03 Feb 2026
By Mary

InfoSec News Nuggets 02/03/2026

APT28 Leverages CVE-2026-21509 in Operation Neusploit A ThreatLabz writeup on a campaign attributed to APT28 using weaponized RTF files to exploit CVE-2026-21509 and drop multiple payloads. Notes include targeting in Ukraine, Slovakia, and Romania, plus timelines around Microsoft’s out-of-band fix and observed exploitation.   Critical Ivanti Endpoint Manager Mobile (EPMM) zero-day exploited in the wild (CVE-2026-1281 & CVE-2026-1340) Exploitation details and practical remediation notes for Ivanti EPMM, including the impact of the two CVEs and…
Read More
27 Aug 2025
By Mary

InfoSec News Nuggets 8/27/2025

The first AI-powered ransomware has been discovered — "PromptLock" uses local AI to foil heuristic detection and evade API tracking ESET today announced the discovery of "the first known AI-powered ransomware." The ransomware in question has been dubbed PromptLock, presumably because seemingly everything related to generative AI has to be prefixed with "prompt." ESET said that this malware uses an open-weight large language model developed by OpenAI to generate scripts that can perform a variety…
Read More
16 May 2024
By Mary

InfoSec News Nuggets 5/16/2024

MIT students stole $25M in seconds by exploiting ETH blockchain bug, DOJ says  Within approximately 12 seconds, two highly educated brothers allegedly stole $25 million by tampering with the ethereum blockchain in a never-before-seen cryptocurrency scheme, according to an indictment that the US Department of Justice unsealed Wednesday. In a DOJ press release, US Attorney Damian Williams said the scheme was so sophisticated that it "calls the very integrity of the blockchain into question." "The brothers, who studied computer science and math…
Read More
01 May 2024
By Mary

InfoSec News Nuggets 5/1/2024

New R Programming Vulnerability Exposes Projects to Supply Chain Attacks A security vulnerability has been discovered in the R programming language that could be exploited by a threat actor to create a malicious RDS (R Data Serialization) file such that it results in code execution when loaded and referenced. The flaw, assigned the CVE identifier CVE-2024-27322, "involves the use of promise objects and lazy evaluation in R," AI application security company HiddenLayer said in a report shared with…
Read More
26 Apr 2024
By Mary

InfoSec News Nuggets 4/26/2024

FCC votes to restore Obama-era network neutrality rules The Federal Communications Commission (FCC) on Thursday voted to restore Obama-era network neutrality rules that reclassify Internet service providers like Comcast and Charter under Title II of the Communications Act. The vote was along party lines, with three commissioners voting in favor of the restoration of network neutrality rules and two commissioners dissenting. Supporters of the measure, including some within the FCC, said a restoration of network…
Read More
09 Apr 2024
By Mary

InfoSec News Nuggets 4/9/2024

FCC to vote on net neutrality rules on April 25 The Federal Communications Commission is preparing to vote to restore net neutrality at the commission’s open meeting later this month. If adopted by the commission, restoring net neutrality would bring back a national standard for broadband reliability, security and consumer protection as well as reclassify the internet as a telecommunications service under Title II of the Communications Act of 1934. Net neutrality rules were first put in…
Read More
05 Apr 2024
By Mary

InfoSec News Nuggets 4/4/2024

Missouri county declares state of emergency amid suspected ransomware attack  Jackson County, Missouri, has declared a state of emergency and closed key offices indefinitely as it responds to what officials believe is a ransomware attack that has made some of its IT systems inoperable. "Jackson County has identified significant disruptions within its IT systems, potentially attributable to a ransomware attack," officials wrote Tuesday. "Early indications suggest operational inconsistencies across its digital infrastructure and certain systems have been…
Read More
20 Nov 2023
By Mary

InfoSec News Nuggets 11/20/2023

U.S. Cybersecurity Agencies Warn of Scattered Spider's Gen Z Cybercrime Ecosystem  U.S. cybersecurity and intelligence agencies have released a joint advisory about a cybercriminal group known as Scattered Spider that's known to employ sophisticated phishing tactics to infiltrate targets. "Scattered Spider threat actors typically engage in data theft for extortion using multiple social engineering techniques and have recently leveraged BlackCat/ALPHV ransomware alongside their usual TTPs," the agencies said. The threat actor, also tracked under the monikers Muddled Libra,…
Read More
27 Sep 2023
By Mary

InfoSec News Nuggets 09/27/2023

Cl0p’s MOVEit attack tally surpasses 2,000 victim organizations  The number of victim organizations hit by Cl0p via vulnerable MOVEit installations has surpassed 2,000, and the number of affected individuals is now over 60 million. The victim organizations are overwhelmingly based in the US. “The most heavily impacted sectors are finance and professional services and education, which account for 13.8 percent and 51.1 percent of incidents respectively,” Emsisoft researchers have shared on Monday. IT market research company KonBriefing Research shows similar numbers, and links to data breach notification alerts by…
Read More
09 Jan 2023
By Mary

InfoSec News Nuggets 01/09/2023

Dridex malware pops back up and turns its attention to macOS A variant of the bad penny that is Dridex, the general-purpose malware that has been around for years, now has macOS platforms in its sights and a new way of delivering malicious macros via documents.The first sample of this latest variant appeared on Virus Total in 2019, but detections started to rise a year later and peaked in December 2022, according to threat researchers…
Read More
28 Nov 2022
By Mary

InfoSec News Nuggets 11/28/2022

UK to criminalize deepfake porn sharing without consent Brace for yet another expansion to the UK’s Online Safety Bill: The Ministry of Justice has announced changes to the law which are aimed at protecting victims of revenge porn, pornographic deepfakes and other abuses related to the taking and sharing of intimate imagery without consent — in a crackdown on a type of abuse that disproportionately affects women and girls. The government says the latest amendment…
Read More
28 Sep 2022
By Mary

InfoSec News Nuggets 09/28/2022

Optus hacker apologizes and allegedly deletes all stolen data The hacker who claimed to have breached Optus and stolen the data of 11 million customers has withdrawn their extortion demands after facing increased attention by law enforcement. The threat actor also apologized to 10,200 people whose personal data was already leaked on a hacking forum. Optus, Australia's second-largest mobile operator, first disclosed the security breach on September 22, 2022, saying that an attacker might have gained access to…
Read More
28 Feb 2022
By Mary

InfoSec News Nuggets 02/28/2022

Nobelium Returns to the Political World Stage Nobelium, also known as APT29 and Cozy Bear, is a highly sophisticated group of Russian-sponsored cybercriminals. Approximately two years ago, countless system administrators and IT teams were forced to work around the clock to address Nobelium’s attack on SolarWinds. And last year, they similarly targeted numerous IT supply chains in the hopes of being able to embed themselves once again deep inside IT networks. But fast forward to…
Read More
21 Oct 2021
By Mary

InfoSec News Nuggets 10/21/2021

New FCC rules could force wireless carriers to block spam texts Under Acting Chairwoman Jessica Rosenworcel, the Federal Communications Commission is seeking to create new rules targeting spam text messages. Like another recent proposed rulemaking from the agency, the policy would push wireless carriers and telephone companies to block the spam before it ever gets to your phone. “We’ve seen a rise in scammers trying to take advantage of our trust of text messages by sending bogus robotexts that…
Read More
01 Oct 2021
By Mary

InfoSec News Nuggets 10/01/2021

This malware pretends to be Amnesty International protection from Pegasus Security researchers from Cisco Talos have discovered a new malware campaign in which cybercriminals are impersonating the human rights group Amnesty International. According to a new blog post, the campaign is targeting those concerned about falling victim to the Pegasus spyware which was created by the NSO Group and distributed to authoritarian governments around the world to keep tabs on international journalists and activists. Now though, cybercriminals have created a fake website impersonating the official…
Read More
07 May 2021
By Mary

InfoSec News Nuggets 05/07/2021

1 - Weaponized SMS Attack Goes Viral: What Millions Of Phone Users Need To Know A new SMS malware campaign capable of stealing passwords and banking credentials has started spreading like wildfire in recent weeks. So much so that mobile carriers and law enforcement agencies alike have been prompted to issue warnings about the so-called FluBot campaign. "What's unique about the campaign is that it has different kill chains depending on whether the target uses…
Read More
18 Feb 2021
By Mary

InfoSec News Nuggets 02/18/2021

Jones Day is latest major law firm affected by vendor data breach Jones Day confirmed Tuesday that a file transfer platform it used was recently compromised, and that the firm is investigating the breach and talking with affected clients. Hackers that go by the name Clop claim to have stolen files belonging to Jones Day and posted screenshots on the dark web, according to by DataBreaches.net, which posted redacted images of firm correspondence over the…
Read More
15 Dec 2020
By Mary

InfoSec News Nuggets 12/15/2020

Microsoft, FireEye confirm SolarWinds supply chain attack Hackers believed to be operating on behalf of a foreign government have breached software provider SolarWinds and then deployed a malware-laced update for its Orion software to infect the networks of multiple US companies and government networks, US security firm FireEye said today.  FireEye's report comes after Reuters, the Washington Post, and Wall Street Journal reported on Sunday intrusions at the US Treasury Department and the US Department of Commerce's National Telecommunications and…
Read More
02 Oct 2020
By Mary

InfoSec News Nuggets 10/02/2020

FCC commissioner calls for new scrutiny of undersea data cables A member of the U.S. Federal Communications Commission on Wednesday called for new scrutiny of undersea cables that transmit nearly all the world’s internet data traffic. “We must take a closer look at cables with landing locations in adversary countries,” FCC Commissioner Geoffrey Starks said Wednesday at a commission meeting. “This includes the four existing submarine cables connecting the US and China, most of which…
Read More
05 Aug 2020
By Mary

InfoSec News Nuggets 08/05/2020

US government sites abused to redirect users to porn sites In an ongoing blackhat SEO campaign tracked by BleepingComputer, scammers are using open redirects found on government websites to redirect visitors to pornography sites. An open redirect is an URL that anyone can use to redirect a visitor to a website of their choosing. Blackhat SEO scammers use these open redirects to get listings in search engines, such as Google, that show the page's title…
Read More
18 Jun 2020
By Mary

InfoSec News Nuggets 6/18/2020

SPACEX INTERNET SERVICE STARLINK ASKS FOR PEOPLE TO TRY IT OUT SpaceX has announced that it is looking for beta testers for its Starlink low-earth orbit internet service. The company, owned by Tesla CEO Elon Musk, was launched in 2015, with the first prototype satellites launched in 2018. Since then, the company has launched a host of new satellites from Nasa's Kennedy Space Center in Florida. There are currently 540 Starlink satellites in orbit. Eventually, they will form part…
Read More
10 Jun 2020
By Mary

InfoSec News Nuggets 6/10/2020

Apple adds anonymous symptom and health info sharing to its COVID-19 app and website Apple has updated its own COVID-19 iOS app and website with new features to allow users to anonymously share info including their age, existing health conditions, symptoms, potential exposure risks and the state in which they’re located. This info, which is not associated with any of their personal identifying data in any way according to the company, will be used in an aggregated way to…
Read More
18 May 2020
By Mary

InfoSec News Nuggets 5/18/2020

Hackers Say They Have Trump's 'Dirty Laundry' and Want $42 Million to Keep It Secret The anonymous hackers this week crippled the computer systems of high-profile celebrity law firm Grubman Shire Meiselas & Sacks claiming to have stolen 756GB of highly-confidential documents including contracts and personal emails from the firm’s client list, which includes Madonna, Drake, Lady Gaga, Elton John, Robert De Niro, U2 and Bruce Springsteen. The hackers initially demanded $21 million from the law firm…
Read More
06 May 2020
By Mary

InfoSec News Nuggets 5/6/2020

The New United Nations Coronavirus Social Distancing App Doesn’t Even Work This week a division of the United Nations announced its new social distancing app designed to help alert people when they get too close to another person during the ongoing coronavirus pandemic. Motherboard has found that the app, called 1point5, is barely functional, and an independent researcher highlighted how the app may be largely ineffective due to how it informs users when they are…
Read More
04 May 2020
By Mary

InfoSec News Nuggets 5/4/2020

Schiff to Google and Twitter: Please be more like Facebook when it comes to coronavirus misinformation Rep. Adam Schiff, D-Calif., has a message for the CEOs of Google, YouTube and Twitter when it comes to coronavirus misinformation: please be more like Facebook. It’s an unusual request from a D.C. lawmaker after Congress has spent the past few years scolding Facebook for its policies on misinformation. The company has struggled to escape the shadow of the 2018 Cambridge Analytica scandal and its role in spreading disinformation…
Read More
27 Apr 2020
By Mary

InfoSec News Nuggets 4/27/2020

The pandemic is bringing us closer to our robot takeout future Robot deliveries remain rare enough that it's easy to dismiss them as curiosities. But that's a mistake. The technology works now. Starship already has hundreds of robots in service delivering food to real customers. Spurred by demand from locked-down customers, that number could soon soar to the thousands and eventually into the millions. With lower costs and no need to tip, robots could make…
Read More
01 Apr 2020
By Mary

InfoSec News Nuggets 4/1/2020

Spotify is bringing its kids app to the US, Canada, and France Spotify’s expanding the rollout of its kids app, just as more kids are at home with nothing to do. The company announced that it’s bringing Spotify Kids to the US, Canada, and France today. The ad-free iOS / Android app is only available to Spotify Premium Family subscribers and features content appropriate for kids ages three and older. Spotify first launched the app in Ireland…
Read More
28 Feb 2020
By Mary

InfoSec News Nuggets 2/28/2020

1 - Clearview AI's entire client list stolen in data breach Clearview AI, a facial-recognition software maker that has sparked privacy concerns, said Wednesday it suffered a data breach. The data stolen included its entire list of customers, the number of searches those customers have made and how many accounts each customer had set up. "Security is Clearview's top priority," Tor Ekeland, Clearview AI's attorney, said in a statement. "Unfortunately, data breaches are part of life in…
Read More
25 Nov 2019
By Mary

InfoSec News Nuggets 11/25/2019

1 - Google ups bug bounties for Android flaws, exploits ASR covers security vulnerabilities discovered in the latest available Android versions for Pixel phones and tablets, which are currently Pixel 4, Pixel 3a and Pixel 3a XL, and Pixel 3 and Pixel 3 XL. “Eligible bugs include those in AOSP code, OEM code (libraries and drivers), the kernel, the Secure Element code, and the TrustZone OS and modules. Vulnerabilities in other non-Android code, such as…
Read More
30 Sep 2019
By Mary

InfoSec News Nuggets 9/30/2019

WordPress sites hacked through defunct Rich Reviews plugin An estimated 16,000 websites are believed to be running a vulnerable and no-longer-maintained WordPress plugin that can be exploited to display pop-up ads and redirect visitors to webpages containing porn, scams, and–worst of all–malware designed to infect users’ computers. Researchers at WordFence went public about how hackers are exploiting a zero-day vulnerability in a third-party WordPress plugin called Rich Reviews to inject malvertising code into vulnerable WordPress sites. The…
Read More