Cyber (In)Securities – Issue 139

Posted on by Fel Gayanilo

Information Security News

  1. Autonomous, GenAI-Driven Attacker Platform Enters the Chat
    Dark Reading – Elizabeth Montalbano
  2. EncryptHub’s dual life: Cybercriminal vs Windows bug-bounty researcher
    BleepingComputer – Bill Toulas
  3. Voluntary ‘Pall Mall Process’ seeks to curb spyware abuses
    Cyberscoop – Tim Starks
  4. That massive GitHub supply chain attack? It all started with a stolen SpotBugs token
    The Register – Jessica Lyons
  5. EU wants to give encryption backdoors a try, despite pushback
    The Stack – Noah Bovenizer
  6. Google addresses 2 actively exploited vulnerabilities in security update
    Cyberscoop – Matt Kapko
  7. Scattered Spider’s ‘King Bob’ Pleads Guilty to Cyber Charges
    Dark Reading – Kristina Beek
  8. Malicious VSCode extensions infect Windows with cryptominers
    BleepingComputer – Bill Toulas
  9. NSW Electoral Commission asks for cyber security top-up
    itNews – Ry Crozier
  10. Chrome to patch decades-old flaw that let sites peek at your history
    The Register – Thomas Claburn
  11. UK’s attempt to keep details of Apple ‘backdoor’ case secret… denied
    The Register – Connor Jones
  12. EDR-as-a-Service Makes the Headlines in the Cybercrime Landscape
    Security Affairs – Pierluigi Paganini
  13. European Commission pushes for encryption ‘backdoors’
    Brussels Signal – Paddy Belton
  14. EU set to fine Elon Musk’s X up to $1 billion for breaking disinformation law
    Irish Star – Jeremiah Hassel
  15. E-ZPass toll payment texts return in massive phishing wave
    BleepingComputer – Bill Toulas
  16. Expert Used ChatGPT-4O to Create a Replica of His Passport in Just 5 Minutes Bypassing KYC
    Security Affairs – Pierluigi Paganini
  17. Microsoft Credits EncryptHub, Hacker Behind 618+ Breaches, for Disclosing Windows Flaws
    The Hacker News – Ravie Lakshmanan
  18. WinRAR flaw bypasses Windows Mark of the Web security alerts
    BleepingComputer – Ionut Ilascu
  19. Malicious Python Packages on PyPI Downloaded 39,000+ Times, Steal Sensitive Data
    The Hacker News – Ravie Lakshmanan
  20. Senators re-up bill to expand Secret Service’s financial cybercrime authorities
    Cyberscoop – Matt Bracken
  21. PoisonSeed phishing campaign behind emails with wallet seed phrases
    BleepingComputer – Bill Toulas
  22. Call Records of Millions Exposed by Verizon App Vulnerability
    SecurityWeek – Eduard Kovacs
  23. Trump fires Gen. Timothy Haugh from leadership of Cyber Command and NSA
    Cyberscoop – Mark Pomerleau
  24. Europcar GitLab breach exposes data of up to 200,000 customers
    BleepingComputer – Ionut Ilascu
  25. Rafts of Security Bugs Could Rain Out Solar Grids
    Dark Reading – Kristina Beek
  26. SpotBugs Access Token Theft Identified as Root Cause of GitHub Supply Chain Attack
    The Hacker News – Ravie Lakshmanan
  27. State Bar of Texas Says Personal Information Stolen in Ransomware Attack
    SecurityWeek – Ionut Arghire
  28. OPSEC Failure Exposes Coquettte’s Malware Campaigns on Bulletproof Hosting Servers
    The Hacker News – Ravie Lakshmanan
  29. Australian super funds compromised after data breach as hackers use stolen passwords
    The Guardian – Josh Taylor
  30. “Nudify” deepfakes stored unprotected online
    Malware Bytes – Pieter Arntz

Analysis

  1. PCI DSS 4.0.1: A Cybersecurity Blueprint by the Industry, for the Industry
    SecurityWeek – Kevin Townsend
  2. Intergenerational Mentoring: Key to Cybersecurity’s AI Future
    Dark Reading – Han Cho
  3. State-Sponsored AI Attacks: How Nations Are Using AI to Wage Digital War – The Weaponisation of AI in Cyber Warfare – Part 2
    PrivID (Substack)
  4. Australia’s social media ban is attracting global praise – but we’re no closer to knowing how it would work
    The Guardian – Josh Taylor
  5. Secure Communications Evolve Beyond End-to-End Encryption
    Dark Reading – Robert Lemos

CyAN Members: Op Eds, Articles, etc.

  1. Protecting the Power of AI: Strategies Against Emerging Security Risks
    RSAC Conference – Shantanu Bhattacharya
  2. Antivirus, Firewalls, and VPNs: What Do They Actually Do?
    Fel Gayanilo

🗓️ Upcoming CyAN (and CyAN Partner) Global Events:

SCCS Logo

📍 Lisbon, Portugal

Supply Chain Cyber Security Summit (SCCS)
April 9–11

Read more
GITEX AFRICA Logo

📍 Marrakesh, Morocco

GITEX AFRICA
April 14–16

Read more
GITEX ASIA Logo

📍 Singapore

GITEX ASIA
April 23–25

Read more
GISEC Logo

📍 Dubai, UAE

GISEC
May 6–8

Read more
Cyber OSPAs Logo

📍 London, UK

Cyber OSPAs
May 8

Read more
CSG Awards Logo

📍 Dubai, UAE

CSG Awards 2025
May 7

Read more
World AI Expo Logo

📍 Dubai, UAE

World AI Technology Expo
May 14–15

Read more

🎉 Celebration

CyAN 10th Anniversary
(Details TBA)

GITEX Europe Logo

📍 Berlin, Germany

GITEX Europe Messe
May 21–23

Read more
MaTeCC Logo

📍 Rabat, Morocco

MaTeCC
June 7–9

Read more

🌐 Online

CyAN Q2 Call (APAC + Gulf)
June 11 – 12:00 GST / 16:00 SGT / 18:00 AEST

🌐 Online

CyAN Q2 Call (EMEA + Americas)
June 11 – 20:00 GST / 18:00 CET / 17:00 UTC / 12:00 EDT

Advisors CyAN Cybercrime cybernews cybersecurity Cybersecurity Advisors Network information security regulation safety security Strategy Trust