CTRL + ALT + SEC

Tag: data exposure

What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 11/3/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: Hackers use RMM tools to breach freighters and steal cargo shipments

This sophisticated cybercrime campaign highlights a dangerous evolution in cargo theft, where digital compromise leads directly to the theft of physical goods. Threat actors are targeting the weakest links in the supply chain—specifically freight brokers and trucking carriers by deploying legitimate Remote Monitoring and Management (RMM) tools like ScreenConnect and SimpleHelp. The attack typically begins with social engineering, often involving the use of compromised accounts on online load boards to post fraudulent shipments. When a legitimate carrier responds, they are tricked into clicking a malicious link (often delivered via a hijacked email thread), which installs the RMM tool. This technique is highly effective because it leverages trusted software, allowing the attacker to establish a persistent, low-profile foothold on the victim’s network without immediately triggering suspicion or anti-virus alerts.

Once the RMM tool is installed, the cybercriminals gain complete remote control over the victim’s system. They use this access to conduct network reconnaissance and deploy credential harvesting tools, enabling them to steal logins for essential freight management systems. With this insider access, the hackers can modify or delete existing booking emails, block dispatcher notifications, and effectively impersonate the carrier. This allows them to successfully bid on real, high-value cargo loads (such as electronics or food and beverage items) and coordinate the theft, rerouting the physical shipment for illicit resale. The successful execution of this scheme suggests a strong collaboration between technical cybercrime groups and traditional organized crime that handles the physical interception and distribution of the stolen goods.

To defend against this potent threat, organizations in the logistics and transportation sectors must tighten controls over widely used software. A key preventative measure is to restrict the installation of all unapproved RMM tools, ensuring only IT-vetted and confirmed applications are allowed on company endpoints. Furthermore, technical defenses should include robust network monitoring to detect unexpected connections to RMM servers and the implementation of email gateway rules to block common malicious file types, such as .EXE and .MSI executables, from unsolicited external senders. Finally, security awareness training is crucial, as the initial point of compromise relies heavily on social engineering and exploiting the trust inherent in urgent freight negotiations.

Projects
- TryHackMe – CyberChef: The Basics – Complete
- TryHackMe – CAPA: The Basics – In Progress
Videos

Articles
- Hackers use RMM tools to breach freighters and steal cargo shipments – Threat actors are targeting freight brokers and trucking carriers with malicious links and emails to deploy remote monitoring and management tools (RMMs) that enable them to hijack cargo and steal physical goods.
- ‘We got hacked’ emails threaten to leak University of Pennsylvania data – The University of Pennsylvania suffered a cybersecurity incident on Friday, where students and alumni received a series of offensive emails from various University email addresses, claiming that data was stolen in a breach.
- EY exposes 4TB+ SQL database to open internet for who knows how long – The Big Four biz’s big fat fail exposed a boatload of secrets online
- A Cybercrime Merger Like No Other — Scattered Spider, LAPSUS$, and ShinyHunters Join Forces – The nascent collective that combines three prominent cybercrime groups, Scattered Spider, LAPSUS$, and ShinyHunters, has created no less than 16 Telegram channels since August 8, 2025.
- U.S. Sanctions 10 North Korean Entities for Laundering $12.7M in Crypto and IT Fraud – The U.S. Treasury Department on Tuesday imposed sanctions against eight individuals and two entities within North Korea’s global financial network for laundering money for various illicit schemes, including cybercrime and information technology (IT) worker fraud.
- Amazon Equips Next Underwater Cable With ‘Robust Armoring’ to Prevent Cuts – The AWS ‘Fastnet’ cable will run from Maryland to Ireland, transporting over 320Tbps. Amid growing cable sabotage, however, ‘we’re burying this cable as deeply as possible,’ Amazon says.
- SonicWall says state-sponsored hackers behind security breach in September – SonicWall’s investigation into the September security breach that exposed customers’ firewall configuration backup files concludes that state-sponsored hackers were behind the attack.
- Hyundai AutoEver America data breach exposes SSNs, drivers licenses – Hyundai AutoEver America is notifying individuals that hackers breached the company’s IT environment and gained access to personal information.
- How a ransomware gang encrypted Nevada government’s systems – The State of Nevada has published an after-action report detailing how hackers breached its systems to deploy ransomware in August, and the actions taken to recover from the attack.
- 18 Arrested in Crackdown on Credit Card Fraud Rings – Between 2016 and 2021, the suspects defrauded 4.3 million cardholders in 193 countries of €300 million (~$346 million).
- ClickFix Attacks Against macOS Users Evolving – ClickFix prompts typically contain instructions for Windows users, but now they are tailored for macOS and they are getting increasingly convincing.
- Norway transport firm steps up controls after tests show Chinese-made buses can be halted remotely – A leading Norwegian public transport operator has said it will introduce stricter security requirements and step up anti-hacking measures after a test on new Chinese-made electric buses showed the manufacturer could remotely turn them off.
- U.S. Congressional Budget Office hit by suspected foreign cyberattack – The U.S. Congressional Budget Office (CBO) confirms it suffered a cybersecurity incident after a suspected foreign hacker breached its network, potentially exposing sensitive data.
- Samsung Zero-Click Flaw Exploited to Deploy LANDFALL Android Spyware via WhatsApp – A now-patched security flaw in Samsung Galaxy Android devices was exploited as a zero-day to deliver a “commercial-grade” Android spyware dubbed LANDFALL in targeted attacks in the Middle East.
Podcasts
November 10, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 7/28/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: Tea’s data breach shows why you should be wary of new apps — especially in the AI era

This data breach highlights the inherent risks associated with entrusting sensitive personal information to new applications, particularly in an increasingly AI-driven digital landscape. The breach exposed approximately 72,000 images, including selfies and driver’s licenses, as well as over 1.1 million private direct messages containing intimate conversations. This incident serves as a stark reminder that user data, even when presumed private, can be easily exposed to a global audience with technical acumen. Despite the widespread reporting of the breach, the Tea app remarkably maintained a high ranking in app store charts, underscoring a prevailing user willingness to share sensitive data despite known security vulnerabilities.

Cybersecurity experts interviewed in the article emphasize that the risks of data exposure are amplified in the “AI era.” This heightened risk stems from several factors, including users’ growing comfort with sharing personal information with AI chatbots, which has already led to accidental public disclosures of private exchanges. Furthermore, the rise of “vibe coding”—the use of generative AI to write and refine code—introduces new security concerns. While enabling faster development, experts worry that vibe coding could lead to less secure applications as developers prioritize speed and potentially overlook robust security measures.

Ultimately, the Tea app breach serves as a critical cautionary tale, urging consumers to exercise extreme vigilance when engaging with new apps. Regardless of whether applications are developed with AI assistance or traditional methods, the core message from cybersecurity professionals is to always consider the worst-case scenario when sharing personal data. With the accelerated development of applications and adversaries increasingly leveraging AI for new attack vectors, users should anticipate a rise in data breaches and adopt a more proactive approach to safeguarding their digital privacy.

Projects
- TryHackMe – Web Application Basics – Complete
- TryHackMe – JavaScript Essentials – In Progress
White Paper
- IBM Cost of a Data Breach Report
Articles
- Insurance giant says most US customer data stolen in cyber-attack – Hackers have stolen personal information of a majority of insurance firm Allianz Life’s 1.4 million customers in North America, its parent company said.
- Dating safety app Tea breached, exposing 72,000 user images – Tea, an app that allows women to post anonymous comments about men they’ve supposedly dated, announced Friday that it has suffered a data breach, with hackers gaining access to 72,000 images.
- Scattered Spider is running a VMware ESXi hacking spree – Scattered Spider hackers have been aggressively targeting virtualized environments by attacking VMware ESXi hypervisors at U.S. companies in the retail, airline, transportation, and insurance sectors.
- FBI seizes $2.4M in Bitcoin from new Chaos ransomware operation – FBI Dallas has seized approximately 20 Bitcoins from a cryptocurrency address belonging to a Chaos ransomware member that is linked to cyberattacks and extortion payments from Texas companies.
- Minnesota Activates National Guard in Response to Cyberattack – Minnesota Governor Tim Walz called in the National Guard to assist the City of Saint Paul in responding to a cyberattack.
- Telecom Giant Orange Hit by Cyberattack – Orange was targeted by hackers in an attack that resulted in the disruption of services offered to corporate and individual customers.
- Everest Ransomware Claims Mailchimp as New Victim in Relatively Small Breach – Everest ransomware claims Mailchimp breach, leaks 943,000 lines of data. While limited in size, it adds to a spike in global ransomware activity this July.
- Your public ChatGPT queries are getting indexed by Google and other search engines – It’s a strange glimpse into the human mind: If you filter search results on Google, Bing, and other search engines to only include URLs from the domain “https://chatgpt.com/share,” you can find strangers’ conversations with ChatGPT.
- Microsoft: Russian hackers use ISP access to hack embassies in AiTM attacks – Microsoft warns that a cyber-espionage group linked to Russia’s Federal Security Service (FSB) is targeting diplomatic missions in Moscow using local internet service providers.
August 4, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 7/14/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: McDonald’s Chatbot Recruitment Platform Exposed 64 Million Job Applications

This reveals a significant data breach within McDonald’s recruitment platform, McHire, exposing the personal information of 64 million job applicants. The breach stemmed from two critical vulnerabilities: the persistence of default “123456” credentials for a test account belonging to Paradox.ai (the bot’s creator) and an insecure direct object reference (IDOR) weakness in an internal API. These flaws allowed security researchers Ian Carroll and Sam Curry unauthorized access to applicant data, including names, addresses, phone numbers, email addresses, and even the ability to view and intervene in ongoing chatbot conversations. The ease with which such widespread data could be accessed highlights severe lapses in security protocols and underscores the potential for malicious actors to exploit similar weaknesses if not promptly addressed.

The incident underscores the paramount importance of robust security practices, particularly in platforms handling vast amounts of personal identifiable information (PII). The fact that a simple, unchanged default password from a 2019 test account could grant administrative access, combined with an IDOR vulnerability allowing sequential access to applicant records, points to fundamental oversights in development and testing. While Paradox.ai swiftly remediated the vulnerabilities upon notification, the incident serves as a stark reminder that even seemingly minor security gaps can have massive implications. It also calls into question the adequacy of their penetration testing, as these issues were not identified internally prior to the researchers’ discovery.

Despite the swift resolution and Paradox.ai’s assertion that only chat interactions of five applicants were accessed by the researchers and no data was shared online, the potential for harm was immense. The exposure of 64 million applicant records, even without highly sensitive data like Social Security numbers, still presents a significant privacy concern and could lead to various forms of targeted attacks like phishing. This incident should prompt other companies utilizing similar third-party recruitment platforms to scrutinize their own security measures and demand higher standards from their vendors to prevent similar breaches and safeguard applicant data.

Projects
- TryHackMe – Web Application Basics – In Progress
Articles
- McDonald’s Chatbot Recruitment Platform Exposed 64 Million Job Applications – Two vulnerabilities in an internal API allowed unauthorized access to contacts and chats, exposing the information of 64 million McDonald’s applicants.
- Google Gemini flaw hijacks email summaries for phishing – Google Gemini for Workspace can be exploited to generate email summaries that appear legitimate but include malicious instructions or warnings that direct users to phishing sites without using attachments or direct links.
- Telegram Messenger’s Ties to Russia’s FSB Revealed in New Report – The Telegram messaging app may have ties to Russia’s Federal Security Service (FSB), according to an investigation.
- Louis Vuitton suffers two hacks in a week as customer data is accessed in UK and Korea – Louis Vuitton has revealed that customer data was stolen during an unauthorised breach of the fashion giant’s UK operation’s systems.
- Russian Basketball Star Daniil Kasatkin Arrested in Ransomware Probe – Daniil Kasatkin, a Russian pro basketball player, faces US ransomware charges after his Paris arrest. His lawyer claims he’s “useless with computers,” raising questions about his alleged negotiator role in cybercrime.
- Cloudflare says 1.1.1.1 outage not caused by attack or BGP hijack – To quash speculation of a cyberattack or BGP hijack incident causing the recent 1.1.1.1 Resolver service outage, Cloudflare explains in a post mortem that the incident was caused by an internal misconfiguration.
- China’s Salt Typhoon Hacked US National Guard – Chinese hacking group Salt Typhoon targeted a National Guard unit’s network and tapped into communications with other units.
- Former US Army member confesses to Telecom hack and extortion conspiracy – A former US Army soldier pleaded guilty to hacking telecom databases, stealing data, and extorting companies by threatening to release the stolen info.
- Popular fitness app Fitify exposes 138K user progress photos – Fitify’s publicly accessible Google cloud storage bucket has exposed hundreds of thousands of files. Some of the files were user-uploaded progress pictures that individuals upload to track their body changes over time. After Cybernews contacted the company, the unprotected instance was closed.
- Salt Typhoon breach: Chinese APT compromises U.S. Army National Guard network – China-linked APT Salt Typhoon breached a U.S. Army National Guard unit’s network, accessed configs, and intercepted communications with other units.
July 21, 2025