In a recent development, a former employee of WhatsApp, A. Baig, has raised serious allegations concerning data privacy breaches within the company. The core of the issue appears to be improper access by engineers to user data, a matter underscored in a letter outlining several compliance shortcomings. These include failing…
This week, cybersecurity experts reported a notable uptick in stealthy tactics employed by malicious actors, indicating that the real challenge may lie in identifying the threats that have already infiltrated systems rather than defending against external breaches. Attack methodologies increasingly leverage AI to manipulate public opinion, while malware masquerades within…
đź“… April 21, 2025
Cybersecurity / Hacking News
Can a seemingly harmless click trigger a major cyberattack? Surprisingly, yes. Last week’s events highlighted how hackers are adept at blending in with routine actions—whether it’s opening a file, initiating a project, or logging in normally. There are no loud alerts or glaring red flags; instead, attackers slip through unnoticed, exploiting minor weaknesses like misconfigured systems, trusted browser features, or recycled login credentials. These are not merely technical glitches—they reflect habits that are being exploited. Join us as we review the most significant developments from the week and their implications for your security.
Active Exploitation of Newly Patched Windows Vulnerability — A recently addressed security flaw affecting Windows NTLM has come under active attack, allowing malicious actors to leak NTLM hashes or user passwords since March 19, 2025. This vulnerability, identified as CVE-2025-24054 (CVSS score: 6.5), is a hash disclosure spoofing issue that Microsoft corrected last month during its Patch Tuesday updates.
Weekly Cybersecurity Recap: iOS Vulnerabilities, 4Chan Breach, NTLM Exploits, and More April 21, 2025 Cybersecurity Updates Recent events in the cybersecurity landscape have underscored the fragility of digital safety, revealing that seemingly innocuous actions, such as clicking a link or opening a file, can precipitate serious cyberattacks. These incidents highlight…
đź“… April 21, 2025
Cybersecurity / Hacking News
Can a seemingly harmless click trigger a major cyberattack? Surprisingly, yes. Last week’s events highlighted how hackers are adept at blending in with routine actions—whether it’s opening a file, initiating a project, or logging in normally. There are no loud alerts or glaring red flags; instead, attackers slip through unnoticed, exploiting minor weaknesses like misconfigured systems, trusted browser features, or recycled login credentials. These are not merely technical glitches—they reflect habits that are being exploited. Join us as we review the most significant developments from the week and their implications for your security.
Active Exploitation of Newly Patched Windows Vulnerability — A recently addressed security flaw affecting Windows NTLM has come under active attack, allowing malicious actors to leak NTLM hashes or user passwords since March 19, 2025. This vulnerability, identified as CVE-2025-24054 (CVSS score: 6.5), is a hash disclosure spoofing issue that Microsoft corrected last month during its Patch Tuesday updates.
A recent collaborative investigation by WIRED, The Markup, and CalMatters has unveiled that numerous data brokers are purposefully obscuring their opt-out and data deletion tools from Google Search results. This tactic complicates the ability of consumers to locate and utilize these privacy options, raising significant concerns about data privacy practices.…
Cybersecurity Update: AI-Induced Breaches on the Rise The landscape of cybersecurity is shifting as organizations increasingly adopt artificial intelligence (AI) without adequate oversight, significantly heightening their security risks. According to IBM’s recent annual report on data breaches, approximately 16% of breaches in the past year have involved the use of…
February 14, 2025
Enterprise Security / Cyber Attack
Microsoft has highlighted a new threat group known as Storm-2372, linked to a series of cyberattacks that have targeted multiple sectors since August 2024. The attacks focus on government entities, NGOs, IT services, defense, telecommunications, healthcare, higher education, and the energy sector across Europe, North America, Africa, and the Middle East.
Evaluated with medium confidence to align with Russian interests, the threat actors utilize messaging platforms such as WhatsApp, Signal, and Microsoft Teams. They impersonate notable figures relevant to their targets to gain trust. The attacks employ a phishing method known as ‘device code phishing,’ which deceives users into logging into productivity applications, allowing the actors to capture the login tokens for malicious use.
Microsoft Warns of Russian-Linked Cyber Attack Group Utilizing ‘Device Code Phishing’ Tactics February 14, 2025 Enterprise Security / Cyber Attack Microsoft has issued an urgent advisory regarding a rising threat actor, designated as Storm-2372, which is reportedly linked to Russian cyber interests. Since August 2024, this group has launched a…
February 14, 2025
Enterprise Security / Cyber Attack
Microsoft has highlighted a new threat group known as Storm-2372, linked to a series of cyberattacks that have targeted multiple sectors since August 2024. The attacks focus on government entities, NGOs, IT services, defense, telecommunications, healthcare, higher education, and the energy sector across Europe, North America, Africa, and the Middle East.
Evaluated with medium confidence to align with Russian interests, the threat actors utilize messaging platforms such as WhatsApp, Signal, and Microsoft Teams. They impersonate notable figures relevant to their targets to gain trust. The attacks employ a phishing method known as ‘device code phishing,’ which deceives users into logging into productivity applications, allowing the actors to capture the login tokens for malicious use.
Data Privacy, Data Security, Encryption & Key Management U.K. Government Signals Shift on Apple Encryption Requirement Akshaya Asokan (asokan_akshaya) • July 23, 2025 Apple’s logo displayed above its Regent Street store in London. (Image: Yau Ming Low/Shutterstock) The United Kingdom government appears poised to retract its demand that Apple provide…
Google’s Gemini AI Update Raises Privacy Concerns Beginning today, Google has initiated a significant change that allows its Gemini AI engine to interact with third-party applications, including popular services like WhatsApp, regardless of prior user settings designed to restrict such interactions. Users who wish to maintain their initial privacy settings…
Cyberwarfare / Nation-State Attacks, Fraud Management & Cybercrime Iranian Authorities Claim Intentional Internet Disruptions to Counter Israeli Cyber Threats Chris Riotta (@chrisriotta) • June 18, 2025 Iran has imposed significant restrictions on internet access nationwide. (Image: Leonid Andronov/Shutterstock) Iranian officials announced on Wednesday that the ongoing nationwide internet disruptions are…
