CTRL + ALT + SEC

Category: cybersecurity

What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 7/28/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: Tea’s data breach shows why you should be wary of new apps — especially in the AI era

This data breach highlights the inherent risks associated with entrusting sensitive personal information to new applications, particularly in an increasingly AI-driven digital landscape. The breach exposed approximately 72,000 images, including selfies and driver’s licenses, as well as over 1.1 million private direct messages containing intimate conversations. This incident serves as a stark reminder that user data, even when presumed private, can be easily exposed to a global audience with technical acumen. Despite the widespread reporting of the breach, the Tea app remarkably maintained a high ranking in app store charts, underscoring a prevailing user willingness to share sensitive data despite known security vulnerabilities.

Cybersecurity experts interviewed in the article emphasize that the risks of data exposure are amplified in the “AI era.” This heightened risk stems from several factors, including users’ growing comfort with sharing personal information with AI chatbots, which has already led to accidental public disclosures of private exchanges. Furthermore, the rise of “vibe coding”—the use of generative AI to write and refine code—introduces new security concerns. While enabling faster development, experts worry that vibe coding could lead to less secure applications as developers prioritize speed and potentially overlook robust security measures.

Ultimately, the Tea app breach serves as a critical cautionary tale, urging consumers to exercise extreme vigilance when engaging with new apps. Regardless of whether applications are developed with AI assistance or traditional methods, the core message from cybersecurity professionals is to always consider the worst-case scenario when sharing personal data. With the accelerated development of applications and adversaries increasingly leveraging AI for new attack vectors, users should anticipate a rise in data breaches and adopt a more proactive approach to safeguarding their digital privacy.

Projects
- TryHackMe – Web Application Basics – Complete
- TryHackMe – JavaScript Essentials – In Progress
White Paper
- IBM Cost of a Data Breach Report
Articles
- Insurance giant says most US customer data stolen in cyber-attack – Hackers have stolen personal information of a majority of insurance firm Allianz Life’s 1.4 million customers in North America, its parent company said.
- Dating safety app Tea breached, exposing 72,000 user images – Tea, an app that allows women to post anonymous comments about men they’ve supposedly dated, announced Friday that it has suffered a data breach, with hackers gaining access to 72,000 images.
- Scattered Spider is running a VMware ESXi hacking spree – Scattered Spider hackers have been aggressively targeting virtualized environments by attacking VMware ESXi hypervisors at U.S. companies in the retail, airline, transportation, and insurance sectors.
- FBI seizes $2.4M in Bitcoin from new Chaos ransomware operation – FBI Dallas has seized approximately 20 Bitcoins from a cryptocurrency address belonging to a Chaos ransomware member that is linked to cyberattacks and extortion payments from Texas companies.
- Minnesota Activates National Guard in Response to Cyberattack – Minnesota Governor Tim Walz called in the National Guard to assist the City of Saint Paul in responding to a cyberattack.
- Telecom Giant Orange Hit by Cyberattack – Orange was targeted by hackers in an attack that resulted in the disruption of services offered to corporate and individual customers.
- Everest Ransomware Claims Mailchimp as New Victim in Relatively Small Breach – Everest ransomware claims Mailchimp breach, leaks 943,000 lines of data. While limited in size, it adds to a spike in global ransomware activity this July.
- Your public ChatGPT queries are getting indexed by Google and other search engines – It’s a strange glimpse into the human mind: If you filter search results on Google, Bing, and other search engines to only include URLs from the domain “https://chatgpt.com/share,” you can find strangers’ conversations with ChatGPT.
- Microsoft: Russian hackers use ISP access to hack embassies in AiTM attacks – Microsoft warns that a cyber-espionage group linked to Russia’s Federal Security Service (FSB) is targeting diplomatic missions in Moscow using local internet service providers.
August 4, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 7/21/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: Woman gets 8 years for aiding North Koreans infiltrate 300 US firms

This article details the sentencing of Christina Marie Chapman to 102 months in prison for her pivotal role in a sophisticated scheme that allowed North Korean IT workers to infiltrate over 300 U.S. companies. Chapman facilitated this by operating a “laptop farm” in her Arizona home, creating the illusion that the workers were based in the United States. Her co-conspirator, Ukrainian citizen Oleksandr Didenko, ran an online platform, UpWorkSell, which provided false identities for the North Koreans seeking remote IT positions. This elaborate operation enabled the North Korean workers to illicitly collect over $17 million, a portion of which was funneled through Chapman’s financial accounts.

The scope of this infiltration was extensive, with North Korean individuals securing remote software and application development roles in a wide array of high-profile U.S. entities, including Fortune 500 companies, an aerospace and defense firm, a major television network, and a Silicon Valley technology company. This access not only generated significant illicit revenue for the North Korean regime but also posed substantial national security risks by potentially exposing sensitive information and intellectual property within critical U.S. industries. The scheme highlights the persistent and evolving methods used by foreign adversaries to exploit vulnerabilities in remote work environments.

In response to this and similar incidents, U.S. authorities have intensified their efforts to counter North Korean IT worker schemes. The Department of Justice has been actively disrupting extensive networks involved in these operations, leading to charges against individuals like Chapman and Didenko, as well as other foreign nationals. Concurrently, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has issued sanctions against North Korean front companies and associated individuals. These actions, coupled with updated FBI guidance for U.S. businesses and joint advisories with international partners, underscore a concerted strategy to mitigate the threat posed by North Korea’s illicit revenue generation and espionage activities.

Projects
- TryHackMe – Web Application Basics – In Progress
Articles
- Ivanti Zero-Days Exploited to Drop MDifyLoader and Launch In-Memory Cobalt Strike Attacks – Cybersecurity researchers have disclosed details of a new malware called MDifyLoader that has been observed in conjunction with cyber attacks exploiting security flaws in Ivanti Connect Secure (ICS) appliances.
- CISA Orders Urgent Patching After Chinese Hackers Exploit SharePoint Flaws in Live Attacks – The U.S. Cybersecurity and Infrastructure Security Agency (CISA), on July 22, 2025, added two Microsoft SharePoint flaws, CVE-2025-49704 and CVE-2025-49706, to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
- Ukraine arrests suspected admin of XSS Russian hacking forum – The suspected administrator of the Russian-speaking hacking forum XSS.is was arrested by the Ukrainian authorities yesterday at the request of the Paris public prosecutor’s office.
- ExpressVPN bug leaked user IPs in Remote Desktop sessions – ExpressVPN has fixed a flaw in its Windows client that caused Remote Desktop Protocol (RDP) traffic to bypass the virtual private network (VPN) tunnel, exposing the users’ real IP addresses.
- Nuclear Weapons Agency Breached in Microsoft SharePoint Hack – The US agency responsible for maintaining and designing the nation’s cache of nuclear weapons was among those breached by a hack of Microsoft Corp.’s SharePoint document management software, according to a person with knowledge of the matter.
- Scattered Spider Hijacks VMware ESXi to Deploy Ransomware on Critical U.S. Infrastructure – The notorious cybercrime group known as Scattered Spider is targeting VMware ESXi hypervisors in attacks targeting retail, airline, and transportation sectors in North America.
- UK Student Sentenced to Prison for Selling Phishing Kits – Ollie Holman was sentenced to prison for selling over 1,000 phishing kits that caused estimated losses of over $134 million.
- Woman gets 8 years for aiding North Koreans infiltrate 300 US firms – Christina Marie Chapman, a 50-year-old woman from Arizona, was sentenced to 102 months in prison after pleading guilty to her involvement in a scheme that enabled North Korean IT workers to infiltrate 309 U.S. companies.
Podcasts
July 28, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 7/14/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: McDonald’s Chatbot Recruitment Platform Exposed 64 Million Job Applications

This reveals a significant data breach within McDonald’s recruitment platform, McHire, exposing the personal information of 64 million job applicants. The breach stemmed from two critical vulnerabilities: the persistence of default “123456” credentials for a test account belonging to Paradox.ai (the bot’s creator) and an insecure direct object reference (IDOR) weakness in an internal API. These flaws allowed security researchers Ian Carroll and Sam Curry unauthorized access to applicant data, including names, addresses, phone numbers, email addresses, and even the ability to view and intervene in ongoing chatbot conversations. The ease with which such widespread data could be accessed highlights severe lapses in security protocols and underscores the potential for malicious actors to exploit similar weaknesses if not promptly addressed.

The incident underscores the paramount importance of robust security practices, particularly in platforms handling vast amounts of personal identifiable information (PII). The fact that a simple, unchanged default password from a 2019 test account could grant administrative access, combined with an IDOR vulnerability allowing sequential access to applicant records, points to fundamental oversights in development and testing. While Paradox.ai swiftly remediated the vulnerabilities upon notification, the incident serves as a stark reminder that even seemingly minor security gaps can have massive implications. It also calls into question the adequacy of their penetration testing, as these issues were not identified internally prior to the researchers’ discovery.

Despite the swift resolution and Paradox.ai’s assertion that only chat interactions of five applicants were accessed by the researchers and no data was shared online, the potential for harm was immense. The exposure of 64 million applicant records, even without highly sensitive data like Social Security numbers, still presents a significant privacy concern and could lead to various forms of targeted attacks like phishing. This incident should prompt other companies utilizing similar third-party recruitment platforms to scrutinize their own security measures and demand higher standards from their vendors to prevent similar breaches and safeguard applicant data.

Projects
- TryHackMe – Web Application Basics – In Progress
Articles
- McDonald’s Chatbot Recruitment Platform Exposed 64 Million Job Applications – Two vulnerabilities in an internal API allowed unauthorized access to contacts and chats, exposing the information of 64 million McDonald’s applicants.
- Google Gemini flaw hijacks email summaries for phishing – Google Gemini for Workspace can be exploited to generate email summaries that appear legitimate but include malicious instructions or warnings that direct users to phishing sites without using attachments or direct links.
- Telegram Messenger’s Ties to Russia’s FSB Revealed in New Report – The Telegram messaging app may have ties to Russia’s Federal Security Service (FSB), according to an investigation.
- Louis Vuitton suffers two hacks in a week as customer data is accessed in UK and Korea – Louis Vuitton has revealed that customer data was stolen during an unauthorised breach of the fashion giant’s UK operation’s systems.
- Russian Basketball Star Daniil Kasatkin Arrested in Ransomware Probe – Daniil Kasatkin, a Russian pro basketball player, faces US ransomware charges after his Paris arrest. His lawyer claims he’s “useless with computers,” raising questions about his alleged negotiator role in cybercrime.
- Cloudflare says 1.1.1.1 outage not caused by attack or BGP hijack – To quash speculation of a cyberattack or BGP hijack incident causing the recent 1.1.1.1 Resolver service outage, Cloudflare explains in a post mortem that the incident was caused by an internal misconfiguration.
- China’s Salt Typhoon Hacked US National Guard – Chinese hacking group Salt Typhoon targeted a National Guard unit’s network and tapped into communications with other units.
- Former US Army member confesses to Telecom hack and extortion conspiracy – A former US Army soldier pleaded guilty to hacking telecom databases, stealing data, and extorting companies by threatening to release the stolen info.
- Popular fitness app Fitify exposes 138K user progress photos – Fitify’s publicly accessible Google cloud storage bucket has exposed hundreds of thousands of files. Some of the files were user-uploaded progress pictures that individuals upload to track their body changes over time. After Cybernews contacted the company, the unprotected instance was closed.
- Salt Typhoon breach: Chinese APT compromises U.S. Army National Guard network – China-linked APT Salt Typhoon breached a U.S. Army National Guard unit’s network, accessed configs, and intercepted communications with other units.
July 21, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 7/7/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: Elmo’s X account was hacked and shared antisemitic and racist posts

The recent hacking of Elmo’s X (formerly Twitter) account represents a concerning incident that transcends a simple social media breach, highlighting broader vulnerabilities and the potential for weaponized online platforms. The unauthorized posts, which included antisemitic, racist, and politically charged content, not only severely damaged the innocent and wholesome brand associated with Elmo and Sesame Street but also demonstrated how easily prominent accounts can be leveraged to disseminate harmful narratives. The fact that such hateful messages were visible to nearly 650,000 followers, even for a brief period, underscores the immediate and widespread impact that compromised accounts can have on public discourse and perception. This event serves as a stark reminder of the constant threat of cyberattacks and the imperative for robust security measures across all major online platforms.

This incident also brings into focus the ongoing challenges faced by X, particularly in light of previous controversies surrounding its AI chatbot Grok and the proliferation of extremist views on the platform. The “disgusting” nature of the hacked posts, as described by Sesame Workshop, echoes similar issues where X has struggled to contain inflammatory content, including antisemitic remarks. The repeated instances of problematic content, whether through compromised accounts or algorithmic failures, raise serious questions about X’s content moderation strategies and its ability to safeguard users from harmful material. While XAI has acknowledged and attempted to address issues with Grok, the Elmo hack suggests that the platform’s vulnerabilities extend beyond AI-generated content to fundamental account security.

Ultimately, the Elmo account hack is more than just an isolated security breach; it’s a symptom of a larger, more complex problem concerning online safety, platform responsibility, and the weaponization of social media. For a character universally associated with childhood innocence and positive values to be used as a conduit for hate speech is deeply disturbing and illustrates the insidious nature of online extremism. This event should prompt renewed scrutiny of social media companies’ commitment to preventing abuse, ensuring account integrity, and protecting their users from the dissemination of harmful ideologies. The incident reinforces the critical need for continuous vigilance, technological advancements in security, and a proactive approach to combating the misuse of online platforms.

Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Projects
- TryHackMe – Web Application Basics – In Progress
Articles
- FBI warns travelers of ‘Scattered Spider’ group targeting airlines – SFGATE contributor Jim Glab rounds up air travel and airport news for our weekly column Routes
- Qantas is being extorted in recent data-theft cyberattack – Qantas has confirmed that it is now being extorted by threat actors following a cyberattack that potentially exposed the data for 6 million customers.
- Columbia data stolen in cyberattack that caused dayslong IT outage, University says – Bloomberg News reported that the alleged hacker stole the personal information of Columbia applicants.
- AT&T Reaches $177M Deal Over 2019 and 2024 Data Breaches – AT&T’s $177M data breach settlement. Check eligibility for payouts from 2019 and 2024 incidents.
- Alleged Chinese State Hacker Wanted by US Arrested in Italy – Xu Zewei has been arrested on charges that he is a member of the Chinese state-sponsored hacking group Hafnium (Silk Typhoon).
- Canadian Electric Utility Says Power Meters Disrupted by Cyberattack – Nova Scotia Power is notifying individuals affected by the recent data breach, including in the United States.
- U.S. Sanctions North Korean Andariel Hacker Behind Fraudulent IT Worker Scheme – The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) on Tuesday sanctioned a member of a North Korean hacking group called Andariel for their role in the infamous remote information technology (IT) worker scheme.
- Russian pro basketball player arrested for alleged role in ransomware attacks – Russian professional basketball player Daniil Kasatkin was arrested in France at the request of the United States for allegedly acting as a negotiator for a ransomware gang.
- Elmo’s X account hacked to publish racist and antisemetic posts – In case it wasn’t obvious, no, that’s not the real Elmo that posted racist and antisemetic posts on Elon Musk’s X. Someone had hacked into the Sesame Street character’s X account.
Podcasts
July 14, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 6/30/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: US shuts down a string of North Korean IT worker scams

The US Department of Justice has successfully disrupted several sophisticated IT worker scams orchestrated by North Korea, leading to two indictments, one arrest, and the seizure of 137 laptops. These operations involved North Korean IT staff using stolen or fictitious identities to secure remote positions at over 100 US companies. Beyond drawing salaries, these individuals allegedly exfiltrated sensitive data for Pyongyang and engaged in virtual currency theft, with one instance involving a $740,000 cryptocurrency heist. This tactic of deploying remote IT workers, facilitated by the shift to remote work during the COVID-19 pandemic, is a significant evolution from North Korea’s traditional cybercrime activities, which are primarily aimed at circumventing international sanctions and funding their illicit weapons programs.

One key aspect of these scams involved the establishment of “laptop farms” in the US. These farms allowed North Korean coders to remotely control company-issued laptops, making it appear as though the workers were operating within the US, thereby evading detection by employers monitoring IP ranges. Zhenxing “Danny” Wang, one of the indicted individuals, is accused of setting up a fake software development business that funneled approximately $5 million back to North Korea and left US companies with an estimated $3 million in cleanup costs. This complex network highlights the critical role of US-based collaborators in enabling these schemes and the substantial financial gains reaped by both the North Korean regime and its stateside operatives.

The investigations also revealed a more direct form of cryptocurrency theft, as seen in the case of four North Koreans who traveled to the UAE to secure remote programming jobs. These individuals, using stolen identities, were able to gain access to company virtual wallets and subsequently steal significant amounts of cryptocurrency, which was then laundered using sanctioned tools like Tornado Cash. The ongoing nature of these threats underscores the challenges faced by companies hiring remote IT workers and the persistent efforts by North Korea to exploit vulnerabilities for financial gain. The US Department of Justice is actively pursuing these cases, offering substantial bounties for information that helps dismantle North Korea’s illicit financial mechanisms.

Projects
- TryHackMe – Web Application Basics – In Progress
Articles
- US shuts down a string of North Korean IT worker scams – The US Department of Justice has announced a major disruption of multiple North Korean fake IT worker scams.
- Stablecoin protocol Resupply loses $9.6M to price manipulation exploit – A flaw in ResupplyFi’s contract allowed an attacker to manipulate token prices and drain $9.6 million from its wstUSR market.
- Hacker Conversations: Rachel Tobac and the Art of Social Engineering – Rachel Tobac is a cyber social engineer. She is skilled at persuading people to do what she wants, rather than what they know they ought to do.
- Hackers stole data on 2.2 million people in cyberattack affecting American grocery chains – The Dutch conglomerate behind dozens of major American supermarket brands said more than 2.2 million people had information stolen from its systems during a cyberattack in November that left customers unable to place delivery orders online.
- Aloha, you’ve been pwned: Hawaiian Airlines discloses ‘cybersecurity event’ – ‘No impact on safety,’ FAA tells The Reg
- The FBI warns that Scattered Spider is now targeting the airline sector – The FBI warns that Scattered Spider is now targeting the airline sector. Feds are working with aviation partners to combat the threat and assist affected victims.
- Ex-student charged over hacking university for cheap parking, data breaches – New South Wales police in Australia have arrested a 27-year-old former Western Sydney University (WSU) student for allegedly hacking into the University’s systems on multiple occasions, starting with a scheme to obtain cheaper parking.
- Qantas Confirms Major Data Breach Linked to Third-Party Vendor – Qantas has confirmed a data breach after attackers gained access through a third-party call centre platform, affecting millions of frequent flyers just as the airline industry heads into its busiest season.
July 7, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 6/23/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: Millions of Brother Printers Hit by Critical, Unpatchable Bug

The article highlights a severe security crisis affecting millions of Brother printers and other devices, stemming primarily from a critical, unpatchable vulnerability (CVE-2024-51978) with a CVSS score of 9.8. This flaw allows an unauthenticated attacker to generate the default administrator password by knowing the device’s serial number, which can be leaked through other vulnerabilities or simple queries. The sheer scale of the problem is alarming, with 695 Brother models and millions of individual devices globally impacted. Crucially, this particular bug cannot be fixed via firmware updates, necessitating a change in Brother’s manufacturing process, underscoring the deep-seated nature of the security oversight.

Beyond the unpatchable flaw, the research by Rapid7 uncovered seven additional vulnerabilities, ranging from data leaks and stack buffer overflows to server-side request forgery (SSRF) and denial-of-service (DoS) issues. These vulnerabilities, while individually less critical (CVSS scores from 5.3 to 7.5), pose significant risks as they can be chained together with CVE-2024-51978 to achieve more severe outcomes, such as unauthenticated remote code execution or the disclosure of plaintext credentials for external services like LDAP or FTP. The ease of exploiting some of these flaws, coupled with the known existence of an underground market for printer exploits, raises concerns about potential widespread exploitation in corporate networks.

Fortunately, for seven of the eight vulnerabilities, Brother has released firmware updates, and other affected vendors like Fujifilm and Ricoh have also issued advisories. For the critical CVE-2024-51978, the primary mitigation relies on user action: changing the default administrator password. This simple step is crucial, as the vulnerability is only exploitable if the default password remains unchanged. The article also commends the collaborative and lengthy disclosure process involving Rapid7, Brother, and the Japanese cyber agency JPCERT/CC, highlighting it as a successful example of coordinated efforts to address widespread security flaws.

Projects
- TryHackMe – Hashing Basics – Complete
- TryHackMe – Web Application Basics – In Progress
Videos

Articles
- Canada says telcos were breached in China-linked espionage hacks – The Canadian government and the FBI say they are aware of malicious activity targeting telecommunication companies across Canada, attributing the intrusions to the China-backed hacking group Salt Typhoon.
- Cybercriminals breach Aflac as part of hacking spree against US insurance industry – Cybercriminals have breached insurance giant Aflac, potentially stealing Social Security numbers, insurance claims and health information, the company said Friday, the latest in a spree of hacks against the insurance industry.
- Millions of Brother Printers Hit by Critical, Unpatchable Bug – A slew of vulnerabilities, including a critical CVSS 9.8 that enables an attacker to generate the default admin password, affect hundreds of printer, scanner, and label-maker models made by manufacturer Brother.
- Justice Department Announces Coordinated, Nationwide Actions to Combat North Korean Remote Information Technology Workers’ Illicit Revenue Generation Schemes
Podcasts
July 2, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 6/16/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: 16 Billion Apple, Facebook, Google And Other Passwords Leaked

The confirmed leak of an estimated 16 billion login credentials, including passwords, making it potentially the largest breach in history. Unlike previous reports of individual company breaches, this “mother of all leaks” is attributed to multiple infostealers, aggregating data from a vast array of online services, including major platforms like Apple, Facebook, and Google, as well as VPNs and developer portals. Crucially, cybersecurity researcher Bob Diachenko clarified that this isn’t a direct breach of these large companies’ databases but rather a collection of credentials found in infostealer logs, often linked to reused passwords. This makes the leak a severe threat, serving as a “blueprint for mass exploitation” through phishing and account takeovers, emphasizing the urgent need for robust password hygiene.

The incident reignites the debate surrounding cybersecurity responsibility. While many experts, like Javvad Malik, advocate for a “shared responsibility” model, where both organizations protect users and individuals remain vigilant, others like Paul Walsh of MetaCert disagree. Walsh argues that expecting users to become security experts when even security providers struggle against sophisticated phishing attacks is unreasonable. This highlights a fundamental tension: while users are urged to adopt stronger password practices and multi-factor authentication, the industry also faces pressure to develop more inherently secure authentication methods that mitigate the risk posed by compromised databases, irrespective of password complexity.

In response to such massive leaks, the article strongly advocates for a pivotal shift from traditional passwords to more secure passkey technology. Experts like Rew Islam from Dashlane, co-chair of the FIDO Alliance, emphasize that passkeys are no longer a “nice-to-have” but an “essential” security measure, especially with major players like Facebook recently adopting them. Passkeys leverage factors users already employ, like facial or fingerprint recognition, offering a more convenient and significantly more secure authentication experience. The expectation is that widespread adoption by more companies, from banks to social media, will build user confidence and eventually lead to passkeys becoming the dominant authentication method for the majority of internet users within the next three years.

Projects
- TryHackMe – Hashing Basics – In Progress
Articles
- Paraguay Suffered Data Breach: 7.4 Million Citizen Records Leaked on Dark Web – Resecurity researchers found 7.4 million records containing personally identifiable information (PII) of Paraguay citizens on the dark web.
- 16 Billion Apple, Facebook, Google And Other Passwords Leaked – If you thought that my May 23 report, confirming the leak of login data totaling an astonishing 184 million compromised credentials, was frightening, I hope you are sitting down now. Researchers have just confirmed what could be the largest leak ever, with an almost incredulous 16 billion login credentials, including passwords, exposed.
- Massive 7.3 Tbps DDoS Attack Delivers 37.4 TB in 45 Seconds, Targeting Hosting Provider – Cloudflare on Thursday said it autonomously blocked the largest distributed denial-of-service (DDoS) attack ever recorded, which hit a peak of 7.3 terabits per second (Tbps).
- Iran’s government says it shut down internet to protect against cyberattacks – Earlier this week, virtually everyone in Iran lost access to the internet in what was called a “near-total national internet blackout.”
- Russian hackers bypass Gmail MFA using stolen app passwords – Russian hackers bypass multi-factor authentication and access Gmail accounts by leveraging app-specific passwords in advanced social engineering attacks that impersonate U.S. Department of State officials.
Podcasts
June 23, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 6/9/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: 40,000 Security Cameras Exposed to Remote Hacking

Cybersecurity firm Bitsight has unveiled a significant vulnerability in the digital landscape, identifying over 40,000 security cameras globally that are susceptible to remote hacking. These cameras, operating primarily over HTTP and RTSP protocols, inadvertently expose live video feeds directly to the internet, making them prime targets for malicious activities ranging from espionage to botnet recruitment. HTTP-based cameras, commonly found in homes and small offices, often allow direct access to administrative interfaces or expose screenshots via simple URI manipulations. RTSP cameras, used in professional surveillance, are harder to fingerprint but can still be exploited to return live footage. This widespread exposure highlights a critical security flaw, transforming devices intended for protection into potential tools for privacy invasion and cyberattacks.

The geographical distribution of these exposed cameras reveals a concerning concentration, with the United States accounting for over 14,000 devices, followed by Japan with approximately 7,000. Other countries like Austria, Czechia, South Korea, Germany, Italy, and Russia also host thousands of vulnerable cameras. Within the US, California and Texas show the highest numbers, with other states like Georgia, New York, and Missouri also significantly impacted. Industry-wise, the telecommunications sector bears the brunt of the exposure, representing a staggering 79% of vulnerable devices, largely due to residential network connections. When excluding this sector, technology, media/entertainment, utilities, business services, and education emerge as the most affected industries, underscoring the broad scope of this security challenge across various critical sectors.

The implications of such widespread exposure are severe, extending beyond mere privacy breaches. Bitsight warns that these cameras are actively sought by threat actors on dark web forums, posing risks such as ensnarement in botnets or serving as pivot points for deeper network intrusions. The presence of these vulnerable devices in diverse locations like offices, factories, restaurants, and hotels amplifies the potential for corporate espionage and data theft. To counter these threats, Bitsight advises users and organizations to adopt crucial security measures: securing internet connections, replacing default credentials, disabling unnecessary remote access, keeping device firmware updated, and consistently monitoring for unusual login attempts. Adhering to these precautions is paramount to safeguard privacy and prevent these surveillance tools from becoming unintended liabilities.

Projects
- TryHackMe – Hashing Basics – In Progress
Articles
- Former Black Basta Members Resurface with New Tactics – Ex-Black Basta ransomware affiliates are now using new phishing and remote access techniques as part of the CACTUS ransomware operation.
- Rust-based “Myth Stealer” Malware Targets Gamers – A new Rust-based infostealer called Myth Stealer is spreading via fake gaming sites and malicious documents, targeting browser and crypto data.
- Massive Data Leak in China Exposes Billions of Records – Over 4 billion personal records were exposed from an unsecured Chinese database, marking one of the largest leaks in the country’s history.
- Google Warns of Salesforce Phishing and Data Extortion Campaign – Google flagged a campaign where attackers use vishing and fake tools to steal Salesforce data and extort organizations.
- Iranian APT “BladedFeline” Hides in Telecom Network for 8 Years – The Iranian group BladedFeline covertly accessed a Middle Eastern telecom for eight years using legitimate admin tools.
- New Zero-Click AI Vulnerability in Microsoft 365 Copilot – Researchers found “EchoLeak,” a zero-click vulnerability that could let attackers steal sensitive data from Microsoft 365 Copilot.
- WestJet Cyberattack Disrupts Airline Operations – A cyberattack on WestJet caused disruptions to the airline’s internal systems and operations.
- Trend Micro and Palo Alto Networks Patch Critical Flaws – Both cybersecurity vendors released patches for multiple critical vulnerabilities affecting their products.
- Hackers Abuse TeamFiltration to Target Microsoft Entra ID Accounts – Attackers leveraged the TeamFiltration pentesting tool to compromise over 80,000 Microsoft Entra ID accounts globally.
- 40,000 Security Cameras Exposed to Remote Hacking – Bitsight has identified over 40,000 security cameras that can be easily hacked for spying or other types of malicious activity.
Podcasts
June 16, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 6/2/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: Largest ever data leak exposes over 4 billion user records

The recent exposure of over 4 billion user records in China represents an unprecedented cybersecurity catastrophe, highlighting the extreme vulnerability of personal data in the digital age. This colossal leak, comprising 631 gigabytes of unsecure data, contained a vast array of sensitive information, including financial details, WeChat and Alipay records, residential addresses, and potentially even communication logs. The sheer scale and diversity of the exposed data — ranging from over 800 million WeChat IDs to 630 million bank records and 610 million “three-factor checks” with IDs and phone numbers — strongly suggest a centralized aggregation point, possibly for surveillance, profiling, or data enrichment purposes. This incident underscores a critical failure in data security, leaving hundreds of millions of individuals susceptible to a wide range of malicious activities.

With access to correlated data points on residential information, spending habits, financial details, and personal identifiers, threat actors could orchestrate large-scale phishing scams, blackmail schemes, and sophisticated fraud. The inclusion of Alipay card and token information further raises the risk of unauthorized payments and account takeovers, potentially leading to significant financial losses for users. Beyond individual exploitation, the possibility of state-sponsored intelligence gathering and disinformation campaigns cannot be overlooked, given the perceived nature of the data collection as a comprehensive profile of Chinese citizens. The swift removal of the database after discovery, coupled with the anonymity of its owners, further complicates efforts to understand the breach’s origins and implement protective measures for impacted individuals.

The inability to identify the database’s owners or provide direct recourse for affected users exemplifies the precarious position individuals find themselves in when their data is compromised on such a grand scale. While China has experienced significant data breaches in the past, this incident stands as the largest ever recorded, dwarfing previous exposures.

Projects
- TryHackMe – Hashing Basics – In Progress
Papers
- Research on insider threat detection based on personalized federated learning and behavior log analysis
Articles
- ‘Russian Market’ emerges as a go-to shop for stolen credentials – The “Russian Market” cybercrime marketplace has emerged as one of the most popular platforms for buying and selling credentials stolen by information stealer malware.
- Cartier discloses data breach amid fashion brand cyberattacks – Luxury fashion brand Cartier is warning customers it suffered a data breach that exposed customers’ personal information after its systems were compromised.
- Meta stopped covert operations from Iran, China, and Romania spreading propaganda – Meta stopped three covert operations from Iran, China, and Romania using fake accounts to spread propaganda on social media platforms.
- Victoria’s Secret hit by outages as it battles security incident – Fashion retail giant Victoria’s Secret said it is addressing a “security incident,” as its website and online orders face ongoing disruption.
- Crooks fleece The North Face accounts with recycled logins – Outdoorsy brand blames credential stuffing
- Coinbase breach tied to bribed TaskUs support agents in India – A recently disclosed data breach at Coinbase has been linked to India-based customer support representatives from outsourcing firm TaskUs, who threat actors bribed to steal data from the crypto exchange.
- Scattered Spider: Three things the news doesn’t tell you – With the recent attacks on UK retailers Marks & Spencer and Co-op, so-called Scattered Spider has been all over the media, with coverage spilling over into the mainstream news due to the severity of the disruption — currently looking like hundreds of millions in lost profits for M&S alone.
- Exclusive: Hackers Leak 86 Million AT&T Records with Decrypted SSNs – Hackers leak data of 88 million AT&T customers with decrypted SSNs; latest breach raises questions about links to earlier Snowflake-related attack.
- FBI: Play ransomware breached 900 victims, including critical orgs – In an update to a joint advisory with CISA and the Australian Cyber Security Centre, the FBI said that the Play ransomware gang had breached roughly 900 organizations as of May 2025, three times the number of victims reported in October 2023.
- Largest ever data leak exposes over 4 billion user records – In what’s likely the biggest data leak to ever hit China, billions of documents with financial data, WeChat and Alipay details, as well as other sensitive personal data, were exposed to the public. Worryingly, there’s little that impacted users can do to protect themselves.
Podcasts
- Smashing Security 419: Star Wars, the CIA, and a WhatsApp malware mirage
June 9, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 5/26/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: Suspected InfoStealer Malware Data Breach Exposed 184 Million Logins and Passwords

This article details a significant data breach involving a publicly exposed database containing an astonishing 184 million unique logins and passwords, totaling 47.42 GB of unencrypted credential data. The researcher who discovered the breach found a wide array of sensitive information, including emails, usernames, passwords, and associated URLs for numerous online services, financial institutions, healthcare platforms, and government portals across various countries. The lack of password protection or encryption on the database dramatically increased the potential for malicious actors to access and exploit this highly sensitive information, posing substantial risks to individuals whose credentials were exposed. The researcher responsibly disclosed the finding to the hosting provider, which subsequently restricted public access to the database.

The analysis of the exposed data strongly suggests that it was harvested by infostealer malware, a type of malicious software designed to extract sensitive information from infected systems, particularly credentials stored in browsers and applications. While the exact method of data collection remains unknown, the article outlines common tactics used by cybercriminals to deploy such malware, including phishing emails, malicious websites, and compromised software. The potential consequences of this type of data exposure are severe, ranging from credential stuffing attacks and account takeovers to corporate espionage and targeted phishing campaigns. The sheer volume and variety of compromised accounts, including those associated with financial and governmental institutions, underscore the gravity of the situation and the potential for widespread harm.

In response to this alarming discovery, the article provides crucial recommendations for users to enhance their online security. These include the fundamental practices of regularly changing passwords, using unique and complex passwords for each account, and enabling two-factor authentication wherever possible. Additionally, the article advises users to check if their credentials have been exposed in known breaches, monitor their accounts for suspicious activity, and consider the use of password managers with caution. The researcher emphasizes the importance of proactive measures and responsible data handling, particularly concerning sensitive information stored in email accounts. The incident serves as a stark reminder of the persistent threats posed by infostealer malware and the critical need for individuals and organizations to prioritize robust cybersecurity practices.

Projects
- TryHackMe – Public Key Cryptography Basics – Complete
- TryHackMe – Hashing Basics – In Progress
Videos

Articles
- Adidas confirms criminals stole data from customer service provider – Hackers take personal data bytes from the brand with three stripes
- Dutch Intelligence Agencies Say Russian Hackers Stole Police Data in Cyberattack – The agencies said that the group, which they called Laundry Bear, is actively trying to steal sensitive data from EU and NATO countries and is “extremely likely Russian state supported.”
- Iranian pleads guilty to RobbinHood ransomware attacks, faces 30 years – An Iranian national has pleaded guilty to participating in the Robbinhood ransomware operation, which was used to breach the networks, steal data, and encrypt devices of U.S. cities and organizations in an attempt to extort millions of dollars over a five-year span.
- Russian IT pro sentenced to 14 years forced labor for sharing medical data with Ukraine – The latest in a long line of techies to face Putin’s wrath
- Botnet hacks 9,000+ ASUS routers to add persistent SSH backdoor – Over 9,000 ASUS routers are compromised by a novel botnet dubbed “AyySSHush” that was also observed targeting SOHO routers from Cisco, D-Link, and Linksys.
- 184,162,718 Passwords And Logins Leaked — Apple, Facebook, Snapchat
- Threat actors abuse Google Apps Script in evasive phishing attacks – Threat actors are abusing the ‘Google Apps Script’ development platform to host phishing pages that appear legitimate and steal login credentials.
- Pakistanis Urged To Immediately Change All Passwords After Massive Global Data Breach – Pakistan’s National Cyber Emergency Response Team (NCERT) has issued a critical warning urging citizens to change their passwords following a massive global data breach exposing 184 million unique account credentials.
June 2, 2025