CTRL + ALT + SEC

Category: In the News

What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 8/11/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: New York claims Zelle’s shoddy security enabled a billion dollars in scams

The lawsuit claims that Zelle, a payment platform owned by major banks, was launched with significant security flaws that enabled a billion dollars in customer fraud between 2017 and 2023. Attorney General James alleges that the company behind Zelle, Early Warning Services (EWS), was aware of these vulnerabilities from the start but failed to implement basic safeguards. The lawsuit highlights issues such as a flawed registration process that allowed scammers to use misleading email addresses to impersonate legitimate entities, making it easy to trick users into sending them money.

The complaint also accuses EWS of failing to ensure that banks reported customer complaints about fraud in a timely manner. The lawsuit states that Zelle falsely advertised its service as a “safe” money transfer tool and did not promptly remove fraudulent accounts or require banks to reimburse consumers for certain scams. This legal action mirrors a previous lawsuit filed by the Consumer Financial Protection Bureau, which was later dropped.

In response to the lawsuit, Zelle spokesperson Eric Blankenbaker called it a “political stunt” and denied the claims. He stated that Zelle “leads the fight to stop fraud and scams” and argued that the Attorney General’s lawsuit would ultimately put consumers at greater risk by providing criminals with a blueprint for guaranteed payouts. The lawsuit seeks restitution and damages for New Yorkers who have been harmed by Zelle’s alleged security failures.

Projects
- TryHackMe – JavaScript Essentials – In Progress
Webinars
- SANS Security Awareness Virtual Conference
- Proofpoint Power Series – Threat Intel Unfiltered
Videos

Articles
- WinRAR Zero-Day Under Active Exploitation – Update to Latest Version Immediately: Tracked as CVE-2025-8088 (CVSS score: 8.8), the issue has been described as a case of path traversal affecting the Windows version of the tool that could be exploited to obtain arbitrary code execution by crafting malicious archive files.
- Security flaws in a carmaker’s web portal let one hacker remotely unlock cars from anywhere – A security researcher said flaws in a carmaker’s online dealership portal exposed the private information and vehicle data of its customers, and could have allowed hackers to remotely break into any of its customers’ vehicles.
- Manpower franchise discloses data theft after RansomHub posts alleged stolen data – And yes, there’s the usual credit monitoring
- Hyundai wants Ioniq 5 owners to pay to fix a keyless entry security hole – Some Ioniq 5 models are vulnerable to thieves using a Game Boy-like handheld device.
- Russian government hackers said to be behind US federal court filing system hack: Report – The Russian government is allegedly behind the data breach affecting the U.S. court filing system known as PACER, according to The New York Times.
- New York claims Zelle’s shoddy security enabled a billion dollars in scams – Attorney General Letitia James claims Zelle launched with serious security flaws that made the platform ‘uniquely susceptible to fraud.
- Plex warns users to patch security vulnerability immediately – Plex has notified some of its users on Thursday to urgently update their media servers due to a recently patched security vulnerability.
Podcasts
August 18, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 8/4/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: Hacker extradited to US for stealing $3.3 million from taxpayers

The article details the successful extradition of Nigerian national Chukwuemeka Victor Amachukwu from France to the U.S., where he faces charges related to a sophisticated hacking and fraud scheme. The core of his alleged criminal activity involved spearphishing attacks targeting U.S. tax preparation businesses. By gaining unauthorized access to these businesses’ computer systems, Amachukwu and his co-conspirators were able to steal the personal data of thousands of American citizens. This stolen information was then used to file fraudulent tax returns and Small Business Administration (SBA) loan applications, resulting in over $3.3 million in confirmed losses to the U.S. government. The extradition underscores the international cooperation necessary to combat cybercrime and demonstrates a commitment by law enforcement to pursue and prosecute individuals who exploit digital vulnerabilities for financial gain, regardless of their physical location.

Beyond the tax and loan fraud, the article highlights Amachukwu’s alleged involvement in a separate, parallel scam. This second scheme involved a fake investment opportunity where victims were convinced to invest millions in non-existent standby letters of credit. This dual-pronged criminal activity paints a picture of a perpetrator who engaged in multiple forms of financial deception, exploiting both technological vulnerabilities and human trust. The indictment against Amachukwu reflects the seriousness of his alleged crimes, with charges including conspiracy to commit computer intrusions, wire fraud, and aggravated identity theft. The potential penalties, including a mandatory two-year consecutive sentence for aggravated identity theft and up to 20 years for each wire fraud count, illustrate the severe legal consequences for such offenses.

The extradition and subsequent court appearance of Amachukwu serve as a significant development in the case, moving it from international pursuit to domestic prosecution. The fact that he was apprehended and extradited from France, where he was presumably located after the alleged crimes took place, showcases the global reach of U.S. law enforcement and its ability to work with international partners to bring suspects to justice. While a trial date has yet to be scheduled, the article makes it clear that the U.S. government is not only seeking a conviction but also the forfeiture of all proceeds from his criminal activities. This aggressive legal approach aims to both punish the perpetrator and recover the stolen funds, providing a comprehensive response to the financial and personal damage caused by his fraudulent schemes.

Projects
- TryHackMe – JavaScript Essentials – In Progress
Whitepapers
- CrowdStrike 2025 Threat Hunting Report
Articles
- CL-STA-0969 Installs Covert Malware in Telecom Networks During 10-Month Espionage Campaign – Telecommunications organizations in Southeast Asia have been targeted by a state-sponsored threat actor known as CL-STA-0969 to facilitate remote control over compromised networks.
- Python-powered malware snags hundreds of credit cards, 200K passwords, and 4M cookies – PXA Stealer pilfers data from nearly 40 browsers, including Chrome
- North Korea sent me abroad to be a secret IT worker. My wages funded the regime – Jin-su says over the years he used hundreds of fake IDs to apply for remote IT work with Western companies. It was part of a vast undercover scheme to raise funds for North Korea.
- Cisco Says User Data Stolen in CRM Hack – Cisco has disclosed a data breach affecting Cisco.com user accounts, including names, email address, and phone numbers.
- What the Coinbase Breach Says About Insider Risk – The lesson from the breach is not just about what went wrong — but what could have gone right.
- PBS confirms data breach after employee info leaked on Discord servers – PBS has suffered a data breach exposing the corporate contact information of its employees and those of its affiliates, BleepingComputer has learned.
- Hacker extradited to US for stealing $3.3 million from taxpayers – Nigerian national Chukwuemeka Victor Amachukwu has been extradited from France to the U.S. to face charges of hacking, fraud, and identity theft for suspected spearphishing attacks on U.S. tax preparation businesses.
- Hacker used a voice phishing attack to steal Cisco customers’ personal information – A cybercriminal tricked a Cisco representative into granting them access to steal the personal information of Cisco.com users, the company said on Tuesday.
- Air France and KLM disclose data breaches impacting customers – Air France and KLM announced on Wednesday that attackers had breached a customer service platform and stolen the data of an undisclosed number of customers.
- Hacker extradited to US for stealing $3.3 million from taxpayers – Nigerian national Chukwuemeka Victor Amachukwu has been extradited from France to the U.S. to face charges of hacking, fraud, and identity theft for suspected spearphishing attacks on U.S. tax preparation businesses.
Podcasts
- Smashing Security – 428: Red flags, leaked chats, and a final farewell
- The 404 Media Podcast – How AI is being used by hackers and criminals
August 11, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 7/28/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: Tea’s data breach shows why you should be wary of new apps — especially in the AI era

This data breach highlights the inherent risks associated with entrusting sensitive personal information to new applications, particularly in an increasingly AI-driven digital landscape. The breach exposed approximately 72,000 images, including selfies and driver’s licenses, as well as over 1.1 million private direct messages containing intimate conversations. This incident serves as a stark reminder that user data, even when presumed private, can be easily exposed to a global audience with technical acumen. Despite the widespread reporting of the breach, the Tea app remarkably maintained a high ranking in app store charts, underscoring a prevailing user willingness to share sensitive data despite known security vulnerabilities.

Cybersecurity experts interviewed in the article emphasize that the risks of data exposure are amplified in the “AI era.” This heightened risk stems from several factors, including users’ growing comfort with sharing personal information with AI chatbots, which has already led to accidental public disclosures of private exchanges. Furthermore, the rise of “vibe coding”—the use of generative AI to write and refine code—introduces new security concerns. While enabling faster development, experts worry that vibe coding could lead to less secure applications as developers prioritize speed and potentially overlook robust security measures.

Ultimately, the Tea app breach serves as a critical cautionary tale, urging consumers to exercise extreme vigilance when engaging with new apps. Regardless of whether applications are developed with AI assistance or traditional methods, the core message from cybersecurity professionals is to always consider the worst-case scenario when sharing personal data. With the accelerated development of applications and adversaries increasingly leveraging AI for new attack vectors, users should anticipate a rise in data breaches and adopt a more proactive approach to safeguarding their digital privacy.

Projects
- TryHackMe – Web Application Basics – Complete
- TryHackMe – JavaScript Essentials – In Progress
White Paper
- IBM Cost of a Data Breach Report
Articles
- Insurance giant says most US customer data stolen in cyber-attack – Hackers have stolen personal information of a majority of insurance firm Allianz Life’s 1.4 million customers in North America, its parent company said.
- Dating safety app Tea breached, exposing 72,000 user images – Tea, an app that allows women to post anonymous comments about men they’ve supposedly dated, announced Friday that it has suffered a data breach, with hackers gaining access to 72,000 images.
- Scattered Spider is running a VMware ESXi hacking spree – Scattered Spider hackers have been aggressively targeting virtualized environments by attacking VMware ESXi hypervisors at U.S. companies in the retail, airline, transportation, and insurance sectors.
- FBI seizes $2.4M in Bitcoin from new Chaos ransomware operation – FBI Dallas has seized approximately 20 Bitcoins from a cryptocurrency address belonging to a Chaos ransomware member that is linked to cyberattacks and extortion payments from Texas companies.
- Minnesota Activates National Guard in Response to Cyberattack – Minnesota Governor Tim Walz called in the National Guard to assist the City of Saint Paul in responding to a cyberattack.
- Telecom Giant Orange Hit by Cyberattack – Orange was targeted by hackers in an attack that resulted in the disruption of services offered to corporate and individual customers.
- Everest Ransomware Claims Mailchimp as New Victim in Relatively Small Breach – Everest ransomware claims Mailchimp breach, leaks 943,000 lines of data. While limited in size, it adds to a spike in global ransomware activity this July.
- Your public ChatGPT queries are getting indexed by Google and other search engines – It’s a strange glimpse into the human mind: If you filter search results on Google, Bing, and other search engines to only include URLs from the domain “https://chatgpt.com/share,” you can find strangers’ conversations with ChatGPT.
- Microsoft: Russian hackers use ISP access to hack embassies in AiTM attacks – Microsoft warns that a cyber-espionage group linked to Russia’s Federal Security Service (FSB) is targeting diplomatic missions in Moscow using local internet service providers.
August 4, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 7/14/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: McDonald’s Chatbot Recruitment Platform Exposed 64 Million Job Applications

This reveals a significant data breach within McDonald’s recruitment platform, McHire, exposing the personal information of 64 million job applicants. The breach stemmed from two critical vulnerabilities: the persistence of default “123456” credentials for a test account belonging to Paradox.ai (the bot’s creator) and an insecure direct object reference (IDOR) weakness in an internal API. These flaws allowed security researchers Ian Carroll and Sam Curry unauthorized access to applicant data, including names, addresses, phone numbers, email addresses, and even the ability to view and intervene in ongoing chatbot conversations. The ease with which such widespread data could be accessed highlights severe lapses in security protocols and underscores the potential for malicious actors to exploit similar weaknesses if not promptly addressed.

The incident underscores the paramount importance of robust security practices, particularly in platforms handling vast amounts of personal identifiable information (PII). The fact that a simple, unchanged default password from a 2019 test account could grant administrative access, combined with an IDOR vulnerability allowing sequential access to applicant records, points to fundamental oversights in development and testing. While Paradox.ai swiftly remediated the vulnerabilities upon notification, the incident serves as a stark reminder that even seemingly minor security gaps can have massive implications. It also calls into question the adequacy of their penetration testing, as these issues were not identified internally prior to the researchers’ discovery.

Despite the swift resolution and Paradox.ai’s assertion that only chat interactions of five applicants were accessed by the researchers and no data was shared online, the potential for harm was immense. The exposure of 64 million applicant records, even without highly sensitive data like Social Security numbers, still presents a significant privacy concern and could lead to various forms of targeted attacks like phishing. This incident should prompt other companies utilizing similar third-party recruitment platforms to scrutinize their own security measures and demand higher standards from their vendors to prevent similar breaches and safeguard applicant data.

Projects
- TryHackMe – Web Application Basics – In Progress
Articles
- McDonald’s Chatbot Recruitment Platform Exposed 64 Million Job Applications – Two vulnerabilities in an internal API allowed unauthorized access to contacts and chats, exposing the information of 64 million McDonald’s applicants.
- Google Gemini flaw hijacks email summaries for phishing – Google Gemini for Workspace can be exploited to generate email summaries that appear legitimate but include malicious instructions or warnings that direct users to phishing sites without using attachments or direct links.
- Telegram Messenger’s Ties to Russia’s FSB Revealed in New Report – The Telegram messaging app may have ties to Russia’s Federal Security Service (FSB), according to an investigation.
- Louis Vuitton suffers two hacks in a week as customer data is accessed in UK and Korea – Louis Vuitton has revealed that customer data was stolen during an unauthorised breach of the fashion giant’s UK operation’s systems.
- Russian Basketball Star Daniil Kasatkin Arrested in Ransomware Probe – Daniil Kasatkin, a Russian pro basketball player, faces US ransomware charges after his Paris arrest. His lawyer claims he’s “useless with computers,” raising questions about his alleged negotiator role in cybercrime.
- Cloudflare says 1.1.1.1 outage not caused by attack or BGP hijack – To quash speculation of a cyberattack or BGP hijack incident causing the recent 1.1.1.1 Resolver service outage, Cloudflare explains in a post mortem that the incident was caused by an internal misconfiguration.
- China’s Salt Typhoon Hacked US National Guard – Chinese hacking group Salt Typhoon targeted a National Guard unit’s network and tapped into communications with other units.
- Former US Army member confesses to Telecom hack and extortion conspiracy – A former US Army soldier pleaded guilty to hacking telecom databases, stealing data, and extorting companies by threatening to release the stolen info.
- Popular fitness app Fitify exposes 138K user progress photos – Fitify’s publicly accessible Google cloud storage bucket has exposed hundreds of thousands of files. Some of the files were user-uploaded progress pictures that individuals upload to track their body changes over time. After Cybernews contacted the company, the unprotected instance was closed.
- Salt Typhoon breach: Chinese APT compromises U.S. Army National Guard network – China-linked APT Salt Typhoon breached a U.S. Army National Guard unit’s network, accessed configs, and intercepted communications with other units.
July 21, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 7/7/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: Elmo’s X account was hacked and shared antisemitic and racist posts

The recent hacking of Elmo’s X (formerly Twitter) account represents a concerning incident that transcends a simple social media breach, highlighting broader vulnerabilities and the potential for weaponized online platforms. The unauthorized posts, which included antisemitic, racist, and politically charged content, not only severely damaged the innocent and wholesome brand associated with Elmo and Sesame Street but also demonstrated how easily prominent accounts can be leveraged to disseminate harmful narratives. The fact that such hateful messages were visible to nearly 650,000 followers, even for a brief period, underscores the immediate and widespread impact that compromised accounts can have on public discourse and perception. This event serves as a stark reminder of the constant threat of cyberattacks and the imperative for robust security measures across all major online platforms.

This incident also brings into focus the ongoing challenges faced by X, particularly in light of previous controversies surrounding its AI chatbot Grok and the proliferation of extremist views on the platform. The “disgusting” nature of the hacked posts, as described by Sesame Workshop, echoes similar issues where X has struggled to contain inflammatory content, including antisemitic remarks. The repeated instances of problematic content, whether through compromised accounts or algorithmic failures, raise serious questions about X’s content moderation strategies and its ability to safeguard users from harmful material. While XAI has acknowledged and attempted to address issues with Grok, the Elmo hack suggests that the platform’s vulnerabilities extend beyond AI-generated content to fundamental account security.

Ultimately, the Elmo account hack is more than just an isolated security breach; it’s a symptom of a larger, more complex problem concerning online safety, platform responsibility, and the weaponization of social media. For a character universally associated with childhood innocence and positive values to be used as a conduit for hate speech is deeply disturbing and illustrates the insidious nature of online extremism. This event should prompt renewed scrutiny of social media companies’ commitment to preventing abuse, ensuring account integrity, and protecting their users from the dissemination of harmful ideologies. The incident reinforces the critical need for continuous vigilance, technological advancements in security, and a proactive approach to combating the misuse of online platforms.

Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Projects
- TryHackMe – Web Application Basics – In Progress
Articles
- FBI warns travelers of ‘Scattered Spider’ group targeting airlines – SFGATE contributor Jim Glab rounds up air travel and airport news for our weekly column Routes
- Qantas is being extorted in recent data-theft cyberattack – Qantas has confirmed that it is now being extorted by threat actors following a cyberattack that potentially exposed the data for 6 million customers.
- Columbia data stolen in cyberattack that caused dayslong IT outage, University says – Bloomberg News reported that the alleged hacker stole the personal information of Columbia applicants.
- AT&T Reaches $177M Deal Over 2019 and 2024 Data Breaches – AT&T’s $177M data breach settlement. Check eligibility for payouts from 2019 and 2024 incidents.
- Alleged Chinese State Hacker Wanted by US Arrested in Italy – Xu Zewei has been arrested on charges that he is a member of the Chinese state-sponsored hacking group Hafnium (Silk Typhoon).
- Canadian Electric Utility Says Power Meters Disrupted by Cyberattack – Nova Scotia Power is notifying individuals affected by the recent data breach, including in the United States.
- U.S. Sanctions North Korean Andariel Hacker Behind Fraudulent IT Worker Scheme – The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) on Tuesday sanctioned a member of a North Korean hacking group called Andariel for their role in the infamous remote information technology (IT) worker scheme.
- Russian pro basketball player arrested for alleged role in ransomware attacks – Russian professional basketball player Daniil Kasatkin was arrested in France at the request of the United States for allegedly acting as a negotiator for a ransomware gang.
- Elmo’s X account hacked to publish racist and antisemetic posts – In case it wasn’t obvious, no, that’s not the real Elmo that posted racist and antisemetic posts on Elon Musk’s X. Someone had hacked into the Sesame Street character’s X account.
Podcasts
July 14, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 6/30/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: US shuts down a string of North Korean IT worker scams

The US Department of Justice has successfully disrupted several sophisticated IT worker scams orchestrated by North Korea, leading to two indictments, one arrest, and the seizure of 137 laptops. These operations involved North Korean IT staff using stolen or fictitious identities to secure remote positions at over 100 US companies. Beyond drawing salaries, these individuals allegedly exfiltrated sensitive data for Pyongyang and engaged in virtual currency theft, with one instance involving a $740,000 cryptocurrency heist. This tactic of deploying remote IT workers, facilitated by the shift to remote work during the COVID-19 pandemic, is a significant evolution from North Korea’s traditional cybercrime activities, which are primarily aimed at circumventing international sanctions and funding their illicit weapons programs.

One key aspect of these scams involved the establishment of “laptop farms” in the US. These farms allowed North Korean coders to remotely control company-issued laptops, making it appear as though the workers were operating within the US, thereby evading detection by employers monitoring IP ranges. Zhenxing “Danny” Wang, one of the indicted individuals, is accused of setting up a fake software development business that funneled approximately $5 million back to North Korea and left US companies with an estimated $3 million in cleanup costs. This complex network highlights the critical role of US-based collaborators in enabling these schemes and the substantial financial gains reaped by both the North Korean regime and its stateside operatives.

The investigations also revealed a more direct form of cryptocurrency theft, as seen in the case of four North Koreans who traveled to the UAE to secure remote programming jobs. These individuals, using stolen identities, were able to gain access to company virtual wallets and subsequently steal significant amounts of cryptocurrency, which was then laundered using sanctioned tools like Tornado Cash. The ongoing nature of these threats underscores the challenges faced by companies hiring remote IT workers and the persistent efforts by North Korea to exploit vulnerabilities for financial gain. The US Department of Justice is actively pursuing these cases, offering substantial bounties for information that helps dismantle North Korea’s illicit financial mechanisms.

Projects
- TryHackMe – Web Application Basics – In Progress
Articles
- US shuts down a string of North Korean IT worker scams – The US Department of Justice has announced a major disruption of multiple North Korean fake IT worker scams.
- Stablecoin protocol Resupply loses $9.6M to price manipulation exploit – A flaw in ResupplyFi’s contract allowed an attacker to manipulate token prices and drain $9.6 million from its wstUSR market.
- Hacker Conversations: Rachel Tobac and the Art of Social Engineering – Rachel Tobac is a cyber social engineer. She is skilled at persuading people to do what she wants, rather than what they know they ought to do.
- Hackers stole data on 2.2 million people in cyberattack affecting American grocery chains – The Dutch conglomerate behind dozens of major American supermarket brands said more than 2.2 million people had information stolen from its systems during a cyberattack in November that left customers unable to place delivery orders online.
- Aloha, you’ve been pwned: Hawaiian Airlines discloses ‘cybersecurity event’ – ‘No impact on safety,’ FAA tells The Reg
- The FBI warns that Scattered Spider is now targeting the airline sector – The FBI warns that Scattered Spider is now targeting the airline sector. Feds are working with aviation partners to combat the threat and assist affected victims.
- Ex-student charged over hacking university for cheap parking, data breaches – New South Wales police in Australia have arrested a 27-year-old former Western Sydney University (WSU) student for allegedly hacking into the University’s systems on multiple occasions, starting with a scheme to obtain cheaper parking.
- Qantas Confirms Major Data Breach Linked to Third-Party Vendor – Qantas has confirmed a data breach after attackers gained access through a third-party call centre platform, affecting millions of frequent flyers just as the airline industry heads into its busiest season.
July 7, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 6/23/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: Millions of Brother Printers Hit by Critical, Unpatchable Bug

The article highlights a severe security crisis affecting millions of Brother printers and other devices, stemming primarily from a critical, unpatchable vulnerability (CVE-2024-51978) with a CVSS score of 9.8. This flaw allows an unauthenticated attacker to generate the default administrator password by knowing the device’s serial number, which can be leaked through other vulnerabilities or simple queries. The sheer scale of the problem is alarming, with 695 Brother models and millions of individual devices globally impacted. Crucially, this particular bug cannot be fixed via firmware updates, necessitating a change in Brother’s manufacturing process, underscoring the deep-seated nature of the security oversight.

Beyond the unpatchable flaw, the research by Rapid7 uncovered seven additional vulnerabilities, ranging from data leaks and stack buffer overflows to server-side request forgery (SSRF) and denial-of-service (DoS) issues. These vulnerabilities, while individually less critical (CVSS scores from 5.3 to 7.5), pose significant risks as they can be chained together with CVE-2024-51978 to achieve more severe outcomes, such as unauthenticated remote code execution or the disclosure of plaintext credentials for external services like LDAP or FTP. The ease of exploiting some of these flaws, coupled with the known existence of an underground market for printer exploits, raises concerns about potential widespread exploitation in corporate networks.

Fortunately, for seven of the eight vulnerabilities, Brother has released firmware updates, and other affected vendors like Fujifilm and Ricoh have also issued advisories. For the critical CVE-2024-51978, the primary mitigation relies on user action: changing the default administrator password. This simple step is crucial, as the vulnerability is only exploitable if the default password remains unchanged. The article also commends the collaborative and lengthy disclosure process involving Rapid7, Brother, and the Japanese cyber agency JPCERT/CC, highlighting it as a successful example of coordinated efforts to address widespread security flaws.

Projects
- TryHackMe – Hashing Basics – Complete
- TryHackMe – Web Application Basics – In Progress
Videos

Articles
- Canada says telcos were breached in China-linked espionage hacks – The Canadian government and the FBI say they are aware of malicious activity targeting telecommunication companies across Canada, attributing the intrusions to the China-backed hacking group Salt Typhoon.
- Cybercriminals breach Aflac as part of hacking spree against US insurance industry – Cybercriminals have breached insurance giant Aflac, potentially stealing Social Security numbers, insurance claims and health information, the company said Friday, the latest in a spree of hacks against the insurance industry.
- Millions of Brother Printers Hit by Critical, Unpatchable Bug – A slew of vulnerabilities, including a critical CVSS 9.8 that enables an attacker to generate the default admin password, affect hundreds of printer, scanner, and label-maker models made by manufacturer Brother.
- Justice Department Announces Coordinated, Nationwide Actions to Combat North Korean Remote Information Technology Workers’ Illicit Revenue Generation Schemes
Podcasts
July 2, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 5/19/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: Data-stealing Chrome extensions impersonate Fortinet, YouTube, VPNs

This article from BleepingComputer details a significant and concerning campaign involving over 100 malicious Google Chrome extensions designed to steal user data and execute remote scripts. These extensions cleverly impersonate legitimate and popular tools such as VPNs, AI assistants, crypto utilities, and even specific brands like Fortinet and YouTube. By offering some of the promised functionality while simultaneously operating covertly in the background, these extensions deceive users into granting them broad permissions. This allows the threat actors to pilfer browser cookies, including sensitive session tokens, perform DOM-based phishing attacks, inject malicious JavaScript, and even modify network traffic for purposes like ad delivery, redirection, or proxying user activity through their own servers.

The discovery by DomainTools highlights the scale of this operation, with over 100 fake domains created to promote these malicious extensions, likely through malvertising campaigns. These websites feature seemingly legitimate “Add to Chrome” buttons that directly link to the malicious listings on the Chrome Web Store, lending a false sense of security and authenticity. The article provides a list of several of these deceptive domains, showcasing the wide range of impersonated services and brands. While Google has reportedly removed many of the identified extensions, the fact that some still persist underscores the challenges in rapidly detecting and eliminating such threats, as well as the actors’ determination to remain active.

The potential consequences for users who install these malicious extensions are severe, ranging from account hijacking and personal data theft to comprehensive monitoring of their browsing activities. The article emphasizes that these extensions essentially create a backdoor within the infected browser, granting attackers extensive control and the potential for further exploitation. Alarmingly, the stolen session cookies could even be used to compromise legitimate VPN devices or accounts, providing a pathway to infiltrate corporate networks and launch more damaging attacks. The article concludes with crucial advice for users: exercise caution by only trusting reputable publishers, carefully reviewing user reviews for any suspicious signs, and remaining vigilant about the permissions requested by browser extensions.

Projects
- TryHackMe – Public Key Cryptography Basics – In Progress
Videos

Articles
- The Kids Online Safety Act is back, with the potential to change the internet – The Kids Online Safety Act (KOSA) has been reintroduced into Congress. If passed into law, this bill could impose some of the most significant legislative changes that the internet has seen in the U.S. since the Children’s Online Privacy Protection Act (COPPA) of 1998.
- Have I Been Pwned 2.0 is Now Live! – This has been a very long time coming, but finally, after a marathon effort, the brand new Have I Been Pwned website is now live!
- KrebsOnSecurity Hit With Near-Record 6.3 Tbps DDoS – KrebsOnSecurity last week was hit by a near record distributed denial-of-service (DDoS) attack that clocked in at more than 6.3 terabits of data per second (a terabit is one trillion bits of data).
- PowerSchool hacker pleads guilty to student data extortion scheme – A 19-year-old college student from Worcester, Massachusetts, has agreed to plead guilty to a massive cyberattack on PowerSchool that extorted millions of dollars in exchange for not leaking the personal data of millions of students and teachers.
- Data-stealing Chrome extensions impersonate Fortinet, YouTube, VPNs – A Google Chrome Web Store campaign uses over 100 malicious browser extensions that mimic legitimate tools, such as VPNs, AI assistants, and crypto utilities, to steal browser cookies and execute remote scripts secretly.
Podcasts
May 28, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 5/5/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: Unsophisticated cyber actors are targeting the U.S. Energy sector

The Cybersecurity and Infrastructure Security Agency (CISA), along with the FBI, EPA, and DoE, have issued a joint alert warning U.S. critical infrastructure, particularly the energy and transportation sectors, about ongoing cyberattacks targeting their Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) systems. These attacks are being carried out by unsophisticated cyber actors who are exploiting weaknesses in cyber hygiene and exposed assets. Despite the use of basic intrusion techniques, the potential consequences are significant, including defacement, configuration changes, operational disruptions, and even physical damage in severe cases.

The alert emphasizes that these “basic and elementary intrusion techniques” can be highly effective when organizations fail to implement fundamental cybersecurity best practices. Poor cyber hygiene and the presence of internet-exposed OT assets create vulnerabilities that these less skilled attackers can readily exploit. The agencies strongly urge Critical Infrastructure Asset Owners and Operators to proactively review and implement the recommendations outlined in the fact sheet titled “Primary Mitigations to Reduce Cyber Threats to Operational Technology” to bolster their defenses against these threats.

The recommended mitigations focus on foundational security measures that can significantly reduce the attack surface and limit the impact of successful intrusions. These include removing OT connections from the public internet, immediately changing default passwords to strong, unique credentials, securing remote access to OT networks using VPNs and phishing-resistant multi-factor authentication (MFA), segmenting IT and OT networks to prevent lateral movement, and ensuring the capability to operate OT systems manually in the event of a cyber incident. Additionally, the agencies highlight the risk of misconfigurations introduced during standard operations or by third-party vendors and advise working collaboratively to address these potential vulnerabilities.

Projects
- TryHackMe – Tcpdump: The Basics – Complete
- TryHackMe – Cryptography Basics – In Progress
Videos

Articles
- White House Proposal Slashes Half-Billion from CISA Budget – The proposed $491 million cut is being positioned as a “refocusing”of CISA on its core mission “while eliminating weaponization and waste.”
- Unofficial Signal app used by Trump officials investigates hack – TeleMessage, an Israeli company that sells an unofficial Signal message archiving tool used by some U.S. government officials, has suspended all services after reportedly being hacked.
- Darcula PhaaS steals 884,000 credit cards via phishing texts – The Darcula phishing-as-a-service (PhaaS) platform stole 884,000 credit cards from 13 million clicks on malicious links sent via text messages to targets worldwide.
- iHeartMedia suffers breach that exposed personal data – iHeartMedia, America’s largest owner of radio stations, suffered a breach in December that exposed personal data, including Social Security and passport numbers.
- TeleMessage, the Signal clone used by US government officials, suffers hack – TeleMessage, an encrypted messaging app based upon Signal, has been temporarily suspended out of “an abundance of caution” after a hacker reportedly gained access to US government communications.
- Unsophisticated cyber actors are targeting the U.S. Energy sector – CISA, FBI, EPA, and DoE warn of cyberattacks on the U.S. Energy sector carried out by unsophisticated cyber actors targeting ICS/SCADA systems.
- Man Sentenced to Over 30 Years in Prison for Crypto-Terror Financing Scheme – Defendant Collected and Sent More Than $185,000 to ISIS
Podcasts+
May 12, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 4/21/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: Former Disney employee who hacked Disney World restaurant menus in revenge sentenced to 3 years in federal prison

This case highlights a serious insider threat incident with significant potential consequences. Michael Scheuer, a former Disney World employee, conducted a series of cyberattacks against his former employer, demonstrating a disturbing level of knowledge about the company’s systems. His actions went beyond mere vandalism, as he manipulated allergen information on restaurant menus, creating a dangerous situation that could have resulted in severe harm or even death for customers with allergies. This element of the attack underscores the malicious intent and the potential for real-world harm that can arise from disgruntled employees with system access.

The incident also reveals the complexity and scope of modern cyberattacks. Scheuer’s actions included manipulating menu information, altering wine region details to reference mass shooting locations, and launching denial-of-service attacks. This multi-faceted approach demonstrates the potential for a single individual to disrupt operations, spread misinformation, and target individuals within an organization. The FBI’s involvement and the subsequent prosecution emphasize the severity of these crimes and the importance of robust cybersecurity measures to protect against both external and internal threats.

Ultimately, this case serves as a stark reminder of the importance of robust cybersecurity practices, including access control, monitoring, and incident response. The fact that Scheuer had the knowledge and access to carry out these attacks highlights the need for organizations to carefully manage employee access to sensitive systems, especially during and after termination. The potential for significant financial damage (as indicated by the restitution order) and the severe criminal penalties underscore the legal and financial ramifications of such cybercrimes.

Projects
- TryHackMe – Networking Secure Protocols – Complete
- TryHackMe – Tcpdump: The Basics – In Progress
Whitepapers
- 2025 Verizon DBIR – Read my breakdown here.
- The Sophos Annual Threat Report: Cybercrime on Main Street 2025
Videos

Articles
- China Names and Shames US Hackers, Calls Out 3 Alleged NSA Agents – Police in the Chinese city of Harbin say three NSA operatives disrupted the 2025 Asian Winter Games and hacked Huawei.
- Crosswalks hacked to play fake audio of Musk, Zuck, and Jeff Bezos – “Stop, look, and listen” is the standard advice we should allow follow when crossing the road – but pedestrians in some parts are finding that they cannot believe their ears – after a hacker compromised crosswalks to play deepfake audio mocking tech bosses Elon Musk, Mark Zuckerberg, and Jeff Bezos.
- DeepSeek Breach Opens Floodgates to Dark Web – The incident should serve as a critical wake-up call. The stakes are simply too high to treat AI security as an afterthought — especially when the Dark Web stands ready to capitalize on every vulnerability.
- Blue Shield of California leaked health data of 4.7 million members to Google – Blue Shield of California disclosed it suffered a data breach after exposing protected health information of 4.7 million members to Google’s analytics and advertisement platforms.
- FBI: US lost record $16.6 billion to cybercrime in 2024 – The FBI says cybercriminals have stolen a record $16,6 billion in 2024, marking an increase in losses of over 33% compared to the previous year.
- Cyberattack Knocks Texas City’s Systems Offline – The city of Abilene, Texas, is scrambling to restore systems that have been taken offline in response to a cyberattack.
- SK Telecom reveals cyberattack, customer USIM data stolen could be used in attacks – Scope and scale of SK Telecom attack still being investigated
- Verizon discovers spike in ransomware and exploited vulnerabilities – Verizon’s 2025 Data Breach Investigations Report noted a 37% increase in ransomware attacks and a 34% increase in exploited vulnerabilities.
- Former Disney employee who hacked Disney World restaurant menus in revenge sentenced to 3 years in federal prison – When a former Disney World employee was accused of changing the menus at Disney World restaurants, it made headlines. And in January, when he admitted to changing the menus — including information about allergy information that could have created serious health risks for diners — that also made headlines. Now Michael Scheuer, who faced 10 years in prison for fraud and an additional subsequent two years in prison for aggravated identity theft, has been sentenced.
Podcasts
April 28, 2025