InfoSec News Nuggets 5/19/2025

Scientists use AI to encrypt secret messages that are invisible to cybersecurity systems Scientists have found a way to turn ChatGPT and other AI chatbots into carriers of encrypted messages that are invisible to cybersecurity systems. The new technique — which seamlessly places ciphers inside human-like fake messages — offers an alternative method for secure communication “in scenarios where conventional encryption mechanisms are easily detected or restricted,” according to a statement from the researchers who…
Read More

InfoSec News Nuggets 5/16/2025

Chinese Actor Hit Taiwanese Drone Makers, Supply Chains The Chinese-speaking threat group Earth Ammit targeted a broader range of industries than just Taiwanese drone manufacturers, as initially assumed. In a report last year, Trend Micro detailed an Earth Ammit campaign dubbed Tidrone that, at the time, it believed specifically targeted military and satellite-related industrial supply chains and drone manufacturers.   Protecting Our Customers - Standing Up to Extortionists Cyber criminals bribed and recruited a group…
Read More

InfoSec News Nuggets 5/15/2025

CISA Planned to Kill .Gov Alerts, Then It Reversed Course The United States' top cyber defense agency reversed a decision Tuesday to stop posting cybersecurity alerts and guidance on its website after announcing 24 hours earlier that it would favor the X social media platform. The Cybersecurity and Infrastructure Security Agency said Monday it planned to scale back the steady stream of alerts posted to its cybersecurity advisories webpage, refocusing the site on "urgent information tied to…
Read More

InfoSec News Nuggets 5/14/2025

U.S. inks bill to force geo-tracking tech for high-end gaming and AI GPUs Last week, a U.S. congressman announced a plan to introduce a bill that would mandate producers of high-performance AI processors to track them geographically in a bid to limit their usage by unauthorized foreign actors, such as China. Senator Tom Cotton of Arkansas then introduced a legislative measure later in the week. The bill covers hardware that goes way beyond just AI processors, and would give…
Read More

InfoSec News Nuggets 5/13/2025

160,000 Impacted by Valsoft Data Breach  Canada-based vertical market software (VMS) firm Valsoft Corporation (dba AllTrust) is notifying over 160,000 people that their personal information was compromised in a data breach. The incident, discovered on February 14, involved unauthorized access to a non-production network of AllTrust subsidiary Aspire USA. “Aspire’s internal security team identified an in-progress file transfer which they were able to interrupt mid-transfer,” the company says in a notification letter to the impacted individuals, a copy of which was submitted to the Maine Attorney General’s…
Read More

InfoSec News Nuggets 5/12/2025

PowerSchool paid thieves to delete stolen student, teacher data. Looks like crooks lied An education tech provider that paid a ransom to prevent the leak of stolen student and teacher data is now watching its school district customers get individually extorted by either the same ransomware crew that hit it – or someone connected to the crooks. In December, PowerSchool – whose student information management system holds records on more than 60 million K-12 students…
Read More

InfoSec News Nuggets 5/9/2025

Cisco Patches CVE-2025-20188 (10.0 CVSS) in IOS XE That Enables Root Exploits via JWT Cisco has released software fixes to address a maximum-severity security flaw in its IOS XE Wireless Controller that could enable an unauthenticated, remote attacker to upload arbitrary files to a susceptible system. The vulnerability, tracked as CVE-2025-20188, has been rated 10.0 on the CVSS scoring system. "This vulnerability is due to the presence of a hard-coded JSON Web Token (JWT) on an…
Read More

InfoSec News Nuggets 5/8/2025

CrowdStrike lays off 500 in latest example of AI costing people their jobs Cybersecurity company CrowdStrike Holdings Inc. is cutting 500 jobs, or about 5% of its workforce, as it responds to both the security threat posed by artificial intelligence and the growing use of AI to move faster and operate more efficiently. It’s the latest example of how AI is disrupting the software business, following comments from Duolingo Inc. Chief Executive George Kurtz said in a letter…
Read More

InfoSec News Nuggets 5/7/2025

US Jury Orders NSO Group to Pay $168 Million to WhatsApp in Landmark Spyware Case A federal jury in California has ordered Israeli spyware maker NSO Group to pay WhatsApp approximately $168 million in damages, marking a watershed moment in the fight against commercial cyberespionage. The verdict, delivered on Tuesday, concludes a six-year legal battle between Meta Platforms, the parent company of WhatsApp, and NSO Group, whose Pegasus spyware was used to hack the messaging app’s…
Read More

InfoSec News Nuggets 5/6/2025

White House Proposes $500 Million Cut to CISA President Donald Trump has proposed slashing the budget of the federal cyber defense agency by nearly $500 million as part of the administration's forthcoming spending plan. The White House provided a series of recommendations on discretionary spending levels for fiscal year 2026 in a Friday letter sent to the Senate appropriations committee, detailing a "rigorous, line-by-line review" of the previous year's budget which it said was found…
Read More

InfoSec News Nuggets 5/5/2025

Ascension discloses new data breach after third-party hacking incident Ascension, one of the largest private healthcare systems in the United States, is notifying patients that their personal and health information was stolen in a December 2024 data theft attack, which affected a former business partner. The health network operates 142 hospitals nationwide, has over 142,000 employees, and has reported a total revenue of $28.3 billion in 2023. "On December 5, 2024, we learned that Ascension…
Read More

InfoSec News Nuggets 5/2/2025

Hackers ramp up scans for leaked Git tokens and secrets Threat actors are intensifying internet-wide scanning for Git configuration files that can reveal sensitive secrets and authentication tokens used to compromise cloud services and source code repositories. In a new report from threat monitoring firm GreyNoise, researchers have recorded a massive spike in searches for exposed Git configs between April 20-21, 2025. "GreyNoise observed nearly 4,800 unique IP addresses daily from April 20-21, marking a…
Read More

InfoSec News Nuggets 5/1/2025

WhatsApp says in-app AI tools will still keep messages secret  WhatsApp is launching a new feature for the messaging platform that will ensure users’ messages remain private when being analyzed by AI tools, even if they are not kept within the app’s end-to-end encrypted protocol. In a security engineering blog published Tuesday, the company previewed how its Private Processing feature will “enable users to initiate a request to a confidential and secure environment” where users can…
Read More

InfoSec News Nuggets 4/29/2025

Microsoft Confirms $1.50 Windows Security Update Hotpatch Fee Starts July 1 When it comes to security updates, those that fix vulnerabilities in an operating system used by billions are high on the mandatory agenda. Which is why it has not been the greatest month for Microsoft, what with the online furor after a recent Windows security patch added a mysterious folder, without any explanation. Social media “experts” advised users to delete it, only for Microsoft to issue…
Read More

InfoSec News Nuggets 4/28/2025

Top employee monitoring app leaks 21 million screenshots on thousands of users A major time-tracking company has been leaking sensitive screenshots on the open internet, putting countless people and organizations at risk of identity theft, data breaches, wire fraud, scams, and more. Cybersecurity researchers at Cybernews found an archive of “millions of real-time screenshots” generated by WorkComposer, which calls itself an “employee productivity monitoring tool”. These screenshots show what the employee is working on at any given time,…
Read More

InfoSec News Nuggets 4/25/2025

Security Experts Flag Chrome Extension Using AI Engine to Act Without User Input AI agents are projected to revolutionize the AI online experience, performing tasks and chores we’ve asked them to do in the background while we’re doing something more productive or enjoyable. However, it has recently been proven that AI agent infrastructure could be used to perform unsolicited actions on our behalf.  A group of security researchers at ExtensionTotal has found a suspicious Google…
Read More

InfoSec News Nuggets 4/24/2025

Bug hunter tricked SSL.com into issuing cert for Alibaba Cloud domain in 5 steps Certificate issuer SSL.com’s domain validation system had an unfortunate bug that was exploited by miscreants to obtain, without authorization, digital certs for legit websites. With those certificates in hand, said fraudsters could set up more-convincing malicious copies of those sites for things like credential phishing, or decrypt intercepted HTTPS traffic between those sites and their visitors. And since learning of that…
Read More

InfoSec News Nuggets 4/23/2025

Whistleblower: DOGE Siphoned NLRB Case Data A security architect with the National Labor Relations Board (NLRB) alleges that employees from Elon Musk‘s Department of Government Efficiency (DOGE) transferred gigabytes of sensitive data from agency case files in early March, using short-lived accounts configured to leave few traces of network activity. The NLRB whistleblower said the unusual large data outflows coincided with multiple blocked login attempts from an Internet address in Russia that tried to use valid credentials for a newly-created…
Read More

InfoSec News Nuggets 4/22/2025

Phishers abuse Google OAuth to spoof Google in DKIM replay attack In a rather clever attack, hackers leveraged a weakness that allowed them to send a fake email that seemed delivered from Google’s systems, passing all verifications but pointing to a fraudulent page that collected logins. The attacker leveraged Google’s infrastructure to trick recipients into accessing a legitimate-looking “support portal” that asks for Google account credentials. The fraudulent message appeared to come from “no-reply@google.com” and…
Read More

InfoSec News Nuggets 4/21/2025

Hacking US crosswalks to talk like Zuck is as easy as 1234 Crosswalk buttons in various US cities were hijacked over the past week or so to – rather than robotically tell people it's safe to walk or wait – instead emit the AI-spoofed voices of Jeff Bezos, Elon Musk, and Mark Zuckerberg. And it's likely all thanks to a freely available service app and poorly secured equipment. In Seattle this week, some crosswalks started…
Read More

InfoSec News Nuggets 4/18/2025

Apple and Google eye the future of AI glasses  Apple and Google know that smart glasses will replace the smartphone as the main device people use the most, according to recent news. And the two leading smartphone platform makers don’t want Meta to own the future of mobile computing, but they know Meta is leading the race so far. Meta is the current and surprising leader in AI glasses that don’t show a screen to the user. The best…
Read More

InfoSec News Nuggets 4/17/2025

CISA extends funding to ensure 'no lapse in critical CVE services' CISA says the U.S. government has extended MITRE's funding to ensure no continuity issues with the critical Common Vulnerabilities and Exposures (CVE) program. "The CVE Program is invaluable to cyber community and a priority of CISA," the U.S. cybersecurity agency told BleepingComputer. "Last night, CISA executed the option period on the contract to ensure there will be no lapse in critical CVE services. We…
Read More

InfoSec News Nuggets 4/16/2025

A whistleblower's disclosure details how DOGE may have taken sensitive labor data In the first days of March, a team of advisers from President Trump's new Department of Government Efficiency initiative arrived at the Southeast Washington, D.C., headquarters of the National Labor Relations Board. The small, independent federal agency investigates and adjudicates complaints about unfair labor practices. It stores reams of potentially sensitive data, from confidential information about employees who want to form unions to…
Read More

InfoSec News Nuggets 4/15/2025

China Admitted to Volt Typhoon Cyberattacks on US Critical Infrastructure In a secret meeting that took place late last year between Chinese and American officials, the former confirmed that China had conducted cyberattacks against US infrastructure as part of the campaign known as Volt Typhoon, according to The Wall Street Journal. The meeting took place at a Geneva summit in December and involved members of the outgoing Biden administration. The US officials who were present…
Read More

InfoSec News Nuggets 4/14/2025

Moroccan cybercrime group Atlas Lion hiding in plain sight during attacks on retailers Researchers have discovered a novel tactic used by Moroccan cybercrime group Atlas Lion to attack big-box retailers, apparel companies, restaurants and more. The group was observed using stolen credentials to enroll its own virtual machines (VMs) into an organization’s cloud domain, according to researchers at cybersecurity firm Expel. The move essentially allows the group to act like its cybercrime infrastructure is a legitimate part of…
Read More

InfoSec News Nuggets 4/11/2025

Palo Alto Networks Warns of Brute-Force Attempts Targeting PAN-OS GlobalProtect Gateways Palo Alto Networks has revealed that it's observing brute-force login attempts against PAN-OS GlobalProtect gateways, days after threat actors warned of a surge in suspicious login scanning activity targeting its appliances. "Our teams are observing evidence of activity consistent with password-related attacks, such as brute-force login attempts, which does not indicate exploitation of a vulnerability," a spokesperson for the company told The Hacker News.…
Read More

InfoSec News Nuggets 4/10/2025

OCC Notifies Congress of Incident Involving Email System The Office of the Comptroller of the Currency (OCC) today notified Congress of a major information security incident, as required by the Federal Information Security Modernization Act. This finding is the result of internal and independent third-party reviews of OCC emails and email attachments that were subject to unauthorized access. On February 11, 2025, the OCC learned of unusual interactions between a system administrative account in its…
Read More

InfoSec News Nuggets 4/9/2025

Malicious VSCode extensions infect Windows with cryptominers  A set of ten VSCode extensions on Microsoft's Visual Studio Code Marketplace pose as legitimate development tools while infecting users with the XMRig cryptominer for Monero. Microsoft VSCode is a popular code editor that allows users to install extensions to extend the program's functionality. These extensions can be downloaded from Microsoft's VSCode Marketplace, an online hub for developers to find and install add-ons. ExtensionTotal researcher Yuval Ronen has uncovered ten VSCode extensions published on Microsoft's portal on April 4, 2025.    Maryland pharmacist used keyloggers to spy…
Read More

InfoSec News Nuggets 4/8/2025

Autonomous, GenAI-Driven Attacker Platform Enters the Chat Researchers are sounding the alarm on an emerging all-in-one, AI-driven hacking tool that provides attackers with a modular architecture for developing and launching a range of cybercriminal operations, such as phishing campaigns, vulnerability exploitation, or even ransomware attacks. "Xanthorox AI," a cyberattack platform first spotted in March circulating on darknet hacker forums and encrypted channels, enables a style of self-directed, autonomous AI-driven attacks that defenders feared may eventually appear when…
Read More

InfoSec News Nuggets 4/7/2025

CISA braces for deep staffing cuts The Cybersecurity and Infrastructure Security Agency is looking to push out as much as a third of the agency's total headcount, in addition to contract personnel from a major threat hunting team, according to three sources familiar with the matter. The cuts are likely to impact "every single part of the agency," one of those sources told Axios — dealing a huge blow to the country's cybersecurity posture following earlier rounds…
Read More

InfoSec News Nuggets 4/4/2025

Oracle privately confirms Cloud breach to customers Oracle has finally acknowledged to some customers that attackers have stolen old client credentials after breaching a "legacy environment" last used in 2017, Bloomberg reported. However, while Oracle told clients this is old legacy data that is not sensitive, the threat actor behind the attack has shared data with BleepingComputer from the end of 2024 and posted newer records from 2025 on a hacking forum. According to Bloomberg,…
Read More

InfoSec News Nuggets 4/3/2025

Toll Scams Are What's Happen.xin Right Now Have you ever received an odd text message on your phone, purporting to be from a toll provider or package delivery service? If you have a U.S. cell phone, chances are you’ve encountered one of these SMiShing attempts—cybercriminals’ latest ploy to trick you into giving up your personal and financial details. SMiShing (a portmanteau of SMS and phishing) relies on victims clicking deceptive links that appear legitimate but…
Read More

InfoSec News Nuggets 4/1/2025

Password managers are under threat in 2025. What the LastPass breach taught us Back in August 2022, password manager LastPass suffered a massive breach. A still-unknown cyber criminal successfully targeted one of LastPass' four DevOps engineers who had access to the decryption keys for the cloud storage service. Using the engineer's stolen credentials, the hacker was able to infiltrate LastPass' systems undetected. This breach lasted for months and continued even after LastPass believed the threat…
Read More

InfoSec News Nuggets 4/1/2025

Ransomware Found in VSCode Extensions Raises Concerns Over Microsoft’s Security Review Cybersecurity experts have discovered ransomware hidden within two Visual Studio Code (VSCode) Marketplace extensions, raising concerns about Microsoft’s ability to detect malicious software in its platform. The compromised extensions, named “ahban.shiba” and “ahban.cychelloworld,” were downloaded by users before security researchers flagged them and they were subsequently removed. Despite Microsoft’s security measures, the extensions remained publicly accessible for a significant period, highlighting potential gaps in…
Read More

InfoSec News Nuggets 3/31/2025

Oracle Health breach compromises patient data at US hospitals A breach at Oracle Health impacts multiple US healthcare organizations and hospitals after a threat actor stole patient data from legacy servers. Oracle Health has not yet publicly disclosed the incident, but in private communications sent to impacted customers and from conversations with those involved, BleepingComputer confirmed that patient data was stolen in the attack. Oracle Health, formerly known as Cerner, is a healthcare software-as-a-service (SaaS) company…
Read More

InfoSec News Nuggets 3/28/2025

Oracle customers confirm data stolen in alleged cloud breach is valid Despite Oracle denying a breach of its Oracle Cloud federated SSO login servers and the theft of account data for 6 million people, BleepingComputer has confirmed with multiple companies that associated data samples shared by the threat actor are valid. Last week, a person named ‘rose87168’ claimed to have breached Oracle Cloud servers and began selling the alleged authentication data and encrypted passwords of 6 million users. The…
Read More

InfoSec News Nuggets 3/27/2025

NCSC taps influencers to make 2FA go viral The world's biggest brands have benefited from influencer marketing for years – now the UK's National Cyber Security Centre (NCSC) has hopped on the bandwagon to preach two-factor authentication (2FA) to the masses. It's the latest effort to improve the nation's cyber resilience as part of the Stop! Think Fraud campaign launched in February 2024 under Rishi Sunak's government, drafting in comedic sketch artists and Instagram personal…
Read More

InfoSec News Nuggets 3/25/2025

California AG Reminds 23andMe Customers of Data Deletion Rights Amid Bankruptcy Filing California Attorney General Rob Bonta has reminded customers of struggling biotech firm 23andMe of their right to direct the deletion of their genetic data. These rights fall under California’s Genetic Information Privacy Act (GIPA) and the California Consumer Protection Act (CCPA). The public advisory, published on the State of California Department of Justice’s website on March 21, followed the California-based company's public report that it…
Read More

InfoSec News Nuggets 3/24/2025

Cloudflare builds an AI to lead AI scraper bots into a horrible maze of junk content Cloudflare has created a bot-busting AI to make life hell for AI crawlers. The network-taming company built the tool after noticing that almost one percent of all requests to access web content that it can see now come from AI crawler bots. Those bots are probably scraping data that’s gathered up to train AI models. Web site operators can…
Read More

InfoSec News Nuggets 3/21/2025

Cybersecurity Experts Are Sounding the Alarm on DOGE  DOGE has fired top cybersecurity officers from various agencies, gutted the Cybersecurity and Infrastructure Agency (CISA), and cancelled at least 32 cybersecurity-related contracts with the Consumer Financial Protection Bureau (CFPB). Cybersecurity experts, including those fired by DOGE, argue that the agency has demonstrated questionable practices toward safeguarding the vast amount of personal data the government holds, including in agencies such as the Social Security Administration and the Department of Veterans Affairs…
Read More

InfoSec News Nuggets 3/20/2025

Ex-US Cyber Command chief: Europe and 5 Eyes can't fully replicate US intel If the United States stopped sharing cyber-threat intel with Ukraine, its European allies and the rest of the Five Eyes nations wouldn't be able to provide all the info Uncle Sam collects, according to former chief of US Cyber Command and the NSA General Paul Nakasone. Washington's week-long pause on sharing intel with Ukraine earlier this month "concerns" the retired General. Speaking at the…
Read More

InfoSec News Nuggets 3/19/2025

Microsoft isn't fixing 8-year-old shortcut exploit abused for spying An exploitation avenue found by Trend Micro in Windows has been used in an eight-year-long spying campaign, but there's no sign of a fix from Microsoft, which apparently considers this a low priority. The attack method is low-tech but effective, relying on malicious .LNK shortcut files rigged with commands to download malware. While appearing to point to legitimate files or executables, these shortcuts quietly include extra…
Read More

InfoSec News Nuggets 3/18/2025

Large enterprises scramble after supply-chain attack spills their secrets Open source software used by more than 23,000 organizations, some of them in large enterprises, was compromised with credential-stealing code after attackers gained unauthorized access to a maintainer account, in the latest open source supply-chain attack to roil the Internet. The corrupted package, tj-actions/changed-files, is part of tj-actions, a collection of files that's used by more than 23,000 organizations. Tj-actions is one of many GitHub Actions, a form of…
Read More

InfoSec News Nuggets 3/17/2025

China continues cyberattacks on routers, this time targeting Juniper Networks devices An espionage group operating out of China is targeting routers made by Juniper Networks, according to incident responders from Mandiant. The researchers said the state-backed group — dubbed UNC3886 — was behind a campaign last year to deploy custom backdoors on the company’s Junos OS routers. The group appears to be “focused mainly on defense, technology, and telecommunication organizations located in the US and Asia,” they…
Read More

InfoSec News Nuggets 3/14/2025

Medusa Ransomware Made 300 Critical Infrastructure Victims  Medusa was initially operated as a closed ransomware, and, although it is currently using an affiliate model, ransom negotiations are still conducted by the malware developers, CISA, the FBI, and the Multi-State Information Sharing and Analysis Center (MS-ISAC) note in a joint alert. The group engages in double extortion, encrypting victims’ data but also stealing it and threatening to leak it unless a ransom is paid. Medusa’s operators offer payments…
Read More

InfoSec News Nuggets 3/13/2025

Beware of Deepfakes: A New Age of Deception Steve was at his desk when he received a frantic video call from his manager, Bela. She looked stressed in the video call, her voice hurried. “I need you to send the confidential client report to this new email right away!” she insisted. Seeing her familiar face and hearing her distinct voice, he didn’t hesitate, he sent the confidential report to the new email address. Hours later,…
Read More

InfoSec News Nuggets 3/12/2025

MS-ISAC loses federal support The Multi-State Information Sharing and Analysis Center, which has supported the cybersecurity operations of state and local governments since its creation in 2004, has lost its federal funding and cooperative agreement, a Cybersecurity and Infrastructure Security Agency spokesperson confirmed with StateScoop on Tuesday. The news, first reported by freelance reporter Eric Geller, follows the Department of Homeland Security last month severing support for the Elections Infrastructure ISAC. A representative from the Center for…
Read More

InfoSec News Nuggets 3/11/2025

Swiss critical sector faces new 24-hour cyberattack reporting rule  Switzerland's National Cybersecurity Centre (NCSC) has announced a new reporting obligation for critical infrastructure organizations in the country, requiring them to report cyberattacks to the agency within 24 hours of their discovery. According to the NCSC announcement, this new requirement is introduced as a response to the increasing number of cybersecurity incidents and their impact on the country. The mandate is introduced via an amendment to the Information…
Read More

InfoSec News Nuggets 3/10/2025

Survey Says...It’s a Scam! Recently, I shared the first blog in a series recounting a user’s experience with malicious adtech. In that blog, I described how I had visited a compromised website, allowed notifications and found myself inundated with a seemingly endless stream of malicious content. For over three months, I had recorded every interaction and analyzed how the different companies in the adtech world affiliate with each other and with the advertisers they serve. In that…
Read More

InfoSec News Nuggets 3/7/2025

Massive botnet that appeared overnight is delivering record-size DDoSes A newly discovered network botnet comprising an estimated 30,000 webcams and video recorders—with the largest concentration in the US—has been delivering what is likely to be the biggest denial-of-service attack ever seen, a security researcher inside Nokia said. The botnet, tracked under the name Eleven11bot, first came to light in late February when researchers inside Nokia’s Deepfield Emergency Response Team observed large numbers of geographically dispersed IP addresses delivering…
Read More