Know What's Happening in Cybersecurity
Know What's Happening in Cybersecurity
Cybersecurity Pulse
EMAIL DIGESTS
Daily
Every morning
Weekly
Tuesday recap
EMAIL DIGESTS
Daily
Every morning
Weekly
Tuesday recap
Ransomware and Supply‑Chain Breaches Surge Across Industries
The Cyber Express reports a sharp rise in ransomware incidents and supply‑chain compromises. High‑profile attacks include a ransomware intrusion at Hasbro, a malicious LiteLLM package update that hit AI startup Mercor, and a North Korean‑linked exploit of the Axios JavaScript library.
Also developing:
Generative AI is reshaping fraud economics by automating and personalizing attacks, lowering the skill barrier for cybercriminals. The article explains how traditional perimeter‑centric, rule‑based defenses are increasingly ineffective against AI‑driven, adaptive threats. It advocates a shift to continuous, behavior‑driven detection, real‑time signal orchestration, and active interdiction. Leaders must adopt learning models, unified telemetry, and governance to protect against millisecond‑level payment fraud in 2026.
The U.S. Treasury’s Office of Foreign Assets Control removed three individuals tied to the Intellexa Consortium—responsible for the Predator commercial spyware—from the Specially Designated Nationals list. The delisting followed petitions asserting the subjects had distanced themselves from the consortium, though...
The episode examines the IACR's botched Helios election, where a key management failure forced the organization to discard the vote and schedule a new election. Guest Matt Bernhard, an expert in secure voting systems, explains how Helios' homomorphic encryption works,...
Tyler Shields predicts that 2026 will see an AI‑driven escalation of both offensive cyber attacks and defensive tools, with attackers automating phishing, deep‑fakes, and vulnerability hunting at scale. Security teams will adopt autonomous containment, probabilistic exposure mitigation, and AI‑generated detection...
Cyber insurers see a sharp rise in AI‑driven phishing losses and a drop in vendor‑outage claims in H1 2025, prompting a shift in recommended defenses for 2026. Resilience’s Jud Dressler highlights role‑based access controls as the top technology to limit breach...
A recent Wired piece highlighted how scammers in China use AI‑generated images of merchandise, such as crabs, to falsely claim refunds, exposing a growing vulnerability in e‑commerce. The frauds, valued at roughly $27 per case, have led to administrative detentions...
Silver Fox, a China‑based cyber‑crime group, has shifted its phishing focus to India, using income‑tax‑themed emails to deliver the modular ValleyRAT remote‑access trojan. The campaign tricks recipients into opening a PDF that redirects to a malicious zip file, which contains...
AI is rapidly entering security operations, yet many SOCs lack a structured integration strategy. The 2025 SANS SOC Survey shows 40% of teams use AI tools without defined processes and 42% deploy them out‑of‑the‑box, leading to inconsistent value. Effective adoption...
Cybersecurity budgets have hit a five‑year low in growth, leaving CISOs to stretch limited funds while confronting emerging AI‑related risks. Chris Wheeler, CISO of Resilience, advises a budgeting approach that prioritizes compliance, seeks controls with positive return‑on‑controls, and plans for...
Developers are increasingly leaking sensitive credentials across a growing array of platforms, from Git repositories to collaboration tools like JIRA and Slack. A recent “state of secret sprawl” report identified 23 million secrets in the public domain last year, and experts...
At SECON’s 2025 and 2026 conferences, the author highlighted a seismic shift in cyber risk, moving from classic phishing to automated, credential‑based attacks and AI‑driven threats. Data shows MFA bypass rates soaring to 45%, ransomware focusing on data theft, and...
The episode examines the security and privacy flaws of Flock Safety’s AI‑driven license‑plate readers and gunshot‑detection cameras, which are now installed in thousands of U.S. communities. Independent researcher Jon Gaines and activist‑musician Benn Jordan reveal dozens of software vulnerabilities—including outdated...
Software bills of materials (SBOMs) remain a cornerstone of supply‑chain security, yet widespread adoption stalls due to incomplete data, late‑stage generation, and open‑source gaps. Docker’s Hardened Images showcase a best‑practice model, embedding full SBOMs and Level 3 SLSA provenance, while many...
2025 was defined by a wave of high‑impact cyber threats, from the Chinese state‑backed APT Salt Typhoon targeting telecom networks and the US National Guard, to severe budget cuts at the Cybersecurity and Infrastructure Security Agency (CISA). The year also saw...
The weekly cyber recap highlights a wave of active exploits, most notably the MongoDB "MongoBleed" vulnerability (CVE‑2025‑14847) being leveraged against over 87,000 instances worldwide. High‑profile breaches include a Trust Wallet Chrome extension hack that cost users roughly $7 million and a...
The worst cyber incidents of 2025 ranged from supply‑chain breaches of Salesforce integrations to ransomware attacks on Oracle’s E‑Business platform, massive data leaks at Aflac and Mixpanel, and a production‑shutting hack of Jaguar Land Rover. Hackers leveraged third‑party connectors, exploited...
In the first year of President Trump’s second term, citizens have flooded social media with videos and apps that track ICE and other federal agents during raids and arrests. The Department of Homeland Security responded with subpoenas to Meta, criminal...
Tony Anscombe, ESET’s chief security evangelist, recaps the year’s most consequential cyber events in his December 2025 roundup. He highlights that U.S. organizations paid more than $2.1 billion in ransomware ransom from 2022‑2024, a figure FinCEN says only scratches the surface. The...
MongoDB disclosed a critical vulnerability (CVE‑2025‑14847, CVSS 8.7) that allows unauthenticated attackers to read server memory via a flaw in zlib compression. Over 87,000 internet‑exposed instances have been identified, with 42% of cloud environments hosting at least one vulnerable deployment. The...
Weekly update is up! Upcoming Travel; Reaching IoT Shelly Nirvana; Physical Security Meets Digital with Ubiquiti: https://www.troyhunt.com/weekly-update-484/
The episode warns that a critical MongoDB memory‑disclosure vulnerability (CVE‑2025‑14847), likened to Heartbleed, was patched on December 24 but is already being exploited in the wild. The flaw lets attackers manipulate BSON length fields to retrieve arbitrary memory, potentially exposing...
The final Security Leadership Master Class pivots to contrarian perspectives, exposing common cognitive traps and ritualistic practices in cybersecurity. It critiques binary thinking, where perfection is equated with success and any flaw signals failure, and highlights the rise of "ceremonial...
The article warns that the United States is vulnerable to low‑cost commercial drone attacks, citing recent strikes by Ukraine, Israel, and Houthi rebels that demonstrated drones’ ability to hit high‑value targets far from battlefields. Despite the Pentagon’s 2025 budget allocating...
Patricia Voight, CISO of Webster Bank, shared her journey from telecom security to leading financial‑services cyber risk, emphasizing the sector’s constant evolution. She highlighted the bank’s mentorship and summer‑intern programs, which deliberately recruit neurodivergent talent and partner with universities. Voight...
Kaspersky attributes a two‑year cyber‑espionage campaign to the China‑linked APT group Evasive Panda, which used DNS‑poisoning to deliver its MgBot backdoor. The attacks, observed from November 2022 to November 2024, targeted organizations in Turkey, China and India by hijacking DNS responses for...
TechCrunch’s year‑end roundup spotlights the most compelling cybersecurity stories it didn’t publish in 2025, ranging from high‑profile investigations to niche technical exposés. Highlights include The Washington Post revealing a secret UK court order forcing Apple to build a backdoor, The...
A recent incident aboard a Mediterranean ferry exposed a remote access tool (RAT) likely introduced via insecure IoT devices. Commentators debated whether the breach qualifies as an IoT hack, noting that shipboard entertainment, CCTV and Wi‑Fi systems often lack proper...
_Yuri_Arcurs_alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale)
Dark Reading has launched its 2026 State of Application Security survey, extending the 2025 study that gathered insights from over 100 cybersecurity professionals. The new questionnaire adds topics like vibe coding and secure‑coding training while retaining core questions for year‑over‑year...
Bernardo Quintero finally identified the anonymous programmer behind the 1992 Virus Málaga, a harmless malware that sparked his fascination with cybersecurity. The discovery linked the virus to Antonio Enrique Astorga, who later became a teacher and left a lasting legacy....
In 2022 LastPass suffered a breach that exposed encrypted vault backups containing cryptocurrency private keys and seed phrases. TRM Labs now reports that weak master passwords allowed attackers to decrypt these vaults offline, siphoning roughly $35 million in crypto assets through...
Researchers at UIC, Wayne State and Northwestern have turned random atomic defects in graphene transistors into a physical unclonable function (PUF) for hardware security. Each transistor emits a unique radio signature that encodes its microscopic irregularities, creating a one‑of‑a‑kind cryptographic...
Fortinet disclosed that CVE‑2020‑12812, a case‑sensitivity flaw in its SSL VPN, is being actively exploited in the wild. The vulnerability lets attackers bypass two‑factor authentication when local users are linked to LDAP groups and usernames are entered with different casing....
The episode spotlights a surge in social engineering threats, beginning with a conference scam warning and a retired federal investigator's "Scammer Psychological Kill Chain" framework for detecting attacks. It highlights a 1,000% rise in job scams targeting desperate job seekers,...
Researchers uncovered a new macOS stealer, MacSync, delivered via a digitally signed and notarized Swift application masquerading as a messenger installer. The signed DMG bypasses Apple Gatekeeper and XProtect, allowing the dropper to execute an encoded script after user interaction....
The episode explains that the so‑called "unredaction" of Jeffrey Epstein files isn’t a hack but a failure of proper redaction: the FBI merely overlaid black bars or highlights, leaving the underlying text intact and selectable. By demonstrating how text can...
The U.S. Department of Health and Human Services unveiled a sweeping update to the HIPAA Security Rule in January 2025, aiming to tighten cybersecurity across hospitals and clinics. A coalition of 100 health‑care groups led by CHIME has called for...
Operation Sentinel, a 19‑nation Interpol‑led effort, dismantled multiple African cybercrime syndicates, arresting 574 suspects and seizing roughly $3 million in assets. The investigation neutralized over 6,000 malicious links and decrypted six ransomware strains, uncovering $21 million in losses from BEC, extortion and...
Aflac announced that hackers accessed personal and health information of 22.65 million customers, including Social Security numbers, medical records, and government IDs. The breach, disclosed in June, is linked to the Scattered Spider cyber‑criminal collective, which has been targeting insurers. Aflac’s...
Uzbekistan’s Ministry of Internal Affairs operates a national license‑plate‑reading system that monitors traffic with over a hundred high‑resolution cameras across the country. Security researcher Anurag Sen uncovered that the system’s web interface is publicly accessible without authentication, exposing GPS locations...
Global e‑commerce sales are set to surpass $6.4 trillion in 2025, fueling intense competition on marketplace review systems. Brushing scams exploit this pressure by sending low‑value items to random addresses, then posting fabricated 5‑star reviews to inflate product rankings. Victims often...
Healthcare providers are confronting a stark financial reality: the cost of maintaining an immature cybersecurity program now exceeds the expense of modernizing it. Breach incidents in the sector average $11‑12 million, while prolonged outages and regulatory penalties add further strain....
WatchGuard disclosed a critical zero‑day vulnerability (CVE‑2025‑14733) in its Firebox firewalls, enabling remote code execution via an out‑of‑bounds write in the Fireware OS. The flaw affects multiple firmware versions and specifically targets the IKEv2 VPN processes, with threat actors actively...
Group‑IB reported a fresh wave of Android SMS‑stealer campaigns targeting users in Uzbekistan since October 2025. Threat groups such as TrickyWonders, Blazefang and Ajina distribute malicious APKs via sideloading and Telegram, exploiting stolen Telegram accounts to lure contacts into installation....
On 19 November 2025 the European Commission unveiled the Digital Omnibus, a package of draft laws that consolidates the EU’s fragmented digital regulatory landscape. It pairs the Data Union Strategy and a proposed European Business Wallet to boost data access for AI...
The 2025 Year in Review product spotlight showcases six security‑focused solutions targeting education, enterprise, and financial sectors. Connect ONE’s ERP consolidates school data and grants first‑responder‑only access, while Genetec embeds cloud‑native audio into its Security Center SaaS for real‑time coordination....
The episode covers three security topics: TLS callbacks (Thread Local Storage) used by malware to execute code before a program's main function, a critical FreeBSD remote code execution flaw in the rtsold daemon that parses unsanitized DNS search lists from...
Hackers from the ShinyHunters subgroup of the Com stole more than 200 million PornHub user records and began extorting the site. At the same time, a critical Cisco AsyncOS zero‑day has been exploited since November with no patch available, threatening enterprise...
ESET has identified a new Chinese‑backed advanced persistent threat group, LongNosedGoblin, conducting cyber‑espionage against Japan and other Southeast Asian governments since 2023. The group leverages custom C#/.NET malware and uniquely abuses Windows Group Policy to drop payloads and move laterally...
The Trump administration’s 2025‑2026 policy agenda has dramatically reshaped U.S. cyber, privacy and law‑enforcement priorities. New directives such as NSPM‑7 and a FBI cash‑reward program broaden the definition of domestic terrorism to include political dissent, while travel‑screening rules force tourists...
Home‑care workers are increasingly sending unqualified friends or relatives to patient visits under false identities, a trend highlighted by recent fraud convictions and court cases in the U.S. and U.K. The Department of Health and Human Services reported 298 personal‑care...
