CTRL + ALT + SEC

Author: ByteMe

What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 4/21/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: Former Disney employee who hacked Disney World restaurant menus in revenge sentenced to 3 years in federal prison

This case highlights a serious insider threat incident with significant potential consequences. Michael Scheuer, a former Disney World employee, conducted a series of cyberattacks against his former employer, demonstrating a disturbing level of knowledge about the company’s systems. His actions went beyond mere vandalism, as he manipulated allergen information on restaurant menus, creating a dangerous situation that could have resulted in severe harm or even death for customers with allergies. This element of the attack underscores the malicious intent and the potential for real-world harm that can arise from disgruntled employees with system access.

The incident also reveals the complexity and scope of modern cyberattacks. Scheuer’s actions included manipulating menu information, altering wine region details to reference mass shooting locations, and launching denial-of-service attacks. This multi-faceted approach demonstrates the potential for a single individual to disrupt operations, spread misinformation, and target individuals within an organization. The FBI’s involvement and the subsequent prosecution emphasize the severity of these crimes and the importance of robust cybersecurity measures to protect against both external and internal threats.

Ultimately, this case serves as a stark reminder of the importance of robust cybersecurity practices, including access control, monitoring, and incident response. The fact that Scheuer had the knowledge and access to carry out these attacks highlights the need for organizations to carefully manage employee access to sensitive systems, especially during and after termination. The potential for significant financial damage (as indicated by the restitution order) and the severe criminal penalties underscore the legal and financial ramifications of such cybercrimes.

Projects
- TryHackMe – Networking Secure Protocols – Complete
- TryHackMe – Tcpdump: The Basics – In Progress
Whitepapers
- 2025 Verizon DBIR – Read my breakdown here.
- The Sophos Annual Threat Report: Cybercrime on Main Street 2025
Videos

Articles
- China Names and Shames US Hackers, Calls Out 3 Alleged NSA Agents – Police in the Chinese city of Harbin say three NSA operatives disrupted the 2025 Asian Winter Games and hacked Huawei.
- Crosswalks hacked to play fake audio of Musk, Zuck, and Jeff Bezos – “Stop, look, and listen” is the standard advice we should allow follow when crossing the road – but pedestrians in some parts are finding that they cannot believe their ears – after a hacker compromised crosswalks to play deepfake audio mocking tech bosses Elon Musk, Mark Zuckerberg, and Jeff Bezos.
- DeepSeek Breach Opens Floodgates to Dark Web – The incident should serve as a critical wake-up call. The stakes are simply too high to treat AI security as an afterthought — especially when the Dark Web stands ready to capitalize on every vulnerability.
- Blue Shield of California leaked health data of 4.7 million members to Google – Blue Shield of California disclosed it suffered a data breach after exposing protected health information of 4.7 million members to Google’s analytics and advertisement platforms.
- FBI: US lost record $16.6 billion to cybercrime in 2024 – The FBI says cybercriminals have stolen a record $16,6 billion in 2024, marking an increase in losses of over 33% compared to the previous year.
- Cyberattack Knocks Texas City’s Systems Offline – The city of Abilene, Texas, is scrambling to restore systems that have been taken offline in response to a cyberattack.
- SK Telecom reveals cyberattack, customer USIM data stolen could be used in attacks – Scope and scale of SK Telecom attack still being investigated
- Verizon discovers spike in ransomware and exploited vulnerabilities – Verizon’s 2025 Data Breach Investigations Report noted a 37% increase in ransomware attacks and a 34% increase in exploited vulnerabilities.
- Former Disney employee who hacked Disney World restaurant menus in revenge sentenced to 3 years in federal prison – When a former Disney World employee was accused of changing the menus at Disney World restaurants, it made headlines. And in January, when he admitted to changing the menus — including information about allergy information that could have created serious health risks for diners — that also made headlines. Now Michael Scheuer, who faced 10 years in prison for fraud and an additional subsequent two years in prison for aggravated identity theft, has been sentenced.
Podcasts
April 28, 2025
The 2025 Data Breach Investigations Report Has Arrived!
It’s here! The Verizon’s 18th annual Data Breach Investigations Report (DBIR)! Whether you’re a seasoned cybersecurity professional or new to the field, this report offers a comprehensive look at the cybercrime landscape and provides insights to help protect your organization.

Listen to an AI created overview:

A Legacy of Insight: The DBIR and VERIS

For nearly two decades, the DBIR has served as a vital resource for understanding the trends and patterns in data breaches and security incidents. What sets this report apart is its breadth of data collection, drawing on anonymized cybersecurity incident data from almost a hundred data contributors globally, including incident response firms, forensics companies, law enforcement, and cyber insurance providers. This collaborative effort aims to get closer to the “Truth” of what is happening in the threat landscape.

A critical foundation for the DBIR’s statistical analysis is the Vocabulary for Event Recording and Incident Sharing (VERIS) framework. This year marks the 15th anniversary of the VERIS framework, which was introduced in 2010 and has become essential for collecting and analyzing incident data from disparate sources. Organizations across industries and the Public Sector leverage versions of VERIS for security incident recording and risk management. The report sections are often structured around the four main components of the VERIS framework: Actors, Actions, Assets, and Attributes.

Navigating the Latest Findings

The 2025 DBIR analyzed more than 12,000 breaches and 22,052 security incidents. The analysis in this edition primarily focuses on incidents that took place between November 1, 2023, and October 31, 2024. The report is organized into sections covering overall results and analysis, incident classification patterns, specific industries, focused analysis on small- and medium-sized businesses (SMBs) and the Public Sector, and regional analysis.

Key Takeaways from the 2025 DBIR

This year’s report highlights several overarching themes and persistent challenges in the threat landscape. Here are some of the top takeaways:
- Third-Party Involvement is Soaring: A significant theme woven throughout this year’s report, and even featured on the cover, is the increasing role of third parties in breaches. The report found some form of third-party involvement in 30% of all analyzed breaches, a notable increase from roughly 15% last year. System Intrusion is the most prevalent pattern seen in breaches involving a third party. Managing credentials in environments you don’t control and considering vendor security limitations are crucial. Organizations are advised to make positive security outcomes from vendors an important part of procurement and have plans for repeat offenders.
- Top Incident Classification Patterns: For 2025 data, the most prevalent Incident Classification Patterns in breaches were System Intrusion (53%), followed by Miscellaneous Errors (12%), Social Engineering (17%), Basic Web Application Attacks (12%), and Privilege Misuse (6%).
- Ransomware Remains a Scourge: Ransomware continues to be a major problem, growing yet again as a percentage of breaches. It accounts for 75% of breaches within the System Intrusion pattern. Ransomware affects organizations across all industries and does not discriminate based on industry vertical. The most prevalent discovery method for ransomware breaches is Actor disclosure, where the threat actor notifies the victim (and often others) by dropping a ransom note.
- The Enduring Problem of Stolen Credentials: Credential abuse is consistently identified as a top initial access vector. The Basic Web Application Attacks pattern heavily involves the Use of stolen credentials (88%), sometimes alongside brute force attacks. The report delves into the ecosystem of stolen credentials available via infostealers and online marketplaces. An estimated 30% of compromised systems found in these marketplaces are believed to be Enterprise-licensed devices. Data suggests that leveraging stolen credentials from infostealers is a key tactic used by some ransomware operators; for instance, 54% of ransomware victims examined had their domains in infostealer logs or marketplace postings, with 40% of those logs containing corporate email addresses.
- Edge Device Vulnerabilities Exploited Rapidly: Exploitation of vulnerabilities, particularly those targeting edge devices, is a growing concern. While organizations are prioritizing patching these edge vulnerabilities (54% are fully remediated compared to 38% for all CISA KEVs and 9% for all vulnerabilities identified in scans), the threat is the speed of exploitation. The median time for a vulnerability in the sampled edge device subset to be mass exploited after its CVE publication was zero days.
- The Human Element Persists: The human element continues to play a significant role in breaches. Beyond traditional phishing and pretexting, the report notes the emergence of Prompt bombing, where users are bombarded with MFA login requests, showing up in over 20% of Social attacks this year. User awareness and security training focused on reporting suspect social attacks remain one of the most important controls.
- Generative AI’s Emerging Role: While GenAI hasn’t revolutionized the threat landscape overnight, there is evidence of its use by threat actors, as reported by the AI platforms themselves. Notably, the amount of synthetically generated text in malicious emails has doubled over the past two years. Corporate data leakage is a concern, as employees access GenAI systems on corporate devices, often outside of integrated authentication systems.
- SMBs are Not Exempt from Ransomware: Contrary to a common misconception, ransomware groups actively target small- and medium-sized businesses just like large organizations, adjusting their ransom demands accordingly. SMBs may also be less likely to have robust backups. A single breach at a small entity, depending on the data they handle, can have a massive impact on data victims.
- Public Sector Faces Persistent Threats: The Public Sector continues to face significant challenges. Ransomware remains a major threat, involved in 30% of breaches across all levels of government. Miscellaneous Errors, such as Misdelivery, are also persistent issues. The top three patterns in Public Sector breaches remain consistent over time regardless of the size of the attacked entity.
To effectively achieve a reasonable level of security in our interconnected world, collaboration, transparency, and increased information sharing are essential. This report is a testament to the hard work and collaboration of human threat intelligence professionals and contributing organizations.

Explore the full report for detailed analysis, industry-specific insights, regional breakdowns, and valuable mitigation strategies.

Download the Verizon 2025 Data Breach Investigations Report today!
April 24, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 4/14/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: CVE, global source of cybersecurity info, was hours from being cut by DHS

This near-miss scenario involving the potential defunding of the CVE program by the DHS serves as a stark reminder of the precarious nature of critical cybersecurity infrastructure. The article highlights the indispensable role the CVE repository plays as the bedrock of vulnerability management. The cascading effects described by Brian Martin – the fragmentation of vulnerability data, the rise of incomplete databases, and the increased exposure of organizations – underscore the global reliance on this standardized system for identifying, tracking, and addressing security flaws. The fact that even this foundational element was at risk of disruption due to governmental budgetary shifts and political headwinds should galvanize the community to recognize the need for more resilient and independent stewardship of such vital resources.

The swift action by CVE board members to establish the CVE Foundation as a nonprofit represents a proactive and commendable step towards ensuring the long-term stability of the program. This move acknowledges the inherent vulnerabilities of relying solely on government funding and demonstrates a commitment to the cybersecurity ecosystem’s well-being. The involvement of major tech players and international organizations as CNAs further emphasizes the collaborative and global nature of vulnerability disclosure and management that the CVE program facilitates.

Projects
- TryHackMe – Networking Secure Protocols – In Progress
Videos

Articles
- Don’t delete that mystery empty folder. Windows put it there as a security fix – Copilot vibe coding for OS development? Why not
- Hertz confirms customer info, drivers’ licenses stolen in data breach – Car rental giant Hertz Corporation warns it suffered a data breach after customer data for its Hertz, Thrifty, and Dollar brands was stolen in the Cleo zero-day data theft attacks.
- China admitted its role in Volt Typhoon cyberattacks on U.S. infrastructure – China admitted in a secret meeting with U.S. officials that it conducted Volt Typhoon cyberattacks on U.S. infrastructure, WSJ reports.
- 1.6 Million People Impacted by Data Breach at Laboratory Services Cooperative – Laboratory Services Cooperative says the personal and medical information of 1.6 million was stolen in an October 2024 data breach.
- National Social Security Fund of Morocco Suffers Data Breach – Threat actor ‘Jabaroot’ claims breach of National Social Security Fund of Morocco, aiming to steal large volumes of sensitive citizen data.
- AI hallucinations lead to a new cyber threat: Slopsquatting – Attackers can weaponize and distribute a large number of packages recommended by AI models that don’t really exist.
- Notorious image board 4chan hacked and internal data leaked – Notorious internet forum 4chan was hacked on Tuesday.
- CVE, global source of cybersecurity info, was hours from being cut by DHS – The Common Vulnerability and Exposures, or CVE, repository holds the answers to some of information security’s most vital questions. Namely, which security issue are we talking about, exactly, and how does it work?
- Cisco Webex bug lets hackers gain code execution via meeting links – Cisco has released security updates for a high-severity Webex vulnerability that allows unauthenticated attackers to gain client-side remote code execution using malicious meeting invite links.
- The Shadow AI Surge: Study Finds 50% of Workers Use Unapproved AI Tools – With unapproved AI tools entrenched in daily workflows, experts say it’s time to shift from monitoring to managing Shadow AI use across the enterprise.
- Chinese Smishing Kit Powers Widespread Toll Fraud Campaign Targeting U.S. Users in 8 States – Cybersecurity researchers are warning of a “widespread and ongoing” SMS phishing campaign that’s been targeting toll road users in the United States for financial theft since mid-October 2024.
Podcasts
April 21, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 4/7/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: The US Treasury’s OCC disclosed an undetected major email breach for over a year

This disclosure from the OCC should serve as a stark reminder of the persistent threats facing even well-resourced government agencies. The fact that a breach of this magnitude, compromising over 100 accounts and remaining undetected for over a year, highlights significant deficiencies in the OCC’s security posture and monitoring capabilities. The initial point of entry via a compromised administrator account underscores the critical importance of robust privileged access management, including multi-factor authentication and stringent auditing of administrative activities. Readers will note the delayed detection, reportedly triggered by an external notification from Microsoft, raising questions about the effectiveness of internal security controls and anomaly detection systems. The ongoing analysis to determine the full scope of the compromised data, including sensitive financial information, will be closely watched, as it could have broader implications beyond the OCC itself.

From a threat intelligence perspective, the unknown attribution of the attackers adds another layer of concern. While speculation about potential links to previous state-sponsored attacks targeting the Treasury exists, the lack of concrete evidence necessitates an investigation to understand the tactics, techniques, and procedures (TTPs) employed. The extended dwell time of the threat actors within the OCC’s email environment allowed for the exfiltration of a significant volume of emails, estimated at 150,000 since May 2023. This emphasizes the need for proactive threat hunting and advanced endpoint detection and response (EDR) solutions capable of identifying and neutralizing sophisticated intrusions before they can cause substantial damage.

Projects
- TryHackMe – Networking Secure Protocols – In Progress
Articles
- Six arrested for AI-powered investment scams that stole $20 million – Spain’s police arrested six individuals behind a large-scale cryptocurrency investment scam that used AI tools to generate deepfake ads featuring popular public figures to lure people.
- New Mirai botnet behind surge in TVT DVR exploitation – A significant spike in exploitation attempts targeting TVT NVMS9000 DVRs has been detected, peaking on April 3, 2025, with over 2,500 unique IPs scanning for vulnerable devices.
- The US Treasury’s OCC disclosed an undetected major email breach for over a year – The US Office of the Comptroller of the Currency (OCC) disclosed a major email breach compromising 100 accounts, undetected for over a year.
- Nissan Leaf Hacked for Remote Spying, Physical Takeover – Researchers find vulnerabilities that can be exploited to remotely take control of a Nissan Leaf’s functions, including physical controls.
Podcasts
- Smashing Security 412: Signalgate sucks, and the quandary of quishing
April 14, 2025
This Is How They Tell Me the World Ends Review: Zero-Day Exploits and Cyberwarfare
A Deep Dive into the Zero-Day Market and the Future of Cyberwarfare

Nicole Perlroth’s This Is How They Tell Me the World Ends: The Cyberweapons Arms Race is a chilling and meticulously researched exposé that delves into the clandestine world of zero-day exploits, the shadowy figures who trade in them, and the governments that weaponize them. As a cybersecurity enthusiast or professional, this book is essential reading to understand the complex and increasingly dangerous landscape of cyberwarfare.

What is a Zero-Day?

For those new to the term, Perlroth expertly explains that a “zero-day” is a software vulnerability that is unknown to the software vendor. This means there’s “zero days” to fix it, making it a highly valuable and dangerous tool for hackers and nation-states alike. These vulnerabilities can be exploited to gain unauthorized access to systems, steal sensitive data, and even disrupt critical infrastructure.

Key Takeaways for Cybersecurity Professionals:
- The Zero-Day Market: Perlroth unveils the hidden economy where zero-day exploits are bought and sold, often for exorbitant sums. This market fuels the development of increasingly sophisticated cyberweapons.
- The Role of Nation-States: The book highlights how governments, including the United States, have been major players in the acquisition and use of zero-days. This has led to a global cyberarms race with potentially catastrophic consequences.
- The Escalating Threat: This Is How They Tell Me the World Ends underscores the growing threat of cyberattacks on critical infrastructure, businesses, and individuals. Perlroth provides numerous real-world examples, from Stuxnet to the Shadow Brokers leak, illustrating the devastating impact of these attacks.
- Ethical Dilemmas: The book raises important ethical questions about the development, sale, and use of zero-day exploits. Should governments be stockpiling these vulnerabilities? What are the implications for privacy and security?
- A Call to Action: Perlroth’s work serves as a wake-up call, urging greater awareness and proactive measures to defend against cyber threats. She emphasizes the need for a more robust and resilient cybersecurity posture at all levels.
Why You Should Read This Book:
- In-Depth Research: Perlroth, a seasoned cybersecurity reporter for The New York Times, draws on years of reporting and hundreds of interviews to provide a comprehensive and insightful account.
- Compelling Narrative: The book reads like a thriller, with gripping stories of hackers, spies, and cyberattacks that will keep you on the edge of your seat.
- Relevance: In an increasingly interconnected world, cybersecurity is more important than ever. This book provides crucial context for understanding the threats we face and the challenges ahead.
Overall Assessment:

This Is How They Tell Me the World Ends is a must-read for anyone interested in cybersecurity. It’s a sobering yet essential exploration of the cyberweapons arms race and its implications for our digital future. Whether you’re a seasoned professional or just starting your journey in cybersecurity, this book will provide valuable insights and leave you with a deeper understanding of the challenges and opportunities in this critical field.
April 11, 2025
AI’s Dark Side: The Emergence of “Zero-Knowledge” Cybercriminals
Ever feel like the cyber threats out there are like something out of a spy movie? Think shadowy figures with glowing screens and lines of complicated code? Well, while those folks do exist, there’s a new player on the scene, and they might surprise you. Imagine someone with pretty basic tech skills suddenly being able to pull off sophisticated cyberattacks. Sounds like sci-fi? Nope, it’s the reality of AI-powered cybercrime, and it’s creating a wave of what we’re calling “zero-knowledge” threat actors.

So, how does AI turn your average internet user into a potential cyber-naughty-doer? Think of it like this:
- Phishing on Steroids: Remember those dodgy emails with weird grammar? AI can now whip up super-believable fake emails, texts, and even voice calls that sound exactly like they’re from someone you trust. It’s like having a professional con artist in your pocket, but powered by a computer brain.
- Malware Made Easy: Creating nasty software used to be a job for hardcore coders. Now, AI is helping to automate parts of this process, and there might even be “Malware-as-a-Service” platforms popping up that are surprisingly user-friendly. Scary thought, right?
- Spying Made Simple: Gathering info on potential targets used to take serious detective work. AI can now scan the internet like a super-sleuth, finding out all sorts of things about individuals and companies, making targeted attacks way easier for even a newbie.
- Attack Automation – The Robot Army: Forget manually clicking and typing a million things. AI can automate entire attack sequences. Imagine a bad guy just hitting “go” on a program, and AI does all the heavy lifting. Creepy!
- User-Friendly Crime? The trend seems to be towards making these AI-powered tools as easy to use as your favorite social media app. That means you don’t need a computer science degree to potentially cause some digital mayhem.
What could this look like in the real world?
- Deepfake Deception: Your grandma might get a video call that looks and sounds exactly like you, asking for money. Except, it’s a fake created by AI!
- Ransomware for Dummies: Someone with minimal tech skills could use an AI-powered platform to lock your computer files and demand payment – think of it as ransomware with training wheels.
- Social Media Shenanigans: Fake profiles and convincing posts generated by AI could trick you into clicking on dangerous links or giving away personal info.
So, why should you care about this rise of the “zero-knowledge” cybercriminal?
- More Attacks, More Often: With more people able to launch attacks, we’re likely to see a whole lot more of them hitting our inboxes and devices.
- Smarter Attacks, Simpler Execution: Even if the person behind the attack isn’t a tech wizard, the AI they’re using can make their attacks surprisingly sophisticated.
- Our Defenses Need an Upgrade: The security tools we rely on might need to get smarter to keep up with these AI-powered threats.
Don’t panic! Here’s what you can do to stay safer:
- Become a Skeptic Superstar: Be super suspicious of anything online that asks for your info or seems too good to be true.
- Two is Always Better Than One (MFA!): Turn on Multi-Factor Authentication (MFA) wherever you can. It’s like having a second lock on your digital doors.
- Keep Your Digital House Clean: Update your software and apps regularly. These updates often include security patches.
- Think Before You Click: Seriously, take a breath before clicking on any links or downloading attachments, especially from people you don’t know.
- Spread the Word: Talk to your friends and family about these new threats. Awareness is key!
The cyber landscape is always changing, and AI is definitely shaking things up. The rise of “zero-knowledge” threat actors might sound a bit scary, but by staying informed and practicing good digital habits, we can all make it harder for these AI-assisted baddies to succeed. Stay safe out there, and keep learning!
April 9, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 3/31/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured article analysis

This weeks feature article analysis is from: https://www.bleepingcomputer.com/news/security/toll-payment-text-scam-returns-in-massive-phishing-wave/

This recent E-ZPass smishing campaign highlights several evolving tactics cybercriminals are employing to bypass security measures and exploit user trust. The attackers leverage high-volume, automated messaging systems originating from seemingly random email addresses, a method designed to circumvent standard carrier-based SMS spam filters that primarily target phone numbers. By impersonating official bodies like E-ZPass or the DMV and instilling a false sense of urgency with threats of fines or license suspension, they effectively employ social engineering. A particularly noteworthy technique involves instructing users to reply to the message, cleverly bypassing Apple iMessage’s built-in protection that disables links from unknown senders. This user interaction effectively marks the malicious sender as “known,” activating the phishing link and demonstrating how attackers exploit platform features and user behavior in tandem.

The sophistication extends beyond the delivery mechanism, with the phishing landing pages themselves designed to appear legitimate and, significantly, often configured to load only on mobile devices, evading desktop-based security analysis. The sheer scale suggests the involvement of organized operations, potentially utilizing Phishing-as-a-Service (PaaS) platforms like the mentioned Lucid or Darcula. These services specialize in abusing modern messaging protocols like iMessage and RCS, which offer end-to-end encryption and different delivery paths, making detection harder and campaign execution cheaper than traditional SMS. This underscores the ongoing challenge for defenders: attacks are becoming more targeted, evasive, and leverage platform-specific features, necessitating continuous user education (don’t click, don’t reply, verify independently) alongside technical defenses and prompt reporting to platforms and authorities like the FBI’s IC3.

Projects
- TryHackMe – Networking Core Protocols – Complete
- TryHackMe – Networking Secure Protocols – In Progress
Videos

Articles
- Twitter (X) Hit by 2.8 Billion Profile Data Leak in Alleged Insider Job – Massive Twitter (X) profile data leak exposes details of 2.8 billion users; alleged insider leak surfaces with no official response from the company.
- Fake Snow White Movie Torrent Infects Devices with Malware – Disney’s latest Snow White movie, with a 1.6/10 IMDb rating, isn’t just the biggest flop the company has ever released. It’s such an embarrassment that the movie isn’t even available on Disney’s own streaming platform, Disney+.
- T-Mobile Coughed Up $33 Million in SIM Swap Lawsuit – T-Mobile paid $33 million in a private arbitration process over a SIM swap attack leading to cryptocurrency theft.
- FBI and DOJ seize $8.2 Million in romance baiting crypto fraud scheme – The U.S. DOJ seized over $8.2 million in USDT stolen through ‘romance baiting’ scams, where victims are tricked into fake investments promising high returns.
- OpenAI just made its first cybersecurity investment – Generative AI has vastly expanded the toolkit available to hackers and other bad actors. It’s now possible to do everything from deepfaking a CEO to creating fake receipts.
- UK’s attempt to keep details of Apple ‘backdoor’ case secret… denied – Last month’s secret hearing comes to light
- Food giant WK Kellogg discloses data breach linked to Clop ransomware – US food giant WK Kellogg Co is warning employees and vendors that company data was stolen during the 2024 Cleo data theft attacks.
- Google Pushing ‘Sec-Gemini’ AI Model for Threat-Intel Workflows – Experimental Sec-Gemini v1 touts a combination of Google’s Gemini LLM capabilities with real-time security data and tooling from Mandiant.
- A member of the Scattered Spider cybercrime group pleads guilty – A 20-year-old man linked to the Scattered Spider cybercrime group has pleaded guilty to charges filed in Florida and California.
- Oracle privately notifies Cloud data breach to customers – Oracle confirms a cloud data breach, quietly informing customers while downplaying the impact of the security breach.
- Expert used ChatGPT-4o to create a replica of his passport in just 5 minutes bypassing KYC – A researcher used ChatGPT-4o to create a replica of his passport in just five minutes, realistic enough to deceive most automated KYC systems.
- 39 Million Secrets Leaked on GitHub in 2024 – GitHub has announced new capabilities to help organizations and developers keep secrets in their code protected.
- North Korea’s IT Operatives Are Exploiting Remote Work Globally – The global rise of North Korean IT worker infiltration poses a serious cybersecurity risk—using fake identities, remote access, and extortion to compromise organizations.
- One of the last of Bletchley Park’s quiet heroes, Betty Webb, dies at 101 – Tip-lipped for 30 years before becoming an ‘unrivaled advocate’ for the site
April 7, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 3/24/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: Mike Waltz takes ‘full responsibility’ for Signal group chat leak

The accidental inclusion of a journalist in a high-level Signal group chat discussing military strikes in Yemen has exposed significant vulnerabilities in the US National Security apparatus. While Signal offers strong encryption, this incident underscores that human error remains a critical weak point, as evidenced by the unexplained addition of the reporter. The debate over classified information sharing and the alleged use of auto-delete features raise serious questions about adherence to security protocols and federal record-keeping laws. This event highlights the inherent risks of using civilian communication apps for sensitive government matters, even with robust encryption, and emphasizes the critical need for stringent access controls, comprehensive training, and the consistent use of secure, government-approved platforms.

This “glitch,” as downplayed by some, serves as a stark reminder for cybersecurity professionals that technology alone cannot guarantee security. Robust operational security practices, including strict verification procedures and adherence to data retention policies, are paramount. The incident underscores the necessity of cultivating a security-conscious culture within government and prioritizing the use of dedicated, secure communication channels over potentially vulnerable civilian alternatives. The political fallout and calls for investigation further emphasize the gravity of this lapse and its potential implications for national security and trust.

Projects
- TryHackMe – Networking Essentials – Complete
- TryHackMe – Networking Core Protocols – In Progress
Articles
- Former Michigan assistant coach Matt Weiss charged with hacking college athletes’ computer accounts for intimate photos – Former NFL and University of Michigan assistant football coach Matt Weiss hacked into the computer accounts of thousands of college athletes seeking intimate photos and videos, according to an indictment filed Thursday.
- [Paywall] The Trump Administration Accidentally Texted Me Its War Plans – U.S. national-security leaders included me in a group chat about upcoming military strikes in Yemen. I didn’t think it could be real. Then the bombs started falling.
- Chinese Weaver Ant hackers spied on telco network for 4 years – A China-linked advanced threat group named Weaver Ant spent more than four years in the network of a telecommunications services provider, hiding traffic and infrastructure with the help of compromised Zyxel CPE routers
- Police arrests 300 suspects linked to African cybercrime rings – African law enforcement authorities have arrested 306 suspects as part of ‘Operation Red Card,’ an INTERPOL-led international crackdown targeting cross-border cybercriminal networks
- Infosys to Pay $17.5 Million in Settlement Over 2023 Data Breach – Infosys McCamish System has agreed to pay $17.5 million to settle six class action lawsuits filed over a 2023 data breach
- New Atlantis AIO platform automates credential stuffing on 140 services – A new cybercrime platform named ‘Atlantis AIO’ provides an automated credential stuffing service against 140 online platforms, including email services, e-commerce sites, banks, and VPNs.
- After DDOS attacks, Blizzard rolls back Hardcore WoW deaths for the first time – New policy comes as OnlyFangs streaming guild planned to quit over DDOS disruptions.
Podcasts
March 31, 2025
Book Review: Geoff White’s “Rinsed” – Exploring Cryptocurrency Fraud
Summary

“Rinsed” by Geoff White exposes how modern technology enables criminals, from drug cartels to cyber gangs, to launder vast amounts of money through digital platforms like cryptocurrency and online banking. Through gripping case studies and expert insights, the book reveals how these illicit networks operate on a global scale, outpacing law enforcement efforts. White uncovers the hidden financial infrastructure behind organized crime, showing how tech industry loopholes are exploited to move dirty money undetected.

Impressions

What the critics say…

Critics have praised Rinsed for its compelling storytelling, in-depth research, and eye-opening revelations about the intersection of crime and technology. The Financial Times called it a “riveting” exposé on cybercrime and law enforcement techniques, while The Economist described it as “gripping.” The Irish Times found it “engrossing and mind-blowing,” highlighting its ability to make complex financial crimes accessible to readers. Reviewers commend Geoff White’s investigative approach and ability to connect real-world cases to broader systemic issues, making Rinsed both an informative and alarming read about the hidden world of digital money laundering.

What I thought…

Each chapter covers a different caper. I had already read about some of these major crimes in cyber, so a some of the book was covering some stories I have already heard. Other than that I thought the book was well-written and and never lost interest, even in the stories that I have already heard.

How I Discovered It

I don’t remember where exactly I heard about this book, but it was probably from a podcast like Smashing Security.

Should You Read It?

Rinsed is ideal for readers interested in true crime, cybercrime, and financial corruption, particularly those curious about how technology enables modern money laundering. It’s a must-read for journalists, law enforcement officials, cybersecurity professionals, and policymakers who want to understand the global impact of illicit financial networks. Tech enthusiasts and cryptocurrency investors may also find it insightful, as it exposes the darker side of digital finance. Additionally, anyone who enjoyed Geoff White’s previous works, such as The Lazarus Heist or Crime Dot Com, will appreciate his investigative storytelling and deep dive into the world of financial crime.

What I Learned From the Book
- I didn’t really think about how difficult it is for criminals to launder money before, Geoff covers this in detail through the book.
- The crime is only a small part of the effort, and its the easy part. Laundering the money so people can be paid is usually more difficult.
- There are a lot of different ways to launder money and criminals are coming up with new ones all the time.
Geoff takes the complex and invisible, and makes it understandable in a way that only a real investigative journalist can. He delivers it on stage in an engaging and high energy manner that will leave you more aware of the danger, a little bit stunned and with stories to retell to colleagues and friends – Mastercard
March 28, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 3/17/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Projects
- TryHackMe – Networking Essentials – In Progress
Videos

Articles
- ClickFix Attack Compromises 100+ Car Dealership Sites – The ClickFix attack tactic seems to be gaining traction among threat actors.
- Jaguar Land Rover Breached by HELLCAT Ransomware Group Using Its Infostealer Playbook—Then a Second Hacker Strikes
- Microsoft isn’t fixing 8-year-old shortcut exploit abused for spying – An exploitation avenue found by Trend Micro has been used in an eight-year-long spying campaign, but there’s no sign of a fix from Microsoft, which apparently considers this a low priority.
- 11 State-Sponsored APTs Exploiting LNK Files for Espionage, Data Theft – ZDI has uncovered 1,000 malicious .lnk files used by state-sponsored and cybercrime threat actors to execute malicious commands.
- Capital One hacker Paige Thompson got too light a sentence, appeals court rules – Two of the three judges said five years’ probation and time served didn’t match the severity of the crime, among other reasons for overturning the sentence.
- Pennsylvania State Education Association data breach impacts 500,000 individuals – A data breach at the Pennsylvania State Education Association exposed the personal information of over 500,000 individuals.
- Dept of Defense engineer took home top-secret docs, booked a fishing trip to Mexico – then the FBI showed up
Podcasts
- Smashing Security 408: A gag order backfires, and a snail mail ransom demand – ‘Only’ a local access bug but important part of N Korea, Russia, and China attack picture
March 24, 2025