Cyber Security Headlines

CISO Series
undefined
Oct 29, 2025 • 8min

Android malware types like a human, sanctions weaken cyber ecosystems, side-channel extracts Intel, AMD secrets

Discover the latest in cyber threats, including Herodotus, an Android banking malware that mimics human typing to dodge detection. Learn how sanctions are complicating nation-state cyber operations without stopping attacks. Dive into a fascinating side-channel attack that reveals secrets from Intel and AMD's DDR5 technology. Plus, hear about the Atroposia RAT, designed for low-skilled attackers, and the FCC's new rules to combat robocalls. Stay informed on growing cybersecurity risks in the trucking industry!
undefined
Oct 28, 2025 • 8min

Atlas browser hijacked, Bye, bye Twitter birdie, Dante spyware surfaces

Researchers uncovered a serious security risk with the Atlas browser, allowing malicious URL prompts to compromise data. AI is spotlighted for its potential in diagnosing software vulnerabilities, while X (formerly Twitter) mandates re-registration of security keys as they phase out the old domain. Kaspersky links Italian Dante spyware to trolls targeting Eastern Europe. Major attacks are exploiting vulnerabilities in popular WordPress plugins, and a data breach exposes student information from an Iranian academy.
undefined
Oct 27, 2025 • 34min

Department of Know: Promoting passphrases, questioning international security conferences, gift card hackers

Sasha Pereira, CISO at WASH and expert in phishing resilience, joins Bil Harmer, CISO at Craft Ventures with a focus on security automation. They discuss the urgent need to rethink security practices in light of generative AI and share insights into the importance of passphrases over traditional passwords. The conversation also highlights the dangers posed by the Jingle Thief group targeting cloud environments and examines the implications of AI advancements in cybersecurity, emphasizing that human oversight remains essential.
undefined
8 snips
Oct 27, 2025 • 10min

Microsoft WSUS vulnerability, LastPass death hoax, Copilot phishing technique

A critical vulnerability in Microsoft's WSUS could allow hackers to execute remote code. Meanwhile, a deceptive campaign uses fake LastPass death notices to phish for passwords. The new CoPhish technique tricks users into granting OAuth consent via Copilot Studio agents, leading to token theft. Additionally, an international agreement on cybercrime was signed in Hanoi, and a DDoS attack disrupted food logistics in Russia. Research also highlights that passphrases outperform complex passwords for security.
undefined
26 snips
Oct 24, 2025 • 32min

Week in Review: AI powered cyberattacks, Chinese time hacked, the 72 hour workweek

David Cross, CISO at Atlassian, and Montez Fitzpatrick, CISO at Navvis, dive into the pressing challenges facing cybersecurity today. They discuss the implications of CISA staff reductions on small and medium enterprises, urging for community support. The duo analyze a DNS race condition that caused an AWS outage, highlighting resilience lessons. They also explore the geopolitical ramifications of China's claims about hacking, and tackle the potential burnout from a 72-hour workweek culture in tech. Lastly, they underline the importance of asset inventory following recent F5 breaches.
undefined
16 snips
Oct 24, 2025 • 9min

Jingle Thief exploit, Lazarus targets jobseekers, the 72 hour workweek

Hackers are on the rise, with the Jingle Thief stealing millions in gift cards through clever cloud exploitation. Meanwhile, the notorious Lazarus group is luring jobseekers in Europe to target defense companies developing UAVs. On a different note, the deep tech industry is pushing back hard, expecting new hires to embrace grueling 72-hour workweeks. As cybersecurity threats escalate, the race to implement stronger protections and response strategies continues.
undefined
16 snips
Oct 23, 2025 • 8min

TP-Link urges updates, MuddyWater espionage campaign, flaw hits Adobe Commerce

TP-Link highlights critical vulnerabilities in their Omada gateways, urging users to update. The espionage campaign by MuddyWater targets various organizations using sophisticated tools. Adobe Commerce faces threats due to the SessionReaper flaw, enabling account takeovers. Meanwhile, Canada penalizes Cryptomus for crypto violations, and Meta introduces new anti-scam features on their platforms. Researchers rake in nearly $793k at Pwn2Own after unveiling multiple zero-day exploits, showcasing the ongoing battles in cybersecurity.
undefined
16 snips
Oct 22, 2025 • 8min

Russian hackers replace malware with new tools, Windows updates cause login issues, campaign targets high-profile servers

Russian hackers are evolving, swapping out outdated malware for new, stealthier tools. Some recent Windows updates have created login chaos, affecting multiple PCs. A sophisticated campaign has emerged targeting high-profile servers with bespoke malware. Meanwhile, high-severity flaws have been added to CISA's exploited list, urging urgent patching. Plus, GlassWorm is spreading through VS Code extensions, stealing developer credentials, and a botnet expansion aims to compromise routers worldwide.
undefined
16 snips
Oct 21, 2025 • 8min

AWS outage, NSA hacking accusations, High risk WhatsApp automation

A major AWS outage caused by a DNS failure left global platforms in the lurch. Meanwhile, China has leveled accusations against the NSA for allegedly hacking its National Time Service using advanced tools. In a troubling trend, researchers discovered over 130 malicious WhatsApp automation extensions targeting users in Brazil. The threats don’t stop there—CISA has reported active exploitation of a Windows SMB vulnerability, exposing unpatched servers. It's a wild world out there in cybersecurity!
undefined
16 snips
Oct 20, 2025 • 9min

Europol dismantles SIM farm, Envoy Air compromised, Everest claims Collins hack

Europol successfully dismantled a massive SIM farm with 49 million fake accounts, marking a significant blow to cybercrime. Meanwhile, Envoy Air confirmed a major breach involving Oracle's systems, with ties to a well-known hacking group. The Everest group claimed responsibility for a cyberattack on Collins Aerospace, raising concerns after their leak site mysteriously disappeared. Additionally, new research highlighted vulnerabilities in unencrypted satellite communications that could expose sensitive military and corporate data.

The AI-powered Podcast Player

Save insights by tapping your headphones, chat with episodes, discover the best highlights - and more!
App store bannerPlay store banner
Get the app