Attacks & Vulnerabilities |
Brit games studio Cloud Imperium admits to data breach (2 minute read)
Cloud Imperium Games, the studio behind Star Citizen, disclosed a January 21 data breach over a month later, revealing that attackers gained unauthorized read-only access to backup systems containing usernames, contact details, dates of birth, and other personal information. The company downplayed the risk by noting no financial data or passwords were compromised, but security experts warn the exposed PII is sufficient to fuel targeted phishing campaigns. Players criticized the delayed, near-hidden disclosure, with the breach notice buried in a small pop-up rather than communicated directly via email. |
1.2 Million Affected by University of Hawaii Cancer Center Data Breach (2 minute read)
A ransomware attack on August 31, 2025, compromised the data of 1.2 million at the University of Hawaiʻi Cancer Center, targeting research servers but sparing clinical operations. This affected 87,493 study participants' names, SSNs, health info from a 1993 cohort, plus 1.15 million others' names, driver's licenses, SSNs, and voter records. |
Hackers steal medical details of 15 million in France (2 minute read)
France's health ministry has confirmed a data breach involving the exposure of administrative information for 15.8 million patients and sensitive doctors' notes for approximately 165,000 individuals. The breach is connected to Cegedim Sante software, which is used by around 1,500 practices. Reports indicate that data such as sexual orientation and AIDS status appeared online, prompting experts to warn of potentially irreparable damage to privacy. |
|
Fake VCs target crypto talent in a new ClickFix campaign (20 minute read)
A suspected DPRK-aligned campaign is targeting crypto professionals through fabricated VC firms (SolidBit Capital, MegaBit, and Lumax Capital) on LinkedIn, funneling victims to spoofed Zoom/Google Meet pages that deploy cross-platform ClickFix payloads via fake Cloudflare CAPTCHA. The attack chain uses clipboard poisoning to inject OS-specific commands, delivering fileless PowerShell loaders on Windows and multi-stage Python payloads on macOS, with fully undetectable Mach-O binaries evading all VirusTotal vendors. Crypto and Web3 professionals should treat unsolicited LinkedIn outreach with extreme caution, verify company domains via WHOIS, and never paste commands into a terminal as part of any "verification" process. |
Analysis of an Integrated Phishing Campaign Utilizing Google Cloud Infrastructure (10 minute read)
A coordinated phishing operation abuses Google Cloud Storage to host a redirector HTML file at storage.googleapis.com, allowing emails to sail through SPF/DKIM checks while pointing to seemingly trustworthy Google infrastructure. The operator reuses one GCS bucket but fans out across 25+ lures, ranging from "Cloud Storage Full" and fake AV expiry to retail rewards and health offers, all converging on credit-card-harvesting pages that present low "shipping" or "service" fees. Defenders should flag storage.googleapis.com links in email, scrutinize sender metadata, and report abusive buckets like "whilewait" to Google Cloud Abuse to collapse the campaign's shared infrastructure. |
Abusing .ARPA: The TLD That Isn't Supposed to Host Anything (8 minute read)
The Infoblox Threat Intel team detected a novel phishing campaign that abuses the .arpa domain using IPv6 reverse domains to bypass firewalls and other detections. The .arpa TLD is a special TLD that is primarily used to map IP addresses to domains and is unlikely to be blocked. The attackers were able to find DNS registrars that allowed them to create A records for these domains and used them in phishing campaigns that advertised free prizes. |
|
mquire (GitHub Repo)
mquire is an osquery-inspired memory forensics tool that enables SQL-based querying of Linux kernel memory snapshots without requiring external debug symbols. Written in Rust, it leverages embedded BTF and Kallsyms data to enumerate processes, open files, and network connections, and to extract cached files directly from memory dumps. Designed for incident response and malware analysis, it supports interactive shell, single-query, and custom command modes, including process tree visualization and file carving. |
A new app alerts you if someone nearby is wearing smart glasses (2 minute read)
Nearby Glasses is a new Android app that continuously scans for Bluetooth signals from smart glasses made by Meta and Snap, alerting users when potentially always-recording wearable devices are detected nearby. The app matches manufacturer-specific Bluetooth company identifiers and supports custom IDs for detecting a broader range of surveillance wearables, though it may produce false positives from VR headsets. The tool addresses growing privacy concerns about covert recording devices, particularly following reports that Meta Ray-Ban smart glasses were used in immigration raids and harassment. |
Fig Security (Product Launch)
Fig Security traces data flows through security stacks, alerting teams to changes impacting detection or response. It back-traces detections, samples data pipelines, and simulates fixes via SIEM integrations. |
|
Aeternum Loader: Inside the binary (14 minute read)
Researchers reversed the Aeternum Loader malware, revealing its use of the Polygon blockchain for C2 communications via a hardcoded smart contract address, with AES-encrypted commands that can be decrypted using only the contract address as the key. The loader employs per-string XOR obfuscation, CRC32/DJB2 API hashing, NTFS ADS-based self-deletion, PPID spoofing to explorer.exe, and novel anti-VM checks including CPUID thermal/power MSR detection and SMBIOS BIOS characteristics bit counting. Notably, the blockchain C2 approach creates a permanent, immutable record of all attacker commands, giving defenders a historical audit trail once the encryption is broken. |
She Came Out of the Bathroom Naked, Employee Says (9 minute read)
A joint investigation by Svenska Dagbladet and Göteborgs-Posten revealed that data annotators at Meta subcontractor Sama in Nairobi routinely encounter intimate footage from Meta Ray-Ban smart glasses, including nudity, bank details, and sexual content from users who appear unaware they are being recorded. Network traffic analysis confirmed the glasses require constant communication with Meta servers to function, contradicting retailer claims that data stays local, while Meta's own terms permit both automated and human review of user interactions. Privacy lawyers and Sweden's data protection authority questioned the legality of transferring such sensitive data to Kenya, where no EU adequacy decision exists, raising significant GDPR compliance concerns. |
Flaw-Finding AI Assistants Face Criticism for Speed, Accuracy (3 minute read)
Anthropic's Claude Code Security and OpenAI's Aardvark raise concerns about being slow, expensive, and noisy compared to established SAST tools, especially when the same AI both writes and reviews code. Experts argue these assistants should augment, not replace, existing pipelines, as AI-driven "vibe coding" accelerates insecure code and growing security debt. The real value lies in AI-enhanced remediation workflows and the potential revival of interactive, AI-powered code review. |
|
| Love TLDR? Tell your friends and get rewards! | | Share your referral link below with friends to get free TLDR swag! | | | |
| Track your referrals here. |
|
| |
0 Comments