Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.
Featured Analysis
Featured article analysis: Twins with hacking history charged in insider data breach affecting multiple federal agencies
The case of Muneeb and Sohaib Akhter highlights a critical failure in the vetting and offboarding processes of federal contractors. Despite a prior criminal record for hacking the State Department a decade ago, the twin brothers were hired by Opexus, a firm managing data for over forty-five federal agencies. This hiring oversight suggests that traditional background checks can sometimes fail to catch high-profile digital crimes, even when those crimes were committed against the very government systems the company is hired to protect. The brothers were reportedly identified as a risk only after a deeper security review by the Federal Deposit Insurance Corporation flagged their history.
The subsequent insider attack occurred with alarming speed and precision during the brothers’ termination meeting in February. While still logged into a virtual meeting with human resources, Muneeb Akhter allegedly used his company laptop to access and delete approximately ninety-six databases. These systems contained sensitive information from agencies such as the Department of Homeland Security and the Internal Revenue Service. Prosecutors claim he even sought assistance from an artificial intelligence tool to learn how to wipe system logs and conceal his actions. This level of immediate retaliation underscores the danger of failing to revoke system access before or during the exact moment an employee is notified of their dismissal.
This incident serves as a stark reminder of the national security risks posed by malicious insiders with technical expertise. The brothers not only deleted files but also allegedly stole personal data belonging to hundreds of individuals and sent emails to government employees to expose security flaws in the contractor’s systems. By the time they were arrested in December, the damage included significant operational disruptions and the permanent loss of some federal records. The legal consequences for these actions are severe, with charges ranging from computer fraud to aggravated identity theft, but the broader impact remains a warning for any organization handling sensitive public data.
Projects
- TryHackMe – Advent of Cyber
Videos
Articles
- Third DraftKings Hacker Pleads Guilty – Nathan Austad admitted in court to launching a credential stuffing attack against a fantasy sports and betting website.
- French Interior Ministry confirms cyberattack on email servers – The French Interior Minister confirmed on Friday that the country’s Ministry of the Interior was breached in a cyberattack that compromised e-mail servers.
- Twins with hacking history charged in insider data breach affecting multiple federal agencies – Muneeb and Sohaib Akhter previously pleaded guilty to hacking into the State Department and other cybercrimes in 2015.
- Home Depot exposed access to internal systems for a year, says researcher – A security researcher said Home Depot exposed access to its internal systems for a year after one of its employees published a private access token online, likely by mistake. The researcher found the exposed token and tried to privately alert Home Depot to its security lapse but was ignored for several weeks.
- Trains cancelled over fake bridge collapse image – Trains were halted after a suspected AI-generated picture that seemed to show major damage to a bridge appeared on social media following an earthquake.
- Experts found an unsecured 16TB database containing 4.3B professional records – An open 16TB database exposed 4.3B professional records. It was unsecured and only closed after researchers alerted the owner.
- New Advanced Phishing Kits Use AI and MFA Bypass Tactics to Steal Credentials at Scale – Cybersecurity researchers have documented four new phishing kits named BlackForce, GhostFrame, InboxPrime AI, and Spiderman that are capable of facilitating credential theft at scale.
- Processing 630 Million More Pwned Passwords, Courtesy of the FBI – The sheer scope of cybercrime can be hard to fathom, even when you live and breathe it every day. It’s not just the volume of data, but also the extent to which it replicates across criminal actors seeking to abuse it for their own gain, and to our detriment.
- Texas sues TV makers for taking screenshots of what people watch – The Texas Attorney General sued five major television manufacturers, accusing them of illegally collecting their users’ data by secretly recording what they watch using Automated Content Recognition (ACR) technology.
- Amazon disrupts Russian GRU hackers attacking edge network devices – The Amazon Threat Intelligence team has disrupted active operations attributed to hackers working for the Russian foreign military intelligence agency, the GRU, who targeted customers’ cloud infrastructure.
- China-Linked Ink Dragon Hacks Governments Using ShadowPad and FINALDRAFT Malware – The threat actor known as Jewelbug has been increasingly focusing on government targets in Europe since July 2025, even as it continues to attack entities located in Southeast Asia and South America.
- North Korea-Linked Hackers Steal $2.02 Billion in 2025, Leading Global Crypto Theft – Threat actors with ties to the Democratic People’s Republic of Korea (DPRK or North Korea) have been instrumental in driving a surge in global cryptocurrency theft in 2025, accounting for at least $2.02 billion out of more than $3.4 billion stolen from January through early December.
- North Korean infiltrator caught working in Amazon IT department thanks to lag — 110ms keystroke input raises red flags over true location – A barely perceptible keystroke delay was the smoking gun that led to the uncovering of a malign imposter.
- Denmark blames Russia for destructive cyberattack on water utility – Danish intelligence officials blamed Russia for orchestrating cyberattacks against Denmark’s critical infrastructure, as part of Moscow’s hybrid attacks against Western nations.