug CVE-2025-66516 (CVSS 10.0) Hits Apache Tika, Requires Urgent Patch

5 December 2025

A critical security flaw has been disclosed in Apache Tika that could result in an XML external entity (XXE) injection attack. The vulnerability, tracked as CVE-2025-66516, is rated 10.0 on [...]

Chinese Hackers Have Started Exploiting the Newly Disclosed React2Shell Vulnerability

5 December 2025

Two hacking groups with ties to China have been observed weaponizing the newly disclosed security flaw in React Server Components (RSC) within hours of it becoming public knowledge. The vulnerability [...]

Intellexa Leaks Reveal Zero-Days and Ads-Based Vector for Predator Spyware Delivery

5 December 2025

A human rights lawyer from Pakistan's Balochistan province received a suspicious link on WhatsApp from an unknown number, marking the first time a civil society member in the country was [...]

"Getting to Yes": An Anti-Sales Guide for MSPs

5 December 2025

Most MSPs and MSSPs know how to deliver effective security. The challenge is helping prospects understand why it matters in business terms. Too often, sales conversations stall because prospects are [...]

SMS Phishers Pivot to Points, Taxes, Fake Retailers

4 December 2025

China-based phishing groups blamed for non-stop scam SMS messages about a supposed wayward package or unpaid toll fee are promoting a new offering, just in time for the holiday shopping [...]

Meet Rey, the Admin of ‘Scattered Lapsus$ Hunters’

26 November 2025

A prolific cybercriminal group that calls itself "Scattered LAPSUS$ Hunters" made headlines regularly this year by stealing data from and publicly mass extorting dozens of major corporations. But the tables [...]

Is Your Android TV Streaming Box Part of a Botnet?

24 November 2025

On the surface, the Superbox media streaming devices for sale at retailers like BestBuy and Walmart may seem like a steal: They offer unlimited access to more than 2,200 pay-per-view [...]

Mozilla Says It’s Finally Done With Two-Faced Onerep

20 November 2025

In March 2024, Mozilla said it was winding down its collaboration with Onerep -- an identity protection service offered with the Firefox web browser that promises to remove users from [...]

The Cloudflare Outage May Be a Security Roadmap

19 November 2025

An intermittent outage at Cloudflare on Tuesday briefly knocked many of the Internet's top destinations offline. Some affected Cloudflare customers were able to pivot away from the platform temporarily so [...]

Warning: React2Shell vulnerability already being exploited by threat actors

5 December 2025

Plugging the React2Shell vulnerability in the open source React server and Next.js in IT environments has just become even more urgent with reports that exploits are already in the wild. [...]

Insecure use of Signal app part of wider Department of Defense problem, suggests Senate report

5 December 2025

The Signalgate scandal that enveloped US Secretary of Defense Pete Hegseth in March appears to be symptomatic of a wider lax attitude towards the use of non-approved messaging apps by [...]

Chinese cyberspies target VMware vSphere for long-term persistence

5 December 2025

Chinese state-sponsored threat actors are backdooring VMware vCenter and VMware ESXi servers with a malware program written in Go, allowing them to maintain long-term persistence in victim networks. According to [...]

Hardening browser security with zero-trust controls

5 December 2025

The shift from perimeter-based security to zero trust is now indispensable for combating modern threats. The obsolete “castle-and-moat” model, granting implicit trust to any device or user inside the network, [...]

Avoiding the next technical debt: Building AI governance before it breaks

5 December 2025

The AI rush is repeating a familiar mistake. Early in my career, a risk executive I worked with used to say, “You didn’t invite me to drink the beer; now [...]