A significant cybersecurity incident has emerged as a security researcher identified multiple critical vulnerabilities in FreeRTOS and its variants, which include Amazon FreeRTOS, OpenRTOS, and SafeRTOS. These vulnerabilities jeopardize a broad spectrum of Internet of Things (IoT) devices and critical infrastructures, raising alarms among industry stakeholders. FreeRTOS is a widely…
Instagram Discloses Critical Vulnerability, Promptly Patched Instagram, the widely-used photo-sharing platform owned by Facebook, recently addressed a critical vulnerability that could have enabled unauthorized access to user accounts. This flaw posed a risk by allowing remote attackers to reset user passwords without requiring any action from the targeted individual. With…
Title: Anthropic’s Project Glasswing: A Game Changer in Vulnerability Discovery Last week, Anthropic unveiled Project Glasswing, an advanced AI model designed for identifying software vulnerabilities with unprecedented effectiveness. In response to its powerful capabilities, the company has made the unusual decision to delay the public release of the model, providing…
Data Privacy Concerns Highlighted in Recent Research on Major Tech Firms Recent investigative findings from EPIC (Electronic Privacy Information Center) reveal significant shortcomings in the opt-out processes of prominent technology companies, raising alarms about consumer privacy rights. EPIC’s researchers discovered that platforms including Meta, X (formerly Twitter), OpenAI, and Tinder…
Critical Security Flaw Discovered in Amazon’s Ring Video Doorbell Pro Devices In a recent disclosure by cybersecurity researchers at Bitdefender, a significant vulnerability has been identified in Amazon’s Ring Video Doorbell Pro devices. This flaw presents an opportunity for nearby attackers to intercept WiFi passwords and potentially execute a variety…
Amazon Disrupts APT29’s Watering Hole Campaign Utilizing Microsoft Device Code Authentication
On August 29, 2025, in a significant security intervention, Amazon revealed it had identified and dismantled a watering hole campaign orchestrated by the Russia-linked APT29 group. This campaign exploited compromised websites to direct users towards malicious infrastructure, tricking them into authorizing attacker-controlled devices via Microsoft’s device code authentication process. Amazon’s Chief Information Security Officer, CJ Moses, provided insights into the threat. APT29, also known by aliases such as BlueBravo, Cozy Bear, and Midnight Blizzard, is a state-sponsored hacking group linked to Russia’s Foreign Intelligence Service (SVR). Recently, the group has been associated with attacks employing malicious Remote Desktop Protocol (RDP) configurations to target Ukrainian entities and extract sensitive information. As the year progresses, the adversary’s extensive targeting strategies continue to raise concerns.
Amazon Disrupts APT29 Watering Hole Campaign Exploiting Microsoft Device Code Authentication On August 29, 2025, Amazon disclosed its successful intervention in a watering hole campaign linked to the Russian cyber-espionage group APT29. This operation was characterized as opportunistic, aiming to gather intelligence by misleading users through compromised websites. These malicious…
Amazon Disrupts APT29’s Watering Hole Campaign Utilizing Microsoft Device Code Authentication
On August 29, 2025, in a significant security intervention, Amazon revealed it had identified and dismantled a watering hole campaign orchestrated by the Russia-linked APT29 group. This campaign exploited compromised websites to direct users towards malicious infrastructure, tricking them into authorizing attacker-controlled devices via Microsoft’s device code authentication process. Amazon’s Chief Information Security Officer, CJ Moses, provided insights into the threat. APT29, also known by aliases such as BlueBravo, Cozy Bear, and Midnight Blizzard, is a state-sponsored hacking group linked to Russia’s Foreign Intelligence Service (SVR). Recently, the group has been associated with attacks employing malicious Remote Desktop Protocol (RDP) configurations to target Ukrainian entities and extract sensitive information. As the year progresses, the adversary’s extensive targeting strategies continue to raise concerns.
A tumultuous week has unfolded in the realm of cybersecurity, marked by significant vulnerabilities and subsequent exploits. A critical bug has put one of the internet’s preferred frameworks at risk, as cybercriminals seize upon artificial intelligence tools to enhance their capabilities, fake applications are siphoning away funds, and unprecedented levels…
Researchers have identified a Chinese cyber-espionage campaign targeting the United States ahead of the upcoming trade summit between President Donald Trump and President Xi Jinping. The findings, detailed in a report released by Fidelis Cybersecurity, reveal that the Chinese APT10 hacking group infiltrated the “Events” page of the U.S. National…
Teenager Charged in Connection with DDoS Attacks on Major Corporations An 18-year-old student from Stockport, England, has been charged with aiding cybercriminals by operating a Distributed Denial of Service (DDoS) for-hire service. This illegal operation allegedly facilitated attacks on the online platforms of various high-profile entities, including T-Mobile, Amazon, and…
