CTRL + ALT + SEC

Tag: Data breach

What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 9/8/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: Hackers Weaponize Amazon Simple Email Service to Send 50,000+ Malicious Emails Per Day

A recent cybercriminal campaign has been exploiting Amazon’s Simple Email Service (SES) to launch large-scale phishing attacks, delivering over 50,000 malicious emails per day. The campaign begins with attackers gaining access to AWS accounts through compromised access keys. They then use these credentials to probe the environment for SES permissions. By using a sophisticated, multi-regional approach, they are able to bypass SES’s default “sandbox” restrictions and daily email limits, unlocking the ability to send massive volumes of malicious emails.

The attackers’ infrastructure is technically advanced, utilizing both their own domains and legitimate domains with weak security configurations to facilitate email spoofing. They systematically verify these domains and create legitimate-looking email addresses to maximize the credibility of their messages. The phishing emails themselves are designed to appear as official tax-related notifications, directing victims to credential harvesting sites. To evade detection, the attackers use commercial traffic analysis services and programmatically attempt to escalate privileges within the AWS environment, though some of these attempts have failed.

This campaign highlights a growing threat where legitimate cloud services, intended for business purposes, are weaponized at scale. The successful exploitation of Amazon SES demonstrates the critical importance of robust security practices, including the need for enhanced monitoring of dormant access keys and unusual cross-regional API activity. The findings from Wiz.io researchers serve as a crucial reminder for organizations to implement more stringent security measures to prevent cloud service abuse and protect against sophisticated, large-scale cyberattacks.

Projects
- TryHackMe – SQLMap: The Basics – Complete
- TryHackMe – SOC Fundamentals – Complete
- TryHackMe – Digital Forensics Fundamentals – Complete
- TryHackMe – Incident Response Fundamentals – Complete
Videos

Articles
- Plex tells users to reset passwords after new data breach – Media streaming platform Plex is warning customers to reset passwords after suffering a data breach in which a hacker was able to steal customer authentication data from one of its databases.
- iCloud Calendar abused to send phishing emails from Apple’s servers – iCloud Calendar invites are being abused to send callback phishing emails disguised as purchase notifications directly from Apple’s email servers, making them more likely to bypass spam filters to land in targets’ inboxes.
- Hackers Weaponize Amazon Simple Email Service to Send 50,000+ Malicious Emails Per Day – A sophisticated cybercriminal campaign has emerged, exploiting Amazon’s Simple Email Service (SES) to orchestrate large-scale phishing operations capable of delivering over 50,000 malicious emails daily.
- Remote CarPlay Hack Puts Drivers at Risk of Distraction and Surveillance – Oligo Security has shared details on an Apple CarPlay attack that hackers may be able to launch without any interaction.
- Apple warns customers targeted in recent spyware attacks – Apple warned customers last week that their devices were targeted in a new series of spyware attacks, according to the French national Computer Emergency Response Team (CERT-FR).
- U.S. Senator accuses Microsoft of “gross cybersecurity negligence” – U.S. Senator Ron Wyden has sent a letter to the Federal Trade Commission (FTC) requesting the agency to investigate Microsoft for failing to provide adequate security in its products, which led to ransomware attacks against healthcare organizations.
- Man gets over 4 years in prison for selling unreleased movies – A Tennessee court has sentenced a Memphis man who worked for a DVD and Blu-ray manufacturing and distribution company to 57 months in prison for stealing and selling digital copies of unreleased movies.
Podcasts
September 15, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 8/25/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: Booking.com phishing campaign uses sneaky ‘ん’ character to trick you

These are two separate but related phishing campaigns that exploit a typographical trick called homoglyphs to deceive victims. In the first instance, threat actors used the Japanese hiragana character ん (U+3093), which in some fonts looks like a forward slash, to create a fake Booking.com URL. This visual deception makes the malicious domain [suspicious link removed] appear as a subdirectory of the legitimate booking.com, tricking users into believing they are on a genuine site. The link then redirects victims to a malicious MSI installer that drops malware, such as infostealers or remote access trojans, onto their computers. This tactic is a sophisticated form of a homograph attack, and it demonstrates how attackers leverage the visual similarities between characters from different alphabets to execute social engineering campaigns.

The second campaign targeting Intuit users employs a simpler yet equally effective homoglyph trick. Attackers used a lowercase Latin L to impersonate the letter i, creating the lookalike domain Lntuit.com to mimic the legitimate Intuit.com. This visual substitution is especially effective on mobile devices and in certain fonts where the two characters are nearly indistinguishable, preying on users’ tendency to glance quickly at URLs rather than scrutinize them. The email directs victims to a phishing page designed to steal credentials. Both the Booking.com and Intuit campaigns underscore a growing trend where attackers are creatively manipulating typography to bypass traditional security awareness, highlighting the vulnerability of visual inspection as a sole defense against phishing.

These attacks serve as a critical reminder that cybersecurity threats are constantly evolving, particularly in the realm of social engineering. The use of homoglyphs and homograph attacks demonstrates a move beyond simple fake emails to highly deceptive links that are difficult to spot. The article emphasizes the need for a multi-layered defense strategy, including user education on how to properly inspect URLs—by hovering over links and identifying the true registered domain—and maintaining up-to-date endpoint security software. While these measures offer protection, the campaigns also illustrate the limitations of relying on visual cues alone and reinforce the importance of robust technological solutions to combat increasingly sophisticated phishing tactics.

Projects
- TryHackMe – SQL Fundamentals – Complete
- TryHackMe – Hydra – In Progress
Articles
- Farmers Insurance data breach impacts 1.1M people after Salesforce attack – U.S. insurance giant Farmers Insurance has disclosed a data breach impacting 1.1 million customers, with BleepingComputer learning that the data was stolen in the widespread Salesforce attacks.
- Booking.com phishing campaign uses sneaky ‘ん’ character to trick you – Threat actors are leveraging a Unicode character to make phishing links appear like legitimate Booking.com links in a new campaign distributing malware.
- TransUnion says hackers stole 4.4 million customers’ personal information – TransUnion attributed the July 28 breach to unauthorized access of a third-party application storing customers’ personal data for its U.S. consumer support operations.
- WhatsApp Patches Zero-Click Exploit Targeting iOS and macOS Devices – WhatsApp has addressed a security vulnerability in its messaging apps for Apple iOS and macOS that it said may have been exploited in the wild in conjunction with a recently disclosed Apple flaw in targeted zero-day attacks.
Podcasts
September 1, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 8/18/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: HR giant Workday discloses data breach after Salesforce attack

Workday, a major human resources software provider, has disclosed a data breach stemming from a social engineering attack that compromised a third-party customer relationship management (CRM) platform. While Workday explicitly stated that its core customer tenants and their sensitive data were not affected, the breach exposed business contact information, including names, email addresses, and phone numbers of customers. This type of information, though not directly sensitive, is crucial for threat actors to execute more sophisticated social engineering or phishing campaigns against Workday’s extensive client base, which includes over 60% of Fortune 500 companies.

Further investigation revealed that the Workday incident is part of a broader series of attacks orchestrated by the notorious ShinyHunters extortion group. These attacks specifically target Salesforce CRM instances through social engineering and voice phishing, tricking employees into linking malicious OAuth applications. Once linked, the attackers gain access to and steal company databases, using the stolen data for extortion. This widespread campaign has impacted numerous other high-profile companies, including Adidas, Google, Louis Vuitton, and Chanel, highlighting a significant and ongoing threat to organizations relying on third-party CRM platforms.

The Workday breach underscores the pervasive and evolving nature of social engineering threats, particularly when they target critical third-party vendors in an organization’s supply chain. Even with robust internal security, a single vulnerability in a partner’s system can expose valuable data that fuels subsequent, more damaging attacks. The involvement of a sophisticated group like ShinyHunters, known for large-scale data theft and extortion, emphasizes the need for continuous employee training on social engineering tactics, multi-factor authentication, and stringent oversight of third-party access to corporate data.

Projects
- TryHackMe – JavaScript Essentials – Complete
- TryHackMe – SQL Fundamentals – In Progress
Videos

Articles
- HR giant Workday discloses data breach after Salesforce attack – Human resources giant Workday has disclosed a data breach after attackers gained access to a third-party customer relationship management (CRM) platform in a recent social engineering attack.
- UK telecom firm Colt suffers massive ransomware attack – UK telecoms and network services company Colt suffered a cyberattack, claimed by the Warlock ransomware gang.
- Hotels in Italy suffer a potentially massive breach – Tens of thousands of allegedly stolen documents include high-resolution scans of passports and ID cards used by customers during check-in, according to Italian authorities.
- DOJ Charges 22-Year-Old for Running RapperBot Botnet Behind 370,000 DDoS Attacks – A 22-year-old man from the U.S. state of Oregon has been charged with allegedly developing and overseeing a distributed denial-of-service (DDoS)-for-hire botnet called RapperBot.
- Security researcher driven by free nuggets unearths McDonald’s security flaw — changing ‘login’ to ‘register’ in URL prompted site to issue plain text password for a new account
- Scattered Spider hacker gets sentenced to 10 years in prison – Noah Michael Urban, a key member of the Scattered Spider cybercrime collective, was sentenced to 10 years in prison on Wednesday after pleading guilty to charges of wire fraud and conspiracy in April.
- Dev gets 4 years for creating kill switch on ex-employer’s systems – A software developer has been sentenced to four years in prison for sabotaging his ex-employer’s Windows network with custom malware and a kill switch that locked out employees when his account was disabled.
- U.S. Navy Sailor Convicted of Spying for China – Wei was an active-duty U.S. Navy sailor stationed at Naval Base San Diego when he agreed to sell Navy secrets to a Chinese intelligence officer for $12,000.
Podcasts
August 25, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 8/11/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: New York claims Zelle’s shoddy security enabled a billion dollars in scams

The lawsuit claims that Zelle, a payment platform owned by major banks, was launched with significant security flaws that enabled a billion dollars in customer fraud between 2017 and 2023. Attorney General James alleges that the company behind Zelle, Early Warning Services (EWS), was aware of these vulnerabilities from the start but failed to implement basic safeguards. The lawsuit highlights issues such as a flawed registration process that allowed scammers to use misleading email addresses to impersonate legitimate entities, making it easy to trick users into sending them money.

The complaint also accuses EWS of failing to ensure that banks reported customer complaints about fraud in a timely manner. The lawsuit states that Zelle falsely advertised its service as a “safe” money transfer tool and did not promptly remove fraudulent accounts or require banks to reimburse consumers for certain scams. This legal action mirrors a previous lawsuit filed by the Consumer Financial Protection Bureau, which was later dropped.

In response to the lawsuit, Zelle spokesperson Eric Blankenbaker called it a “political stunt” and denied the claims. He stated that Zelle “leads the fight to stop fraud and scams” and argued that the Attorney General’s lawsuit would ultimately put consumers at greater risk by providing criminals with a blueprint for guaranteed payouts. The lawsuit seeks restitution and damages for New Yorkers who have been harmed by Zelle’s alleged security failures.

Projects
- TryHackMe – JavaScript Essentials – In Progress
Webinars
- SANS Security Awareness Virtual Conference
- Proofpoint Power Series – Threat Intel Unfiltered
Videos

Articles
- WinRAR Zero-Day Under Active Exploitation – Update to Latest Version Immediately: Tracked as CVE-2025-8088 (CVSS score: 8.8), the issue has been described as a case of path traversal affecting the Windows version of the tool that could be exploited to obtain arbitrary code execution by crafting malicious archive files.
- Security flaws in a carmaker’s web portal let one hacker remotely unlock cars from anywhere – A security researcher said flaws in a carmaker’s online dealership portal exposed the private information and vehicle data of its customers, and could have allowed hackers to remotely break into any of its customers’ vehicles.
- Manpower franchise discloses data theft after RansomHub posts alleged stolen data – And yes, there’s the usual credit monitoring
- Hyundai wants Ioniq 5 owners to pay to fix a keyless entry security hole – Some Ioniq 5 models are vulnerable to thieves using a Game Boy-like handheld device.
- Russian government hackers said to be behind US federal court filing system hack: Report – The Russian government is allegedly behind the data breach affecting the U.S. court filing system known as PACER, according to The New York Times.
- New York claims Zelle’s shoddy security enabled a billion dollars in scams – Attorney General Letitia James claims Zelle launched with serious security flaws that made the platform ‘uniquely susceptible to fraud.
- Plex warns users to patch security vulnerability immediately – Plex has notified some of its users on Thursday to urgently update their media servers due to a recently patched security vulnerability.
Podcasts
August 18, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 8/4/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: Hacker extradited to US for stealing $3.3 million from taxpayers

The article details the successful extradition of Nigerian national Chukwuemeka Victor Amachukwu from France to the U.S., where he faces charges related to a sophisticated hacking and fraud scheme. The core of his alleged criminal activity involved spearphishing attacks targeting U.S. tax preparation businesses. By gaining unauthorized access to these businesses’ computer systems, Amachukwu and his co-conspirators were able to steal the personal data of thousands of American citizens. This stolen information was then used to file fraudulent tax returns and Small Business Administration (SBA) loan applications, resulting in over $3.3 million in confirmed losses to the U.S. government. The extradition underscores the international cooperation necessary to combat cybercrime and demonstrates a commitment by law enforcement to pursue and prosecute individuals who exploit digital vulnerabilities for financial gain, regardless of their physical location.

Beyond the tax and loan fraud, the article highlights Amachukwu’s alleged involvement in a separate, parallel scam. This second scheme involved a fake investment opportunity where victims were convinced to invest millions in non-existent standby letters of credit. This dual-pronged criminal activity paints a picture of a perpetrator who engaged in multiple forms of financial deception, exploiting both technological vulnerabilities and human trust. The indictment against Amachukwu reflects the seriousness of his alleged crimes, with charges including conspiracy to commit computer intrusions, wire fraud, and aggravated identity theft. The potential penalties, including a mandatory two-year consecutive sentence for aggravated identity theft and up to 20 years for each wire fraud count, illustrate the severe legal consequences for such offenses.

The extradition and subsequent court appearance of Amachukwu serve as a significant development in the case, moving it from international pursuit to domestic prosecution. The fact that he was apprehended and extradited from France, where he was presumably located after the alleged crimes took place, showcases the global reach of U.S. law enforcement and its ability to work with international partners to bring suspects to justice. While a trial date has yet to be scheduled, the article makes it clear that the U.S. government is not only seeking a conviction but also the forfeiture of all proceeds from his criminal activities. This aggressive legal approach aims to both punish the perpetrator and recover the stolen funds, providing a comprehensive response to the financial and personal damage caused by his fraudulent schemes.

Projects
- TryHackMe – JavaScript Essentials – In Progress
Whitepapers
- CrowdStrike 2025 Threat Hunting Report
Articles
- CL-STA-0969 Installs Covert Malware in Telecom Networks During 10-Month Espionage Campaign – Telecommunications organizations in Southeast Asia have been targeted by a state-sponsored threat actor known as CL-STA-0969 to facilitate remote control over compromised networks.
- Python-powered malware snags hundreds of credit cards, 200K passwords, and 4M cookies – PXA Stealer pilfers data from nearly 40 browsers, including Chrome
- North Korea sent me abroad to be a secret IT worker. My wages funded the regime – Jin-su says over the years he used hundreds of fake IDs to apply for remote IT work with Western companies. It was part of a vast undercover scheme to raise funds for North Korea.
- Cisco Says User Data Stolen in CRM Hack – Cisco has disclosed a data breach affecting Cisco.com user accounts, including names, email address, and phone numbers.
- What the Coinbase Breach Says About Insider Risk – The lesson from the breach is not just about what went wrong — but what could have gone right.
- PBS confirms data breach after employee info leaked on Discord servers – PBS has suffered a data breach exposing the corporate contact information of its employees and those of its affiliates, BleepingComputer has learned.
- Hacker extradited to US for stealing $3.3 million from taxpayers – Nigerian national Chukwuemeka Victor Amachukwu has been extradited from France to the U.S. to face charges of hacking, fraud, and identity theft for suspected spearphishing attacks on U.S. tax preparation businesses.
- Hacker used a voice phishing attack to steal Cisco customers’ personal information – A cybercriminal tricked a Cisco representative into granting them access to steal the personal information of Cisco.com users, the company said on Tuesday.
- Air France and KLM disclose data breaches impacting customers – Air France and KLM announced on Wednesday that attackers had breached a customer service platform and stolen the data of an undisclosed number of customers.
- Hacker extradited to US for stealing $3.3 million from taxpayers – Nigerian national Chukwuemeka Victor Amachukwu has been extradited from France to the U.S. to face charges of hacking, fraud, and identity theft for suspected spearphishing attacks on U.S. tax preparation businesses.
Podcasts
- Smashing Security – 428: Red flags, leaked chats, and a final farewell
- The 404 Media Podcast – How AI is being used by hackers and criminals
August 11, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 7/28/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: Tea’s data breach shows why you should be wary of new apps — especially in the AI era

This data breach highlights the inherent risks associated with entrusting sensitive personal information to new applications, particularly in an increasingly AI-driven digital landscape. The breach exposed approximately 72,000 images, including selfies and driver’s licenses, as well as over 1.1 million private direct messages containing intimate conversations. This incident serves as a stark reminder that user data, even when presumed private, can be easily exposed to a global audience with technical acumen. Despite the widespread reporting of the breach, the Tea app remarkably maintained a high ranking in app store charts, underscoring a prevailing user willingness to share sensitive data despite known security vulnerabilities.

Cybersecurity experts interviewed in the article emphasize that the risks of data exposure are amplified in the “AI era.” This heightened risk stems from several factors, including users’ growing comfort with sharing personal information with AI chatbots, which has already led to accidental public disclosures of private exchanges. Furthermore, the rise of “vibe coding”—the use of generative AI to write and refine code—introduces new security concerns. While enabling faster development, experts worry that vibe coding could lead to less secure applications as developers prioritize speed and potentially overlook robust security measures.

Ultimately, the Tea app breach serves as a critical cautionary tale, urging consumers to exercise extreme vigilance when engaging with new apps. Regardless of whether applications are developed with AI assistance or traditional methods, the core message from cybersecurity professionals is to always consider the worst-case scenario when sharing personal data. With the accelerated development of applications and adversaries increasingly leveraging AI for new attack vectors, users should anticipate a rise in data breaches and adopt a more proactive approach to safeguarding their digital privacy.

Projects
- TryHackMe – Web Application Basics – Complete
- TryHackMe – JavaScript Essentials – In Progress
White Paper
- IBM Cost of a Data Breach Report
Articles
- Insurance giant says most US customer data stolen in cyber-attack – Hackers have stolen personal information of a majority of insurance firm Allianz Life’s 1.4 million customers in North America, its parent company said.
- Dating safety app Tea breached, exposing 72,000 user images – Tea, an app that allows women to post anonymous comments about men they’ve supposedly dated, announced Friday that it has suffered a data breach, with hackers gaining access to 72,000 images.
- Scattered Spider is running a VMware ESXi hacking spree – Scattered Spider hackers have been aggressively targeting virtualized environments by attacking VMware ESXi hypervisors at U.S. companies in the retail, airline, transportation, and insurance sectors.
- FBI seizes $2.4M in Bitcoin from new Chaos ransomware operation – FBI Dallas has seized approximately 20 Bitcoins from a cryptocurrency address belonging to a Chaos ransomware member that is linked to cyberattacks and extortion payments from Texas companies.
- Minnesota Activates National Guard in Response to Cyberattack – Minnesota Governor Tim Walz called in the National Guard to assist the City of Saint Paul in responding to a cyberattack.
- Telecom Giant Orange Hit by Cyberattack – Orange was targeted by hackers in an attack that resulted in the disruption of services offered to corporate and individual customers.
- Everest Ransomware Claims Mailchimp as New Victim in Relatively Small Breach – Everest ransomware claims Mailchimp breach, leaks 943,000 lines of data. While limited in size, it adds to a spike in global ransomware activity this July.
- Your public ChatGPT queries are getting indexed by Google and other search engines – It’s a strange glimpse into the human mind: If you filter search results on Google, Bing, and other search engines to only include URLs from the domain “https://chatgpt.com/share,” you can find strangers’ conversations with ChatGPT.
- Microsoft: Russian hackers use ISP access to hack embassies in AiTM attacks – Microsoft warns that a cyber-espionage group linked to Russia’s Federal Security Service (FSB) is targeting diplomatic missions in Moscow using local internet service providers.
August 4, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 7/14/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: McDonald’s Chatbot Recruitment Platform Exposed 64 Million Job Applications

This reveals a significant data breach within McDonald’s recruitment platform, McHire, exposing the personal information of 64 million job applicants. The breach stemmed from two critical vulnerabilities: the persistence of default “123456” credentials for a test account belonging to Paradox.ai (the bot’s creator) and an insecure direct object reference (IDOR) weakness in an internal API. These flaws allowed security researchers Ian Carroll and Sam Curry unauthorized access to applicant data, including names, addresses, phone numbers, email addresses, and even the ability to view and intervene in ongoing chatbot conversations. The ease with which such widespread data could be accessed highlights severe lapses in security protocols and underscores the potential for malicious actors to exploit similar weaknesses if not promptly addressed.

The incident underscores the paramount importance of robust security practices, particularly in platforms handling vast amounts of personal identifiable information (PII). The fact that a simple, unchanged default password from a 2019 test account could grant administrative access, combined with an IDOR vulnerability allowing sequential access to applicant records, points to fundamental oversights in development and testing. While Paradox.ai swiftly remediated the vulnerabilities upon notification, the incident serves as a stark reminder that even seemingly minor security gaps can have massive implications. It also calls into question the adequacy of their penetration testing, as these issues were not identified internally prior to the researchers’ discovery.

Despite the swift resolution and Paradox.ai’s assertion that only chat interactions of five applicants were accessed by the researchers and no data was shared online, the potential for harm was immense. The exposure of 64 million applicant records, even without highly sensitive data like Social Security numbers, still presents a significant privacy concern and could lead to various forms of targeted attacks like phishing. This incident should prompt other companies utilizing similar third-party recruitment platforms to scrutinize their own security measures and demand higher standards from their vendors to prevent similar breaches and safeguard applicant data.

Projects
- TryHackMe – Web Application Basics – In Progress
Articles
- McDonald’s Chatbot Recruitment Platform Exposed 64 Million Job Applications – Two vulnerabilities in an internal API allowed unauthorized access to contacts and chats, exposing the information of 64 million McDonald’s applicants.
- Google Gemini flaw hijacks email summaries for phishing – Google Gemini for Workspace can be exploited to generate email summaries that appear legitimate but include malicious instructions or warnings that direct users to phishing sites without using attachments or direct links.
- Telegram Messenger’s Ties to Russia’s FSB Revealed in New Report – The Telegram messaging app may have ties to Russia’s Federal Security Service (FSB), according to an investigation.
- Louis Vuitton suffers two hacks in a week as customer data is accessed in UK and Korea – Louis Vuitton has revealed that customer data was stolen during an unauthorised breach of the fashion giant’s UK operation’s systems.
- Russian Basketball Star Daniil Kasatkin Arrested in Ransomware Probe – Daniil Kasatkin, a Russian pro basketball player, faces US ransomware charges after his Paris arrest. His lawyer claims he’s “useless with computers,” raising questions about his alleged negotiator role in cybercrime.
- Cloudflare says 1.1.1.1 outage not caused by attack or BGP hijack – To quash speculation of a cyberattack or BGP hijack incident causing the recent 1.1.1.1 Resolver service outage, Cloudflare explains in a post mortem that the incident was caused by an internal misconfiguration.
- China’s Salt Typhoon Hacked US National Guard – Chinese hacking group Salt Typhoon targeted a National Guard unit’s network and tapped into communications with other units.
- Former US Army member confesses to Telecom hack and extortion conspiracy – A former US Army soldier pleaded guilty to hacking telecom databases, stealing data, and extorting companies by threatening to release the stolen info.
- Popular fitness app Fitify exposes 138K user progress photos – Fitify’s publicly accessible Google cloud storage bucket has exposed hundreds of thousands of files. Some of the files were user-uploaded progress pictures that individuals upload to track their body changes over time. After Cybernews contacted the company, the unprotected instance was closed.
- Salt Typhoon breach: Chinese APT compromises U.S. Army National Guard network – China-linked APT Salt Typhoon breached a U.S. Army National Guard unit’s network, accessed configs, and intercepted communications with other units.
July 21, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 6/30/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: US shuts down a string of North Korean IT worker scams

The US Department of Justice has successfully disrupted several sophisticated IT worker scams orchestrated by North Korea, leading to two indictments, one arrest, and the seizure of 137 laptops. These operations involved North Korean IT staff using stolen or fictitious identities to secure remote positions at over 100 US companies. Beyond drawing salaries, these individuals allegedly exfiltrated sensitive data for Pyongyang and engaged in virtual currency theft, with one instance involving a $740,000 cryptocurrency heist. This tactic of deploying remote IT workers, facilitated by the shift to remote work during the COVID-19 pandemic, is a significant evolution from North Korea’s traditional cybercrime activities, which are primarily aimed at circumventing international sanctions and funding their illicit weapons programs.

One key aspect of these scams involved the establishment of “laptop farms” in the US. These farms allowed North Korean coders to remotely control company-issued laptops, making it appear as though the workers were operating within the US, thereby evading detection by employers monitoring IP ranges. Zhenxing “Danny” Wang, one of the indicted individuals, is accused of setting up a fake software development business that funneled approximately $5 million back to North Korea and left US companies with an estimated $3 million in cleanup costs. This complex network highlights the critical role of US-based collaborators in enabling these schemes and the substantial financial gains reaped by both the North Korean regime and its stateside operatives.

The investigations also revealed a more direct form of cryptocurrency theft, as seen in the case of four North Koreans who traveled to the UAE to secure remote programming jobs. These individuals, using stolen identities, were able to gain access to company virtual wallets and subsequently steal significant amounts of cryptocurrency, which was then laundered using sanctioned tools like Tornado Cash. The ongoing nature of these threats underscores the challenges faced by companies hiring remote IT workers and the persistent efforts by North Korea to exploit vulnerabilities for financial gain. The US Department of Justice is actively pursuing these cases, offering substantial bounties for information that helps dismantle North Korea’s illicit financial mechanisms.

Projects
- TryHackMe – Web Application Basics – In Progress
Articles
- US shuts down a string of North Korean IT worker scams – The US Department of Justice has announced a major disruption of multiple North Korean fake IT worker scams.
- Stablecoin protocol Resupply loses $9.6M to price manipulation exploit – A flaw in ResupplyFi’s contract allowed an attacker to manipulate token prices and drain $9.6 million from its wstUSR market.
- Hacker Conversations: Rachel Tobac and the Art of Social Engineering – Rachel Tobac is a cyber social engineer. She is skilled at persuading people to do what she wants, rather than what they know they ought to do.
- Hackers stole data on 2.2 million people in cyberattack affecting American grocery chains – The Dutch conglomerate behind dozens of major American supermarket brands said more than 2.2 million people had information stolen from its systems during a cyberattack in November that left customers unable to place delivery orders online.
- Aloha, you’ve been pwned: Hawaiian Airlines discloses ‘cybersecurity event’ – ‘No impact on safety,’ FAA tells The Reg
- The FBI warns that Scattered Spider is now targeting the airline sector – The FBI warns that Scattered Spider is now targeting the airline sector. Feds are working with aviation partners to combat the threat and assist affected victims.
- Ex-student charged over hacking university for cheap parking, data breaches – New South Wales police in Australia have arrested a 27-year-old former Western Sydney University (WSU) student for allegedly hacking into the University’s systems on multiple occasions, starting with a scheme to obtain cheaper parking.
- Qantas Confirms Major Data Breach Linked to Third-Party Vendor – Qantas has confirmed a data breach after attackers gained access through a third-party call centre platform, affecting millions of frequent flyers just as the airline industry heads into its busiest season.
July 7, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 6/23/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: Millions of Brother Printers Hit by Critical, Unpatchable Bug

The article highlights a severe security crisis affecting millions of Brother printers and other devices, stemming primarily from a critical, unpatchable vulnerability (CVE-2024-51978) with a CVSS score of 9.8. This flaw allows an unauthenticated attacker to generate the default administrator password by knowing the device’s serial number, which can be leaked through other vulnerabilities or simple queries. The sheer scale of the problem is alarming, with 695 Brother models and millions of individual devices globally impacted. Crucially, this particular bug cannot be fixed via firmware updates, necessitating a change in Brother’s manufacturing process, underscoring the deep-seated nature of the security oversight.

Beyond the unpatchable flaw, the research by Rapid7 uncovered seven additional vulnerabilities, ranging from data leaks and stack buffer overflows to server-side request forgery (SSRF) and denial-of-service (DoS) issues. These vulnerabilities, while individually less critical (CVSS scores from 5.3 to 7.5), pose significant risks as they can be chained together with CVE-2024-51978 to achieve more severe outcomes, such as unauthenticated remote code execution or the disclosure of plaintext credentials for external services like LDAP or FTP. The ease of exploiting some of these flaws, coupled with the known existence of an underground market for printer exploits, raises concerns about potential widespread exploitation in corporate networks.

Fortunately, for seven of the eight vulnerabilities, Brother has released firmware updates, and other affected vendors like Fujifilm and Ricoh have also issued advisories. For the critical CVE-2024-51978, the primary mitigation relies on user action: changing the default administrator password. This simple step is crucial, as the vulnerability is only exploitable if the default password remains unchanged. The article also commends the collaborative and lengthy disclosure process involving Rapid7, Brother, and the Japanese cyber agency JPCERT/CC, highlighting it as a successful example of coordinated efforts to address widespread security flaws.

Projects
- TryHackMe – Hashing Basics – Complete
- TryHackMe – Web Application Basics – In Progress
Videos

Articles
- Canada says telcos were breached in China-linked espionage hacks – The Canadian government and the FBI say they are aware of malicious activity targeting telecommunication companies across Canada, attributing the intrusions to the China-backed hacking group Salt Typhoon.
- Cybercriminals breach Aflac as part of hacking spree against US insurance industry – Cybercriminals have breached insurance giant Aflac, potentially stealing Social Security numbers, insurance claims and health information, the company said Friday, the latest in a spree of hacks against the insurance industry.
- Millions of Brother Printers Hit by Critical, Unpatchable Bug – A slew of vulnerabilities, including a critical CVSS 9.8 that enables an attacker to generate the default admin password, affect hundreds of printer, scanner, and label-maker models made by manufacturer Brother.
- Justice Department Announces Coordinated, Nationwide Actions to Combat North Korean Remote Information Technology Workers’ Illicit Revenue Generation Schemes
Podcasts
July 2, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 6/16/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: 16 Billion Apple, Facebook, Google And Other Passwords Leaked

The confirmed leak of an estimated 16 billion login credentials, including passwords, making it potentially the largest breach in history. Unlike previous reports of individual company breaches, this “mother of all leaks” is attributed to multiple infostealers, aggregating data from a vast array of online services, including major platforms like Apple, Facebook, and Google, as well as VPNs and developer portals. Crucially, cybersecurity researcher Bob Diachenko clarified that this isn’t a direct breach of these large companies’ databases but rather a collection of credentials found in infostealer logs, often linked to reused passwords. This makes the leak a severe threat, serving as a “blueprint for mass exploitation” through phishing and account takeovers, emphasizing the urgent need for robust password hygiene.

The incident reignites the debate surrounding cybersecurity responsibility. While many experts, like Javvad Malik, advocate for a “shared responsibility” model, where both organizations protect users and individuals remain vigilant, others like Paul Walsh of MetaCert disagree. Walsh argues that expecting users to become security experts when even security providers struggle against sophisticated phishing attacks is unreasonable. This highlights a fundamental tension: while users are urged to adopt stronger password practices and multi-factor authentication, the industry also faces pressure to develop more inherently secure authentication methods that mitigate the risk posed by compromised databases, irrespective of password complexity.

In response to such massive leaks, the article strongly advocates for a pivotal shift from traditional passwords to more secure passkey technology. Experts like Rew Islam from Dashlane, co-chair of the FIDO Alliance, emphasize that passkeys are no longer a “nice-to-have” but an “essential” security measure, especially with major players like Facebook recently adopting them. Passkeys leverage factors users already employ, like facial or fingerprint recognition, offering a more convenient and significantly more secure authentication experience. The expectation is that widespread adoption by more companies, from banks to social media, will build user confidence and eventually lead to passkeys becoming the dominant authentication method for the majority of internet users within the next three years.

Projects
- TryHackMe – Hashing Basics – In Progress
Articles
- Paraguay Suffered Data Breach: 7.4 Million Citizen Records Leaked on Dark Web – Resecurity researchers found 7.4 million records containing personally identifiable information (PII) of Paraguay citizens on the dark web.
- 16 Billion Apple, Facebook, Google And Other Passwords Leaked – If you thought that my May 23 report, confirming the leak of login data totaling an astonishing 184 million compromised credentials, was frightening, I hope you are sitting down now. Researchers have just confirmed what could be the largest leak ever, with an almost incredulous 16 billion login credentials, including passwords, exposed.
- Massive 7.3 Tbps DDoS Attack Delivers 37.4 TB in 45 Seconds, Targeting Hosting Provider – Cloudflare on Thursday said it autonomously blocked the largest distributed denial-of-service (DDoS) attack ever recorded, which hit a peak of 7.3 terabits per second (Tbps).
- Iran’s government says it shut down internet to protect against cyberattacks – Earlier this week, virtually everyone in Iran lost access to the internet in what was called a “near-total national internet blackout.”
- Russian hackers bypass Gmail MFA using stolen app passwords – Russian hackers bypass multi-factor authentication and access Gmail accounts by leveraging app-specific passwords in advanced social engineering attacks that impersonate U.S. Department of State officials.
Podcasts
June 23, 2025