Each week I publish interesting articles and ways to improve your understanding of cybersecurity.

Projects

• TryHackMe – Networking Concepts – Completed
• TryHackMe – Networking Essentials – In Progress

Videos

Articles

• X hit by ‘massive cyberattack’ amid Dark Storm’s DDoS claims – The Dark Storm hacktivist group claims to be behind DDoS attacks causing multiple X worldwide outages on Monday, leading the company to enable DDoS protections from Cloudflare.
• Allstate Insurance sued for delivering personal info on a platter, in plaintext, to anyone who went looking for it – Crooks built bots to exploit astoundingly bad quotation website and made off with data on thousands
• Google Pays Out Nearly $12M in 2024 Bug Bounty Program – The program underwent a series of changes in the past year, including richer maximum rewards in a variety of bug categories.
• US govt says Americans lost record $12.5 billion to fraud in 2024 – The U.S. Federal Trade Commission (FTC) said today that Americans lost a record $12.5 billion to fraud last year, a 25% increase over the previous year.
• Insider Threat Ex-Employee Found Guilty in Revenge Kill-Switch Scheme – Clandestine kill switch was designed to lock out other users if the developer’s account in the company’s Windows Active Directory was ever disabled.
• Feds seized $23 million in crypto stolen using keys from LastPass breaches – U.S. authorities seized $23M in crypto linked to a $150M Ripple wallet theft, experts believe the incident is linked to the 2022 LastPass breach.
• US cities warn of wave of unpaid parking phishing texts – US cities are warning of an ongoing mobile phishing campaign pretending to be texts from the city’s parking violation departments about unpaid parking invoices, that if unpaid, will incur an additional $35 fine per day.
• North Korean government hackers snuck spyware on Android app store – A group of hackers with links to the North Korean regime uploaded Android spyware onto the Google Play app store and were able to trick some people into downloading it, according to cybersecurity firm Lookout.
• Second biggest bank in US hit by major data breach stealing social security numbers and other personal info – names, account details, addresses, contact information, date of birth, social security numbers, and other government IDs were all exposed when documents were left outside in an unsealed container.
• China’s Volt Typhoon Hackers Dwelled in US Electric Grid for 300 Days – Dragos case study reveals that Volt Typhoon hacked the US electric grid and stole information on OT systems.
• Previously unidentified botnet targets unpatched TP-Link Archer home routers – A model of internet routers marketed to consumers and businesses is being targeted as part of an effort to grow a new botnet known as Ballista.
• Beyond the Hook: A Technical Deep Dive into Modern Phishing Methodologies – A technical exploration of modern phishing tactics, from basic HTML pages to advanced MFA-bypassing techniques, with analysis of infrastructure setup and delivery methods used by phishers in 2025.

Podcasts

Each week I publish interesting articles and ways to improve your understanding of cybersecurity.

Projects

• TryHackMe – Networking Concepts – In Progress

Videos

Articles

• Nearly 12,000 API keys and passwords found in AI training dataset – Close to 12,000 valid secrets that include API keys and passwords have been found in the Common Crawl dataset used for training multiple artificial intelligence models.
• The Rise of QR Phishing: How Scammers Exploit QR Codes and How to Stay Safe – QR phishing is on the rise, tricking users into scanning malicious QR codes. Learn how cybercriminals exploit QR codes and how to protect yourself.
• Meta fired 20 employees for leaking information, more firings expected – Meta fired about 20 employees because they had leaked “confidential information outside the company,” with more firings expected.
• Two Venezuelans Arrested in US for ATM Jackpotting – Several Venezuelans have been arrested and charged in the US in recent months for their role in ATM jackpotting schemes.
• Nearly 10% of employee gen AI prompts include sensitive data – Enterprise users are leaking sensitive corporate data through use of unauthorized and authorized generative AI apps at alarming rates. Plugging the leaks is vital to reduce risk exposure.
• Cybercriminals arrested for stealing hundreds of concert tickets through StubHub exploit – If found guilty, the thieves could face up to 15 years in prison.
• ChatGPT Operator Prompt Injection Exploit Leaking Private Data – OpenAI’s ChatGPT Operator, a cutting-edge research preview tool designed for ChatGPT Pro users, has recently come under scrutiny for vulnerabilities that could expose sensitive personal data through prompt injection exploits.
• Malicious Chrome extensions can spoof password managers in new attack – A newly devised “polymorphic” attack allows malicious Chrome extensions to morph into other browser extensions, including password managers, crypto wallets, and banking apps, to steal sensitive information.

Podcasts

Each week I publish interesting articles and ways to improve your understanding of cybersecurity.

Projects

• TryHackMe – Networking Concepts – In Progress

Videos

Articles

• DOGE’s US worker purge has created a spike in insider risk – Summarily firing workers who have access to national secrets is creating a nearly unprecedented environment for classified data exposure, writes CIA Distinguished Career Intelligence Medal awardee Christopher Burgess.
• Faced with insider threats, how do you strengthen defenses from within? – We explore how behavioral analytics and an ethical environment help financial institutions mitigate and detect insider threats effectively.
• A single default password exposes access to dozens of apartment buildings – A security researcher says the default password shipped in a widely used door access control system allows anyone to easily and remotely access door locks and elevator controls in dozens of buildings across the U.S. and Canada.
• Exploits for unpatched Parallels Desktop flaw give root on Macs – Two different exploits for an unpatched Parallels Desktop privilege elevation vulnerability have been publicly disclosed, allowing users to gain root access on impacted Mac devices.
• Coast Guard hit with data breach, impacting pay for more than 1,100 members – The Coast Guard Pay and Personnel Center’s Direct Access service is down until Feb. 19 as a result.
• Former NSA, Cyber Command chief Paul Nakasone says U.S. falling behind its enemies in cyberspace – In a wide-ranging speech and interview, Nakasone also talked about Trump administration moves and the shape of cyber offensive operations.
• Australia Bans Kaspersky Software Over National Security and Espionage Concerns – Australia has become the latest country to ban the installation of security software from Russian company Kaspersky, citing national security concerns.
• Crypto exchange Bybit says it was hacked and lost around $1.4B – Crypto exchange Bybit announced on Friday that “a sophisticated attack” led to the theft of Ethereum (ETH) from one of the company’s offline wallets.
  • Bybit Hack Traced to Safe{Wallet} Supply Chain Attack Exploited by North Korean Hackers – The U.S. Federal Bureau of Investigation (FBI) formally linked the record-breaking $1.5 billion Bybit hack to North Korean threat actors, as the company’s CEO Ben Zhou declared a “war against Lazarus.”
• US employee screening giant DISA says hackers accessed data of more than 3M people – DISA Global Solutions, a U.S.-based provider of employee screening services, has said it suffered a data breach that affects more than 3.3 million people.
• Detroit PBS notifies 1,700 of data breach that compromised SSNs, passwords, financial and medical info – Detroit PBS over the weekend confirmed it notified 1,694 people about an August 2024 data breach that compromised the following private info
• Southern Water says Black Basta ransomware attack cost £4.5M in expenses – United Kingdom water supplier Southern Water has disclosed that it incurred costs of £4.5 million ($5.7M) due to a cyberattack it suffered in February 2024.
• Hackers Can Crack Into Car Cameras in Minutes Flat – It’s shockingly simple to turn a car dashcam into a powerful reconnaissance tool for gathering everyday routine and location data, researchers warn.

Podcasts

• Smashing Security 406: History’s biggest heist just happened, and online abuse

Each week I publish interesting articles and ways to improve your understanding of cybersecurity.

Projects

• TryHackMe – Linux Shells – Complete

Videos

Articles

• Critical PostgreSQL bug tied to zero-day attack on US Treasury – High-complexity bug unearthed by infoseccers, as Rapid7 probes exploit further
• Hackers broke into Watergate Hotel’s network, stole personal data from hotel computers – There has been another Watergate break-in.
• Elon Musk’s DOGE website has been defaced because anyone can edit it – Instead of using government servers, the DOGE website appears to pull from an insecure database.
• Meta to link world with longest subsea cable – Meta, the parent company of Facebook and Instagram, confirmed plans Monday to build the world’s longest subsea cable that will circle the Earth and connect five continents.
• Hundreds of Dutch medical records bought for pocket change at flea market – 15GB of sensitive files traced back to former software biz
• How Russian Hackers Are Exploiting Signal ‘Linked Devices’ Feature for Real-Time Spying – Mandiant warns that multiple Russian APTs are abusing a nifty Signal Messenger feature to surreptitiously spy on encrypted conversations
• CISA and FBI: Ghost ransomware breached orgs in 70 countries – CISA and the FBI said attackers deploying Ghost ransomware have breached victims from multiple industry sectors across over 70 countries, including critical infrastructure organizations.
• US Army soldier pleads guilty to AT&T and Verizon hacks – Cameron John Wagenius pleaded guilty to hacking AT&T and Verizon and stealing a massive trove of phone records from the companies, according to court records filed on Wednesday.
• Cisco Confirms Salt Typhoon Exploited CVE-2018-0171 to Target U.S. Telecom Networks – Cisco has confirmed that a Chinese threat actor known as Salt Typhoon gained access by likely abusing a known security flaw tracked as CVE-2018-0171, and by obtaining legitimate victim login credentials as part of a targeted campaign aimed at major U.S. telecommunications companies.
• Cybercriminals Can Now Clone Any Brand’s Site in Minutes Using Darcula PhaaS v3 – The threat actors behind the Darcula phishing-as-a-service (PhaaS) platform appear to be readying a new version that allows prospective customers and cyber crooks to clone any brand’s legitimate website and create a phishing version, further bringing down the technical expertise required to pull off phishing attacks at scale.
• How China Pinned University Cyberattacks on NSA Hackers – A researcher dives into Chinese reports attributing cyberattacks on Northwestern Polytechnical University to the NSA’s TAO division.
• Thailand ready to welcome 7,000 trafficked scam call center victims back from Myanmar – It comes amid a major crackdown on the abusive industry that started during COVID

Podcasts

• Smashing Security 405: A crypto con exchange, and soaring ticket scams

Each week I publish interesting articles and ways to improve your understanding of cybersecurity.

Projects

• TryHackMe – Windows Powershell – Complete
• TryHackMe – Linux Shells – In Progress

Videos

Articles

• A US Treasury Threat Intelligence Analysis Designates DOGE Staff as ‘Insider Threat’ – An internal email reviewed by WIRED calls DOGE staff’s access to federal payments systems “the single greatest insider threat risk the Bureau of the Fiscal Service has ever faced.”
• Hacker pleads guilty to SIM swap attack on US SEC X account – Today, an Alabama man pleaded guilty to hijacking the U.S. Securities and Exchange Commission (SEC) account on X in a January 2024 SIM swapping attack.
• Toll booth bandits continue to scam via SMS messages – North American drivers are continuing to be barraged by waves of scam text messages, telling them that they owe money on unpaid tolls.
• Arizona woman pleads guilty to running laptop farm for N. Korean IT workers, faces 9-year sentence – A U.S. citizen pleaded guilty, Tuesday to playing a role in a wide-ranging scheme that allowed multiple North Korean nationals to collect paychecks from more than 300 U.S. companies.
• Data Leaks Happen Most Often in These States — Here’s Why – State-led data privacy laws and commitment to enforcement play a major factor in shoring up business data security, an analysis shows.
• Indiana Man Sentenced to 20 Years in Prison for Hacking, $37 Million Crypto Theft – Evan Light was sentenced to 20 years in federal prison for hacking an investment holdings company and stealing $37 million in cryptocurrency.
• Scammers clone Italian defence minister’s voice with AI in ransom scheme – Entrepreneurs in Italy were targeted by scammers posing as Defence Minister Guido Crosetto, asking for money to free kidnapped journalists.
• Astaroth Phishing Kit Bypasses 2FA to Hijack Gmail and Microsoft Accounts – New Astaroth Phishing Kit bypasses 2FA (two-factor authentication) to steal Gmail, Yahoo and Microsoft login credentials using a reverse proxy, real-time credential capture, and session hijacking.
• Scarlett Johansson warns of “1000-foot AI wave” following viral deepfake – Scarlett Johansson has had enough of non-consensual videos and images created using artificial intelligence (AI) and is urging legislators to clamp down on unauthorized AI usage.
• RansomHub Becomes 2024’s Top Ransomware Group, Hitting 600+ Organizations Globally – The threat actors behind the RansomHub ransomware-as-a-service (RaaS) scheme have been observed leveraging now-patched security flaws in Microsoft Active Directory and the Netlogon protocol to escalate privileges and gain unauthorized access to a victim network’s domain controller as part of their post-compromise strategy.

Podcasts

• Smashing Security 404: Podcast not found

Each week I publish interesting articles and ways to improve your understanding of cybersecurity.

Projects

• TryHackMe – Windows Powershell – In Progress
• Cryptohack – A free, fun platform for learning modern cryptography.

Videos

• The Lazarus Heist – YouTube Playlist

Articles

• US Justice Department sues to block HPE’s $14B acquisition of Juniper Networks – The U.S. Department of Justice has sued to block enterprise tech giant HPE from acquiring Juniper Networks, the networking firm, citing antitrust concerns.
• Grubhub confirms data breach affecting customers and drivers – U.S. food delivery giant Grubhub says hackers accessed the personal details of customers and drivers after breaching its internal systems.
• Chinese and Iranian Hackers Are Using U.S. AI Products to Bolster Cyberattacks – Hackers linked to China, Iran and other foreign governments are using new AI technology to bolster their cyberattacks against U.S. and global targets, according to U.S. officials and new security research.
• Apple ordered to open encrypted user accounts globally to UK spying – The secret order would give the UK access to encrypted backups belonging to any user — not just Brits.
• DeepSeek App Transmits Sensitive User and Device Data Without Encryption – A new audit of DeepSeek’s mobile app for the Apple iOS operating system has found glaring security issues, the foremost being that it sends sensitive data over the internet sans any encryption, exposing it to interception and manipulation attacks.
• Apple missed screenshot-snooping malware in code that made it into the App Store, Kaspersky claims – OCR plugin great for extracting crypto-wallet secrets from galleries
• Agencies Sound Alarm on Patient Monitors With Hardcoded Backdoor – CISA and the FDA are warning that Contec CMS8000 and Epsimed MN-120 patient monitors are open to meddling and data theft; Claroty Team82 flagged the vulnerability as an avoidable insecure design issue.
• Netgear warns users to patch critical WiFi router vulnerabilities – Netgear has fixed two critical vulnerabilities affecting multiple WiFi router models and urged customers to update their devices to the latest firmware as soon as possible.

Podcasts

• Smashing Security 402: Hackers get hacked, the British Museum IT shutdown, and social media kidnaps
• Smashing Security 403: Coinbase crypto heists, QR codes, and ransomware in the classroom
• Darknet Diaries EP 154: Hijacked Line

Each week I publish interesting articles and ways to improve your understanding of cybersecurity.

Projects

• TryHackMe – Windows Command Line – Complete
• TryHackMe – Windows Powershell – In Progress

Videos

Articles

• UnitedHealth confirms 190 million Americans affected by Change Healthcare data breach – UnitedHealth has confirmed the ransomware attack on its Change Healthcare unit last February affected around 190 million people in America — nearly double previous estimates.
• Salt Typhoon: An Analysis of Vulnerabilities Exploited by this State-Sponsored Actor – Salt Typhoon, a state-sponsored actor linked to the People’s Republic of China, has breached at least nine U.S.-based telecommunications companies with the intent to target high profile government and political figures. Tenable Research examines the tactics, techniques and procedures of this threat actor.
• Volt Typhoon: U.S. Critical Infrastructure Targeted by State-Sponsored Actors – Volt Typhoon, a state-sponsored actor linked to the People’s Republic of China, has consistently targeted U.S. critical infrastructure with the intent to maintain persistent access. Tenable Research examines the tactics, techniques and procedures of this threat actor.
• Millions of Subarus could be remotely unlocked, tracked due to security flaws – Flaws also allowed access to one year of location history.
• British Museum says ex-contractor ‘shut down’ IT systems, wreaked havoc – Former freelancer cuffed a week after being dismissed by UK’s top visitor attraction
• Apple chips can be hacked to leak secrets from Gmail, iCloud, and more – Side channel gives unauthenticated remote attackers access they should never have.
• Mastercard’s multi-year DNS cut-and-paste nightmare – What is frightening about this mistake is not how much damage cyberthieves could have done, but how easy it is to make and how difficult it is to discover.
• MGM agrees to pay $45 million to victims of 2019 data breach and 2023 ransomware attack – MGM Resorts International agreed to pay $45 million to settle multiple class action lawsuits related to a data breach in 2019 and a ransomware attack the company experienced in 2023.

Podcasts

• Darknet Dairies – 153: Bike Index

Each week I publish interesting articles and ways to improve your understanding of cybersecurity.

Projects

• TryHackMe – Windows Command Line – Complete
• TryHackMe – Windows PowerShell – In Progress

Videos

Articles

• Caught secretly selling car owners’ driving data, General Motors slapped with a hefty ban by Lina Khan’s FTC – General Motors reached a settlement with the U.S. Federal Trade Commission that will prohibit it from selling information on its customers’ driving habits without their knowledge and explicit consent for the next 20 years.
• Ex-CIA Analyst Pleads Guilty to Sharing Top-Secret Data with Unauthorized Parties – According to court filings, Rahman is alleged to have retained without authorization two documents classified as Top Secret on or about October 17, 2024, and delivered it to multiple individuals who were not entitled to receive it.
• FBI Warned Agents It Believes Phone Logs Hacked Last Year [Paywall] – FBI leaders have warned that they believe hackers who broke into AT&T Inc.’s system last year stole months of their agents’ call and text logs, setting off a race within the bureau to protect the identities of confidential informants, a document reviewed by Bloomberg News shows.
• Treasury Levels Sanctions Tied to a Massive Hack of Telecom Companies and Breach of Its Own Network – The Treasury Department announced sanctions in connection with a massive Chinese hack of American telecommunications companies and a breach of its own computer network.
• Bitbucket services “hard down” due to major worldwide outage – Bitbucket is investigating a massive outage affecting Atlassian Bitbucket Cloud customers worldwide, with the company saying its cloud services are “hard down.”
• FortiGate config leaks: Victims’ email addresses published online – Experts warn not to take leaks lightly as years-long compromises could remain undetected
• Cloudflare Blocked a Record-breaking 5.6 Tbps Ddos Attack – Cloudflare announced that it has blocked a record-breaking 5.6 terabit-per-second (Tbps) distributed denial-of-service (DDoS) attack.

Podcasts

• Smashing Security 401: Hacks on the high seas, and how your home can be stolen under your nose