CTRL + ALT + SEC

Tag: ransomware

What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 10/20/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: Verizon: Mobile Blindspot Leads to Needless Data Breaches

The analysis of Verizon’s 2025 Mobile Security Index (MSI) reveals a critical and dangerous blind spot in enterprise risk management: as employees increasingly rely on personal devices for work, organizations are failing to apply commensurate security controls to the mobile frontier. This gap is rooted in a fundamental, dangerous misconception of security at both the individual and organizational level. Employees exhibit deep overconfidence, engaging in risky practices; like storing passwords in their Notes app or using their phone as the default device for “risky clicks” because they “believe nothing can happen there.” Threat actors have effectively capitalized on this low awareness by pivoting to smishing (SMS phishing), which the data shows is overwhelmingly more effective than email phishing. The 80% reported smishing attempt rate against organizations and the alarmingly high employee failure rates in simulations (with up to half of employees failing in many companies) underscore that mobile devices are now the path of least resistance for initial access breaches.

This issue is amplified by an organizational failure to evolve security policies to match the reality of hybrid work. Companies have invested heavily in desktop and server security, yet the MSI highlights a significant parity gap on the mobile side, slowing detection and response times. This gap is structural, as most organizations do not issue work phones to all employees, meaning the majority of mobile attacks (70%) land on unmanaged personal devices. Simply put, companies are falling into the same trap as their employees, ignoring a known, high-impact vulnerability. For business leaders and security professionals, the Verizon MSI presents a clear strategic mandate for immediate action. The traditional security perimeter is gone, and organizations must shift their focus from preventing device use to managing the risk associated with it. This necessitates a combined approach of robust policy implementation and mandatory, high-frequency employee education. The data provides a powerful incentive: organizations utilizing a comprehensive set of eight mobile security best practices—including Mobile Device Management (MDM) and a zero-trust architecture—are five times less likely to experience major repercussions from a breach. The cost of inaction, leading to longer detection times and system downtime, far outweighs the investment required to bring mobile security up to parity with traditional IT controls, making

Projects
- TryHackMe – Vulnerability Scanner Overview – Complete
- TryHackMe – CyberChef: The Basics – In Progress
Videos

Articles
- Massive SIM farm network powering 49 million fake accounts taken apart by Europol – Law enforcement agencies from Austria, Estonia, Finland, and Latvia, together with Europol, have seized thousands of SIM-box devices and SIM cards used in multiple scam campaigns.
- 131 Chrome Extensions Caught Hijacking WhatsApp Web for Massive Spam Campaign – Cybersecurity researchers have uncovered a coordinated campaign that leveraged 131 rebranded clones of a WhatsApp Web automation extension for Google Chrome to spam Brazilian users at scale.
- Foreign hackers breached a US nuclear weapons plant via SharePoint flaws – A foreign actor infiltrated the National Nuclear Security Administration’s Kansas City National Security Campus through vulnerabilities in Microsoft’s SharePoint browser-based app, raising questions about the need to solidify further federal IT/OT security protections.
- Russian hackers evolve malware pushed in “I am not a robot” captchas – The Russian state-backed Star Blizzard hacker group has ramped up operations with new, constantly evolving malware families (NoRobot, MaybeRobot) deployed in complex delivery chains that start with ClickFix social engineering attacks.
- Muji’s minimalist calm shattered as ransomware takes down logistics partner – Japanese retailer halts online orders after attack cripples third-party vendor
- Hundreds of masked ICE agents doxxed by hackers, as personal details posted on Telegram – Hundreds of US government officials working for the FBI, ICE, and Department of Justice have had their personal data leaked by a notorious hacking group.
- Major AWS outage took down Fortnite, Alexa, Snapchat, and more – Amazon says the cause of the AWS outage was related to DNS.
- LA Metro digital signs taken over by hackers – the digital reader boards at a bus stop at 6th Street and Vermont Avenue displaying a message that read “EMERGENCY WARNING. LEAVE IMMEDIATELY. RISK OF SUICIDE BOMB.”
- SoCal man agrees to plead guilty to acting as Beijing’s agent – A California man has agreed to plead guilty to acting as an illegal agent for the Chinese government in Southern California while working as a campaign advisor for a local politician.
- Verizon: Mobile Blindspot Leads to Needless Data Breaches – People habitually ignore cybersecurity on their phones. Instead of compensating for that, organizations are falling into the very same trap, even though available security options could cut smishing success and breaches in half.
October 27, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 9/29/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: US Auto Insurance Platform ClaimPix Leaked 10.7TB of Records Online

This colossal data exposure involving ClaimPix, an auto insurance claims platform, serves as a stark warning about the pervasive dangers of basic security failures in the digital age. The discovery of an unsecured, unencrypted database containing a staggering 10.7 terabytes and 5.1 million files highlights critical shortcomings in data governance and cloud configuration management. For a platform entrusted with managing sensitive insurance and vehicle information, leaving such a massive repository of customer PII and operational data publicly accessible due to a lack of a simple password is a fundamental breach of trust and duty. This incident underscores that even with advanced security threats dominating the news, the simplest oversight—like misconfiguring storage access—can lead to catastrophic consequences.

The contents of the leak reveal the severe implications for data privacy and corporate legal exposure. Beyond standard PII like names and addresses, the exposure of vehicle records (VINs, license plates) and, most critically, approximately 16,000 Power of Attorney documents elevates the risk far beyond mere inconvenience. This combination of personal identity details and legal authorization is a potent toolkit for sophisticated criminals, enabling everything from identity theft and financial fraud to the highly specialized crime of vehicle cloning. The severity of this specific data mix places ClaimPix under immense scrutiny for compliance violations and potential long-term harm to the affected customers, demanding a comprehensive and transparent response regarding the full duration of exposure and the root cause.

While ClaimPix’s swift action to secure the database upon receiving the responsible disclosure is commendable, the lingering questions concerning the entity responsible for the database—whether ClaimPix directly or a third-party vendor—are paramount for risk analysis. This ambiguity is a key point for every business professional, emphasizing the critical need for rigorous vendor risk management and clear data ownership protocols. The incident provides an urgent case study for organizations to stress-test their security architectures, focusing on mandatory encryption, multi-factor access controls, and regular audits of cloud storage configurations. Ultimately, the ClaimPix leak is a powerful reminder that proactive, fundamental security hygiene is the bedrock of corporate responsibility and essential for maintaining customer trust in a data-driven ecosystem.

Projects
- TryHackMe – Firewall Fundamentals – Complete
- TryHackMe – IDS Fundamentals – In Progress
Articles
- Ransomware gang sought BBC reporter’s help in hacking media giant – Threat actors claiming to represent the Medusa ransomware gang tempted a BBC correspondent to become an insider threat by offering a significant amount of money.
- Japan’s largest brewer suspends operations due to cyberattack – Asahi Group Holdings, Ltd (Asahi), the brewer of Japan’s top-selling beer, has disclosed a cyberattack that disrupted several of its operations.
- UK convicts “Bitcoin Queen” in world’s largest cryptocurrency seizure – The Metropolitan Police has secured a conviction in what is believed to be the world’s largest cryptocurrency seizure, valued at more than £5.5 billion ($7.3 billion).
- Google Ads Used to Spread Trojan Disguised as TradingView Premium – Bitdefender warns that the TradingView Premium ad scam now targets Google ads and YouTube, hijacking verified channels to spread spyware.
- Dutch teens arrested for trying to spy on Europol for Russia – Two Dutch teenage boys aged 17, reportedly used hacking devices to spy for Russia, have been arrested by the Politie on Monday.
- US Auto Insurance Platform ClaimPix Leaked 10.7TB of Records Online – Cybersecurity researcher Jeremiah Fowler discovered a massive 10.7TB ClaimPix leak exposing 5.1M customer files, vehicle data, and Power of Attorney documents. Read the full details.
- Medusa Ransomware Claims Comcast Data Breach, Demands $1.2M – Medusa ransomware group claims 834 GB data theft from Comcast, demanding $1.2M ransom while sharing screenshots and file listings.
- Nearly 50,000 Cisco firewalls vulnerable to actively exploited flaws – Roughly 50,000 Cisco Adaptive Security Appliance (ASA) and Firewall Threat Defense (FTD) appliances exposed on the public web are vulnerable to two vulnerabilities actively leveraged by hackers.
- Allianz Life says July data breach impacts 1.5 million people – Allianz Life has completed the investigation into the cyberattack it suffered in July and determined that nearly 1.5 million individuals are impacted.
- That annoying SMS phish you just got may have come from a box like this – Scammers have been abusing unsecured cellular routers used in industrial settings to blast SMS-based phishing messages in campaigns that have been ongoing since 2023, researchers said.
Podcasts
October 6, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 9/22/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: Attackers Abuse AI Tools to Generate Fake CAPTCHAs in Phishing Attacks

This new research by Trend Micro highlights a critical escalation in the cyber threat landscape, demonstrating how the very tools driving modern digital transformation, specifically AI-native development platforms are being co-opted for malicious ends. The core threat lies in the attackers’ ability to weaponize the ease of deployment, free hosting, and legitimate branding of services like Lovable, Netlify, and Vercel. By leveraging AI to rapidly generate convincing fake CAPTCHA pages, cybercriminals have streamlined their operations, lowering the technical skill and cost barrier to launching sophisticated phishing campaigns at scale. This trend forces organizations to recognize that their innovation partners (AI platforms) may inadvertently be enabling their adversaries, necessitating a complete re-evaluation of current security intelligence and threat models.

The tactical genius of this attack chain is its effectiveness in bypassing both human vigilance and automated security controls. The fake CAPTCHA serves a dual purpose: psychologically, it makes the malicious link appear legitimate to the end-user by simulating a routine security check, lowering their guard against a suspicious “Password Reset” or “USPS” notification. Technologically, it acts as a cloaking device. Automated security scanners that crawl the initial URL only encounter the CAPTCHA challenge, failing to see the credential-harvesting page hidden behind it. This redirection technique significantly enhances the success rate of the phishing operation, demonstrating that attackers are creatively adapting their social engineering and evasion techniques to overcome standard endpoint and email security defenses.

Moving forward, this research demands a robust, multi-layered response from the professional community. For security teams, traditional signature-based detection is no longer sufficient; defenses must evolve to analyze the entire redirect chain and monitor for abuse across trusted development domains. For business leaders and HR departments, the necessity of employee security awareness training is amplified, focusing specifically on verifying URLs even when a CAPTCHA is present. Ultimately, the “fake CAPTCHA” scheme underscores a broader industry challenge: balancing the benefits of agile, AI-powered development tools with the inherent risk they introduce when made accessible to all, including those with criminal intent. The industry must now collaborate to build in mechanisms that detect and shut down malicious use on these platforms swiftly and at the source.

Projects
- TryHackMe – Log Fundamentals – Complete
- TryHackMe – Introductrion to SIEM – Complete
- TryHackMe – Firewall Fundamentals – In Progress
Articles
- Attackers Abuse AI Tools to Generate Fake CAPTCHAs in Phishing Attacks – Cybercriminals are abusing AI platforms to create and host fake CAPTCHA pages to enhance phishing campaigns, according to new Trend Micro research.
- Chinese Network Selling Thousands of Fake US and Canadian IDs – New investigation exposes a China-based ring that sold over 6,500 fake United States and Canadian IDs using well-planned covert packaging. Learn how this operation threatens national security and enables financial crime.
- UK police arrested two teen Scattered Spider members linked to the 2024 attack on Transport for London – U.K. police arrested two teens from the Scattered Spider group for their role in the August 2024 cyberattack on Transport for London.
- American Archive of Public Broadcasting fixes bug exposing restricted media – A vulnerability in the American Archive of Public Broadcasting’s website allowed downloading of protected and private media for years, with the flaw quietly patched this month.
- U.S. Secret Service Seizes 300 SIM Servers, 100K Cards Threatening U.S. Officials Near UN – The U.S. Secret Service on Tuesday said it took down a network of electronic devices located across the New York tri-state area that were used to threaten U.S. government officials and posed an imminent threat to national security.
- A Massive Telecom Threat Was Stopped Right As World Leaders Gathered at UN Headquarters in New York – More than 300 servers and 100,000 SIM cards designed to mimic cellphones and overwhelm networks.
- Jaguar Land Rover Says Shutdown Will Continue Until at Least Oct 1 After Cyberattack – JLR extended the pause in production “to give clarity for the coming week as we build the timeline for the phased restart of our operations and continue our investigation.”
- How One Bad Password Ended a 158-Year-Old Business – The Northamptonshire-based firm fell victim to the Akira ransomware group after hackers gained access by guessing an employee’s weak password.
- Dutch teens arrested for trying to spy on Europol for Russia – Two Dutch teenage boys aged 17, reportedly used hacking devices to spy for Russia, have been arrested by the Politie on Monday.
- Harrods suffers new data breach exposing 430,000 customer records – UK retail giant Harrods has disclosed a new cybersecurity incident after hackers compromised a third-party supplier and stole 430,000 records with sensitive e-commerce customer information.
September 29, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 9/15/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: Former FinWise employee may have accessed nearly 700K customer records

The data breach at FinWise Bank, which affected nearly 700,000 customer records, highlights the significant and often prolonged risk posed by former employees. A former staff member was able to potentially access sensitive information for over a year after their employment ended, demonstrating a critical failure in the company’s offboarding and access control protocols. While FinWise Bank has taken standard corrective measures, such as hiring cybersecurity professionals and offering free credit monitoring to the 689,000 affected customers, the incident underscores the severe consequences of a breach that goes undetected for a lengthy period.

This incident is not isolated and falls into a growing pattern of insider-related data breaches. The article cites similar, high-profile cases at companies like Coinbase and Rippling, where former or current employees were found to have maliciously accessed or stolen data. The problem extends beyond malicious intent to include accidental breaches, such as misdirected emails. The recurring nature of these events, including a statistic about student-caused cyberattacks in schools, points to a systemic vulnerability in how organizations manage and secure internal access to sensitive information.

Experts suggest that a more strategic approach to personnel security is needed to counter these risks effectively. The analysis from Paul Martin of RUSI points out the “lacking strategic thinking” in the field and recommends proactive measures rather than reactive ones. He advocates for a stronger internal security culture, built on trust, and the creation of a dedicated working group to aggregate and analyze data that could indicate insider malfeasance. By improving these internal processes, organizations like FinWise could better protect themselves from the risks posed by both current and former employees, thus preventing future incidents of this scale.

Projects
- TryHackMe – Log Fundamentals – In Progress
Papers
- DTEX 2025 Cost of Insider Risk Global Report
Articles
- 600 GB of Alleged Great Firewall of China Data Published in Largest Leak Yet – Hackers leaked 600 GB of data linked to the Great Firewall of China, exposing documents, code, and operations. Full details available on the GFW Report.
- Google confirms hackers gained access to law enforcement portal – Google has confirmed that hackers created a fraudulent account in its Law Enforcement Request System (LERS) platform that law enforcement uses to submit official data requests to the company.
- Former FinWise employee may have accessed nearly 700K customer records – Bank says incident went undetected for over a year before discovery in June.
- Scattered Spider ransomware group abruptly decides to end operations – for now, at least: The Scattered Spider ransomware group and more than a dozen other hacker buddies have abruptly decided to close up shop. Apparently, the pressure from law enforcement agencies has become too hot to handle.
- RaccoonO365 Phishing Service Disrupted, Leader Identified – Microsoft and Cloudflare have teamed up to take down the infrastructure used by RaccoonO365.
- Scattered Spider Resurfaces With Financial Sector Attacks Despite Retirement Claims – Cybersecurity researchers have tied a fresh round of cyber attacks targeting financial services to the notorious cybercrime group known as Scattered Spider, casting doubt on their claims of going “dark.”
- BreachForums Owner Sent to Prison in Resentencing – Conor Fitzpatrick, who pleaded guilty in July 2023, was sentenced last year to time served and supervised release.
- UK arrests ‘Scattered Spider’ teens linked to Transport for London hack – Two teenagers, believed to be linked to the August 2024 cyberattack on Transport for London, have been arrested in the United Kingdom.
- Tiffany Data Breach Impacts Thousands of Customers – The high-end jewelry retailer is informing customers in the United States and Canada that hackers accessed information related to gift cards.
- U.K. Arrests Two Teen Scattered Spider Hackers Linked to August 2024 TfL Cyber Attack Law enforcement authorities in the U.K. have arrested two teen members of the Scattered Spider hacking group in connection with their alleged participation in an August 2024 cyber attack targeting Transport for London (TfL), the city’s public transportation agency.
- ChatGPT Tricked Into Solving CAPTCHAs – The AI agent was able to solve different types of CAPTCHAs and adjusted its cursor movements to better mimic human behavior.
- UNC1549 Hacks 34 Devices in 11 Telecom Firms via LinkedIn Job Lures and MINIBIKE Malware – An Iran-nexus cyber espionage group known as UNC1549 has been attributed to a new campaign targeting European telecommunications companies, successfully infiltrating 34 devices across 11 organizations as part of a recruitment-themed activity on LinkedIn.
September 22, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 9/8/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: Hackers Weaponize Amazon Simple Email Service to Send 50,000+ Malicious Emails Per Day

A recent cybercriminal campaign has been exploiting Amazon’s Simple Email Service (SES) to launch large-scale phishing attacks, delivering over 50,000 malicious emails per day. The campaign begins with attackers gaining access to AWS accounts through compromised access keys. They then use these credentials to probe the environment for SES permissions. By using a sophisticated, multi-regional approach, they are able to bypass SES’s default “sandbox” restrictions and daily email limits, unlocking the ability to send massive volumes of malicious emails.

The attackers’ infrastructure is technically advanced, utilizing both their own domains and legitimate domains with weak security configurations to facilitate email spoofing. They systematically verify these domains and create legitimate-looking email addresses to maximize the credibility of their messages. The phishing emails themselves are designed to appear as official tax-related notifications, directing victims to credential harvesting sites. To evade detection, the attackers use commercial traffic analysis services and programmatically attempt to escalate privileges within the AWS environment, though some of these attempts have failed.

This campaign highlights a growing threat where legitimate cloud services, intended for business purposes, are weaponized at scale. The successful exploitation of Amazon SES demonstrates the critical importance of robust security practices, including the need for enhanced monitoring of dormant access keys and unusual cross-regional API activity. The findings from Wiz.io researchers serve as a crucial reminder for organizations to implement more stringent security measures to prevent cloud service abuse and protect against sophisticated, large-scale cyberattacks.

Projects
- TryHackMe – SQLMap: The Basics – Complete
- TryHackMe – SOC Fundamentals – Complete
- TryHackMe – Digital Forensics Fundamentals – Complete
- TryHackMe – Incident Response Fundamentals – Complete
Videos

Articles
- Plex tells users to reset passwords after new data breach – Media streaming platform Plex is warning customers to reset passwords after suffering a data breach in which a hacker was able to steal customer authentication data from one of its databases.
- iCloud Calendar abused to send phishing emails from Apple’s servers – iCloud Calendar invites are being abused to send callback phishing emails disguised as purchase notifications directly from Apple’s email servers, making them more likely to bypass spam filters to land in targets’ inboxes.
- Hackers Weaponize Amazon Simple Email Service to Send 50,000+ Malicious Emails Per Day – A sophisticated cybercriminal campaign has emerged, exploiting Amazon’s Simple Email Service (SES) to orchestrate large-scale phishing operations capable of delivering over 50,000 malicious emails daily.
- Remote CarPlay Hack Puts Drivers at Risk of Distraction and Surveillance – Oligo Security has shared details on an Apple CarPlay attack that hackers may be able to launch without any interaction.
- Apple warns customers targeted in recent spyware attacks – Apple warned customers last week that their devices were targeted in a new series of spyware attacks, according to the French national Computer Emergency Response Team (CERT-FR).
- U.S. Senator accuses Microsoft of “gross cybersecurity negligence” – U.S. Senator Ron Wyden has sent a letter to the Federal Trade Commission (FTC) requesting the agency to investigate Microsoft for failing to provide adequate security in its products, which led to ransomware attacks against healthcare organizations.
- Man gets over 4 years in prison for selling unreleased movies – A Tennessee court has sentenced a Memphis man who worked for a DVD and Blu-ray manufacturing and distribution company to 57 months in prison for stealing and selling digital copies of unreleased movies.
Podcasts
September 15, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 8/18/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: HR giant Workday discloses data breach after Salesforce attack

Workday, a major human resources software provider, has disclosed a data breach stemming from a social engineering attack that compromised a third-party customer relationship management (CRM) platform. While Workday explicitly stated that its core customer tenants and their sensitive data were not affected, the breach exposed business contact information, including names, email addresses, and phone numbers of customers. This type of information, though not directly sensitive, is crucial for threat actors to execute more sophisticated social engineering or phishing campaigns against Workday’s extensive client base, which includes over 60% of Fortune 500 companies.

Further investigation revealed that the Workday incident is part of a broader series of attacks orchestrated by the notorious ShinyHunters extortion group. These attacks specifically target Salesforce CRM instances through social engineering and voice phishing, tricking employees into linking malicious OAuth applications. Once linked, the attackers gain access to and steal company databases, using the stolen data for extortion. This widespread campaign has impacted numerous other high-profile companies, including Adidas, Google, Louis Vuitton, and Chanel, highlighting a significant and ongoing threat to organizations relying on third-party CRM platforms.

The Workday breach underscores the pervasive and evolving nature of social engineering threats, particularly when they target critical third-party vendors in an organization’s supply chain. Even with robust internal security, a single vulnerability in a partner’s system can expose valuable data that fuels subsequent, more damaging attacks. The involvement of a sophisticated group like ShinyHunters, known for large-scale data theft and extortion, emphasizes the need for continuous employee training on social engineering tactics, multi-factor authentication, and stringent oversight of third-party access to corporate data.

Projects
- TryHackMe – JavaScript Essentials – Complete
- TryHackMe – SQL Fundamentals – In Progress
Videos

Articles
- HR giant Workday discloses data breach after Salesforce attack – Human resources giant Workday has disclosed a data breach after attackers gained access to a third-party customer relationship management (CRM) platform in a recent social engineering attack.
- UK telecom firm Colt suffers massive ransomware attack – UK telecoms and network services company Colt suffered a cyberattack, claimed by the Warlock ransomware gang.
- Hotels in Italy suffer a potentially massive breach – Tens of thousands of allegedly stolen documents include high-resolution scans of passports and ID cards used by customers during check-in, according to Italian authorities.
- DOJ Charges 22-Year-Old for Running RapperBot Botnet Behind 370,000 DDoS Attacks – A 22-year-old man from the U.S. state of Oregon has been charged with allegedly developing and overseeing a distributed denial-of-service (DDoS)-for-hire botnet called RapperBot.
- Security researcher driven by free nuggets unearths McDonald’s security flaw — changing ‘login’ to ‘register’ in URL prompted site to issue plain text password for a new account
- Scattered Spider hacker gets sentenced to 10 years in prison – Noah Michael Urban, a key member of the Scattered Spider cybercrime collective, was sentenced to 10 years in prison on Wednesday after pleading guilty to charges of wire fraud and conspiracy in April.
- Dev gets 4 years for creating kill switch on ex-employer’s systems – A software developer has been sentenced to four years in prison for sabotaging his ex-employer’s Windows network with custom malware and a kill switch that locked out employees when his account was disabled.
- U.S. Navy Sailor Convicted of Spying for China – Wei was an active-duty U.S. Navy sailor stationed at Naval Base San Diego when he agreed to sell Navy secrets to a Chinese intelligence officer for $12,000.
Podcasts
August 25, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 8/11/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: New York claims Zelle’s shoddy security enabled a billion dollars in scams

The lawsuit claims that Zelle, a payment platform owned by major banks, was launched with significant security flaws that enabled a billion dollars in customer fraud between 2017 and 2023. Attorney General James alleges that the company behind Zelle, Early Warning Services (EWS), was aware of these vulnerabilities from the start but failed to implement basic safeguards. The lawsuit highlights issues such as a flawed registration process that allowed scammers to use misleading email addresses to impersonate legitimate entities, making it easy to trick users into sending them money.

The complaint also accuses EWS of failing to ensure that banks reported customer complaints about fraud in a timely manner. The lawsuit states that Zelle falsely advertised its service as a “safe” money transfer tool and did not promptly remove fraudulent accounts or require banks to reimburse consumers for certain scams. This legal action mirrors a previous lawsuit filed by the Consumer Financial Protection Bureau, which was later dropped.

In response to the lawsuit, Zelle spokesperson Eric Blankenbaker called it a “political stunt” and denied the claims. He stated that Zelle “leads the fight to stop fraud and scams” and argued that the Attorney General’s lawsuit would ultimately put consumers at greater risk by providing criminals with a blueprint for guaranteed payouts. The lawsuit seeks restitution and damages for New Yorkers who have been harmed by Zelle’s alleged security failures.

Projects
- TryHackMe – JavaScript Essentials – In Progress
Webinars
- SANS Security Awareness Virtual Conference
- Proofpoint Power Series – Threat Intel Unfiltered
Videos

Articles
- WinRAR Zero-Day Under Active Exploitation – Update to Latest Version Immediately: Tracked as CVE-2025-8088 (CVSS score: 8.8), the issue has been described as a case of path traversal affecting the Windows version of the tool that could be exploited to obtain arbitrary code execution by crafting malicious archive files.
- Security flaws in a carmaker’s web portal let one hacker remotely unlock cars from anywhere – A security researcher said flaws in a carmaker’s online dealership portal exposed the private information and vehicle data of its customers, and could have allowed hackers to remotely break into any of its customers’ vehicles.
- Manpower franchise discloses data theft after RansomHub posts alleged stolen data – And yes, there’s the usual credit monitoring
- Hyundai wants Ioniq 5 owners to pay to fix a keyless entry security hole – Some Ioniq 5 models are vulnerable to thieves using a Game Boy-like handheld device.
- Russian government hackers said to be behind US federal court filing system hack: Report – The Russian government is allegedly behind the data breach affecting the U.S. court filing system known as PACER, according to The New York Times.
- New York claims Zelle’s shoddy security enabled a billion dollars in scams – Attorney General Letitia James claims Zelle launched with serious security flaws that made the platform ‘uniquely susceptible to fraud.
- Plex warns users to patch security vulnerability immediately – Plex has notified some of its users on Thursday to urgently update their media servers due to a recently patched security vulnerability.
Podcasts
August 18, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 8/4/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: Hacker extradited to US for stealing $3.3 million from taxpayers

The article details the successful extradition of Nigerian national Chukwuemeka Victor Amachukwu from France to the U.S., where he faces charges related to a sophisticated hacking and fraud scheme. The core of his alleged criminal activity involved spearphishing attacks targeting U.S. tax preparation businesses. By gaining unauthorized access to these businesses’ computer systems, Amachukwu and his co-conspirators were able to steal the personal data of thousands of American citizens. This stolen information was then used to file fraudulent tax returns and Small Business Administration (SBA) loan applications, resulting in over $3.3 million in confirmed losses to the U.S. government. The extradition underscores the international cooperation necessary to combat cybercrime and demonstrates a commitment by law enforcement to pursue and prosecute individuals who exploit digital vulnerabilities for financial gain, regardless of their physical location.

Beyond the tax and loan fraud, the article highlights Amachukwu’s alleged involvement in a separate, parallel scam. This second scheme involved a fake investment opportunity where victims were convinced to invest millions in non-existent standby letters of credit. This dual-pronged criminal activity paints a picture of a perpetrator who engaged in multiple forms of financial deception, exploiting both technological vulnerabilities and human trust. The indictment against Amachukwu reflects the seriousness of his alleged crimes, with charges including conspiracy to commit computer intrusions, wire fraud, and aggravated identity theft. The potential penalties, including a mandatory two-year consecutive sentence for aggravated identity theft and up to 20 years for each wire fraud count, illustrate the severe legal consequences for such offenses.

The extradition and subsequent court appearance of Amachukwu serve as a significant development in the case, moving it from international pursuit to domestic prosecution. The fact that he was apprehended and extradited from France, where he was presumably located after the alleged crimes took place, showcases the global reach of U.S. law enforcement and its ability to work with international partners to bring suspects to justice. While a trial date has yet to be scheduled, the article makes it clear that the U.S. government is not only seeking a conviction but also the forfeiture of all proceeds from his criminal activities. This aggressive legal approach aims to both punish the perpetrator and recover the stolen funds, providing a comprehensive response to the financial and personal damage caused by his fraudulent schemes.

Projects
- TryHackMe – JavaScript Essentials – In Progress
Whitepapers
- CrowdStrike 2025 Threat Hunting Report
Articles
- CL-STA-0969 Installs Covert Malware in Telecom Networks During 10-Month Espionage Campaign – Telecommunications organizations in Southeast Asia have been targeted by a state-sponsored threat actor known as CL-STA-0969 to facilitate remote control over compromised networks.
- Python-powered malware snags hundreds of credit cards, 200K passwords, and 4M cookies – PXA Stealer pilfers data from nearly 40 browsers, including Chrome
- North Korea sent me abroad to be a secret IT worker. My wages funded the regime – Jin-su says over the years he used hundreds of fake IDs to apply for remote IT work with Western companies. It was part of a vast undercover scheme to raise funds for North Korea.
- Cisco Says User Data Stolen in CRM Hack – Cisco has disclosed a data breach affecting Cisco.com user accounts, including names, email address, and phone numbers.
- What the Coinbase Breach Says About Insider Risk – The lesson from the breach is not just about what went wrong — but what could have gone right.
- PBS confirms data breach after employee info leaked on Discord servers – PBS has suffered a data breach exposing the corporate contact information of its employees and those of its affiliates, BleepingComputer has learned.
- Hacker extradited to US for stealing $3.3 million from taxpayers – Nigerian national Chukwuemeka Victor Amachukwu has been extradited from France to the U.S. to face charges of hacking, fraud, and identity theft for suspected spearphishing attacks on U.S. tax preparation businesses.
- Hacker used a voice phishing attack to steal Cisco customers’ personal information – A cybercriminal tricked a Cisco representative into granting them access to steal the personal information of Cisco.com users, the company said on Tuesday.
- Air France and KLM disclose data breaches impacting customers – Air France and KLM announced on Wednesday that attackers had breached a customer service platform and stolen the data of an undisclosed number of customers.
- Hacker extradited to US for stealing $3.3 million from taxpayers – Nigerian national Chukwuemeka Victor Amachukwu has been extradited from France to the U.S. to face charges of hacking, fraud, and identity theft for suspected spearphishing attacks on U.S. tax preparation businesses.
Podcasts
- Smashing Security – 428: Red flags, leaked chats, and a final farewell
- The 404 Media Podcast – How AI is being used by hackers and criminals
August 11, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 7/28/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: Tea’s data breach shows why you should be wary of new apps — especially in the AI era

This data breach highlights the inherent risks associated with entrusting sensitive personal information to new applications, particularly in an increasingly AI-driven digital landscape. The breach exposed approximately 72,000 images, including selfies and driver’s licenses, as well as over 1.1 million private direct messages containing intimate conversations. This incident serves as a stark reminder that user data, even when presumed private, can be easily exposed to a global audience with technical acumen. Despite the widespread reporting of the breach, the Tea app remarkably maintained a high ranking in app store charts, underscoring a prevailing user willingness to share sensitive data despite known security vulnerabilities.

Cybersecurity experts interviewed in the article emphasize that the risks of data exposure are amplified in the “AI era.” This heightened risk stems from several factors, including users’ growing comfort with sharing personal information with AI chatbots, which has already led to accidental public disclosures of private exchanges. Furthermore, the rise of “vibe coding”—the use of generative AI to write and refine code—introduces new security concerns. While enabling faster development, experts worry that vibe coding could lead to less secure applications as developers prioritize speed and potentially overlook robust security measures.

Ultimately, the Tea app breach serves as a critical cautionary tale, urging consumers to exercise extreme vigilance when engaging with new apps. Regardless of whether applications are developed with AI assistance or traditional methods, the core message from cybersecurity professionals is to always consider the worst-case scenario when sharing personal data. With the accelerated development of applications and adversaries increasingly leveraging AI for new attack vectors, users should anticipate a rise in data breaches and adopt a more proactive approach to safeguarding their digital privacy.

Projects
- TryHackMe – Web Application Basics – Complete
- TryHackMe – JavaScript Essentials – In Progress
White Paper
- IBM Cost of a Data Breach Report
Articles
- Insurance giant says most US customer data stolen in cyber-attack – Hackers have stolen personal information of a majority of insurance firm Allianz Life’s 1.4 million customers in North America, its parent company said.
- Dating safety app Tea breached, exposing 72,000 user images – Tea, an app that allows women to post anonymous comments about men they’ve supposedly dated, announced Friday that it has suffered a data breach, with hackers gaining access to 72,000 images.
- Scattered Spider is running a VMware ESXi hacking spree – Scattered Spider hackers have been aggressively targeting virtualized environments by attacking VMware ESXi hypervisors at U.S. companies in the retail, airline, transportation, and insurance sectors.
- FBI seizes $2.4M in Bitcoin from new Chaos ransomware operation – FBI Dallas has seized approximately 20 Bitcoins from a cryptocurrency address belonging to a Chaos ransomware member that is linked to cyberattacks and extortion payments from Texas companies.
- Minnesota Activates National Guard in Response to Cyberattack – Minnesota Governor Tim Walz called in the National Guard to assist the City of Saint Paul in responding to a cyberattack.
- Telecom Giant Orange Hit by Cyberattack – Orange was targeted by hackers in an attack that resulted in the disruption of services offered to corporate and individual customers.
- Everest Ransomware Claims Mailchimp as New Victim in Relatively Small Breach – Everest ransomware claims Mailchimp breach, leaks 943,000 lines of data. While limited in size, it adds to a spike in global ransomware activity this July.
- Your public ChatGPT queries are getting indexed by Google and other search engines – It’s a strange glimpse into the human mind: If you filter search results on Google, Bing, and other search engines to only include URLs from the domain “https://chatgpt.com/share,” you can find strangers’ conversations with ChatGPT.
- Microsoft: Russian hackers use ISP access to hack embassies in AiTM attacks – Microsoft warns that a cyber-espionage group linked to Russia’s Federal Security Service (FSB) is targeting diplomatic missions in Moscow using local internet service providers.
August 4, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 7/21/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: Woman gets 8 years for aiding North Koreans infiltrate 300 US firms

This article details the sentencing of Christina Marie Chapman to 102 months in prison for her pivotal role in a sophisticated scheme that allowed North Korean IT workers to infiltrate over 300 U.S. companies. Chapman facilitated this by operating a “laptop farm” in her Arizona home, creating the illusion that the workers were based in the United States. Her co-conspirator, Ukrainian citizen Oleksandr Didenko, ran an online platform, UpWorkSell, which provided false identities for the North Koreans seeking remote IT positions. This elaborate operation enabled the North Korean workers to illicitly collect over $17 million, a portion of which was funneled through Chapman’s financial accounts.

The scope of this infiltration was extensive, with North Korean individuals securing remote software and application development roles in a wide array of high-profile U.S. entities, including Fortune 500 companies, an aerospace and defense firm, a major television network, and a Silicon Valley technology company. This access not only generated significant illicit revenue for the North Korean regime but also posed substantial national security risks by potentially exposing sensitive information and intellectual property within critical U.S. industries. The scheme highlights the persistent and evolving methods used by foreign adversaries to exploit vulnerabilities in remote work environments.

In response to this and similar incidents, U.S. authorities have intensified their efforts to counter North Korean IT worker schemes. The Department of Justice has been actively disrupting extensive networks involved in these operations, leading to charges against individuals like Chapman and Didenko, as well as other foreign nationals. Concurrently, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has issued sanctions against North Korean front companies and associated individuals. These actions, coupled with updated FBI guidance for U.S. businesses and joint advisories with international partners, underscore a concerted strategy to mitigate the threat posed by North Korea’s illicit revenue generation and espionage activities.

Projects
- TryHackMe – Web Application Basics – In Progress
Articles
- Ivanti Zero-Days Exploited to Drop MDifyLoader and Launch In-Memory Cobalt Strike Attacks – Cybersecurity researchers have disclosed details of a new malware called MDifyLoader that has been observed in conjunction with cyber attacks exploiting security flaws in Ivanti Connect Secure (ICS) appliances.
- CISA Orders Urgent Patching After Chinese Hackers Exploit SharePoint Flaws in Live Attacks – The U.S. Cybersecurity and Infrastructure Security Agency (CISA), on July 22, 2025, added two Microsoft SharePoint flaws, CVE-2025-49704 and CVE-2025-49706, to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
- Ukraine arrests suspected admin of XSS Russian hacking forum – The suspected administrator of the Russian-speaking hacking forum XSS.is was arrested by the Ukrainian authorities yesterday at the request of the Paris public prosecutor’s office.
- ExpressVPN bug leaked user IPs in Remote Desktop sessions – ExpressVPN has fixed a flaw in its Windows client that caused Remote Desktop Protocol (RDP) traffic to bypass the virtual private network (VPN) tunnel, exposing the users’ real IP addresses.
- Nuclear Weapons Agency Breached in Microsoft SharePoint Hack – The US agency responsible for maintaining and designing the nation’s cache of nuclear weapons was among those breached by a hack of Microsoft Corp.’s SharePoint document management software, according to a person with knowledge of the matter.
- Scattered Spider Hijacks VMware ESXi to Deploy Ransomware on Critical U.S. Infrastructure – The notorious cybercrime group known as Scattered Spider is targeting VMware ESXi hypervisors in attacks targeting retail, airline, and transportation sectors in North America.
- UK Student Sentenced to Prison for Selling Phishing Kits – Ollie Holman was sentenced to prison for selling over 1,000 phishing kits that caused estimated losses of over $134 million.
- Woman gets 8 years for aiding North Koreans infiltrate 300 US firms – Christina Marie Chapman, a 50-year-old woman from Arizona, was sentenced to 102 months in prison after pleading guilty to her involvement in a scheme that enabled North Korean IT workers to infiltrate 309 U.S. companies.
Podcasts
July 28, 2025