hack,hacker,hacker news,cybersecurity, penetration testing, hackerspace, cyberwar, cybercrime

This Week in Tech News

• Threat Actors Modify and Re-Create Commercial Software to Steal User Information by Sravan Ganachari
• Chinese Foreign Surveillance Network Thrives on (your) Backdoored SOHO Devices
• Ransomware-as-a-Service is becoming a structured business model.
• "Echo Chamber Attack" blows past AI Gaurdrails
• Spark Kitty steals pics, passwords, crypto wallets from iPhones and Android
• Zero-Click Zero-Day discovered that compromises Microsoft Co-Pilot Assistant
• GitHub Repos Poisoned Again...
• Iran-Israel War Triggers a Maelstrom in Cyberspace
• Paragon Commercial Surveillance Software Infects Journalists

In Other News:
• First Images of Coronal Flares from NASA's PUNCH mission
• Don't Drink that Latte! --says the Crackhead...
• Rings of Power... Fake Tolkien...
• Amazon Says Alexa Won't Testify in Murder Trial Unless Subpoeana is Binding - LOL!
• End Of An Era: NOAA Polar Sats Wind Down Operations
• The New York Times Copyright Complaint Against OpenAI and Microsoft - Court Document

'Expert's Corner'
• How to Brute Force the Phone Number of any Google User
• Toward Heterogeneous, Distributed, andEnergy-Efficient Computing with SYCL
• CPU Side Channel Hacking White Paper From Intel
• Deep Dive into a Fast-Flux Secured Network
• Assembly Language is Easy! -- Alisa Esage...
• Five Zero Day Flaws in Qualcomm MSM Linux Kernel & ARM Mali GPU

Archives

• Million Dollar Bounty on Redline Developers
• SentinelOne rebuffs Chinese attack - discovers global intrusions
• SecOps Teams Need to Tackle AI Hallucinations
• Newly patched Windows zero-day exploited in Stealth Falcon attack
• Critical Cisco ISE Auth Bypass Flaw Impacts Cloud Deployments on AWS, Azure, and OCI
• Questions Swirl Around ConnectWise Flaw Used in Attacks
• Backdoored Open Source Malware Repositories Target Novice Cybercriminals
• Fake Docusign, Gitcode Sites Spread NetSupport RAT via Multi-Stage PowerShell Attack
• Global Law Enforcement Shuts Down Cybercrime Crypting Services
• Popular Chrome Extensions Leak API Keys, User Data via HTTP and Hard-Coded Credentials
• Automous Gen-AI Attack Platform Generates Exploit Tools
• Attackers and Defenders Lean on AI in Identity Fraud Battle
• Moscow-Linked DOGE Hackers Stealing Private Labor Union Data
• Apple Zero-Days Under 'Sophisticated Attack,' but Details Lacking
• Chinese APT Mustang Panda Debuts 4 New Attack Tools
• CVE program averts swift end after CISA executes 11-month contract extension
• Brian Krebs Backs Up Whistleblower Claim of DOGE Hacking With Real Evidence
• Oracle Still Denies Breach as Researchers Persist
• Google Hastily Patches Chrome Zero-Day Exploited by APT
• Hacker Claims Breach of Check Point Cybersecurity Firm, Sells Access
• ZDI-CAN-25373: Windows Shortcut Exploit Zero-Day in Widespread APT
• Backdoors Remain in Chinese Manufactured Robots...
• Confirmed iOS webp Zero Day Buffer Overflow Vulnerabilities
• China Controls Numerous Free-VPN Apps on the Google App Store...
• Youtube Lead Young Gamers to Gun and School Shooting Videos
• Verizon Customers' Data Exposed Again...
• Pro-Trump Think Tank Hacked
• Evil Corp Latest News
• Alleged Israeli LockBit Developer Rostislav Panev Extradited to U.S. for Cybercrime Charges
• Who attacked X? Dark Storm Claims Responsibility
• Swiss Cheese... I mean Microsoft releases patches for a Record Number of Zero Days
• It's About Time... HIPAA Proposes Cybersecurity Upgrades to Medical Informations Systems...
• AI in the grubby claws of criminal hackers
• The UK's Demands for Apple to Break Encryption - Electronic Frontier Foundation
• Android Security Updates patch multiple Zero Day vulnerabilies
• French Assembly Shoots Down Encryption Backdoor
• China-Linked Silk Typhoon Expands Cyber Attacks to IT Supply Chains for Initial Access
• Broadcom urges customers to patch 3 zero-day VMware flaws
• More than 86K IoT devices compromised by fast-growing Eleven11 botnet
• Trump administration back in the Cyber-Sack with Putin...
• Pentagon denies halting cyber operations against Russia
• Seven Malicious Go Packages Found Deploying Malware on Linux and macOS Systems
• Quantum Wars: Google, Microsoft, and Amazon’s Competing Paths to Fault-Tolerant Qubits
• North Korean Fake IT Workers Pose as Blockchain Developers on GitHub
• Closing the Cybersecurity Skills Gap: How MSPs Can Rescue Businesses
• Patient Health Monitors Linked to China IP through Backdoor
• Researcher Jailbreaks chatGPT's new 3o model - Gets the AI to create an exploit
• Scientists develop micro-robots that can flow like a fluid or collectively assemble into solid shapes
• AMD Radeon 9070 and 9070 XT final specs and official performance benchmarks leaked
• How "LLMjacking" operations obtain stolen access to DeepSeek models
• Nation State Hackers Collaborating with Civilian Hacktivists Targeting Critical Infrastructure
• Website for Office of Veterans Affairs Vulnerable To Attack and Under Inadequate Management
• TP-Link Consumer Routers - Safe or Not?
• Call for action: urgent plan needed to transition to post-quantum cryptography together
• Intelligence Notification: Violent online communities threaten children
• Key figures behind Phobot and 8Base ransomeware arrested in international cybercrime crackdown
• Crypto sleuths join hunt for $1.5bn stolen in biggest ever heist
• Nation State Exploiting Zero-Day Vectors in Ivanti Cloud Service Databases
• Boo!Hoo! ChatGPT ... Welcome to Capitalism
• DeepSeek and chatGPT Both Reflect Nationalist Propaganda
• TikTok Ban Backfires!!!
• Zero Day Vulnerability in Sonic Wall Industrial Control Systems Exploited in the Wild
• Commentary on REDnote's Terms and Conditions...
• $1 TRILLION wiped off US stocks after Chinese firm unveils AI chatbot
• Well we saw this one coming for SURE! DeepSeek massively hacked (probably by it's competitors in Western markets
• Hack Hits Smith Group Hard in the Wallet...
• North Korean Spies Infiltrate U.S. Cybersecurity Firms
• Cracked version of Araneida scooping web admin credentials worldwide
• Amazon: AI technology has spawned a surge in hacking attempts
• Forbes: The Growing Risks Of AI-Generated Cyberattacks
• Are 'Red Rooms' Real? Deep Dive into Brianna Ghey Murder Case
• 'Expert's Corner' University student researchers demo hardware 'Side Channel' attack that enables theft of entire AI models and training data...
• Chinese Hacker Pwns 81K Sophos Firewall Devices With Zero-Day Bug
• 'Older News Item': Variety Jones Sentenced 10 years after Silk Road falls
• MMS Scam Threat Growing... Be Careful!
• US rolls out new AI chip restrictions in effort to close China's backdoor access capacities..
• FBI Advocates Encryption Apps Post-China Hack
• FBI Warns Against Cross-Platform Textin
• The Golden Rule of Cybercrime in Russia - Love Your Mother, and You Will Get Away With Everything
• Interpol's Major Cybercrime Operation in Africa
• Employee Cybersecurity Compliance Lapses
• Google Search Exploited for Malware Distribution
• FBI and European partners seize Quackbot malware network in blow to global cybercrime
• LockBit Ransomware Group Disrupted
• International Criminal Court to Prosecute Cyberwar Crimes
• Cybersecurity Complacency Costs
• Diary reveals birth of secret UK-US spy pact that grew into Five Eyes
• Unraveling the Digital Heist: How the Internet was Stolen
• Russian Hackers Breach UK Ministry of Defence
• Iranian Hackers Target U.S. Presidential Campaign Official
• Netskope Plans 2025 IPO Amid Cybersecurity Market Hesitancy
• DP World Cyberattack Disrupts Australian Ports
• U.S. and Microsoft Disrupt Russian Hacking Operations Targeting Government Agencies
• Malicious Android Apps Expose Users to Security Threats
• Netflix Users Targeted by Phishing Scam
• T-Mobile hacked in massive Chinese breach of telecom networks
• Settlement Offers Up to $4,400 for Green Valley Pecan Data Breach Victims
• Ransomware Attack Disrupts Operations for Major Retailers
• Schneider Electric Investigates Cyberattack
• Stop & Shop Faces Product Shortages After Cybersecurity Incident
• Russian Cyber Unit Targeting Western Nations
• Vulnerabilities in U.S. Drinking Water Systems
• Phishing Scam Targeting Apple Users
• Ransomware Attack Disrupts Starbucks Operations
• Surge in Cyber Threats Detected by Amazon
• How to detect and remove spyware from an iPhone
• Apple Issues New Spyware Attack Warning To iPhone Users
• Kaspersky Reveals New Method to Detect Pegasus Spyware!
• Don't Be a Dumb Teenage Hacker 101
• Don't Be a Dumb Teenage Hacker 102
• Don't Be a Dumb Teenage Hacker 103
• Widespread Global Torture Campaigns In Name of Anti-Terrorism
• Lies..Lies..Lies... Welcome to another Four Years of Bullshit
• Two Washington Men Eaten by Bigfoot... sorta...
• Leaked Document Reveals what EU leaders knew about Israel's war crimes in Gaza.
• China Targeting Network Devices Worldwide - Report From Sophos
• Out of Support D-Link Routers With Critical Vulnerabilities Flagged (By D-Link) as WONTFIX
• An API endpoint left wide open lets you hack anyone's router
• More Hacking From Those Pesky North Korean State Sponsored APT Groups... and more from Seytonic
• Phishing Campaign Targets Ambassadors With Car Ads to Gather Critical Intel
• Linux Kernel Vulnerability Threatens Systems Across the Linux Landscape - Dark Reading
• Chinese APT Group Has Been Hacking Cisco Edge Routers for Over 10 Years With Corrupted Firmware - Dark Reading
• 2022 LastPass Breach Leads to Millions in Crypto Thefts - Krebs on Security
• Vicious Hacktivist Publishes Stolen Airbus Data and Threatens Arms Industry Giants - Krebs on Security
• Adobe, Apple, Google and Microsoft Reveal Zero-day and Zero-click Vulnerabilities - Krebs on Security
• EU unveils "revolutionary" laws to curb deceptive powers of big tech - The Guardian
• Spyware Vendor Hacked - Schneier on Security
• Google warns of novel social engineering method used to hack security researchers - The Verge
• NSA and FBI: Kimsuky hackers pose as journalists to steal intel - Bleeping Computer
• Hackers have breached organizations in defense and other sensitive sectors, security firm says - CNN
• Meta disrupted two influence campaigns from China and Russia - Security Affairs
• Blinking Red Light of Death for Surveillance Cameras - Hacker Combat
• China-linked hackers used VPN flaw to target U.S. defense industry -researchers - Reuters
• Iran-linked hackers used fake Atlantic Council-affiliated persona to target human rights researchers - Cyberscoop
• U.S. anti-hacking laws pose a risk to national security
• Recent legal developments bode well for security researchers, but challenges remain - CS Online
• Ethical hackers and the economics of security research - Help Net Security
• Getting Online (Or NOT) in North Korea
• The Impregnability of the Piratebay Fortress
• Wolfgang Brings US the "Perfect" Home Server Configuration..
• India Hosting Extensive Secret Hacking-for-Hire Industry
• What's Up with ChatGPT's Conversation History Feature: Privacy Breach!!
• Russian Spy Network Dismantled by Polish Security
• Critical (Nuclear) U.S. Infrastructure Targeted by Russia-Linked APT Group in 2022
• Your Phone Is My Bitch... Low Level, High Impact ARM Chip Vulnerabilities Discovered On Qualcomm Snapdragon ARM-Based Subsystems
• Five Guys H.R. Data Breach Highlights Dangers To Job Applicants. Company Faces Lawsuits.
• ChatGPT - AI That Can Write Malware (And Just About Anything Else...On Demand!)
• FBI Email Servers Hacked: Fake Malware Warnings Widely Distributed to Government and Industry
• Russian APT Groups Infiltrate U.S. Defense Contractors
• Chinese APT Groups Infiltrate U.S. Defense Contractors
• Are We FINALLY Gonna Be Rid of the Plague of Facebook? Meta Stocks PLUMMET
• The Latest in Russia/Ukraine Cyber War - NATO-designed Command and Control Servers Targeted
• The Pegasus Project: The Guardian and Washington Post Surveilling Israeli Surveillance Malware
• Government sourced spyware targeting Android mobile devices to permit extensive access to private resources and data on cell phones...
• Trickbot Leveraging Reputations of Major Brands
• NSA Mass Surveillance Undermines the Security of the United States, at Great Cost
• Federal Secure-Identiry Cards Foiled by Personal Reader Devices Infected with Malware
• Log4j vulnerability alive and well on VMWare Horizon Servers - North Korean Hackers Getting Inside!
• Conti CyberCrime Gang Responds to REvil Takedown
• Russian "Conti" (now under old name "Ryuk") Ransomware Group's Impact on U.S. Healthcare
• Timeline Review of the Ukraine-Russia Cyber-conflict
• Massive Russian Pipeline Company Breach
• Satellite System Hack Spills Across Europe
• Hack Russia Now
• Banking Trojan Targets Official AppStores to Gain Access Even to 2-Factor Authentication Tokens!
• Classic Email/Copycat Webpage Hack Demonstrates Power of Phishing to Enable Major Theft/Loss of Property
• India Anti-Hacktivist Group Plants False Evidence Leading to Arrests
• Apple Hands All User Data and Control of Data Centers in China to the CCP
• Malicious Python packages Found in the PyPI Repo
• Linux Kernel Z-Day Vulnerability Reported
• Initial Access Market is Booming for Critical Shipping Infrastructure
• Trojan Source Bug Threatens Security of ALL CODE...
• Russia's Nobelium APT Group Continues to Target Critical Global Supply Chain Actors
• Entire Twitch Website Hacked and Displayed: Phase One
• Cloudflare Gives a Detailed Accounting of the Facebook Network Outage
• Facebook, WhatsApp, and Instagram are down worldwide, it’s panic online
• Stuxnet-Like Viruses Remain a Top U.S. Security Risk
• Another Zero Day Exposes Countless Microsoft Business Customers to Targeted Attacks
• Industrial Switches from different Vendors Impaired by Similar Exposures
• Al Jazeera Hunts Bangladeshi Criminals Using Their Own Israeli-purchased Spyware
• North Korea Linked Konny Rat Updated Malware Aimed at Russian Targets
• Another Ransomeware Gang Goes Down, Releasing Private Decryption Keys...
• Supply Chain Attacks Destined to Escalate
• Microsoft, Google to Invest $30 Billion in Cybersecurity Over Next 5 Years
• Researchers Discover Android Surveillance Malware Built by U.S. Sanctioned Russian Firm
• HTTP-Botnets: The Dark Side of a Standard Protocol!
• Skynet, a Tor-powered botnet straight from Reddit
• REvil Ransomware Gang Disappears from Internet
• AMLBot - AML program to check crypto wallets for illicit funds
• Experts Shed Light On New Russian Malware-as-a-Service Written in Rust
• Ficker Infostealer Malware
• Hackers Obfuscating Payloads With Exotic Programming Languages
• Malware developers turn to 'exotic' programming languages to thwart researchers
• Dark Web Tool That Checked For Dirty Bitcoin Shuts Down
• Cybercriminals Have Built Their Own Blockchain Analytics Tool
• The NSA's Plan to own the Internet
• Ass Hacking: An Emerging International Cybersecurity Crisis
• Op Ed on Apple's New Mass Surveillance System and It's (Supposedly) Unintended Uses
• Tripwire Analyzes US Pipeline Security Issues
• Exposure of Thousands of Supply Chain Networks to Hackers is Likely On the Horizon
• Microsoft Exchange Server flaws inspire 30,000-plus Cyber Attacks
• Government Assessment of Solar Winds Breach
• FireEye Discovers Solar Winds Breach While Researching Internal Compromised Systems
• Microsoft Scrutinized for Role in Solar Winds Breach
• Zero Logon Vulnerability Exposes Windows Domain Controllers to Ransomware Attacks
• Cyberattacks Targeting Triconex Industrial Control Systems' Legacy Flaws - Private Critical Infrastructure Response Weak - Warns NSA, Homeland Security
• All the Ways Your Wi-Fi Router Can Spy on You
• Digital Shadows Weekly Podcast Roundup Discusses Ransomware Landscape
• Understanding NIST SP 800-207 - Zero Trust Security Architecture for Industrial Control Settings
• International Maritime Organization Hacked
• Wordpress Flaw Leverages Zerologon to attack Domain Controllers
• HEH Botnet Wipes/Bricks Devices
• Kraken Fileless Attack Exploits Windows Error Reporting
• Attack of the Coffee Makers... lol
• Chinese hackers have stolen information from Spanish laboratories working on a vaccine for COVID19, El Pais newspaper revealed
• US DoJ charges Iranian hackers for attacks on US satellite companies
• Russian Actors Use Fake N.A.T.O. Credentials to Hack Foreign Governments
• Brighter Bulbs on the Amazon Christmas Tree - Drivers Hacking Trees for Better Routes
• Who's Watching YOUR Six? Cryptocurrency Fraud By Russian Hackers..
• What's the Fight Really About? U.S. Economic Warfare and Likely Foreign Defenses
• AI Malware Considered
• Business Bigwigs Fear Hackers with AI Tools
• AI Malware with Superpowers...lol
• LATEST NEWS ON JULIAN ASSANGE FROM BRITAIN'S "Independent"
• Excellent Review of Current State of Cyberwarfare
• Japanese Cybercrime Underground On The Rise
• OOOhhh.... Hexane Moves In for the Big Kill...
• Captital One Data Breach...Unknown if This Data Was Actually Leaked!
• Court Blabs About NSA Hacking of Foreign Governments... Then Jails Contractor for Hacking NSA
• Wired Magazine takes a look at Hacker Group APT32, aka OceanLotus
• Trump Orders Cyberattack Against Iranian Missile Sites
• Triada Backdoor to Root Control Built Into Android Devices at Factories
• Hacker GnosticPlayers: Passwords for Sale
• Hackers Get Hacked! (It's About Time....)
• Assange Charged in U.S.
• Intezer Gets The Scoop on Hidden Wasp Linux Malware
• Germany Demands an End to Working Cryptography
• China APT Activity Review from US-CERT.gov
• Great Scholarly Contribution from bunnie and Ed (Snowden) on Hardware Vulnerability Mitigation
• Thangrycat Harware Vulnerability Compromises Cisco Trustchain at it's Root
• SeedWorm APT fortifies BlackWater phishing campaign with clever anti-detection methods
• Israel Responds to Hamas Cyber Attack with Lethal Military Force
• (YOUR) Instagram Private Data Dumped on Public Database
• Stack OVerflow's Production Servers Hacked!
• Operation ShadowHammer
• Mystery Hackers Hit MegaRich Corporations
• China-linked Cyber Espionage Group Targets Naval Adversaries
• Israeli Prime Minister Lead Challenging Candidate Hacked By Iranian Intelligence
• SimBad Malware Spreading Via Google Play Store
• NSA Hacks American Router Hardware
• NSA's "Boundless Informant"
• Thomas Drake Comments on PRISM
• Der Speigel: NSA mass surveillance of German citizens
• Researchers at Microsoft warn of damages caused by cyber operations conducted by Iran-linked cyberespionage groups.
• Modular Cryptojacking malware uses worm abilities to spread

Not About Tech Archives

• Watch North Korea Propaganda TV! Live or Archive! LOL!!!
• DOGE is on a cutting spree — and Social Security workers warn it's going to affect your benefits
• ‘Ukraine War is OVER’ – Jeffrey Sachs Stuns EU Parliament, Challenges US-Led Order! | CLRCUT
• Is Musk turning into a (complete) dick from hanging out with Trump? Pretty much ... yeah...
• "Newly elected President Musk and his sock-puppet Trump" -- Damien Walters
• Europa Clipper Well Underway and Guidance is Stellar!
• 1 in 83 chance of impact? That's Pretty Damn Close Baby...
• Methodical Destruction of Medical Facilities and Other Israeli War Crimes
• Get All Sides of the Story from AllSides...
• Trump Deregulation Efforts Threaten Security of Critical Space Systems
• Trump Releases Silk Road Founder Ross Ulbricht
• The Bitch Is Back...Trump sets the stage to screw the people who voted for him!
• Widespread Global Torture Campaigns In Name of Anti-Terrorism
• Lies..Lies..Lies... Welcome to another Four Years of Bullshit
• Two Washington Men Eaten by Bigfoot... sorta...
• Leaked Document Reveals what EU leaders knew about Israel's war crimes in Gaza.

Expert's Corner Archives

• The Stuxnet Technical Dossier
• A Deep Dive into Stuxnet
• Qualcomm Zero Days with Alisa Esange
• Injection attacks on End-to-End encryption
• (Two Decades Later...) AMD Issues Updates for Silicon-Level 'SinkClose' Processor Flaw
• Intel Reptar Flaw Patch For CPU Vulnerability Released
• Security vulnerabilities discovered in Apple processors
• Chrome-webrtc Zero Day Overview from Alisa Esage Shevchecko
• A Summary of Brief and In Depth Definitions of AI Terminology
• Logitech Wireless Usb Dongles Vulnerable To Hijacking (nRF24L Chip)
• Side-Channel Attack Vector on CPU/GPU Combo Motherboards
• University student researchers demo hardware 'Side Channel' attack that enables theft of entire AI models and training data...
• And If You Don't Believe That... Watch This - Logitech Hacked By Drone