CTRL + ALT + SEC

Category: In the News

What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 11/3/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: Hackers use RMM tools to breach freighters and steal cargo shipments

This sophisticated cybercrime campaign highlights a dangerous evolution in cargo theft, where digital compromise leads directly to the theft of physical goods. Threat actors are targeting the weakest links in the supply chain—specifically freight brokers and trucking carriers by deploying legitimate Remote Monitoring and Management (RMM) tools like ScreenConnect and SimpleHelp. The attack typically begins with social engineering, often involving the use of compromised accounts on online load boards to post fraudulent shipments. When a legitimate carrier responds, they are tricked into clicking a malicious link (often delivered via a hijacked email thread), which installs the RMM tool. This technique is highly effective because it leverages trusted software, allowing the attacker to establish a persistent, low-profile foothold on the victim’s network without immediately triggering suspicion or anti-virus alerts.

Once the RMM tool is installed, the cybercriminals gain complete remote control over the victim’s system. They use this access to conduct network reconnaissance and deploy credential harvesting tools, enabling them to steal logins for essential freight management systems. With this insider access, the hackers can modify or delete existing booking emails, block dispatcher notifications, and effectively impersonate the carrier. This allows them to successfully bid on real, high-value cargo loads (such as electronics or food and beverage items) and coordinate the theft, rerouting the physical shipment for illicit resale. The successful execution of this scheme suggests a strong collaboration between technical cybercrime groups and traditional organized crime that handles the physical interception and distribution of the stolen goods.

To defend against this potent threat, organizations in the logistics and transportation sectors must tighten controls over widely used software. A key preventative measure is to restrict the installation of all unapproved RMM tools, ensuring only IT-vetted and confirmed applications are allowed on company endpoints. Furthermore, technical defenses should include robust network monitoring to detect unexpected connections to RMM servers and the implementation of email gateway rules to block common malicious file types, such as .EXE and .MSI executables, from unsolicited external senders. Finally, security awareness training is crucial, as the initial point of compromise relies heavily on social engineering and exploiting the trust inherent in urgent freight negotiations.

Projects
- TryHackMe – CyberChef: The Basics – Complete
- TryHackMe – CAPA: The Basics – In Progress
Videos

Articles
- Hackers use RMM tools to breach freighters and steal cargo shipments – Threat actors are targeting freight brokers and trucking carriers with malicious links and emails to deploy remote monitoring and management tools (RMMs) that enable them to hijack cargo and steal physical goods.
- ‘We got hacked’ emails threaten to leak University of Pennsylvania data – The University of Pennsylvania suffered a cybersecurity incident on Friday, where students and alumni received a series of offensive emails from various University email addresses, claiming that data was stolen in a breach.
- EY exposes 4TB+ SQL database to open internet for who knows how long – The Big Four biz’s big fat fail exposed a boatload of secrets online
- A Cybercrime Merger Like No Other — Scattered Spider, LAPSUS$, and ShinyHunters Join Forces – The nascent collective that combines three prominent cybercrime groups, Scattered Spider, LAPSUS$, and ShinyHunters, has created no less than 16 Telegram channels since August 8, 2025.
- U.S. Sanctions 10 North Korean Entities for Laundering $12.7M in Crypto and IT Fraud – The U.S. Treasury Department on Tuesday imposed sanctions against eight individuals and two entities within North Korea’s global financial network for laundering money for various illicit schemes, including cybercrime and information technology (IT) worker fraud.
- Amazon Equips Next Underwater Cable With ‘Robust Armoring’ to Prevent Cuts – The AWS ‘Fastnet’ cable will run from Maryland to Ireland, transporting over 320Tbps. Amid growing cable sabotage, however, ‘we’re burying this cable as deeply as possible,’ Amazon says.
- SonicWall says state-sponsored hackers behind security breach in September – SonicWall’s investigation into the September security breach that exposed customers’ firewall configuration backup files concludes that state-sponsored hackers were behind the attack.
- Hyundai AutoEver America data breach exposes SSNs, drivers licenses – Hyundai AutoEver America is notifying individuals that hackers breached the company’s IT environment and gained access to personal information.
- How a ransomware gang encrypted Nevada government’s systems – The State of Nevada has published an after-action report detailing how hackers breached its systems to deploy ransomware in August, and the actions taken to recover from the attack.
- 18 Arrested in Crackdown on Credit Card Fraud Rings – Between 2016 and 2021, the suspects defrauded 4.3 million cardholders in 193 countries of €300 million (~$346 million).
- ClickFix Attacks Against macOS Users Evolving – ClickFix prompts typically contain instructions for Windows users, but now they are tailored for macOS and they are getting increasingly convincing.
- Norway transport firm steps up controls after tests show Chinese-made buses can be halted remotely – A leading Norwegian public transport operator has said it will introduce stricter security requirements and step up anti-hacking measures after a test on new Chinese-made electric buses showed the manufacturer could remotely turn them off.
- U.S. Congressional Budget Office hit by suspected foreign cyberattack – The U.S. Congressional Budget Office (CBO) confirms it suffered a cybersecurity incident after a suspected foreign hacker breached its network, potentially exposing sensitive data.
- Samsung Zero-Click Flaw Exploited to Deploy LANDFALL Android Spyware via WhatsApp – A now-patched security flaw in Samsung Galaxy Android devices was exploited as a zero-day to deliver a “commercial-grade” Android spyware dubbed LANDFALL in targeted attacks in the Middle East.
Podcasts
November 10, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 10/27/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: You have one week to opt out or become fodder for LinkedIn AI training

LinkedIn’s updated data use policy, effective November 3, 2025, marks a significant expansion in its program of scraping user data for AI model training. Crucially, this policy change eliminates previous geographic exemptions, extending the practice to members in the UK, the European Union (EU), the European Economic Area (EEA), Switzerland, Canada, and Hong Kong. For professionals in these regions, virtually all publicly available data—including profile details and posts—is now fair game for harvesting. This move places LinkedIn squarely within a major global trend where tech giants are re-engineering terms of service to fuel their generative AI ventures, often raising the ire of members who explicitly provided their professional data for networking, not for mass training of commercial machine learning tools.

Beyond personal privacy, this policy shift introduces complex challenges for corporate governance, compliance, and legal teams. By sharing scraped data with affiliates, specifically Microsoft, LinkedIn is blurring the lines between its professional network data and the broader commercial interests of its parent company. The article notes that this data will be used to show more personalized ads, which may include sensitive insights gleaned from professional activity. Furthermore, the mandatory “opt-out” mechanism—instead of an “opt-in” model—is likely to face intense scrutiny in regions with stringent privacy legislation like the GDPR. The default setting of allowing data use creates a regulatory risk, potentially positioning LinkedIn for future legal challenges regarding the lack of explicit, freely given consent.

The analysis serves as a clear call to action, emphasizing that professionals in the newly included regions have a narrow window to safeguard their data. The process is a two-step affair: first, opting out of AI training under the Settings > Data Privacy menu, and second, adjusting the relevant preferences under the Advertising Data category to prevent data sharing with Microsoft affiliates for ad purposes. For a LinkedIn audience—whose primary asset is their meticulously curated professional identity—understanding and executing these opt-out steps is an urgent necessity. Failure to act defaults their professional biographies and content into the engine that powers the next generation of AI tools, permanently changing the intended use and ownership of their digital profile.

Projects
- TryHackMe – CyberChef: The Basics – In Progress
Videos

Articles
- Toys “R” Us Canada warns customers’ info leaked in data breach – Toys “R” Us Canada has sent notices of a data breach to customers informing them of a security incident where threat actors leaked customer records they had previously stolen from its systems.
- NSO permanently barred from targeting WhatsApp users with Pegasus spyware – Ruling holds that defeating end-to-end encryption in WhatsApp harms Meta’s business.
- Hackers Target Swedish Power Grid Operator The hackers stole information from a file transfer solution and the country’s power supply was not affected.
- Cybercriminals Trade 183 Million Stolen Credentials on Telegram, Dark Forums The email addresses were pulled from various sources and 16.4 million of them were not present in previous data breaches.
- New Herodotus Android malware fakes human typing to avoid detection – A new Android malware family, Herodotus, uses random delay injection in its input routines to mimic human behavior on mobile devices and evade timing-based detection by security software.
- You have one week to opt out or become fodder for LinkedIn AI training – Nations previously exempt from scraping now in the firing line
- Canada says hacktivists breached water and energy facilities – The Canadian Centre for Cyber Security warned today that hacktivists have breached critical infrastructure systems multiple times across the country, allowing them to modify industrial controls that could have led to dangerous conditions.
- Former US Defense Contractor Executive Admits to Selling Exploits to Russia – Peter Williams stole trade secrets from his US employer and sold them to a Russian cybersecurity tools broker.
- Major US Telecom Backbone Firm Hacked by Nation-State Actors – Ribbon Communications provides technology for communications networks and its customers include the US government and major telecom firms.
- Massive China-Linked Smishing Campaign Leveraged 194,000 Domains – The malicious Smishing Triad domains were used to collect sensitive information, including Social Security numbers.
November 3, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 10/20/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: Verizon: Mobile Blindspot Leads to Needless Data Breaches

The analysis of Verizon’s 2025 Mobile Security Index (MSI) reveals a critical and dangerous blind spot in enterprise risk management: as employees increasingly rely on personal devices for work, organizations are failing to apply commensurate security controls to the mobile frontier. This gap is rooted in a fundamental, dangerous misconception of security at both the individual and organizational level. Employees exhibit deep overconfidence, engaging in risky practices; like storing passwords in their Notes app or using their phone as the default device for “risky clicks” because they “believe nothing can happen there.” Threat actors have effectively capitalized on this low awareness by pivoting to smishing (SMS phishing), which the data shows is overwhelmingly more effective than email phishing. The 80% reported smishing attempt rate against organizations and the alarmingly high employee failure rates in simulations (with up to half of employees failing in many companies) underscore that mobile devices are now the path of least resistance for initial access breaches.

This issue is amplified by an organizational failure to evolve security policies to match the reality of hybrid work. Companies have invested heavily in desktop and server security, yet the MSI highlights a significant parity gap on the mobile side, slowing detection and response times. This gap is structural, as most organizations do not issue work phones to all employees, meaning the majority of mobile attacks (70%) land on unmanaged personal devices. Simply put, companies are falling into the same trap as their employees, ignoring a known, high-impact vulnerability. For business leaders and security professionals, the Verizon MSI presents a clear strategic mandate for immediate action. The traditional security perimeter is gone, and organizations must shift their focus from preventing device use to managing the risk associated with it. This necessitates a combined approach of robust policy implementation and mandatory, high-frequency employee education. The data provides a powerful incentive: organizations utilizing a comprehensive set of eight mobile security best practices—including Mobile Device Management (MDM) and a zero-trust architecture—are five times less likely to experience major repercussions from a breach. The cost of inaction, leading to longer detection times and system downtime, far outweighs the investment required to bring mobile security up to parity with traditional IT controls, making

Projects
- TryHackMe – Vulnerability Scanner Overview – Complete
- TryHackMe – CyberChef: The Basics – In Progress
Videos

Articles
- Massive SIM farm network powering 49 million fake accounts taken apart by Europol – Law enforcement agencies from Austria, Estonia, Finland, and Latvia, together with Europol, have seized thousands of SIM-box devices and SIM cards used in multiple scam campaigns.
- 131 Chrome Extensions Caught Hijacking WhatsApp Web for Massive Spam Campaign – Cybersecurity researchers have uncovered a coordinated campaign that leveraged 131 rebranded clones of a WhatsApp Web automation extension for Google Chrome to spam Brazilian users at scale.
- Foreign hackers breached a US nuclear weapons plant via SharePoint flaws – A foreign actor infiltrated the National Nuclear Security Administration’s Kansas City National Security Campus through vulnerabilities in Microsoft’s SharePoint browser-based app, raising questions about the need to solidify further federal IT/OT security protections.
- Russian hackers evolve malware pushed in “I am not a robot” captchas – The Russian state-backed Star Blizzard hacker group has ramped up operations with new, constantly evolving malware families (NoRobot, MaybeRobot) deployed in complex delivery chains that start with ClickFix social engineering attacks.
- Muji’s minimalist calm shattered as ransomware takes down logistics partner – Japanese retailer halts online orders after attack cripples third-party vendor
- Hundreds of masked ICE agents doxxed by hackers, as personal details posted on Telegram – Hundreds of US government officials working for the FBI, ICE, and Department of Justice have had their personal data leaked by a notorious hacking group.
- Major AWS outage took down Fortnite, Alexa, Snapchat, and more – Amazon says the cause of the AWS outage was related to DNS.
- LA Metro digital signs taken over by hackers – the digital reader boards at a bus stop at 6th Street and Vermont Avenue displaying a message that read “EMERGENCY WARNING. LEAVE IMMEDIATELY. RISK OF SUICIDE BOMB.”
- SoCal man agrees to plead guilty to acting as Beijing’s agent – A California man has agreed to plead guilty to acting as an illegal agent for the Chinese government in Southern California while working as a campaign advisor for a local politician.
- Verizon: Mobile Blindspot Leads to Needless Data Breaches – People habitually ignore cybersecurity on their phones. Instead of compensating for that, organizations are falling into the very same trap, even though available security options could cut smishing success and breaches in half.
October 27, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 10/13/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: Satellites found exposing unencrypted data, including phone calls and some military comms

This article reveals a startling lapse in global data security, reporting that researchers from UC San Diego and the University of Maryland easily intercepted vast amounts of unencrypted sensitive data from as many as half of all geostationary satellites. Using only an $800 off-the-shelf satellite receiver over three years, they were able to eavesdrop on a broad spectrum of communications. The exposed information includes personal consumer data such as private voice calls, text messages, and internet traffic from commercial services like in-flight Wi-Fi, demonstrating that data considered private is often wide open to unauthorized interception with minimal effort.

The scope of the security failure extends far beyond consumer privacy, encompassing communications critical to national security and vital economic operations. Critically, the researchers found the unencrypted streams included data exchanged between critical infrastructure systems, such as energy and water suppliers, offshore oil and gas platforms, and even some military communications. The effortless exposure of these transmissions poses a profound security risk, creating a significant vulnerability for coordinated attacks or industrial espionage against foundational public and private utilities.

Following the discovery, the research team spent a year alerting affected organizations. This effort led to some immediate remediation, with companies like T-Mobile and AT&T’s network in Mexico quickly encrypting their data to mitigate the risk. However, the most alarming takeaway is the warning that the exposure is far from over. Many organizations, especially certain critical infrastructure providers, have not yet fixed their systems, meaning that large volumes of sensitive satellite data will continue to be vulnerable to eavesdropping for years to come, leaving essential systems exposed to this easily exploited security hole.

Projects
- TryHackMe – Vulnerability Scanner Overview – In Progress
Videos

Articles
- Harvard Is First Confirmed Victim of Oracle EBS Zero-Day Hack – Hackers have posted over 1 Tb of information allegedly stolen from Harvard on the Cl0p data leak website.
- Satellites found exposing unencrypted data, including phone calls and some military comms – Security researchers have discovered that as many as half of all geostationary satellites in Earth’s orbit are carrying unencrypted sensitive consumer, corporate, and military information, making this data wide open to eavesdropping.
- Fake LastPass, Bitwarden breach alerts lead to PC hijacks – An ongoing phishing campaign is targeting LastPass and Bitwarden users with fake emails claiming that the companies were hacked, urging them to download a supposedly more secure desktop version of the password manager.
- F5 Breach Exposes BIG-IP Source Code — Nation-State Hackers Behind Massive Intrusion – U.S. cybersecurity company F5 on Wednesday disclosed that unidentified threat actors broke into its systems and stole files containing some of BIG-IP’s source code and information related to undisclosed vulnerabilities in the product.
- Experian fined $3.2 million for mass-collecting personal data – Experian Netherlands has been fined EUR 2.7 million ($3.2 million) for multiple violations of the General Data Protection Regulation (GDPR)
- China Accuses US of Cyberattack on National Time Center – The Ministry of State Security alleged that the NSA exploited vulnerabilities in the messaging services of a foreign mobile phone brand to steal sensitive information.
Podcasts
October 20, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 10/6/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: The Salesloft-Drift Breach: Analyzing the Biggest SaaS Breach of 2025

Analysis of The Salesloft-Drift SaaS Supply Chain Breach

This article effectively spotlights the most critical emerging threat in enterprise security: the SaaS supply chain attack leveraging unmonitored SaaS-to-SaaS integrations. The breach of Salesloft and Drift, attributed to sophisticated groups like ShinyHunters and Scattered Spider, serves as a powerful case study for a fundamental shift in risk. Since most modern businesses rely on an interconnected ecosystem of applications like Salesforce and Gmail, a compromise in a single low-profile third-party vendor offers a “10x force multiplier” for attackers, allowing them to pivot laterally into hundreds of downstream customer environments. This risk profile—where a company’s sensitive data is accessed not through a firewall failure but through a trusted connection and persistent OAuth token—is highly relevant to all LinkedIn professionals, especially those in leadership and IT/DevOps roles responsible for vendor risk and cloud security architecture.

The analysis of why “traditional SaaS security failed” underscores the growing SaaS Security Gap. Legacy security tools, designed for on-premise networks or simple SaaS usage, are blind to the five critical attack vectors: the persistent nature of compromised OAuth tokens, the ability for attackers to conduct SaaS-to-SaaS lateral movement, and the complete lack of visibility into these third-party connections. This is a direct challenge to the common belief that simply having an identity and access management (IAM) solution is sufficient, as IAM often trusts OAuth tokens by design. The article thus compels organizations to shift their focus from protecting the network perimeter to continuously monitoring the permissions, configurations, and behavioral patterns within and across their interconnected cloud applications.

The proposed solution, Dynamic SaaS Security from the article’s publisher, Reco, frames the next necessary evolution in defense. It details a multi-layered strategy that directly counters each attack vector by providing instant discovery of risky SaaS-to-SaaS connections, continuous monitoring of OAuth token usage, and cross-SaaS threat detection.¹ For security professionals, this translates into actionable steps: prioritizing the active scanning and removal of secrets and API keys embedded in SaaS environments and implementing real-time behavioral policies that look for anomalous activity that spans multiple applications.² Ultimately, the Salesloft-Drift breach is presented not just as a news event, but as a watershed moment proving that static, siloed security is obsolete in the era of hyper-connected cloud workflows.

Projects
- TryHackMe – IDS Fundamentals – Complete
- TryHackMe – Vulnerability Scanner Overview – In Progress
Videos

Articles
- Discord discloses data breach after hackers steal support tickets – Hackers stole partial payment information and personally identifiable data, including names and government-issued IDs, from some Discord users after compromising a third-party customer service provider.
- CometJacking: One Click Can Turn Perplexity’s Comet AI Browser Into a Data Thief – Cybersecurity researchers have disclosed details of a new attack called CometJacking targeting Perplexity’s agentic AI browser Comet by embedding malicious prompts within a seemingly innocuous link to siphon sensitive data, including from connected services, like email and calendar.
- ParkMobile pays… $1 each for 2021 data breach that hit 22 million – ParkMobile has finally wrapped up a class action lawsuit over the platform’s 2021 data breach that hit 22 million users.
- Hacking group claims theft of 1 billion records from Salesforce customer databases – A notorious predominantly English-speaking hacking group has launched a website to extort its victims, threatening to release about a billion records stolen from companies who store their customers’ data in cloud databases hosted by Salesforce.
- The Salesloft-Drift Breach: Analyzing the Biggest SaaS Breach of 2025 – Supply chain attacks that exploit unmonitored SaaS-to-SaaS integrations affect ten times more companies than traditional credential-based breaches.
- DraftKings warns of account breaches in credential stuffing attacks – Sports betting giant DraftKings has notified an undisclosed number of customers that their accounts had been hacked in a recent wave of credential stuffing attacks.
- California enacts law giving consumers ability to universally opt out of data sharing – California Gov. Gavin Newsom on Wednesday signed a bill which requires web browsers to make it easier for Californians to opt-out of allowing third parties to sell their data.
- Fake ‘Inflation Refund’ texts target New Yorkers in new scam – An ongoing smishing campaign is targeting New Yorkers with text messages posing as the Department of Taxation and Finance, claiming to offer “Inflation Refunds” in an attempt to steal victims’ personal and financial data.
October 13, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 9/29/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: US Auto Insurance Platform ClaimPix Leaked 10.7TB of Records Online

This colossal data exposure involving ClaimPix, an auto insurance claims platform, serves as a stark warning about the pervasive dangers of basic security failures in the digital age. The discovery of an unsecured, unencrypted database containing a staggering 10.7 terabytes and 5.1 million files highlights critical shortcomings in data governance and cloud configuration management. For a platform entrusted with managing sensitive insurance and vehicle information, leaving such a massive repository of customer PII and operational data publicly accessible due to a lack of a simple password is a fundamental breach of trust and duty. This incident underscores that even with advanced security threats dominating the news, the simplest oversight—like misconfiguring storage access—can lead to catastrophic consequences.

The contents of the leak reveal the severe implications for data privacy and corporate legal exposure. Beyond standard PII like names and addresses, the exposure of vehicle records (VINs, license plates) and, most critically, approximately 16,000 Power of Attorney documents elevates the risk far beyond mere inconvenience. This combination of personal identity details and legal authorization is a potent toolkit for sophisticated criminals, enabling everything from identity theft and financial fraud to the highly specialized crime of vehicle cloning. The severity of this specific data mix places ClaimPix under immense scrutiny for compliance violations and potential long-term harm to the affected customers, demanding a comprehensive and transparent response regarding the full duration of exposure and the root cause.

While ClaimPix’s swift action to secure the database upon receiving the responsible disclosure is commendable, the lingering questions concerning the entity responsible for the database—whether ClaimPix directly or a third-party vendor—are paramount for risk analysis. This ambiguity is a key point for every business professional, emphasizing the critical need for rigorous vendor risk management and clear data ownership protocols. The incident provides an urgent case study for organizations to stress-test their security architectures, focusing on mandatory encryption, multi-factor access controls, and regular audits of cloud storage configurations. Ultimately, the ClaimPix leak is a powerful reminder that proactive, fundamental security hygiene is the bedrock of corporate responsibility and essential for maintaining customer trust in a data-driven ecosystem.

Projects
- TryHackMe – Firewall Fundamentals – Complete
- TryHackMe – IDS Fundamentals – In Progress
Articles
- Ransomware gang sought BBC reporter’s help in hacking media giant – Threat actors claiming to represent the Medusa ransomware gang tempted a BBC correspondent to become an insider threat by offering a significant amount of money.
- Japan’s largest brewer suspends operations due to cyberattack – Asahi Group Holdings, Ltd (Asahi), the brewer of Japan’s top-selling beer, has disclosed a cyberattack that disrupted several of its operations.
- UK convicts “Bitcoin Queen” in world’s largest cryptocurrency seizure – The Metropolitan Police has secured a conviction in what is believed to be the world’s largest cryptocurrency seizure, valued at more than £5.5 billion ($7.3 billion).
- Google Ads Used to Spread Trojan Disguised as TradingView Premium – Bitdefender warns that the TradingView Premium ad scam now targets Google ads and YouTube, hijacking verified channels to spread spyware.
- Dutch teens arrested for trying to spy on Europol for Russia – Two Dutch teenage boys aged 17, reportedly used hacking devices to spy for Russia, have been arrested by the Politie on Monday.
- US Auto Insurance Platform ClaimPix Leaked 10.7TB of Records Online – Cybersecurity researcher Jeremiah Fowler discovered a massive 10.7TB ClaimPix leak exposing 5.1M customer files, vehicle data, and Power of Attorney documents. Read the full details.
- Medusa Ransomware Claims Comcast Data Breach, Demands $1.2M – Medusa ransomware group claims 834 GB data theft from Comcast, demanding $1.2M ransom while sharing screenshots and file listings.
- Nearly 50,000 Cisco firewalls vulnerable to actively exploited flaws – Roughly 50,000 Cisco Adaptive Security Appliance (ASA) and Firewall Threat Defense (FTD) appliances exposed on the public web are vulnerable to two vulnerabilities actively leveraged by hackers.
- Allianz Life says July data breach impacts 1.5 million people – Allianz Life has completed the investigation into the cyberattack it suffered in July and determined that nearly 1.5 million individuals are impacted.
- That annoying SMS phish you just got may have come from a box like this – Scammers have been abusing unsecured cellular routers used in industrial settings to blast SMS-based phishing messages in campaigns that have been ongoing since 2023, researchers said.
Podcasts
October 6, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 9/22/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: Attackers Abuse AI Tools to Generate Fake CAPTCHAs in Phishing Attacks

This new research by Trend Micro highlights a critical escalation in the cyber threat landscape, demonstrating how the very tools driving modern digital transformation, specifically AI-native development platforms are being co-opted for malicious ends. The core threat lies in the attackers’ ability to weaponize the ease of deployment, free hosting, and legitimate branding of services like Lovable, Netlify, and Vercel. By leveraging AI to rapidly generate convincing fake CAPTCHA pages, cybercriminals have streamlined their operations, lowering the technical skill and cost barrier to launching sophisticated phishing campaigns at scale. This trend forces organizations to recognize that their innovation partners (AI platforms) may inadvertently be enabling their adversaries, necessitating a complete re-evaluation of current security intelligence and threat models.

The tactical genius of this attack chain is its effectiveness in bypassing both human vigilance and automated security controls. The fake CAPTCHA serves a dual purpose: psychologically, it makes the malicious link appear legitimate to the end-user by simulating a routine security check, lowering their guard against a suspicious “Password Reset” or “USPS” notification. Technologically, it acts as a cloaking device. Automated security scanners that crawl the initial URL only encounter the CAPTCHA challenge, failing to see the credential-harvesting page hidden behind it. This redirection technique significantly enhances the success rate of the phishing operation, demonstrating that attackers are creatively adapting their social engineering and evasion techniques to overcome standard endpoint and email security defenses.

Moving forward, this research demands a robust, multi-layered response from the professional community. For security teams, traditional signature-based detection is no longer sufficient; defenses must evolve to analyze the entire redirect chain and monitor for abuse across trusted development domains. For business leaders and HR departments, the necessity of employee security awareness training is amplified, focusing specifically on verifying URLs even when a CAPTCHA is present. Ultimately, the “fake CAPTCHA” scheme underscores a broader industry challenge: balancing the benefits of agile, AI-powered development tools with the inherent risk they introduce when made accessible to all, including those with criminal intent. The industry must now collaborate to build in mechanisms that detect and shut down malicious use on these platforms swiftly and at the source.

Projects
- TryHackMe – Log Fundamentals – Complete
- TryHackMe – Introductrion to SIEM – Complete
- TryHackMe – Firewall Fundamentals – In Progress
Articles
- Attackers Abuse AI Tools to Generate Fake CAPTCHAs in Phishing Attacks – Cybercriminals are abusing AI platforms to create and host fake CAPTCHA pages to enhance phishing campaigns, according to new Trend Micro research.
- Chinese Network Selling Thousands of Fake US and Canadian IDs – New investigation exposes a China-based ring that sold over 6,500 fake United States and Canadian IDs using well-planned covert packaging. Learn how this operation threatens national security and enables financial crime.
- UK police arrested two teen Scattered Spider members linked to the 2024 attack on Transport for London – U.K. police arrested two teens from the Scattered Spider group for their role in the August 2024 cyberattack on Transport for London.
- American Archive of Public Broadcasting fixes bug exposing restricted media – A vulnerability in the American Archive of Public Broadcasting’s website allowed downloading of protected and private media for years, with the flaw quietly patched this month.
- U.S. Secret Service Seizes 300 SIM Servers, 100K Cards Threatening U.S. Officials Near UN – The U.S. Secret Service on Tuesday said it took down a network of electronic devices located across the New York tri-state area that were used to threaten U.S. government officials and posed an imminent threat to national security.
- A Massive Telecom Threat Was Stopped Right As World Leaders Gathered at UN Headquarters in New York – More than 300 servers and 100,000 SIM cards designed to mimic cellphones and overwhelm networks.
- Jaguar Land Rover Says Shutdown Will Continue Until at Least Oct 1 After Cyberattack – JLR extended the pause in production “to give clarity for the coming week as we build the timeline for the phased restart of our operations and continue our investigation.”
- How One Bad Password Ended a 158-Year-Old Business – The Northamptonshire-based firm fell victim to the Akira ransomware group after hackers gained access by guessing an employee’s weak password.
- Dutch teens arrested for trying to spy on Europol for Russia – Two Dutch teenage boys aged 17, reportedly used hacking devices to spy for Russia, have been arrested by the Politie on Monday.
- Harrods suffers new data breach exposing 430,000 customer records – UK retail giant Harrods has disclosed a new cybersecurity incident after hackers compromised a third-party supplier and stole 430,000 records with sensitive e-commerce customer information.
September 29, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 9/15/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: Former FinWise employee may have accessed nearly 700K customer records

The data breach at FinWise Bank, which affected nearly 700,000 customer records, highlights the significant and often prolonged risk posed by former employees. A former staff member was able to potentially access sensitive information for over a year after their employment ended, demonstrating a critical failure in the company’s offboarding and access control protocols. While FinWise Bank has taken standard corrective measures, such as hiring cybersecurity professionals and offering free credit monitoring to the 689,000 affected customers, the incident underscores the severe consequences of a breach that goes undetected for a lengthy period.

This incident is not isolated and falls into a growing pattern of insider-related data breaches. The article cites similar, high-profile cases at companies like Coinbase and Rippling, where former or current employees were found to have maliciously accessed or stolen data. The problem extends beyond malicious intent to include accidental breaches, such as misdirected emails. The recurring nature of these events, including a statistic about student-caused cyberattacks in schools, points to a systemic vulnerability in how organizations manage and secure internal access to sensitive information.

Experts suggest that a more strategic approach to personnel security is needed to counter these risks effectively. The analysis from Paul Martin of RUSI points out the “lacking strategic thinking” in the field and recommends proactive measures rather than reactive ones. He advocates for a stronger internal security culture, built on trust, and the creation of a dedicated working group to aggregate and analyze data that could indicate insider malfeasance. By improving these internal processes, organizations like FinWise could better protect themselves from the risks posed by both current and former employees, thus preventing future incidents of this scale.

Projects
- TryHackMe – Log Fundamentals – In Progress
Papers
- DTEX 2025 Cost of Insider Risk Global Report
Articles
- 600 GB of Alleged Great Firewall of China Data Published in Largest Leak Yet – Hackers leaked 600 GB of data linked to the Great Firewall of China, exposing documents, code, and operations. Full details available on the GFW Report.
- Google confirms hackers gained access to law enforcement portal – Google has confirmed that hackers created a fraudulent account in its Law Enforcement Request System (LERS) platform that law enforcement uses to submit official data requests to the company.
- Former FinWise employee may have accessed nearly 700K customer records – Bank says incident went undetected for over a year before discovery in June.
- Scattered Spider ransomware group abruptly decides to end operations – for now, at least: The Scattered Spider ransomware group and more than a dozen other hacker buddies have abruptly decided to close up shop. Apparently, the pressure from law enforcement agencies has become too hot to handle.
- RaccoonO365 Phishing Service Disrupted, Leader Identified – Microsoft and Cloudflare have teamed up to take down the infrastructure used by RaccoonO365.
- Scattered Spider Resurfaces With Financial Sector Attacks Despite Retirement Claims – Cybersecurity researchers have tied a fresh round of cyber attacks targeting financial services to the notorious cybercrime group known as Scattered Spider, casting doubt on their claims of going “dark.”
- BreachForums Owner Sent to Prison in Resentencing – Conor Fitzpatrick, who pleaded guilty in July 2023, was sentenced last year to time served and supervised release.
- UK arrests ‘Scattered Spider’ teens linked to Transport for London hack – Two teenagers, believed to be linked to the August 2024 cyberattack on Transport for London, have been arrested in the United Kingdom.
- Tiffany Data Breach Impacts Thousands of Customers – The high-end jewelry retailer is informing customers in the United States and Canada that hackers accessed information related to gift cards.
- U.K. Arrests Two Teen Scattered Spider Hackers Linked to August 2024 TfL Cyber Attack Law enforcement authorities in the U.K. have arrested two teen members of the Scattered Spider hacking group in connection with their alleged participation in an August 2024 cyber attack targeting Transport for London (TfL), the city’s public transportation agency.
- ChatGPT Tricked Into Solving CAPTCHAs – The AI agent was able to solve different types of CAPTCHAs and adjusted its cursor movements to better mimic human behavior.
- UNC1549 Hacks 34 Devices in 11 Telecom Firms via LinkedIn Job Lures and MINIBIKE Malware – An Iran-nexus cyber espionage group known as UNC1549 has been attributed to a new campaign targeting European telecommunications companies, successfully infiltrating 34 devices across 11 organizations as part of a recruitment-themed activity on LinkedIn.
September 22, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 9/8/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: Hackers Weaponize Amazon Simple Email Service to Send 50,000+ Malicious Emails Per Day

A recent cybercriminal campaign has been exploiting Amazon’s Simple Email Service (SES) to launch large-scale phishing attacks, delivering over 50,000 malicious emails per day. The campaign begins with attackers gaining access to AWS accounts through compromised access keys. They then use these credentials to probe the environment for SES permissions. By using a sophisticated, multi-regional approach, they are able to bypass SES’s default “sandbox” restrictions and daily email limits, unlocking the ability to send massive volumes of malicious emails.

The attackers’ infrastructure is technically advanced, utilizing both their own domains and legitimate domains with weak security configurations to facilitate email spoofing. They systematically verify these domains and create legitimate-looking email addresses to maximize the credibility of their messages. The phishing emails themselves are designed to appear as official tax-related notifications, directing victims to credential harvesting sites. To evade detection, the attackers use commercial traffic analysis services and programmatically attempt to escalate privileges within the AWS environment, though some of these attempts have failed.

This campaign highlights a growing threat where legitimate cloud services, intended for business purposes, are weaponized at scale. The successful exploitation of Amazon SES demonstrates the critical importance of robust security practices, including the need for enhanced monitoring of dormant access keys and unusual cross-regional API activity. The findings from Wiz.io researchers serve as a crucial reminder for organizations to implement more stringent security measures to prevent cloud service abuse and protect against sophisticated, large-scale cyberattacks.

Projects
- TryHackMe – SQLMap: The Basics – Complete
- TryHackMe – SOC Fundamentals – Complete
- TryHackMe – Digital Forensics Fundamentals – Complete
- TryHackMe – Incident Response Fundamentals – Complete
Videos

Articles
- Plex tells users to reset passwords after new data breach – Media streaming platform Plex is warning customers to reset passwords after suffering a data breach in which a hacker was able to steal customer authentication data from one of its databases.
- iCloud Calendar abused to send phishing emails from Apple’s servers – iCloud Calendar invites are being abused to send callback phishing emails disguised as purchase notifications directly from Apple’s email servers, making them more likely to bypass spam filters to land in targets’ inboxes.
- Hackers Weaponize Amazon Simple Email Service to Send 50,000+ Malicious Emails Per Day – A sophisticated cybercriminal campaign has emerged, exploiting Amazon’s Simple Email Service (SES) to orchestrate large-scale phishing operations capable of delivering over 50,000 malicious emails daily.
- Remote CarPlay Hack Puts Drivers at Risk of Distraction and Surveillance – Oligo Security has shared details on an Apple CarPlay attack that hackers may be able to launch without any interaction.
- Apple warns customers targeted in recent spyware attacks – Apple warned customers last week that their devices were targeted in a new series of spyware attacks, according to the French national Computer Emergency Response Team (CERT-FR).
- U.S. Senator accuses Microsoft of “gross cybersecurity negligence” – U.S. Senator Ron Wyden has sent a letter to the Federal Trade Commission (FTC) requesting the agency to investigate Microsoft for failing to provide adequate security in its products, which led to ransomware attacks against healthcare organizations.
- Man gets over 4 years in prison for selling unreleased movies – A Tennessee court has sentenced a Memphis man who worked for a DVD and Blu-ray manufacturing and distribution company to 57 months in prison for stealing and selling digital copies of unreleased movies.
Podcasts
September 15, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 9/1/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: New ClickFix Malware Variant ‘LightPerlGirl’ Targets Users in Stealthy Hack

The article highlights the stealthy and evasive nature of this new threat. By using LOLBINS (Living Off the Land Binaries) like PowerShell, the malware is designed to evade detection by conventional antivirus software and even modern endpoint detection and response (EDR) systems, which are not commonly found on personal computers. The PowerShell script runs in memory, leaving little to no trace on the disk. This approach exploits the trust users place in legitimate system tools and known security services like Cloudflare. The use of a travel site for an expensive destination like the Galapagos suggests the attackers are targeting affluent individuals, potentially executives, whose personal devices could serve as a gateway to their corporate networks.

Despite successfully identifying the malware and its payload, researchers at Todyl have several unanswered questions about the operation’s infrastructure and the relationships between the different actors involved. For instance, they are unsure whether the developers of LightPerlGirl are directly affiliated with the creators of the Lumma infostealer or if they are separate entities using a malware-as-a-service model. The discovery of this variant was almost accidental, as it was found on a customer’s corporate device which was protected by Todyl’s security platform. This underscores the difficulty in detecting such stealthy attacks, even for advanced security solutions. The article emphasizes that the true danger of ClickFix variants lies in their potential to compromise a company’s enterprise network through an unsuspecting employee’s personal device.

Projects
- TryHackMe – Hydra – Complete
- TryHackMe – Gobuster: The Basics – Complete
- TryHackMe – Shells Overview – Complete
- TryHackMe – SQLMap: The Basics – In Progress
Videos

Articles
- No, Google did not warn 2.5 billion Gmail users to reset passwords – Google has disputed a widely reported story about the company warning all Gmail users to reset their passwords due to a recent data breach that also affected some Workspace accounts.
- FBI cyber cop: Salt Typhoon pwned ‘nearly every American’ – China’s Salt Typhoon cyberspies hoovered up information belonging to millions of people in the United States over the course of the years-long intrusion into telecommunications networks, according to a top FBI cyber official.
- Disney to pay $10M to settle claims it collected kids’ data on YouTube – Disney will pay $10 million to settle claims by the U.S. Federal Trade Commission that it mislabeled videos for children on YouTube, which allowed the collection of kids’ personal information without their consent or notification to their parents.
- Cloudflare Blocks Record-Breaking 11.5 Tbps DDoS Attack – Cloudflare on Tuesday said it automatically mitigated a record-setting volumetric distributed denial-of-service (DDoS) attack that peaked at 11.5 terabits per second (Tbps).
- Iranian Hackers Exploit 100+ Embassy Email Accounts in Global Phishing Targeting Diplomats – An Iran-nexus group has been linked to a “coordinated” and “multi-wave” spear-phishing campaign targeting the embassies and consulates in Europe and other regions across the world.
- Google Fined $379 Million by French Regulator for Cookie Consent Violations – The French data protection authority has fined Google and Chinese e-commerce giant Shein $379 million (€325 million) and $175 million (€150 million), respectively, for violating cookie rules.
- VirusTotal Finds 44 Undetected SVG Files Used to Deploy Base64-Encoded Phishing Pages – Cybersecurity researchers have flagged a new malware campaign that has leveraged Scalable Vector Graphics (SVG) files as part of phishing attacks impersonating the Colombian judicial system.
- New ClickFix Malware Variant ‘LightPerlGirl’ Targets Users in Stealthy Hack – Researchers identify a previously unknown ClickFix variant exploiting PowerShell and clipboard hijacking to deliver the Lumma infostealer via a compromised travel site.
- Jury orders Google to pay $425 million for violating user privacy – The class action lawsuit alleged that Google continued to collect user information even after they turned activity tracking off.
September 8, 2025