CTRL + ALT + SEC

Tag: Threat Intelligence

What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 10/6/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: The Salesloft-Drift Breach: Analyzing the Biggest SaaS Breach of 2025

Analysis of The Salesloft-Drift SaaS Supply Chain Breach

This article effectively spotlights the most critical emerging threat in enterprise security: the SaaS supply chain attack leveraging unmonitored SaaS-to-SaaS integrations. The breach of Salesloft and Drift, attributed to sophisticated groups like ShinyHunters and Scattered Spider, serves as a powerful case study for a fundamental shift in risk. Since most modern businesses rely on an interconnected ecosystem of applications like Salesforce and Gmail, a compromise in a single low-profile third-party vendor offers a “10x force multiplier” for attackers, allowing them to pivot laterally into hundreds of downstream customer environments. This risk profile—where a company’s sensitive data is accessed not through a firewall failure but through a trusted connection and persistent OAuth token—is highly relevant to all LinkedIn professionals, especially those in leadership and IT/DevOps roles responsible for vendor risk and cloud security architecture.

The analysis of why “traditional SaaS security failed” underscores the growing SaaS Security Gap. Legacy security tools, designed for on-premise networks or simple SaaS usage, are blind to the five critical attack vectors: the persistent nature of compromised OAuth tokens, the ability for attackers to conduct SaaS-to-SaaS lateral movement, and the complete lack of visibility into these third-party connections. This is a direct challenge to the common belief that simply having an identity and access management (IAM) solution is sufficient, as IAM often trusts OAuth tokens by design. The article thus compels organizations to shift their focus from protecting the network perimeter to continuously monitoring the permissions, configurations, and behavioral patterns within and across their interconnected cloud applications.

The proposed solution, Dynamic SaaS Security from the article’s publisher, Reco, frames the next necessary evolution in defense. It details a multi-layered strategy that directly counters each attack vector by providing instant discovery of risky SaaS-to-SaaS connections, continuous monitoring of OAuth token usage, and cross-SaaS threat detection.¹ For security professionals, this translates into actionable steps: prioritizing the active scanning and removal of secrets and API keys embedded in SaaS environments and implementing real-time behavioral policies that look for anomalous activity that spans multiple applications.² Ultimately, the Salesloft-Drift breach is presented not just as a news event, but as a watershed moment proving that static, siloed security is obsolete in the era of hyper-connected cloud workflows.

Projects
- TryHackMe – IDS Fundamentals – Complete
- TryHackMe – Vulnerability Scanner Overview – In Progress
Videos

Articles
- Discord discloses data breach after hackers steal support tickets – Hackers stole partial payment information and personally identifiable data, including names and government-issued IDs, from some Discord users after compromising a third-party customer service provider.
- CometJacking: One Click Can Turn Perplexity’s Comet AI Browser Into a Data Thief – Cybersecurity researchers have disclosed details of a new attack called CometJacking targeting Perplexity’s agentic AI browser Comet by embedding malicious prompts within a seemingly innocuous link to siphon sensitive data, including from connected services, like email and calendar.
- ParkMobile pays… $1 each for 2021 data breach that hit 22 million – ParkMobile has finally wrapped up a class action lawsuit over the platform’s 2021 data breach that hit 22 million users.
- Hacking group claims theft of 1 billion records from Salesforce customer databases – A notorious predominantly English-speaking hacking group has launched a website to extort its victims, threatening to release about a billion records stolen from companies who store their customers’ data in cloud databases hosted by Salesforce.
- The Salesloft-Drift Breach: Analyzing the Biggest SaaS Breach of 2025 – Supply chain attacks that exploit unmonitored SaaS-to-SaaS integrations affect ten times more companies than traditional credential-based breaches.
- DraftKings warns of account breaches in credential stuffing attacks – Sports betting giant DraftKings has notified an undisclosed number of customers that their accounts had been hacked in a recent wave of credential stuffing attacks.
- California enacts law giving consumers ability to universally opt out of data sharing – California Gov. Gavin Newsom on Wednesday signed a bill which requires web browsers to make it easier for Californians to opt-out of allowing third parties to sell their data.
- Fake ‘Inflation Refund’ texts target New Yorkers in new scam – An ongoing smishing campaign is targeting New Yorkers with text messages posing as the Department of Taxation and Finance, claiming to offer “Inflation Refunds” in an attempt to steal victims’ personal and financial data.
October 13, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 9/22/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: Attackers Abuse AI Tools to Generate Fake CAPTCHAs in Phishing Attacks

This new research by Trend Micro highlights a critical escalation in the cyber threat landscape, demonstrating how the very tools driving modern digital transformation, specifically AI-native development platforms are being co-opted for malicious ends. The core threat lies in the attackers’ ability to weaponize the ease of deployment, free hosting, and legitimate branding of services like Lovable, Netlify, and Vercel. By leveraging AI to rapidly generate convincing fake CAPTCHA pages, cybercriminals have streamlined their operations, lowering the technical skill and cost barrier to launching sophisticated phishing campaigns at scale. This trend forces organizations to recognize that their innovation partners (AI platforms) may inadvertently be enabling their adversaries, necessitating a complete re-evaluation of current security intelligence and threat models.

The tactical genius of this attack chain is its effectiveness in bypassing both human vigilance and automated security controls. The fake CAPTCHA serves a dual purpose: psychologically, it makes the malicious link appear legitimate to the end-user by simulating a routine security check, lowering their guard against a suspicious “Password Reset” or “USPS” notification. Technologically, it acts as a cloaking device. Automated security scanners that crawl the initial URL only encounter the CAPTCHA challenge, failing to see the credential-harvesting page hidden behind it. This redirection technique significantly enhances the success rate of the phishing operation, demonstrating that attackers are creatively adapting their social engineering and evasion techniques to overcome standard endpoint and email security defenses.

Moving forward, this research demands a robust, multi-layered response from the professional community. For security teams, traditional signature-based detection is no longer sufficient; defenses must evolve to analyze the entire redirect chain and monitor for abuse across trusted development domains. For business leaders and HR departments, the necessity of employee security awareness training is amplified, focusing specifically on verifying URLs even when a CAPTCHA is present. Ultimately, the “fake CAPTCHA” scheme underscores a broader industry challenge: balancing the benefits of agile, AI-powered development tools with the inherent risk they introduce when made accessible to all, including those with criminal intent. The industry must now collaborate to build in mechanisms that detect and shut down malicious use on these platforms swiftly and at the source.

Projects
- TryHackMe – Log Fundamentals – Complete
- TryHackMe – Introductrion to SIEM – Complete
- TryHackMe – Firewall Fundamentals – In Progress
Articles
- Attackers Abuse AI Tools to Generate Fake CAPTCHAs in Phishing Attacks – Cybercriminals are abusing AI platforms to create and host fake CAPTCHA pages to enhance phishing campaigns, according to new Trend Micro research.
- Chinese Network Selling Thousands of Fake US and Canadian IDs – New investigation exposes a China-based ring that sold over 6,500 fake United States and Canadian IDs using well-planned covert packaging. Learn how this operation threatens national security and enables financial crime.
- UK police arrested two teen Scattered Spider members linked to the 2024 attack on Transport for London – U.K. police arrested two teens from the Scattered Spider group for their role in the August 2024 cyberattack on Transport for London.
- American Archive of Public Broadcasting fixes bug exposing restricted media – A vulnerability in the American Archive of Public Broadcasting’s website allowed downloading of protected and private media for years, with the flaw quietly patched this month.
- U.S. Secret Service Seizes 300 SIM Servers, 100K Cards Threatening U.S. Officials Near UN – The U.S. Secret Service on Tuesday said it took down a network of electronic devices located across the New York tri-state area that were used to threaten U.S. government officials and posed an imminent threat to national security.
- A Massive Telecom Threat Was Stopped Right As World Leaders Gathered at UN Headquarters in New York – More than 300 servers and 100,000 SIM cards designed to mimic cellphones and overwhelm networks.
- Jaguar Land Rover Says Shutdown Will Continue Until at Least Oct 1 After Cyberattack – JLR extended the pause in production “to give clarity for the coming week as we build the timeline for the phased restart of our operations and continue our investigation.”
- How One Bad Password Ended a 158-Year-Old Business – The Northamptonshire-based firm fell victim to the Akira ransomware group after hackers gained access by guessing an employee’s weak password.
- Dutch teens arrested for trying to spy on Europol for Russia – Two Dutch teenage boys aged 17, reportedly used hacking devices to spy for Russia, have been arrested by the Politie on Monday.
- Harrods suffers new data breach exposing 430,000 customer records – UK retail giant Harrods has disclosed a new cybersecurity incident after hackers compromised a third-party supplier and stole 430,000 records with sensitive e-commerce customer information.
September 29, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 8/11/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: New York claims Zelle’s shoddy security enabled a billion dollars in scams

The lawsuit claims that Zelle, a payment platform owned by major banks, was launched with significant security flaws that enabled a billion dollars in customer fraud between 2017 and 2023. Attorney General James alleges that the company behind Zelle, Early Warning Services (EWS), was aware of these vulnerabilities from the start but failed to implement basic safeguards. The lawsuit highlights issues such as a flawed registration process that allowed scammers to use misleading email addresses to impersonate legitimate entities, making it easy to trick users into sending them money.

The complaint also accuses EWS of failing to ensure that banks reported customer complaints about fraud in a timely manner. The lawsuit states that Zelle falsely advertised its service as a “safe” money transfer tool and did not promptly remove fraudulent accounts or require banks to reimburse consumers for certain scams. This legal action mirrors a previous lawsuit filed by the Consumer Financial Protection Bureau, which was later dropped.

In response to the lawsuit, Zelle spokesperson Eric Blankenbaker called it a “political stunt” and denied the claims. He stated that Zelle “leads the fight to stop fraud and scams” and argued that the Attorney General’s lawsuit would ultimately put consumers at greater risk by providing criminals with a blueprint for guaranteed payouts. The lawsuit seeks restitution and damages for New Yorkers who have been harmed by Zelle’s alleged security failures.

Projects
- TryHackMe – JavaScript Essentials – In Progress
Webinars
- SANS Security Awareness Virtual Conference
- Proofpoint Power Series – Threat Intel Unfiltered
Videos

Articles
- WinRAR Zero-Day Under Active Exploitation – Update to Latest Version Immediately: Tracked as CVE-2025-8088 (CVSS score: 8.8), the issue has been described as a case of path traversal affecting the Windows version of the tool that could be exploited to obtain arbitrary code execution by crafting malicious archive files.
- Security flaws in a carmaker’s web portal let one hacker remotely unlock cars from anywhere – A security researcher said flaws in a carmaker’s online dealership portal exposed the private information and vehicle data of its customers, and could have allowed hackers to remotely break into any of its customers’ vehicles.
- Manpower franchise discloses data theft after RansomHub posts alleged stolen data – And yes, there’s the usual credit monitoring
- Hyundai wants Ioniq 5 owners to pay to fix a keyless entry security hole – Some Ioniq 5 models are vulnerable to thieves using a Game Boy-like handheld device.
- Russian government hackers said to be behind US federal court filing system hack: Report – The Russian government is allegedly behind the data breach affecting the U.S. court filing system known as PACER, according to The New York Times.
- New York claims Zelle’s shoddy security enabled a billion dollars in scams – Attorney General Letitia James claims Zelle launched with serious security flaws that made the platform ‘uniquely susceptible to fraud.
- Plex warns users to patch security vulnerability immediately – Plex has notified some of its users on Thursday to urgently update their media servers due to a recently patched security vulnerability.
Podcasts
August 18, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 8/4/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: Hacker extradited to US for stealing $3.3 million from taxpayers

The article details the successful extradition of Nigerian national Chukwuemeka Victor Amachukwu from France to the U.S., where he faces charges related to a sophisticated hacking and fraud scheme. The core of his alleged criminal activity involved spearphishing attacks targeting U.S. tax preparation businesses. By gaining unauthorized access to these businesses’ computer systems, Amachukwu and his co-conspirators were able to steal the personal data of thousands of American citizens. This stolen information was then used to file fraudulent tax returns and Small Business Administration (SBA) loan applications, resulting in over $3.3 million in confirmed losses to the U.S. government. The extradition underscores the international cooperation necessary to combat cybercrime and demonstrates a commitment by law enforcement to pursue and prosecute individuals who exploit digital vulnerabilities for financial gain, regardless of their physical location.

Beyond the tax and loan fraud, the article highlights Amachukwu’s alleged involvement in a separate, parallel scam. This second scheme involved a fake investment opportunity where victims were convinced to invest millions in non-existent standby letters of credit. This dual-pronged criminal activity paints a picture of a perpetrator who engaged in multiple forms of financial deception, exploiting both technological vulnerabilities and human trust. The indictment against Amachukwu reflects the seriousness of his alleged crimes, with charges including conspiracy to commit computer intrusions, wire fraud, and aggravated identity theft. The potential penalties, including a mandatory two-year consecutive sentence for aggravated identity theft and up to 20 years for each wire fraud count, illustrate the severe legal consequences for such offenses.

The extradition and subsequent court appearance of Amachukwu serve as a significant development in the case, moving it from international pursuit to domestic prosecution. The fact that he was apprehended and extradited from France, where he was presumably located after the alleged crimes took place, showcases the global reach of U.S. law enforcement and its ability to work with international partners to bring suspects to justice. While a trial date has yet to be scheduled, the article makes it clear that the U.S. government is not only seeking a conviction but also the forfeiture of all proceeds from his criminal activities. This aggressive legal approach aims to both punish the perpetrator and recover the stolen funds, providing a comprehensive response to the financial and personal damage caused by his fraudulent schemes.

Projects
- TryHackMe – JavaScript Essentials – In Progress
Whitepapers
- CrowdStrike 2025 Threat Hunting Report
Articles
- CL-STA-0969 Installs Covert Malware in Telecom Networks During 10-Month Espionage Campaign – Telecommunications organizations in Southeast Asia have been targeted by a state-sponsored threat actor known as CL-STA-0969 to facilitate remote control over compromised networks.
- Python-powered malware snags hundreds of credit cards, 200K passwords, and 4M cookies – PXA Stealer pilfers data from nearly 40 browsers, including Chrome
- North Korea sent me abroad to be a secret IT worker. My wages funded the regime – Jin-su says over the years he used hundreds of fake IDs to apply for remote IT work with Western companies. It was part of a vast undercover scheme to raise funds for North Korea.
- Cisco Says User Data Stolen in CRM Hack – Cisco has disclosed a data breach affecting Cisco.com user accounts, including names, email address, and phone numbers.
- What the Coinbase Breach Says About Insider Risk – The lesson from the breach is not just about what went wrong — but what could have gone right.
- PBS confirms data breach after employee info leaked on Discord servers – PBS has suffered a data breach exposing the corporate contact information of its employees and those of its affiliates, BleepingComputer has learned.
- Hacker extradited to US for stealing $3.3 million from taxpayers – Nigerian national Chukwuemeka Victor Amachukwu has been extradited from France to the U.S. to face charges of hacking, fraud, and identity theft for suspected spearphishing attacks on U.S. tax preparation businesses.
- Hacker used a voice phishing attack to steal Cisco customers’ personal information – A cybercriminal tricked a Cisco representative into granting them access to steal the personal information of Cisco.com users, the company said on Tuesday.
- Air France and KLM disclose data breaches impacting customers – Air France and KLM announced on Wednesday that attackers had breached a customer service platform and stolen the data of an undisclosed number of customers.
- Hacker extradited to US for stealing $3.3 million from taxpayers – Nigerian national Chukwuemeka Victor Amachukwu has been extradited from France to the U.S. to face charges of hacking, fraud, and identity theft for suspected spearphishing attacks on U.S. tax preparation businesses.
Podcasts
- Smashing Security – 428: Red flags, leaked chats, and a final farewell
- The 404 Media Podcast – How AI is being used by hackers and criminals
August 11, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 7/28/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: Tea’s data breach shows why you should be wary of new apps — especially in the AI era

This data breach highlights the inherent risks associated with entrusting sensitive personal information to new applications, particularly in an increasingly AI-driven digital landscape. The breach exposed approximately 72,000 images, including selfies and driver’s licenses, as well as over 1.1 million private direct messages containing intimate conversations. This incident serves as a stark reminder that user data, even when presumed private, can be easily exposed to a global audience with technical acumen. Despite the widespread reporting of the breach, the Tea app remarkably maintained a high ranking in app store charts, underscoring a prevailing user willingness to share sensitive data despite known security vulnerabilities.

Cybersecurity experts interviewed in the article emphasize that the risks of data exposure are amplified in the “AI era.” This heightened risk stems from several factors, including users’ growing comfort with sharing personal information with AI chatbots, which has already led to accidental public disclosures of private exchanges. Furthermore, the rise of “vibe coding”—the use of generative AI to write and refine code—introduces new security concerns. While enabling faster development, experts worry that vibe coding could lead to less secure applications as developers prioritize speed and potentially overlook robust security measures.

Ultimately, the Tea app breach serves as a critical cautionary tale, urging consumers to exercise extreme vigilance when engaging with new apps. Regardless of whether applications are developed with AI assistance or traditional methods, the core message from cybersecurity professionals is to always consider the worst-case scenario when sharing personal data. With the accelerated development of applications and adversaries increasingly leveraging AI for new attack vectors, users should anticipate a rise in data breaches and adopt a more proactive approach to safeguarding their digital privacy.

Projects
- TryHackMe – Web Application Basics – Complete
- TryHackMe – JavaScript Essentials – In Progress
White Paper
- IBM Cost of a Data Breach Report
Articles
- Insurance giant says most US customer data stolen in cyber-attack – Hackers have stolen personal information of a majority of insurance firm Allianz Life’s 1.4 million customers in North America, its parent company said.
- Dating safety app Tea breached, exposing 72,000 user images – Tea, an app that allows women to post anonymous comments about men they’ve supposedly dated, announced Friday that it has suffered a data breach, with hackers gaining access to 72,000 images.
- Scattered Spider is running a VMware ESXi hacking spree – Scattered Spider hackers have been aggressively targeting virtualized environments by attacking VMware ESXi hypervisors at U.S. companies in the retail, airline, transportation, and insurance sectors.
- FBI seizes $2.4M in Bitcoin from new Chaos ransomware operation – FBI Dallas has seized approximately 20 Bitcoins from a cryptocurrency address belonging to a Chaos ransomware member that is linked to cyberattacks and extortion payments from Texas companies.
- Minnesota Activates National Guard in Response to Cyberattack – Minnesota Governor Tim Walz called in the National Guard to assist the City of Saint Paul in responding to a cyberattack.
- Telecom Giant Orange Hit by Cyberattack – Orange was targeted by hackers in an attack that resulted in the disruption of services offered to corporate and individual customers.
- Everest Ransomware Claims Mailchimp as New Victim in Relatively Small Breach – Everest ransomware claims Mailchimp breach, leaks 943,000 lines of data. While limited in size, it adds to a spike in global ransomware activity this July.
- Your public ChatGPT queries are getting indexed by Google and other search engines – It’s a strange glimpse into the human mind: If you filter search results on Google, Bing, and other search engines to only include URLs from the domain “https://chatgpt.com/share,” you can find strangers’ conversations with ChatGPT.
- Microsoft: Russian hackers use ISP access to hack embassies in AiTM attacks – Microsoft warns that a cyber-espionage group linked to Russia’s Federal Security Service (FSB) is targeting diplomatic missions in Moscow using local internet service providers.
August 4, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 7/7/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: Elmo’s X account was hacked and shared antisemitic and racist posts

The recent hacking of Elmo’s X (formerly Twitter) account represents a concerning incident that transcends a simple social media breach, highlighting broader vulnerabilities and the potential for weaponized online platforms. The unauthorized posts, which included antisemitic, racist, and politically charged content, not only severely damaged the innocent and wholesome brand associated with Elmo and Sesame Street but also demonstrated how easily prominent accounts can be leveraged to disseminate harmful narratives. The fact that such hateful messages were visible to nearly 650,000 followers, even for a brief period, underscores the immediate and widespread impact that compromised accounts can have on public discourse and perception. This event serves as a stark reminder of the constant threat of cyberattacks and the imperative for robust security measures across all major online platforms.

This incident also brings into focus the ongoing challenges faced by X, particularly in light of previous controversies surrounding its AI chatbot Grok and the proliferation of extremist views on the platform. The “disgusting” nature of the hacked posts, as described by Sesame Workshop, echoes similar issues where X has struggled to contain inflammatory content, including antisemitic remarks. The repeated instances of problematic content, whether through compromised accounts or algorithmic failures, raise serious questions about X’s content moderation strategies and its ability to safeguard users from harmful material. While XAI has acknowledged and attempted to address issues with Grok, the Elmo hack suggests that the platform’s vulnerabilities extend beyond AI-generated content to fundamental account security.

Ultimately, the Elmo account hack is more than just an isolated security breach; it’s a symptom of a larger, more complex problem concerning online safety, platform responsibility, and the weaponization of social media. For a character universally associated with childhood innocence and positive values to be used as a conduit for hate speech is deeply disturbing and illustrates the insidious nature of online extremism. This event should prompt renewed scrutiny of social media companies’ commitment to preventing abuse, ensuring account integrity, and protecting their users from the dissemination of harmful ideologies. The incident reinforces the critical need for continuous vigilance, technological advancements in security, and a proactive approach to combating the misuse of online platforms.

Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Projects
- TryHackMe – Web Application Basics – In Progress
Articles
- FBI warns travelers of ‘Scattered Spider’ group targeting airlines – SFGATE contributor Jim Glab rounds up air travel and airport news for our weekly column Routes
- Qantas is being extorted in recent data-theft cyberattack – Qantas has confirmed that it is now being extorted by threat actors following a cyberattack that potentially exposed the data for 6 million customers.
- Columbia data stolen in cyberattack that caused dayslong IT outage, University says – Bloomberg News reported that the alleged hacker stole the personal information of Columbia applicants.
- AT&T Reaches $177M Deal Over 2019 and 2024 Data Breaches – AT&T’s $177M data breach settlement. Check eligibility for payouts from 2019 and 2024 incidents.
- Alleged Chinese State Hacker Wanted by US Arrested in Italy – Xu Zewei has been arrested on charges that he is a member of the Chinese state-sponsored hacking group Hafnium (Silk Typhoon).
- Canadian Electric Utility Says Power Meters Disrupted by Cyberattack – Nova Scotia Power is notifying individuals affected by the recent data breach, including in the United States.
- U.S. Sanctions North Korean Andariel Hacker Behind Fraudulent IT Worker Scheme – The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) on Tuesday sanctioned a member of a North Korean hacking group called Andariel for their role in the infamous remote information technology (IT) worker scheme.
- Russian pro basketball player arrested for alleged role in ransomware attacks – Russian professional basketball player Daniil Kasatkin was arrested in France at the request of the United States for allegedly acting as a negotiator for a ransomware gang.
- Elmo’s X account hacked to publish racist and antisemetic posts – In case it wasn’t obvious, no, that’s not the real Elmo that posted racist and antisemetic posts on Elon Musk’s X. Someone had hacked into the Sesame Street character’s X account.
Podcasts
July 14, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 6/9/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: 40,000 Security Cameras Exposed to Remote Hacking

Cybersecurity firm Bitsight has unveiled a significant vulnerability in the digital landscape, identifying over 40,000 security cameras globally that are susceptible to remote hacking. These cameras, operating primarily over HTTP and RTSP protocols, inadvertently expose live video feeds directly to the internet, making them prime targets for malicious activities ranging from espionage to botnet recruitment. HTTP-based cameras, commonly found in homes and small offices, often allow direct access to administrative interfaces or expose screenshots via simple URI manipulations. RTSP cameras, used in professional surveillance, are harder to fingerprint but can still be exploited to return live footage. This widespread exposure highlights a critical security flaw, transforming devices intended for protection into potential tools for privacy invasion and cyberattacks.

The geographical distribution of these exposed cameras reveals a concerning concentration, with the United States accounting for over 14,000 devices, followed by Japan with approximately 7,000. Other countries like Austria, Czechia, South Korea, Germany, Italy, and Russia also host thousands of vulnerable cameras. Within the US, California and Texas show the highest numbers, with other states like Georgia, New York, and Missouri also significantly impacted. Industry-wise, the telecommunications sector bears the brunt of the exposure, representing a staggering 79% of vulnerable devices, largely due to residential network connections. When excluding this sector, technology, media/entertainment, utilities, business services, and education emerge as the most affected industries, underscoring the broad scope of this security challenge across various critical sectors.

The implications of such widespread exposure are severe, extending beyond mere privacy breaches. Bitsight warns that these cameras are actively sought by threat actors on dark web forums, posing risks such as ensnarement in botnets or serving as pivot points for deeper network intrusions. The presence of these vulnerable devices in diverse locations like offices, factories, restaurants, and hotels amplifies the potential for corporate espionage and data theft. To counter these threats, Bitsight advises users and organizations to adopt crucial security measures: securing internet connections, replacing default credentials, disabling unnecessary remote access, keeping device firmware updated, and consistently monitoring for unusual login attempts. Adhering to these precautions is paramount to safeguard privacy and prevent these surveillance tools from becoming unintended liabilities.

Projects
- TryHackMe – Hashing Basics – In Progress
Articles
- Former Black Basta Members Resurface with New Tactics – Ex-Black Basta ransomware affiliates are now using new phishing and remote access techniques as part of the CACTUS ransomware operation.
- Rust-based “Myth Stealer” Malware Targets Gamers – A new Rust-based infostealer called Myth Stealer is spreading via fake gaming sites and malicious documents, targeting browser and crypto data.
- Massive Data Leak in China Exposes Billions of Records – Over 4 billion personal records were exposed from an unsecured Chinese database, marking one of the largest leaks in the country’s history.
- Google Warns of Salesforce Phishing and Data Extortion Campaign – Google flagged a campaign where attackers use vishing and fake tools to steal Salesforce data and extort organizations.
- Iranian APT “BladedFeline” Hides in Telecom Network for 8 Years – The Iranian group BladedFeline covertly accessed a Middle Eastern telecom for eight years using legitimate admin tools.
- New Zero-Click AI Vulnerability in Microsoft 365 Copilot – Researchers found “EchoLeak,” a zero-click vulnerability that could let attackers steal sensitive data from Microsoft 365 Copilot.
- WestJet Cyberattack Disrupts Airline Operations – A cyberattack on WestJet caused disruptions to the airline’s internal systems and operations.
- Trend Micro and Palo Alto Networks Patch Critical Flaws – Both cybersecurity vendors released patches for multiple critical vulnerabilities affecting their products.
- Hackers Abuse TeamFiltration to Target Microsoft Entra ID Accounts – Attackers leveraged the TeamFiltration pentesting tool to compromise over 80,000 Microsoft Entra ID accounts globally.
- 40,000 Security Cameras Exposed to Remote Hacking – Bitsight has identified over 40,000 security cameras that can be easily hacked for spying or other types of malicious activity.
Podcasts
June 16, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 5/5/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: Unsophisticated cyber actors are targeting the U.S. Energy sector

The Cybersecurity and Infrastructure Security Agency (CISA), along with the FBI, EPA, and DoE, have issued a joint alert warning U.S. critical infrastructure, particularly the energy and transportation sectors, about ongoing cyberattacks targeting their Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) systems. These attacks are being carried out by unsophisticated cyber actors who are exploiting weaknesses in cyber hygiene and exposed assets. Despite the use of basic intrusion techniques, the potential consequences are significant, including defacement, configuration changes, operational disruptions, and even physical damage in severe cases.

The alert emphasizes that these “basic and elementary intrusion techniques” can be highly effective when organizations fail to implement fundamental cybersecurity best practices. Poor cyber hygiene and the presence of internet-exposed OT assets create vulnerabilities that these less skilled attackers can readily exploit. The agencies strongly urge Critical Infrastructure Asset Owners and Operators to proactively review and implement the recommendations outlined in the fact sheet titled “Primary Mitigations to Reduce Cyber Threats to Operational Technology” to bolster their defenses against these threats.

The recommended mitigations focus on foundational security measures that can significantly reduce the attack surface and limit the impact of successful intrusions. These include removing OT connections from the public internet, immediately changing default passwords to strong, unique credentials, securing remote access to OT networks using VPNs and phishing-resistant multi-factor authentication (MFA), segmenting IT and OT networks to prevent lateral movement, and ensuring the capability to operate OT systems manually in the event of a cyber incident. Additionally, the agencies highlight the risk of misconfigurations introduced during standard operations or by third-party vendors and advise working collaboratively to address these potential vulnerabilities.

Projects
- TryHackMe – Tcpdump: The Basics – Complete
- TryHackMe – Cryptography Basics – In Progress
Videos

Articles
- White House Proposal Slashes Half-Billion from CISA Budget – The proposed $491 million cut is being positioned as a “refocusing”of CISA on its core mission “while eliminating weaponization and waste.”
- Unofficial Signal app used by Trump officials investigates hack – TeleMessage, an Israeli company that sells an unofficial Signal message archiving tool used by some U.S. government officials, has suspended all services after reportedly being hacked.
- Darcula PhaaS steals 884,000 credit cards via phishing texts – The Darcula phishing-as-a-service (PhaaS) platform stole 884,000 credit cards from 13 million clicks on malicious links sent via text messages to targets worldwide.
- iHeartMedia suffers breach that exposed personal data – iHeartMedia, America’s largest owner of radio stations, suffered a breach in December that exposed personal data, including Social Security and passport numbers.
- TeleMessage, the Signal clone used by US government officials, suffers hack – TeleMessage, an encrypted messaging app based upon Signal, has been temporarily suspended out of “an abundance of caution” after a hacker reportedly gained access to US government communications.
- Unsophisticated cyber actors are targeting the U.S. Energy sector – CISA, FBI, EPA, and DoE warn of cyberattacks on the U.S. Energy sector carried out by unsophisticated cyber actors targeting ICS/SCADA systems.
- Man Sentenced to Over 30 Years in Prison for Crypto-Terror Financing Scheme – Defendant Collected and Sent More Than $185,000 to ISIS
Podcasts+
May 12, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 3/31/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured article analysis

This weeks feature article analysis is from: https://www.bleepingcomputer.com/news/security/toll-payment-text-scam-returns-in-massive-phishing-wave/

This recent E-ZPass smishing campaign highlights several evolving tactics cybercriminals are employing to bypass security measures and exploit user trust. The attackers leverage high-volume, automated messaging systems originating from seemingly random email addresses, a method designed to circumvent standard carrier-based SMS spam filters that primarily target phone numbers. By impersonating official bodies like E-ZPass or the DMV and instilling a false sense of urgency with threats of fines or license suspension, they effectively employ social engineering. A particularly noteworthy technique involves instructing users to reply to the message, cleverly bypassing Apple iMessage’s built-in protection that disables links from unknown senders. This user interaction effectively marks the malicious sender as “known,” activating the phishing link and demonstrating how attackers exploit platform features and user behavior in tandem.

The sophistication extends beyond the delivery mechanism, with the phishing landing pages themselves designed to appear legitimate and, significantly, often configured to load only on mobile devices, evading desktop-based security analysis. The sheer scale suggests the involvement of organized operations, potentially utilizing Phishing-as-a-Service (PaaS) platforms like the mentioned Lucid or Darcula. These services specialize in abusing modern messaging protocols like iMessage and RCS, which offer end-to-end encryption and different delivery paths, making detection harder and campaign execution cheaper than traditional SMS. This underscores the ongoing challenge for defenders: attacks are becoming more targeted, evasive, and leverage platform-specific features, necessitating continuous user education (don’t click, don’t reply, verify independently) alongside technical defenses and prompt reporting to platforms and authorities like the FBI’s IC3.

Projects
- TryHackMe – Networking Core Protocols – Complete
- TryHackMe – Networking Secure Protocols – In Progress
Videos

Articles
- Twitter (X) Hit by 2.8 Billion Profile Data Leak in Alleged Insider Job – Massive Twitter (X) profile data leak exposes details of 2.8 billion users; alleged insider leak surfaces with no official response from the company.
- Fake Snow White Movie Torrent Infects Devices with Malware – Disney’s latest Snow White movie, with a 1.6/10 IMDb rating, isn’t just the biggest flop the company has ever released. It’s such an embarrassment that the movie isn’t even available on Disney’s own streaming platform, Disney+.
- T-Mobile Coughed Up $33 Million in SIM Swap Lawsuit – T-Mobile paid $33 million in a private arbitration process over a SIM swap attack leading to cryptocurrency theft.
- FBI and DOJ seize $8.2 Million in romance baiting crypto fraud scheme – The U.S. DOJ seized over $8.2 million in USDT stolen through ‘romance baiting’ scams, where victims are tricked into fake investments promising high returns.
- OpenAI just made its first cybersecurity investment – Generative AI has vastly expanded the toolkit available to hackers and other bad actors. It’s now possible to do everything from deepfaking a CEO to creating fake receipts.
- UK’s attempt to keep details of Apple ‘backdoor’ case secret… denied – Last month’s secret hearing comes to light
- Food giant WK Kellogg discloses data breach linked to Clop ransomware – US food giant WK Kellogg Co is warning employees and vendors that company data was stolen during the 2024 Cleo data theft attacks.
- Google Pushing ‘Sec-Gemini’ AI Model for Threat-Intel Workflows – Experimental Sec-Gemini v1 touts a combination of Google’s Gemini LLM capabilities with real-time security data and tooling from Mandiant.
- A member of the Scattered Spider cybercrime group pleads guilty – A 20-year-old man linked to the Scattered Spider cybercrime group has pleaded guilty to charges filed in Florida and California.
- Oracle privately notifies Cloud data breach to customers – Oracle confirms a cloud data breach, quietly informing customers while downplaying the impact of the security breach.
- Expert used ChatGPT-4o to create a replica of his passport in just 5 minutes bypassing KYC – A researcher used ChatGPT-4o to create a replica of his passport in just five minutes, realistic enough to deceive most automated KYC systems.
- 39 Million Secrets Leaked on GitHub in 2024 – GitHub has announced new capabilities to help organizations and developers keep secrets in their code protected.
- North Korea’s IT Operatives Are Exploiting Remote Work Globally – The global rise of North Korean IT worker infiltration poses a serious cybersecurity risk—using fake identities, remote access, and extortion to compromise organizations.
- One of the last of Bletchley Park’s quiet heroes, Betty Webb, dies at 101 – Tip-lipped for 30 years before becoming an ‘unrivaled advocate’ for the site
April 7, 2025