23 Jan 2026
By Mary

InfoSec News Nuggets 01/23/2026

Pwn2Own Automotive 2026 Day Two Adds $439,250 and 29 Zero-Days Day Two of Pwn2Own Automotive 2026 in Tokyo delivered another wave of vulnerability discoveries, with researchers earning $439,250 for demonstrating 29 unique zero-day vulnerabilities. This brings the event totals to $955,750 awarded and 66 zero-days discovered across two days. Fuzzware.io currently leads the Master of Pwn standings after successful exploits against the Phoenix Contact CHARX SEC-3150, ChargePoint Home Flex, and Grizzl-E Smart chargers. Other highlights…
Read More
24 Oct 2025
By Mary

InfoSec News Nuggets 10/24/2025

Jingle Thief: Inside a Cloud-Based Gift Card Fraud Campaign  We investigated a campaign waged by financially motivated threat actors operating out of Morocco. We refer to this campaign as Jingle Thief, due to the attackers’ modus operandi of conducting gift card fraud during festive seasons. Jingle Thief attackers use phishing and smishing to steal credentials, to compromise organizations that issue gift cards. Their operations primarily target global enterprises in the retail and consumer services sectors.…
Read More
18 Dec 2024
By Mary

InfoSec News Nuggets 12/18/2024

Serbia: Authorities using spyware and Cellebrite forensic extraction tools to hack journalists and activists Serbian police and intelligence authorities are using advanced phone spyware alongside mobile phone forensic products to unlawfully target journalists, environmental activists and other individuals in a covert surveillance campaign, a new Amnesty International report has revealed.  The report, “A Digital Prison”: Surveillance and the Suppression of Civil Society in Serbia, documents how mobile forensic products made by Israeli company Cellebrite are being used…
Read More
04 Nov 2024
By Mary

InfoSec News Nuggets 11/04/2024

Microsoft Delays Windows Copilot+ Recall Release Over Privacy Concerns  Microsoft is further delaying the release of its controversial Recall feature for Windows Copilot+ PCs, stating it's taking the time to improve the experience. The development was first reported by The Verge. The artificial intelligence-powered tool was initially slated for a preview release starting in October. "We are committed to delivering a secure and trusted experience with Recall," the company said in an updated statement released Thursday. "To ensure we deliver on these…
Read More
19 Apr 2024
By Mary

InfoSec News Nuggets 4/19/2024

Law enforcement infiltrates fraud platform used by thousands of criminals worldwide A website used by more than 2,000 criminals to defraud victims worldwide has been infiltrated in the Met’s latest joint operation to tackle large-scale online fraud. ‘LabHost’ is a service which was set up in 2021 by a criminal cyber network. It enabled the creation of “phishing” websites designed to trick victims into revealing personal information such as email addresses, passwords, and bank details.…
Read More
27 Jun 2023
By Mary

InfoSec News Nuggets 06/27/2023

The tech flaw that lets hackers control surveillance cameras In a darkened studio inside the BBC's Broadcasting House in London, a man sits at his laptop and enters his password. Thousands of miles away, a hacker is watching everything he types. Next, the BBC employee picks up his mobile phone and enters the passcode. The hacker now has that, too. A security flaw in the surveillance camera on the ceiling - manufactured by the Chinese…
Read More
28 Feb 2023
By Mary

InfoSec News Nuggets 02/28/2023

Dish Network goes offline after likely cyberattack, employees cut off  American TV giant and satellite broadcast provider, Dish Network has mysteriously gone offline with its websites and apps ceasing to function over the past 24 hours. The widespread outage affects Dish.com, Dish Anywhere app as well as several websites and networks owned by the corporation. Customers also suggest the company's call center phone numbers are unreachable. Additionally, customers are facing authentication issues when signing into TV channel apps such…
Read More
12 Jan 2023
By Mary

InfoSec News Nuggets 01/12/2023

The FBI Won't Say Whether It Hacked Dark Web ISIS Site  U.S. government lawyers are hampering efforts that could reveal how the FBI managed to obtain the real IP address of an alleged visitor to an ISIS website on the dark web, according to court records reviewed by Motherboard. The case involves Muhammed Momtaz Al-Azhari, who was charged in May 2020 with attempting to provide material support to ISIS. According to the complaint against him, Al-Azhari allegedly visited…
Read More
23 Dec 2022
By Mary

InfoSec News Nuggets 12/23/2022

Ransomware hackers take demands directly to college students: ‘For you, it’s a sad day’ The email went out to students at Knox College, a small liberal arts school in Illinois, on the evening of Dec. 12. A hacker group known as Hive had broken into the college’s computer system and gained access to student data, a common ransomware tactic. But this group had a new wrinkle for Knox students. “We have compromised your collage networks,” the…
Read More
01 Dec 2022
By Mary

InfoSec News Nuggets 12/01/2022

[U: Fix coming] Months-old security vulnerability still hasn’t been patched on Pixel, Samsung Google’s Project Zero this week highlighted the “gap” in getting security patches out the door and to affected users, and in doing so also revealed that millions of Android phones are at risk of an active security vulnerability. The specific issue that Google’s Project Zero is highlighting this week is a security vulnerability known as CVE-2022-33917. It’s a vulnerability that affects devices…
Read More
19 Sep 2022
By Mary

InfoSec News Nuggets 09/19/2022

Trojanized versions of PuTTY utility being used to spread backdoor Researchers believe hackers with connections to the North Korean government have been pushing a Trojanized version of the PuTTY networking utility in an attempt to backdoor the network of organizations they want to spy on. Researchers from security firm Mandiant said on Thursday that at least one customer it serves had an employee who installed the fake network utility by accident. The incident caused the employer to…
Read More
26 Aug 2022
By Mary

InfoSec News Nuggets 08/26/2022

Twitter confirms it is testing a phone number verification badge Last week, app researcher Jane Manchun Wong pointed out that Twitter is testing a new profile badge for people who have verified their phone numbers. Earlier this month, app sleuth Nima Owji also pointed out that the company is testing a phone verification badge. On Tuesday, the company confirmed that it is running this experiment to “allow people to add context to their accounts.” This could be to essentially…
Read More
30 Dec 2021
By Mary

InfoSec News Nuggets 12/30/2021

LastPass quells cyber-attack fears, blames email notification surge on ‘glitch’ LastPass has launched an investigation following a recent surge in blocked login attempts. The emailed notifications to a pre-registered email address would normally follow attempts to log in from a different browser version, device, or location. Users in receipt of these emails are invited to go to a link in order to confirm that the attempted login was valid. When LastPass noticed an unexpected rise in the…
Read More
01 Mar 2021
By Mary

InfoSec News Nuggets 03/01/2021

78% of top security leaders say their organizations are unprepared for a cyberattack Seventy-eight percent of senior IT and security leaders believe their organizations lack sufficient protection against cyberattacks, according to research conducted by IDG Research Services on behalf of Insight. The high level of concern expressed by these leaders resulted in 91% of organizations increasing their cybersecurity budgets in 2021 — a figure that nearly matches the 96% that boosted IT security spending in…
Read More
17 Feb 2021
By Mary

InfoSec News Nuggets 02/17/2021

Copycats emerge after researcher exploits design flaw to breach Microsoft, Apple, Tesla Pseudonymous authors published more than 150 copycat packages just three days after Sonatype published research around a software supply chain flaw, attempting to exploit the vulnerabilities in the brief window before a patch. Ethical hacker and security researcher Alex Birsan posted a blog on Feb. 9 that detailed how he used dependency, or namespace confusion, “to push his malicious proof-of-concept (PoC) code to internal…
Read More
21 Jan 2020
By Mary

InfoSec News Nuggets 1/21/2020

1 - Hacker leaks passwords for more than 500,000 servers, routers, and IoT devices A hacker has published this week a massive list of Telnet credentials for more than 515,000 servers, home routers, and IoT (Internet of Things) "smart" devices. The list, which was published on a popular hacking forum, includes each device's IP address, along with a username and password for the Telnet service, a remote access protocol that can be used to control devices…
Read More