CTRL + ALT + SEC

Tag: Weekly Roundup

What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 10/20/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: Verizon: Mobile Blindspot Leads to Needless Data Breaches

The analysis of Verizon’s 2025 Mobile Security Index (MSI) reveals a critical and dangerous blind spot in enterprise risk management: as employees increasingly rely on personal devices for work, organizations are failing to apply commensurate security controls to the mobile frontier. This gap is rooted in a fundamental, dangerous misconception of security at both the individual and organizational level. Employees exhibit deep overconfidence, engaging in risky practices; like storing passwords in their Notes app or using their phone as the default device for “risky clicks” because they “believe nothing can happen there.” Threat actors have effectively capitalized on this low awareness by pivoting to smishing (SMS phishing), which the data shows is overwhelmingly more effective than email phishing. The 80% reported smishing attempt rate against organizations and the alarmingly high employee failure rates in simulations (with up to half of employees failing in many companies) underscore that mobile devices are now the path of least resistance for initial access breaches.

This issue is amplified by an organizational failure to evolve security policies to match the reality of hybrid work. Companies have invested heavily in desktop and server security, yet the MSI highlights a significant parity gap on the mobile side, slowing detection and response times. This gap is structural, as most organizations do not issue work phones to all employees, meaning the majority of mobile attacks (70%) land on unmanaged personal devices. Simply put, companies are falling into the same trap as their employees, ignoring a known, high-impact vulnerability. For business leaders and security professionals, the Verizon MSI presents a clear strategic mandate for immediate action. The traditional security perimeter is gone, and organizations must shift their focus from preventing device use to managing the risk associated with it. This necessitates a combined approach of robust policy implementation and mandatory, high-frequency employee education. The data provides a powerful incentive: organizations utilizing a comprehensive set of eight mobile security best practices—including Mobile Device Management (MDM) and a zero-trust architecture—are five times less likely to experience major repercussions from a breach. The cost of inaction, leading to longer detection times and system downtime, far outweighs the investment required to bring mobile security up to parity with traditional IT controls, making

Projects
- TryHackMe – Vulnerability Scanner Overview – Complete
- TryHackMe – CyberChef: The Basics – In Progress
Videos

Articles
- Massive SIM farm network powering 49 million fake accounts taken apart by Europol – Law enforcement agencies from Austria, Estonia, Finland, and Latvia, together with Europol, have seized thousands of SIM-box devices and SIM cards used in multiple scam campaigns.
- 131 Chrome Extensions Caught Hijacking WhatsApp Web for Massive Spam Campaign – Cybersecurity researchers have uncovered a coordinated campaign that leveraged 131 rebranded clones of a WhatsApp Web automation extension for Google Chrome to spam Brazilian users at scale.
- Foreign hackers breached a US nuclear weapons plant via SharePoint flaws – A foreign actor infiltrated the National Nuclear Security Administration’s Kansas City National Security Campus through vulnerabilities in Microsoft’s SharePoint browser-based app, raising questions about the need to solidify further federal IT/OT security protections.
- Russian hackers evolve malware pushed in “I am not a robot” captchas – The Russian state-backed Star Blizzard hacker group has ramped up operations with new, constantly evolving malware families (NoRobot, MaybeRobot) deployed in complex delivery chains that start with ClickFix social engineering attacks.
- Muji’s minimalist calm shattered as ransomware takes down logistics partner – Japanese retailer halts online orders after attack cripples third-party vendor
- Hundreds of masked ICE agents doxxed by hackers, as personal details posted on Telegram – Hundreds of US government officials working for the FBI, ICE, and Department of Justice have had their personal data leaked by a notorious hacking group.
- Major AWS outage took down Fortnite, Alexa, Snapchat, and more – Amazon says the cause of the AWS outage was related to DNS.
- LA Metro digital signs taken over by hackers – the digital reader boards at a bus stop at 6th Street and Vermont Avenue displaying a message that read “EMERGENCY WARNING. LEAVE IMMEDIATELY. RISK OF SUICIDE BOMB.”
- SoCal man agrees to plead guilty to acting as Beijing’s agent – A California man has agreed to plead guilty to acting as an illegal agent for the Chinese government in Southern California while working as a campaign advisor for a local politician.
- Verizon: Mobile Blindspot Leads to Needless Data Breaches – People habitually ignore cybersecurity on their phones. Instead of compensating for that, organizations are falling into the very same trap, even though available security options could cut smishing success and breaches in half.
October 27, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 10/13/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: Satellites found exposing unencrypted data, including phone calls and some military comms

This article reveals a startling lapse in global data security, reporting that researchers from UC San Diego and the University of Maryland easily intercepted vast amounts of unencrypted sensitive data from as many as half of all geostationary satellites. Using only an $800 off-the-shelf satellite receiver over three years, they were able to eavesdrop on a broad spectrum of communications. The exposed information includes personal consumer data such as private voice calls, text messages, and internet traffic from commercial services like in-flight Wi-Fi, demonstrating that data considered private is often wide open to unauthorized interception with minimal effort.

The scope of the security failure extends far beyond consumer privacy, encompassing communications critical to national security and vital economic operations. Critically, the researchers found the unencrypted streams included data exchanged between critical infrastructure systems, such as energy and water suppliers, offshore oil and gas platforms, and even some military communications. The effortless exposure of these transmissions poses a profound security risk, creating a significant vulnerability for coordinated attacks or industrial espionage against foundational public and private utilities.

Following the discovery, the research team spent a year alerting affected organizations. This effort led to some immediate remediation, with companies like T-Mobile and AT&T’s network in Mexico quickly encrypting their data to mitigate the risk. However, the most alarming takeaway is the warning that the exposure is far from over. Many organizations, especially certain critical infrastructure providers, have not yet fixed their systems, meaning that large volumes of sensitive satellite data will continue to be vulnerable to eavesdropping for years to come, leaving essential systems exposed to this easily exploited security hole.

Projects
- TryHackMe – Vulnerability Scanner Overview – In Progress
Videos

Articles
- Harvard Is First Confirmed Victim of Oracle EBS Zero-Day Hack – Hackers have posted over 1 Tb of information allegedly stolen from Harvard on the Cl0p data leak website.
- Satellites found exposing unencrypted data, including phone calls and some military comms – Security researchers have discovered that as many as half of all geostationary satellites in Earth’s orbit are carrying unencrypted sensitive consumer, corporate, and military information, making this data wide open to eavesdropping.
- Fake LastPass, Bitwarden breach alerts lead to PC hijacks – An ongoing phishing campaign is targeting LastPass and Bitwarden users with fake emails claiming that the companies were hacked, urging them to download a supposedly more secure desktop version of the password manager.
- F5 Breach Exposes BIG-IP Source Code — Nation-State Hackers Behind Massive Intrusion – U.S. cybersecurity company F5 on Wednesday disclosed that unidentified threat actors broke into its systems and stole files containing some of BIG-IP’s source code and information related to undisclosed vulnerabilities in the product.
- Experian fined $3.2 million for mass-collecting personal data – Experian Netherlands has been fined EUR 2.7 million ($3.2 million) for multiple violations of the General Data Protection Regulation (GDPR)
- China Accuses US of Cyberattack on National Time Center – The Ministry of State Security alleged that the NSA exploited vulnerabilities in the messaging services of a foreign mobile phone brand to steal sensitive information.
Podcasts
October 20, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 9/29/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: US Auto Insurance Platform ClaimPix Leaked 10.7TB of Records Online

This colossal data exposure involving ClaimPix, an auto insurance claims platform, serves as a stark warning about the pervasive dangers of basic security failures in the digital age. The discovery of an unsecured, unencrypted database containing a staggering 10.7 terabytes and 5.1 million files highlights critical shortcomings in data governance and cloud configuration management. For a platform entrusted with managing sensitive insurance and vehicle information, leaving such a massive repository of customer PII and operational data publicly accessible due to a lack of a simple password is a fundamental breach of trust and duty. This incident underscores that even with advanced security threats dominating the news, the simplest oversight—like misconfiguring storage access—can lead to catastrophic consequences.

The contents of the leak reveal the severe implications for data privacy and corporate legal exposure. Beyond standard PII like names and addresses, the exposure of vehicle records (VINs, license plates) and, most critically, approximately 16,000 Power of Attorney documents elevates the risk far beyond mere inconvenience. This combination of personal identity details and legal authorization is a potent toolkit for sophisticated criminals, enabling everything from identity theft and financial fraud to the highly specialized crime of vehicle cloning. The severity of this specific data mix places ClaimPix under immense scrutiny for compliance violations and potential long-term harm to the affected customers, demanding a comprehensive and transparent response regarding the full duration of exposure and the root cause.

While ClaimPix’s swift action to secure the database upon receiving the responsible disclosure is commendable, the lingering questions concerning the entity responsible for the database—whether ClaimPix directly or a third-party vendor—are paramount for risk analysis. This ambiguity is a key point for every business professional, emphasizing the critical need for rigorous vendor risk management and clear data ownership protocols. The incident provides an urgent case study for organizations to stress-test their security architectures, focusing on mandatory encryption, multi-factor access controls, and regular audits of cloud storage configurations. Ultimately, the ClaimPix leak is a powerful reminder that proactive, fundamental security hygiene is the bedrock of corporate responsibility and essential for maintaining customer trust in a data-driven ecosystem.

Projects
- TryHackMe – Firewall Fundamentals – Complete
- TryHackMe – IDS Fundamentals – In Progress
Articles
- Ransomware gang sought BBC reporter’s help in hacking media giant – Threat actors claiming to represent the Medusa ransomware gang tempted a BBC correspondent to become an insider threat by offering a significant amount of money.
- Japan’s largest brewer suspends operations due to cyberattack – Asahi Group Holdings, Ltd (Asahi), the brewer of Japan’s top-selling beer, has disclosed a cyberattack that disrupted several of its operations.
- UK convicts “Bitcoin Queen” in world’s largest cryptocurrency seizure – The Metropolitan Police has secured a conviction in what is believed to be the world’s largest cryptocurrency seizure, valued at more than £5.5 billion ($7.3 billion).
- Google Ads Used to Spread Trojan Disguised as TradingView Premium – Bitdefender warns that the TradingView Premium ad scam now targets Google ads and YouTube, hijacking verified channels to spread spyware.
- Dutch teens arrested for trying to spy on Europol for Russia – Two Dutch teenage boys aged 17, reportedly used hacking devices to spy for Russia, have been arrested by the Politie on Monday.
- US Auto Insurance Platform ClaimPix Leaked 10.7TB of Records Online – Cybersecurity researcher Jeremiah Fowler discovered a massive 10.7TB ClaimPix leak exposing 5.1M customer files, vehicle data, and Power of Attorney documents. Read the full details.
- Medusa Ransomware Claims Comcast Data Breach, Demands $1.2M – Medusa ransomware group claims 834 GB data theft from Comcast, demanding $1.2M ransom while sharing screenshots and file listings.
- Nearly 50,000 Cisco firewalls vulnerable to actively exploited flaws – Roughly 50,000 Cisco Adaptive Security Appliance (ASA) and Firewall Threat Defense (FTD) appliances exposed on the public web are vulnerable to two vulnerabilities actively leveraged by hackers.
- Allianz Life says July data breach impacts 1.5 million people – Allianz Life has completed the investigation into the cyberattack it suffered in July and determined that nearly 1.5 million individuals are impacted.
- That annoying SMS phish you just got may have come from a box like this – Scammers have been abusing unsecured cellular routers used in industrial settings to blast SMS-based phishing messages in campaigns that have been ongoing since 2023, researchers said.
Podcasts
October 6, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 9/8/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: Hackers Weaponize Amazon Simple Email Service to Send 50,000+ Malicious Emails Per Day

A recent cybercriminal campaign has been exploiting Amazon’s Simple Email Service (SES) to launch large-scale phishing attacks, delivering over 50,000 malicious emails per day. The campaign begins with attackers gaining access to AWS accounts through compromised access keys. They then use these credentials to probe the environment for SES permissions. By using a sophisticated, multi-regional approach, they are able to bypass SES’s default “sandbox” restrictions and daily email limits, unlocking the ability to send massive volumes of malicious emails.

The attackers’ infrastructure is technically advanced, utilizing both their own domains and legitimate domains with weak security configurations to facilitate email spoofing. They systematically verify these domains and create legitimate-looking email addresses to maximize the credibility of their messages. The phishing emails themselves are designed to appear as official tax-related notifications, directing victims to credential harvesting sites. To evade detection, the attackers use commercial traffic analysis services and programmatically attempt to escalate privileges within the AWS environment, though some of these attempts have failed.

This campaign highlights a growing threat where legitimate cloud services, intended for business purposes, are weaponized at scale. The successful exploitation of Amazon SES demonstrates the critical importance of robust security practices, including the need for enhanced monitoring of dormant access keys and unusual cross-regional API activity. The findings from Wiz.io researchers serve as a crucial reminder for organizations to implement more stringent security measures to prevent cloud service abuse and protect against sophisticated, large-scale cyberattacks.

Projects
- TryHackMe – SQLMap: The Basics – Complete
- TryHackMe – SOC Fundamentals – Complete
- TryHackMe – Digital Forensics Fundamentals – Complete
- TryHackMe – Incident Response Fundamentals – Complete
Videos

Articles
- Plex tells users to reset passwords after new data breach – Media streaming platform Plex is warning customers to reset passwords after suffering a data breach in which a hacker was able to steal customer authentication data from one of its databases.
- iCloud Calendar abused to send phishing emails from Apple’s servers – iCloud Calendar invites are being abused to send callback phishing emails disguised as purchase notifications directly from Apple’s email servers, making them more likely to bypass spam filters to land in targets’ inboxes.
- Hackers Weaponize Amazon Simple Email Service to Send 50,000+ Malicious Emails Per Day – A sophisticated cybercriminal campaign has emerged, exploiting Amazon’s Simple Email Service (SES) to orchestrate large-scale phishing operations capable of delivering over 50,000 malicious emails daily.
- Remote CarPlay Hack Puts Drivers at Risk of Distraction and Surveillance – Oligo Security has shared details on an Apple CarPlay attack that hackers may be able to launch without any interaction.
- Apple warns customers targeted in recent spyware attacks – Apple warned customers last week that their devices were targeted in a new series of spyware attacks, according to the French national Computer Emergency Response Team (CERT-FR).
- U.S. Senator accuses Microsoft of “gross cybersecurity negligence” – U.S. Senator Ron Wyden has sent a letter to the Federal Trade Commission (FTC) requesting the agency to investigate Microsoft for failing to provide adequate security in its products, which led to ransomware attacks against healthcare organizations.
- Man gets over 4 years in prison for selling unreleased movies – A Tennessee court has sentenced a Memphis man who worked for a DVD and Blu-ray manufacturing and distribution company to 57 months in prison for stealing and selling digital copies of unreleased movies.
Podcasts
September 15, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 8/4/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: Hacker extradited to US for stealing $3.3 million from taxpayers

The article details the successful extradition of Nigerian national Chukwuemeka Victor Amachukwu from France to the U.S., where he faces charges related to a sophisticated hacking and fraud scheme. The core of his alleged criminal activity involved spearphishing attacks targeting U.S. tax preparation businesses. By gaining unauthorized access to these businesses’ computer systems, Amachukwu and his co-conspirators were able to steal the personal data of thousands of American citizens. This stolen information was then used to file fraudulent tax returns and Small Business Administration (SBA) loan applications, resulting in over $3.3 million in confirmed losses to the U.S. government. The extradition underscores the international cooperation necessary to combat cybercrime and demonstrates a commitment by law enforcement to pursue and prosecute individuals who exploit digital vulnerabilities for financial gain, regardless of their physical location.

Beyond the tax and loan fraud, the article highlights Amachukwu’s alleged involvement in a separate, parallel scam. This second scheme involved a fake investment opportunity where victims were convinced to invest millions in non-existent standby letters of credit. This dual-pronged criminal activity paints a picture of a perpetrator who engaged in multiple forms of financial deception, exploiting both technological vulnerabilities and human trust. The indictment against Amachukwu reflects the seriousness of his alleged crimes, with charges including conspiracy to commit computer intrusions, wire fraud, and aggravated identity theft. The potential penalties, including a mandatory two-year consecutive sentence for aggravated identity theft and up to 20 years for each wire fraud count, illustrate the severe legal consequences for such offenses.

The extradition and subsequent court appearance of Amachukwu serve as a significant development in the case, moving it from international pursuit to domestic prosecution. The fact that he was apprehended and extradited from France, where he was presumably located after the alleged crimes took place, showcases the global reach of U.S. law enforcement and its ability to work with international partners to bring suspects to justice. While a trial date has yet to be scheduled, the article makes it clear that the U.S. government is not only seeking a conviction but also the forfeiture of all proceeds from his criminal activities. This aggressive legal approach aims to both punish the perpetrator and recover the stolen funds, providing a comprehensive response to the financial and personal damage caused by his fraudulent schemes.

Projects
- TryHackMe – JavaScript Essentials – In Progress
Whitepapers
- CrowdStrike 2025 Threat Hunting Report
Articles
- CL-STA-0969 Installs Covert Malware in Telecom Networks During 10-Month Espionage Campaign – Telecommunications organizations in Southeast Asia have been targeted by a state-sponsored threat actor known as CL-STA-0969 to facilitate remote control over compromised networks.
- Python-powered malware snags hundreds of credit cards, 200K passwords, and 4M cookies – PXA Stealer pilfers data from nearly 40 browsers, including Chrome
- North Korea sent me abroad to be a secret IT worker. My wages funded the regime – Jin-su says over the years he used hundreds of fake IDs to apply for remote IT work with Western companies. It was part of a vast undercover scheme to raise funds for North Korea.
- Cisco Says User Data Stolen in CRM Hack – Cisco has disclosed a data breach affecting Cisco.com user accounts, including names, email address, and phone numbers.
- What the Coinbase Breach Says About Insider Risk – The lesson from the breach is not just about what went wrong — but what could have gone right.
- PBS confirms data breach after employee info leaked on Discord servers – PBS has suffered a data breach exposing the corporate contact information of its employees and those of its affiliates, BleepingComputer has learned.
- Hacker extradited to US for stealing $3.3 million from taxpayers – Nigerian national Chukwuemeka Victor Amachukwu has been extradited from France to the U.S. to face charges of hacking, fraud, and identity theft for suspected spearphishing attacks on U.S. tax preparation businesses.
- Hacker used a voice phishing attack to steal Cisco customers’ personal information – A cybercriminal tricked a Cisco representative into granting them access to steal the personal information of Cisco.com users, the company said on Tuesday.
- Air France and KLM disclose data breaches impacting customers – Air France and KLM announced on Wednesday that attackers had breached a customer service platform and stolen the data of an undisclosed number of customers.
- Hacker extradited to US for stealing $3.3 million from taxpayers – Nigerian national Chukwuemeka Victor Amachukwu has been extradited from France to the U.S. to face charges of hacking, fraud, and identity theft for suspected spearphishing attacks on U.S. tax preparation businesses.
Podcasts
- Smashing Security – 428: Red flags, leaked chats, and a final farewell
- The 404 Media Podcast – How AI is being used by hackers and criminals
August 11, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 7/21/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: Woman gets 8 years for aiding North Koreans infiltrate 300 US firms

This article details the sentencing of Christina Marie Chapman to 102 months in prison for her pivotal role in a sophisticated scheme that allowed North Korean IT workers to infiltrate over 300 U.S. companies. Chapman facilitated this by operating a “laptop farm” in her Arizona home, creating the illusion that the workers were based in the United States. Her co-conspirator, Ukrainian citizen Oleksandr Didenko, ran an online platform, UpWorkSell, which provided false identities for the North Koreans seeking remote IT positions. This elaborate operation enabled the North Korean workers to illicitly collect over $17 million, a portion of which was funneled through Chapman’s financial accounts.

The scope of this infiltration was extensive, with North Korean individuals securing remote software and application development roles in a wide array of high-profile U.S. entities, including Fortune 500 companies, an aerospace and defense firm, a major television network, and a Silicon Valley technology company. This access not only generated significant illicit revenue for the North Korean regime but also posed substantial national security risks by potentially exposing sensitive information and intellectual property within critical U.S. industries. The scheme highlights the persistent and evolving methods used by foreign adversaries to exploit vulnerabilities in remote work environments.

In response to this and similar incidents, U.S. authorities have intensified their efforts to counter North Korean IT worker schemes. The Department of Justice has been actively disrupting extensive networks involved in these operations, leading to charges against individuals like Chapman and Didenko, as well as other foreign nationals. Concurrently, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has issued sanctions against North Korean front companies and associated individuals. These actions, coupled with updated FBI guidance for U.S. businesses and joint advisories with international partners, underscore a concerted strategy to mitigate the threat posed by North Korea’s illicit revenue generation and espionage activities.

Projects
- TryHackMe – Web Application Basics – In Progress
Articles
- Ivanti Zero-Days Exploited to Drop MDifyLoader and Launch In-Memory Cobalt Strike Attacks – Cybersecurity researchers have disclosed details of a new malware called MDifyLoader that has been observed in conjunction with cyber attacks exploiting security flaws in Ivanti Connect Secure (ICS) appliances.
- CISA Orders Urgent Patching After Chinese Hackers Exploit SharePoint Flaws in Live Attacks – The U.S. Cybersecurity and Infrastructure Security Agency (CISA), on July 22, 2025, added two Microsoft SharePoint flaws, CVE-2025-49704 and CVE-2025-49706, to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
- Ukraine arrests suspected admin of XSS Russian hacking forum – The suspected administrator of the Russian-speaking hacking forum XSS.is was arrested by the Ukrainian authorities yesterday at the request of the Paris public prosecutor’s office.
- ExpressVPN bug leaked user IPs in Remote Desktop sessions – ExpressVPN has fixed a flaw in its Windows client that caused Remote Desktop Protocol (RDP) traffic to bypass the virtual private network (VPN) tunnel, exposing the users’ real IP addresses.
- Nuclear Weapons Agency Breached in Microsoft SharePoint Hack – The US agency responsible for maintaining and designing the nation’s cache of nuclear weapons was among those breached by a hack of Microsoft Corp.’s SharePoint document management software, according to a person with knowledge of the matter.
- Scattered Spider Hijacks VMware ESXi to Deploy Ransomware on Critical U.S. Infrastructure – The notorious cybercrime group known as Scattered Spider is targeting VMware ESXi hypervisors in attacks targeting retail, airline, and transportation sectors in North America.
- UK Student Sentenced to Prison for Selling Phishing Kits – Ollie Holman was sentenced to prison for selling over 1,000 phishing kits that caused estimated losses of over $134 million.
- Woman gets 8 years for aiding North Koreans infiltrate 300 US firms – Christina Marie Chapman, a 50-year-old woman from Arizona, was sentenced to 102 months in prison after pleading guilty to her involvement in a scheme that enabled North Korean IT workers to infiltrate 309 U.S. companies.
Podcasts
July 28, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 7/7/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: Elmo’s X account was hacked and shared antisemitic and racist posts

The recent hacking of Elmo’s X (formerly Twitter) account represents a concerning incident that transcends a simple social media breach, highlighting broader vulnerabilities and the potential for weaponized online platforms. The unauthorized posts, which included antisemitic, racist, and politically charged content, not only severely damaged the innocent and wholesome brand associated with Elmo and Sesame Street but also demonstrated how easily prominent accounts can be leveraged to disseminate harmful narratives. The fact that such hateful messages were visible to nearly 650,000 followers, even for a brief period, underscores the immediate and widespread impact that compromised accounts can have on public discourse and perception. This event serves as a stark reminder of the constant threat of cyberattacks and the imperative for robust security measures across all major online platforms.

This incident also brings into focus the ongoing challenges faced by X, particularly in light of previous controversies surrounding its AI chatbot Grok and the proliferation of extremist views on the platform. The “disgusting” nature of the hacked posts, as described by Sesame Workshop, echoes similar issues where X has struggled to contain inflammatory content, including antisemitic remarks. The repeated instances of problematic content, whether through compromised accounts or algorithmic failures, raise serious questions about X’s content moderation strategies and its ability to safeguard users from harmful material. While XAI has acknowledged and attempted to address issues with Grok, the Elmo hack suggests that the platform’s vulnerabilities extend beyond AI-generated content to fundamental account security.

Ultimately, the Elmo account hack is more than just an isolated security breach; it’s a symptom of a larger, more complex problem concerning online safety, platform responsibility, and the weaponization of social media. For a character universally associated with childhood innocence and positive values to be used as a conduit for hate speech is deeply disturbing and illustrates the insidious nature of online extremism. This event should prompt renewed scrutiny of social media companies’ commitment to preventing abuse, ensuring account integrity, and protecting their users from the dissemination of harmful ideologies. The incident reinforces the critical need for continuous vigilance, technological advancements in security, and a proactive approach to combating the misuse of online platforms.

Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Projects
- TryHackMe – Web Application Basics – In Progress
Articles
- FBI warns travelers of ‘Scattered Spider’ group targeting airlines – SFGATE contributor Jim Glab rounds up air travel and airport news for our weekly column Routes
- Qantas is being extorted in recent data-theft cyberattack – Qantas has confirmed that it is now being extorted by threat actors following a cyberattack that potentially exposed the data for 6 million customers.
- Columbia data stolen in cyberattack that caused dayslong IT outage, University says – Bloomberg News reported that the alleged hacker stole the personal information of Columbia applicants.
- AT&T Reaches $177M Deal Over 2019 and 2024 Data Breaches – AT&T’s $177M data breach settlement. Check eligibility for payouts from 2019 and 2024 incidents.
- Alleged Chinese State Hacker Wanted by US Arrested in Italy – Xu Zewei has been arrested on charges that he is a member of the Chinese state-sponsored hacking group Hafnium (Silk Typhoon).
- Canadian Electric Utility Says Power Meters Disrupted by Cyberattack – Nova Scotia Power is notifying individuals affected by the recent data breach, including in the United States.
- U.S. Sanctions North Korean Andariel Hacker Behind Fraudulent IT Worker Scheme – The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) on Tuesday sanctioned a member of a North Korean hacking group called Andariel for their role in the infamous remote information technology (IT) worker scheme.
- Russian pro basketball player arrested for alleged role in ransomware attacks – Russian professional basketball player Daniil Kasatkin was arrested in France at the request of the United States for allegedly acting as a negotiator for a ransomware gang.
- Elmo’s X account hacked to publish racist and antisemetic posts – In case it wasn’t obvious, no, that’s not the real Elmo that posted racist and antisemetic posts on Elon Musk’s X. Someone had hacked into the Sesame Street character’s X account.
Podcasts
July 14, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 6/30/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: US shuts down a string of North Korean IT worker scams

The US Department of Justice has successfully disrupted several sophisticated IT worker scams orchestrated by North Korea, leading to two indictments, one arrest, and the seizure of 137 laptops. These operations involved North Korean IT staff using stolen or fictitious identities to secure remote positions at over 100 US companies. Beyond drawing salaries, these individuals allegedly exfiltrated sensitive data for Pyongyang and engaged in virtual currency theft, with one instance involving a $740,000 cryptocurrency heist. This tactic of deploying remote IT workers, facilitated by the shift to remote work during the COVID-19 pandemic, is a significant evolution from North Korea’s traditional cybercrime activities, which are primarily aimed at circumventing international sanctions and funding their illicit weapons programs.

One key aspect of these scams involved the establishment of “laptop farms” in the US. These farms allowed North Korean coders to remotely control company-issued laptops, making it appear as though the workers were operating within the US, thereby evading detection by employers monitoring IP ranges. Zhenxing “Danny” Wang, one of the indicted individuals, is accused of setting up a fake software development business that funneled approximately $5 million back to North Korea and left US companies with an estimated $3 million in cleanup costs. This complex network highlights the critical role of US-based collaborators in enabling these schemes and the substantial financial gains reaped by both the North Korean regime and its stateside operatives.

The investigations also revealed a more direct form of cryptocurrency theft, as seen in the case of four North Koreans who traveled to the UAE to secure remote programming jobs. These individuals, using stolen identities, were able to gain access to company virtual wallets and subsequently steal significant amounts of cryptocurrency, which was then laundered using sanctioned tools like Tornado Cash. The ongoing nature of these threats underscores the challenges faced by companies hiring remote IT workers and the persistent efforts by North Korea to exploit vulnerabilities for financial gain. The US Department of Justice is actively pursuing these cases, offering substantial bounties for information that helps dismantle North Korea’s illicit financial mechanisms.

Projects
- TryHackMe – Web Application Basics – In Progress
Articles
- US shuts down a string of North Korean IT worker scams – The US Department of Justice has announced a major disruption of multiple North Korean fake IT worker scams.
- Stablecoin protocol Resupply loses $9.6M to price manipulation exploit – A flaw in ResupplyFi’s contract allowed an attacker to manipulate token prices and drain $9.6 million from its wstUSR market.
- Hacker Conversations: Rachel Tobac and the Art of Social Engineering – Rachel Tobac is a cyber social engineer. She is skilled at persuading people to do what she wants, rather than what they know they ought to do.
- Hackers stole data on 2.2 million people in cyberattack affecting American grocery chains – The Dutch conglomerate behind dozens of major American supermarket brands said more than 2.2 million people had information stolen from its systems during a cyberattack in November that left customers unable to place delivery orders online.
- Aloha, you’ve been pwned: Hawaiian Airlines discloses ‘cybersecurity event’ – ‘No impact on safety,’ FAA tells The Reg
- The FBI warns that Scattered Spider is now targeting the airline sector – The FBI warns that Scattered Spider is now targeting the airline sector. Feds are working with aviation partners to combat the threat and assist affected victims.
- Ex-student charged over hacking university for cheap parking, data breaches – New South Wales police in Australia have arrested a 27-year-old former Western Sydney University (WSU) student for allegedly hacking into the University’s systems on multiple occasions, starting with a scheme to obtain cheaper parking.
- Qantas Confirms Major Data Breach Linked to Third-Party Vendor – Qantas has confirmed a data breach after attackers gained access through a third-party call centre platform, affecting millions of frequent flyers just as the airline industry heads into its busiest season.
July 7, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 6/23/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: Millions of Brother Printers Hit by Critical, Unpatchable Bug

The article highlights a severe security crisis affecting millions of Brother printers and other devices, stemming primarily from a critical, unpatchable vulnerability (CVE-2024-51978) with a CVSS score of 9.8. This flaw allows an unauthenticated attacker to generate the default administrator password by knowing the device’s serial number, which can be leaked through other vulnerabilities or simple queries. The sheer scale of the problem is alarming, with 695 Brother models and millions of individual devices globally impacted. Crucially, this particular bug cannot be fixed via firmware updates, necessitating a change in Brother’s manufacturing process, underscoring the deep-seated nature of the security oversight.

Beyond the unpatchable flaw, the research by Rapid7 uncovered seven additional vulnerabilities, ranging from data leaks and stack buffer overflows to server-side request forgery (SSRF) and denial-of-service (DoS) issues. These vulnerabilities, while individually less critical (CVSS scores from 5.3 to 7.5), pose significant risks as they can be chained together with CVE-2024-51978 to achieve more severe outcomes, such as unauthenticated remote code execution or the disclosure of plaintext credentials for external services like LDAP or FTP. The ease of exploiting some of these flaws, coupled with the known existence of an underground market for printer exploits, raises concerns about potential widespread exploitation in corporate networks.

Fortunately, for seven of the eight vulnerabilities, Brother has released firmware updates, and other affected vendors like Fujifilm and Ricoh have also issued advisories. For the critical CVE-2024-51978, the primary mitigation relies on user action: changing the default administrator password. This simple step is crucial, as the vulnerability is only exploitable if the default password remains unchanged. The article also commends the collaborative and lengthy disclosure process involving Rapid7, Brother, and the Japanese cyber agency JPCERT/CC, highlighting it as a successful example of coordinated efforts to address widespread security flaws.

Projects
- TryHackMe – Hashing Basics – Complete
- TryHackMe – Web Application Basics – In Progress
Videos

Articles
- Canada says telcos were breached in China-linked espionage hacks – The Canadian government and the FBI say they are aware of malicious activity targeting telecommunication companies across Canada, attributing the intrusions to the China-backed hacking group Salt Typhoon.
- Cybercriminals breach Aflac as part of hacking spree against US insurance industry – Cybercriminals have breached insurance giant Aflac, potentially stealing Social Security numbers, insurance claims and health information, the company said Friday, the latest in a spree of hacks against the insurance industry.
- Millions of Brother Printers Hit by Critical, Unpatchable Bug – A slew of vulnerabilities, including a critical CVSS 9.8 that enables an attacker to generate the default admin password, affect hundreds of printer, scanner, and label-maker models made by manufacturer Brother.
- Justice Department Announces Coordinated, Nationwide Actions to Combat North Korean Remote Information Technology Workers’ Illicit Revenue Generation Schemes
Podcasts
July 2, 2025
What’s New in Cybersecurity This Week: Projects, Videos, Articles & Podcasts I’m Following – 6/9/25
Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: 40,000 Security Cameras Exposed to Remote Hacking

Cybersecurity firm Bitsight has unveiled a significant vulnerability in the digital landscape, identifying over 40,000 security cameras globally that are susceptible to remote hacking. These cameras, operating primarily over HTTP and RTSP protocols, inadvertently expose live video feeds directly to the internet, making them prime targets for malicious activities ranging from espionage to botnet recruitment. HTTP-based cameras, commonly found in homes and small offices, often allow direct access to administrative interfaces or expose screenshots via simple URI manipulations. RTSP cameras, used in professional surveillance, are harder to fingerprint but can still be exploited to return live footage. This widespread exposure highlights a critical security flaw, transforming devices intended for protection into potential tools for privacy invasion and cyberattacks.

The geographical distribution of these exposed cameras reveals a concerning concentration, with the United States accounting for over 14,000 devices, followed by Japan with approximately 7,000. Other countries like Austria, Czechia, South Korea, Germany, Italy, and Russia also host thousands of vulnerable cameras. Within the US, California and Texas show the highest numbers, with other states like Georgia, New York, and Missouri also significantly impacted. Industry-wise, the telecommunications sector bears the brunt of the exposure, representing a staggering 79% of vulnerable devices, largely due to residential network connections. When excluding this sector, technology, media/entertainment, utilities, business services, and education emerge as the most affected industries, underscoring the broad scope of this security challenge across various critical sectors.

The implications of such widespread exposure are severe, extending beyond mere privacy breaches. Bitsight warns that these cameras are actively sought by threat actors on dark web forums, posing risks such as ensnarement in botnets or serving as pivot points for deeper network intrusions. The presence of these vulnerable devices in diverse locations like offices, factories, restaurants, and hotels amplifies the potential for corporate espionage and data theft. To counter these threats, Bitsight advises users and organizations to adopt crucial security measures: securing internet connections, replacing default credentials, disabling unnecessary remote access, keeping device firmware updated, and consistently monitoring for unusual login attempts. Adhering to these precautions is paramount to safeguard privacy and prevent these surveillance tools from becoming unintended liabilities.

Projects
- TryHackMe – Hashing Basics – In Progress
Articles
- Former Black Basta Members Resurface with New Tactics – Ex-Black Basta ransomware affiliates are now using new phishing and remote access techniques as part of the CACTUS ransomware operation.
- Rust-based “Myth Stealer” Malware Targets Gamers – A new Rust-based infostealer called Myth Stealer is spreading via fake gaming sites and malicious documents, targeting browser and crypto data.
- Massive Data Leak in China Exposes Billions of Records – Over 4 billion personal records were exposed from an unsecured Chinese database, marking one of the largest leaks in the country’s history.
- Google Warns of Salesforce Phishing and Data Extortion Campaign – Google flagged a campaign where attackers use vishing and fake tools to steal Salesforce data and extort organizations.
- Iranian APT “BladedFeline” Hides in Telecom Network for 8 Years – The Iranian group BladedFeline covertly accessed a Middle Eastern telecom for eight years using legitimate admin tools.
- New Zero-Click AI Vulnerability in Microsoft 365 Copilot – Researchers found “EchoLeak,” a zero-click vulnerability that could let attackers steal sensitive data from Microsoft 365 Copilot.
- WestJet Cyberattack Disrupts Airline Operations – A cyberattack on WestJet caused disruptions to the airline’s internal systems and operations.
- Trend Micro and Palo Alto Networks Patch Critical Flaws – Both cybersecurity vendors released patches for multiple critical vulnerabilities affecting their products.
- Hackers Abuse TeamFiltration to Target Microsoft Entra ID Accounts – Attackers leveraged the TeamFiltration pentesting tool to compromise over 80,000 Microsoft Entra ID accounts globally.
- 40,000 Security Cameras Exposed to Remote Hacking – Bitsight has identified over 40,000 security cameras that can be easily hacked for spying or other types of malicious activity.
Podcasts
June 16, 2025