Port 22

~ 19 May 2025 ~

Ransomware Gangs Use Skitnet Malware for Stealthy Data Theft and Remote Access

Trump Signs Controversial Law Targeting Nonconsensual Sexual Content

SEC SIM-swapper who Googled 'signs that the FBI is after you' put behind bars

A Silicon Valley VC Says He Got the IDF Starlink Access Within Days of October 7 Attack

Why CTEM is the Winning Bet for CISOs in 2025

Firefox Patches 2 Zero-Days Exploited at Pwn2Own Berlin with $100K in Rewards

Microsoft extends Zero Trust to secure the agentic workforce

Weekly Recap: Zero-Day Exploits, Insider Threats, APT Targeting, Botnets and More

Millions at risk after attackers steal UK legal aid data dating back 15 years

The NSAs Fifty Years of Mathematical Cryptanalysis (19371987)

Who Even Is a Criminal Now?

We 3D-Printed Luigi Mangiones Ghost Gun. It Was Entirely Legal

How to Win Followers and Scamfluence People

For Tech Whistleblowers, Theres Safety in Numbers

IT chiefs of UK's massive health service urge vendors to make public security pledge

Eeek! p0wned Alabama hit by unspecified 'cybersecurity event'

China launches an AI cloud into orbit -12 sats for now, 2,800 in coming years

~ 18 May 2025 ~

Ex-NSA bad-guy hunter listened to Scattered Spider's fake help-desk calls: 'Those guys are good'

How the Signal Knockoff App TeleMessage Got Hacked in 20 Minutes

~ 17 May 2025 ~

Boffins devise technique that lets users prove location without giving it away

Coinbase Will Reimburse Customers Up to $400 Million After Data Breach

~ 16 May 2025 ~

Fired US govt workers, Uncle Xi wants you! to apply for this fake consulting gig

Americas consumer watchdog drops leash on proposed data broker crackdown

Friday Squid Blogging: Pet Squid Simulation

New HTTPBot Botnet Launches 200+ Precision DDoS Attacks on Gaming and Tech Sectors

Top 10 Best Practices for Effective Data Protection

Defamation case against DEF CON terminated with prejudice

Researchers Expose New Intel CPU Flaws Enabling Memory Leaks and Spectre v2 Attacks

Communications Backdoor in Chinese Power Inverters

Broadcom employee data stolen by ransomware crooks following hit on payroll provider

Fileless Remcos RAT Delivered via LNK Files and MSHTA in PowerShell-Based Attacks

[Webinar] From Code to Cloud to SOC: Learn a Smarter Way to Defend Modern Applications

Good luck to Atos' 7th CEO and its latest biz transformation

From hype to harm: 78% of CISOs see AI attacks already

Scammers are deepfaking voices of senior US government officials, warns FBI

~ 15 May 2025 ~

DoorDash scam used fake drivers, phantom deliveries to bilk $2.59M

Meta to Train AI on E.U. User Data From May 27 Without Consent; Noyb Threatens Lawsuit

Coinbase Agents Bribed, Data of ~1% Users Leaked; $20M Extortion Attempt Fails

Breachforums Boss to Pay $700k in Healthcare Breach

Cyber fiends battering UK retailers now turn to US stores

Pen Testing for Compliance Only? It's Time to Change Your Approach

Coinbase extorted for $20M. Support staff bribed. Customers scammed. One hell of a breach disclosure

How the Microsoft Secure Future Initiative brings Zero Trust to life

5 BCDR Essentials for Effective Ransomware Defense

Russia-Linked APT28 Exploited MDaemon Zero-Day to Hack Government Webmail Servers

Socket buys Coana to tell you which security alerts you can ignore

Malicious npm Package Leverages Unicode Steganography, Google Calendar as C2 Dropper

Snowflake CISO on the power of 'shared destiny' and 'yes and'

Sednit abuses XSS flaws to hit gov't entities, defense companies

Threat landscape for industrial automation systems in Q1 2025

Siemens VersiCharge AC Series EV Chargers

Siemens User Management Component (UMC)

Siemens Teamcenter Visualization

Siemens SIRIUS 3SK2 Safety Relays and 3RK3 Modular Safety Systems

Siemens SIPROTEC and SICAM

Siemens SIMATIC PCS neo

Siemens SCALANCE LPE9403

Siemens RUGGEDCOM ROX II

Siemens RUGGEDCOM APE1808 Devices

Siemens Polarion

Siemens OZW Web Servers

Siemens MS/TP Point Pickup Module

Siemens Mendix OIDC SSO

Siemens IPC RS-828A

Siemens INTRALOG WMS

Siemens Desigo

Siemens BACnet ATEC Devices

Siemens APOGEE PXC and TALON TC Series

Schneider Electric EcoStruxure Power Build Rapsody

ECOVACS DEEBOT Vacuum and Base Station

New Chrome Vulnerability Enables Cross-Origin Data Leak via Loader Referrer Policy

AI-Generated Law

Operation RoundPress

Here's what we know about the DragonForce ransomware that hit Marks & Spencer

~ 14 May 2025 ~

Samsung Patches CVE-2025-4632 Used to Deploy Mirai Botnet via MagicINFO 9 Exploit

BianLian and RansomExx Exploit SAP NetWeaver Flaw to Deploy PipeMagic Trojan

Xinbi Telegram Market Tied to $8.4B in Crypto Crime, Romance Scams, North Korea Laundering

Metal maker meltdown: Nucor stops production after cyber-intrusion

The Internet's Biggest-Ever Black Market Just Shut Down Amid a Telegram Purge

CTM360 Identifies Surge in Phishing Attacks Targeting Meta Business Users

Why CVSS is failing us and what we can do about it

Uncle Sam pulls $2.4B Leidos deal to support CISA after rival alleges foul play

CFPB Quietly Kills Rule to Shield Americans From Data Brokers

Earth Ammit Breached Drone Supply Chains via ERP in VENOM, TIDRONE Campaigns

Ivanti patches two zero-days under active attack as intel agency warns customers

Learning How to Hack: Why Offensive Security Training Benefits Your Entire Security Team

Horabot Malware Targets 6 Latin American Nations Using Invoice-Themed Phishing Emails

Upcoming Speaking Engagements

Meta's still violating GDPR rules with latest plan to train AI on EU user data, says noyb

John Scott-Railton Testifies Before EU Parliaments Committee on Civil Liberties, Justice and Home Affairs

VPN Secure parent company CEO explains why he had to axe thousands of 'lifetime' deals

Microsoft Fixes 78 Flaws, 5 Zero-Days Exploited; CVSS 10 Bug Impacts Azure DevOps Server

Go ahead and ignore Patch Tuesday it might improve your security

Patch Tuesday, May 2025 Edition

Googles Advanced Protection Now on Android

North Korean IT Workers Are Being Exposed on a Massive Scale

Fortinet Patches CVE-2025-32756 Zero-Day RCE Flaw Exploited in FortiVoice Systems

Ivanti Patches EPMM Vulnerabilities Exploited for Remote Code Execution in Limited Attacks

Everyone's deploying AI, but no one's securing it what could go wrong?

Ransomware scum have put a target on the no man's land between IT and operations