Attacks & Vulnerabilities
|
Data Breach at Tennessee Hospital Affects 337,000 (1 minute read)
Cookeville Regional Medical Center in Tennessee found a network intrusion on July 14, 2025, with files stolen in the days before. Exposed data may include names, dates of birth, addresses, SSNs, driver's license numbers, financial details, treatment records, and insurance information for over 337,000 people. Rhysida ransomware actors listed the hospital, tried to sell 500 GB of data, then released it after no sale.
|
Sweden Reports Cyberattack Attempt on Heating Plant Amid Rising Energy Threats (2 minute read)
Sweden's Civil Defense Minister Carl-Oskar Bohlin publicly confirmed for the first time a failed 2025 cyberattack on a western Swedish heating plant, attributing it to a pro-Russian group tied to Russian intelligence. The incident sits within a broader campaign of 150+ sabotage and malign activity events across Europe that Western officials have linked to Russia since the February 2022 invasion of Ukraine. Operators of district heating, water, and grid infrastructure should assume active targeting, segment OT/IT networks, audit remote-access paths into SCADA/ICS environments, enforce MFA on vendor and engineering accounts, and hunt for the TTPs tied to Sandworm and adjacent GRU-linked clusters that have dominated recent European ICS intrusions.
|
|
Put Your SSH Keys in Your TPM Chip! (5 minute read)
This post walks through storing SSH private keys inside a TPM chip via the tpm2-pkcs11 stack on Linux, covering token creation, importing RSA/ECC256 keys generated offline, and wiring the PKCS#11 provider into ~/.ssh/config so keys never sit as plaintext files. Some tradeoffs of TPMs vs portable HSMs like Yubikeys: TPMs are device-bound with no physical-presence requirement, consumer motherboards often wipe the TPM on BIOS updates, and historical flaws like ROCA (CVE-2017-15361) weakened RSA keys generated by Infineon TPM chips. Defenders should prefer offline-generated, password-protected keys imported into the TPM with secure backups, add users to the tss group rather than running tooling as root, and validate token contents with tpm2_ptool verify and pkcs11-tool --list-objects before decommissioning filesystem-based keys.
|
Vulnerability Research Is Cooked (7 minute read)
Frontier coding agents have already collapsed the economics of exploit development. The consequence is that elite attention is no longer scarce: attackers will stop carefully picking Chrome-tier targets and instead aim agents at everything, with databases, routers, printers, hospital systems, and regional bank infrastructure, where patching requires someone physically showing up, sitting squarely in the blast radius. Defenders should assume full-chain exploits against layered sandboxes are imminent, accelerate memory-safe migrations and attack surface reduction, stand up agent loops against their own codebases before adversaries do, and start advocating now for vulnerability research rights before lawmakers react to the first AI-driven ransomware news cycle with bad policy.
|
Reverse Engineering iOS Shortcuts Deeplinks (7 minute read)
After a conversation with a friend, the author of this post set out to research whether iOS Shortcuts could be created using deeplinks. The post delves into the process of reverse engineering the URL scheme used by Shortcuts for deeplinking but unfortunately concludes that it isn't possible. Shortcuts is backed by a SQLite database that could possibly enable this work, but would require a jailbroken device to edit.
|
|
Artemis (Product Launch)
Artemis offers a threat detection and response platform that uses customer telemetry and business context to spot abnormal behavior, investigate alerts, map attack paths, and trigger automated remediation across applications, users, machines, and cloud workloads.
|
Introducing Betterleaks, an Open Source Secrets Scanner by the Author of Gitleaks (4 minute read)
Betterleaks is a pure-Go drop-in replacement for Gitleaks that keeps existing CLI flags and configs while adding CEL-based rule validation, default multi-layer encoding detection, and parallelized git scanning. Its standout filter swaps entropy for BPE token-efficiency scoring, lifting recall on the CredData benchmark from 70.4% to 98.6%, and the CLI is explicitly designed to be driven by coding agents like Claude Code, Codex, and Cursor alongside humans. Teams already running Gitleaks in CI can swap the binary today and gain speed and far fewer false negatives. The v2 roadmap adds support for more source types, optional LLM-assisted classification, and auto-revocation via provider APIs.
|
Awesome Deception (GitHub Repo)
Awesome Deception is a collection of articles, papers, conferences, guides, and tools related to deception in cybersecurity.
|
|
Nobody Knows How Many CVEs Anthropic's Project Glasswing Has Actually Found (4 minute read)
Anthropic claims its Mythos model can find zero-days across major OSes and browsers, so it restricted access via Project Glasswing to about 50 partners. A VulnCheck researcher searched CVE records and saw 40 vulnerabilities possibly linked to Anthropic, mostly in Firefox, wolfSSL, FreeBSD, OpenSSL, and NGINX Plus. Only CVE-2026-4747 in FreeBSD is clearly tied to Mythos so far, and several older bugs lack CVEs. A public summary is expected around July.
|
Europol-Supported Global Operation Targets Over 75,000 Users Engaged in DDoS Attacks (3 minute read)
21 countries ran a coordinated action week against users of DDoS-for-hire services on April 13, sending over 75,000 warning messages, making 4 arrests, seizing 53 domains, and issuing 25 search warrants. Authorities disrupted booter infrastructures, traced over 3 million user accounts, and started prevention campaigns, including search ads, URL removals, and blockchain warnings.
|
“TotalRecall Reloaded” Tool Finds a Side Entrance to Windows 11's Recall Database (4 minute read)
Microsoft's Recall captures extensive on-device activity and now keeps its database encrypted behind Windows Hello, but researcher Alexander Hagenah's TotalRecall Reloaded hooks the less-protected AIXHost.exe process to siphon screenshots, OCR text, and metadata once a user authenticates, sometimes even without Windows Hello, prompting apps like Signal, AdGuard, and Brave to actively block Recall from logging their content.
|
|
Love TLDR? Tell your friends and get rewards! |
|
Share your referral link below with friends to get free TLDR swag!
|
|
|
|
| Track your referrals here. |
|
|
|
0 Comments