Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.
Featured Analysis
Featured article analysis: Alabama man pleads guilty to hacking, extorting hundreds of women
The case centers on a sophisticated three-year “sextortion” scheme that targeted hundreds of young women and teenagers across the United States. Between April 2022 and May 2025, Mosley gained unauthorized access to victims’ Snapchat and Instagram accounts by using social engineering rather than technical exploits. He often impersonated friends or acquaintances to trick victims into revealing account recovery codes. Once he seized control of an account, Mosley harvested intimate or sexually suggestive images and videos stored within the private messages or “My Eyes Only” features of these platforms.
The legal and ethical gravity of the case is underscored by the predatory nature of Mosley’s extortion tactics. After securing sensitive material, he reportedly blackmailed victims by threatening to release their private content publicly or share it with their families unless they provided more explicit material or financial compensation. In some instances, he escalated his harassment to include real-world intimidation, such as using Snapchat’s map feature to track a minor’s location and contacting her younger siblings to demonstrate his reach. U.S. Attorney Theodore S. Hertzberg described Mosley as the “dangerous online stranger who every parent fears,” highlighting the severe psychological and reputational harm inflicted on the victims.
Finally, this case serves as a stark warning regarding the vulnerabilities inherent in modern digital identity and account recovery workflows. By exploiting human trust and the “recovery passcode” systems designed to help legitimate users, Mosley was able to bypass security measures without needing advanced hacking tools. His guilty plea to charges of computer fraud, extortion, and cyberstalking brings a measure of accountability to a campaign that impacted hundreds. As Mosley awaits his sentencing scheduled for May 2026, the case reinforces the critical need for increased public awareness regarding “friend-impersonation” scams and the dangers of sharing authentication credentials, even with seemingly trusted contacts.
Projects
- TryHackMe – Humans as Attack Vectors – In Progress
Videos
Articles
- Samsung TVs to stop collecting Texans’ data without express consent – Samsung and the State of Texas have reached a settlement agreement over the alleged unlawful collection of content-viewing information through its smart TVs
- UK warns of Iranian cyberattack risks amid Middle-East conflict – The United Kingdom’s National Cyber Security Centre (NCSC) alerted British organizations to a heightened risk of Iranian cyberattacks amid the ongoing conflict in the Middle East.
- Alabama man pleads guilty to hacking, extorting hundreds of women – A 22-year-old Alabama man pleaded guilty to extortion, cyberstalking, and computer fraud charges after hijacking the social media accounts of hundreds of young women (including minors).
- Amazon: Drone strikes damaged AWS data centers in Middle East – Amazon has confirmed that three Amazon Web Services (AWS) data centers in the United Arab Emirates (UAE) and one in Bahrain have been damaged by drone strikes, causing an extensive outage that is still affecting dozens of cloud computing services.
- Hacktivists claim to have hacked Homeland Security to release ICE contract data – A group of hacktivists calling themselves “Department of Peace” claimed to have hacked the Department of Homeland Security (DHS), leaking allegedly stolen documents online.
- Pakistan’s Top News Channels Hacked and Hijacked With Anti-Military Messages – Major Pakistani TV channels, including Geo News and ARY News, were hit by a coordinated cyberattack on 1 March 2026. Hackers took control of live satellite feeds to display unauthorised messages. Read more about the breach, the regional impact, and the reported counter-cyber response.
- Florida woman imprisoned for massive Microsoft license fraud scheme – A Florida woman was sentenced to 22 months in prison for running a massive years-long scheme to traffic thousands of stolen Microsoft Certificate of Authenticity (COA) labels.
- LexisNexis confirms data breach as hackers leak stolen files – American data analytics company LexisNexis Legal & Professional has confirmed to BleepingComputer that hackers breached its servers and accessed some customer and business information.
- 149 Hacktivist DDoS Attacks Hit 110 Organizations in 16 Countries After Middle East Conflict – Cybersecurity researchers have warned of a surge in retaliatory hacktivist activity following the U.S.-Israel coordinated military campaign against Iran, codenamed Epic Fury and Roaring Lion.
- Nation-State iOS Exploit Kit ‘Coruna’ Found Powering Global Attacks – Google and iVerify analysis reveals a powerful exploit kit originally used by Russian state actors that is now appearing in broader criminal campaigns.
- FBI and Europol Seize LeakBase Forum Used to Trade Stolen Credentials – A joint law enforcement operation has dismantled LeakBase, one of the world’s largest online forums for cybercriminals to buy and sell stolen data and cybercrime tools.
- Police dismantles online gambling ring exploiting Ukrainian women – Spanish and Ukrainian law enforcement authorities dismantled a criminal ring that exploited war-displaced Ukrainian women to run an online gambling scheme that laundered nearly €4.75 million in illicit proceeds.
- Google says 90 zero-days were exploited in attacks last year – Google Threat Intelligence Group (GTIG) tracked 90 zero-day vulnerabilities actively exploited throughout 2025, almost half of them in enterprise software and appliances.
- Italian prosecutors confirm journalist was hacked with Paragon spyware – Italian authorities confirmed that a journalist who was alerted by WhatsApp last year of a suspected spyware attack on his phone was indeed hacked.
- FBI arrests suspect linked to $46M crypto theft from US Marshals – A U.S. government contractor’s son, accused of stealing more than $46 million in cryptocurrency from the U.S. Marshals Service, was arrested Wednesday on the island of Saint Martin.
- FBI Investigating ‘Suspicious’ Cyber Activity on System Holding Sensitive Surveillance Information – The bureau is working to determine the scope and impact of the problem, according to a notification sent to members of Congress.