Tootfinder

According to AhnLab, the N. Korean Lazarus Group, responsible for the recent massive theft from crypto exchange Upbit, has engaged in 31 cyberattacks, followed by DPRK's Kimsuky, which has launched 27 cyberattacks, over the past year.
https://en.yna.co.kr/view/AEN20251130001000315<…

#Cellebrite can apparently extract data from most #Pixel phones, unless they’re running #GrapheneOS.

Unit 42 details how underground hacking forums advertise and sell custom, jailbroken, and open-source AI hacking tools such as WormGPT and KawaiiGPT (Derek B. Johnson/CyberScoop)
https://cyberscoop.com/malicious-llm-tools-cybercrime-wormgpt-kawaiigpt/

North Korean hacking group Lazarus is suspected to be behind a breach of around 45 billion won ($30.6m) in cryptocurrency from South Korea's largest crypto exchange Upbit. The group was suspected of stealing 58 billion won ($40m) worth of Ethereum from Upbit in 2019.
https://en.yna.co.kr/view/A…

Sources: South Korean authorities suspect North Korean hacking group Lazarus of the $30M Upbit hack, which used methods resembling those of a 2019 Upbit theft (Kang Yoon-seung/Yonhap News Agency)
https://en.yna.co.kr/view/AEN20251128003952320?section=national/nation…

ICE has purchased “a smorgasbord of spy technology: social media monitoring, cellphone location tracking, facial recognition, remote hacking tools, and more … the government openly says it will use [these] capabilities to target people who oppose ICE’s actions [including] anti-ICE protesters.”
#ICE #protest

ICE Wants to Go After Dissenters as well as Immigrants
The Trump administration is being open about its plans to violate Americans’ First and Fourth Amendment rights.

Metacurity is pleased to offer our free and premium subscribers a weekly digest of the best long-form (and longish) infosec-related pieces we couldn't properly fit into our daily news crush.
This week's selection covers:
--A hacking gang extorted Italy's elite,
--An Indian backwater became a wealthy cybercrime locale,
--The nature of China's espionage threat to the UK,
--Cybercrime laws are used to censor the press,
--The dark side of Apple&…

On Monday, researchers at cybersecurity giant Kaspersky published a report identifying a new spyware called Dante
that they say targeted Windows victims in Russia and neighboring Belarus.
The researchers said the Dante spyware is made by Memento Labs,
a Milan-based surveillance tech maker that was formed in 2019
after a new owner acquired and took over early spyware maker
Hacking Team.
Memento chief executive
Paolo Lezzi confirmed to TechCrunch that…

Exclusive: CEO of spyware maker Memento Labs confirms one of its government customers was caught using its malware
Security researchers found a government hacking campaign that relies on Windows spyware developed by surveillance tech maker Memento Labs. When reached by TechCrunch, the spyware maker's chief executive blamed a government customer for getting caught.

I am no friend of Kemi Bad Enoch but I'm finding everyone taking the high horse about her hacking a website 17 years ago very tedious. It was 2009! Of course if your found an unsecured website you'd dick about with it! It sounds as serious as that guy who got into Jeremy Corbyn's Twitter account that time and posted "davey cameron is a pie".

Italian-made spyware spotted in breaches of Russian, Belarusian systems https://therecord.media/memento-labs-formerly-hacking-team-dante-spyware-russia-kaspersky

Bitcoin bridging app Garden Finance Reportedly Loses Over $10.8 Million in Hacking Incident
https://beincrypto.com/bitcoin-bridging-app-garden-finance-hack/

Garden Finance Reportedly Loses Over $10.8 Million in Hacking Incident
Garden Finance hack leads to $10.8 million loss after money laundering claims, echoing crypto’s ongoing security struggles.

I have no interest in hacking on my text editor

https://www.ynetnews.com/article/s161vadwbx
This is creepy. The Iranian hacking group Handala hacked an Israeli nuclear scientist’s car and left a threatening message.

Iranian hackers claim they left a heavy bouquet in Israeli nuclear scientist’s car
Iranian hacker group Handala claims it broke into the car of an Israeli nuclear scientist, left a heavy bouquet and a veiled threat, and released what it says are names and phone numbers of Unit 8200 personnel Israel has not confirmed it

Uw Paul stempt een nerd (v/m/a). Hup nerds!
https://mastodon.green/@Steeph/115445038661574934

from my link log —
Bypass Windows user interface privilege isolation via the CTF input method protocol.
https://googleprojectzero.blogspot.com/2019/08/down-rabbit-hole.html
saved 2019-08-13

Metacurity is back from a Thanksgiving holiday break with an extensive run-down of the critical cybersecurity developments since last Monday, including
--Some ChatGPT customer data was exposed by a breach at vendor Mixpanel,
--Lazarus Group suspected of $30.6m breach of Upbit,
--Korea's shopping platform Coupang hacked by a former insider to access 30m customers' data,
--Lazarus Group and Kimsuky are DPRK's most prolific hackers,
--Korea arrests four …

Some ChatGPT customers' data were exposed by a breach at vendor Mixpanel
Lazarus Group suspected of $30.6m breach of Upbit, Korea's shopping platform Coupang hacked by a former insider to access 30m customers' data, Lazarus Group and Kimsuky are DPRK's most prolific hackers, Korea arrests four for hacking 120K IP cameras, OnSolve CodeRED platform hit by attack, much more

Want to see some fluffs at #39c3 ?
chaosfurs will do two fursuitwalks on day 2 and 3
https://events.ccc.de/congress/2025/hub/en/assembly/detail/chaosfurs

Anthropic finds that LLMs trained to "reward hack" by cheating on coding tasks show even more misaligned behavior, including sabotaging AI-safety research (Anthropic)
https://www.anthropic.com/research/emergent-misalignment-reward-hacking

From shortcuts to sabotage: natural emergent misalignment from reward hacking
Anthropic is an AI safety and research company that's working to build reliable, interpretable, and steerable AI systems.

Peter Williams, the former general manager at defense contractor L3Harris,
has pleaded guilty to selling surveillance technology to a Russian broker that buys “cyber tools,”
the U.S. Department of Justice confirmed Wednesday. 
“The material, stolen over a three-year period from the U.S. defense contractor where he worked,
was comprised of national-security focused software that included at least eight sensitive and protected cyber-exploit components,”
read the D…

Former L3Harris Trenchant boss pleads guilty to selling zero-day exploits to Russian broker | TechCrunch
Prosecutors confirmed Peter Williams, the former Trenchant boss, sold eight exploits to a Russian buyer. TechCrunch exclusively reported that the Trenchant division was investigating a leak of its hacking tools, after another employee was accused of involvement.

https://www.richardsilverstein.com/2025/12/30/iranian-hackers-break-cell-phone-of-scandal-plagued-netanyahu-aide/
Israeli hacking group Handala exposed dozens of names and phone numbers of Israel’s security detail …

Iranian Hackers Break Cell Phone of Scandal-Plagued Netanyahu Aide – Tikun Olam תיקון עולם إصلاح العالم
Exposing secrets of the Israeli national security state

It feels entirely appropriate to clock change weekend to make hearty soup and settle down to turning a heel on hand knitted socks.

How a bunch of hackers "freed" the Kinect
https://www.theverge.com/tech/812803/hacking-kinect-history

Poland detains Russian citizen suspected of hacking local firms https://therecord.media/poland-detains-russian-citizen-accused-of-hacks

Notorious hacking group Crimson Collective has claimed responsibility for a major breach of Nintendo's internal systems.
https://www.computing.co.uk/news/2025/security/crimson-collective-claims-nintendo-hack

Crimson Collective claims to have hacked Nintendo
Notorious hacking group Crimson Collective has claimed responsibility for a major breach of Nintendo's internal systems.

Sometimes hacking a computer means a whole different thing...
In this use, I'm actually hacking (with a hacksaw) the case apart to add an I/O shield (custom made) so I can fit an older motherboard that was not designed for this case.
And thank you to Gateway for making me do this by not using a removable shield and instead stamping every hole they needed and covering them with a sticker if they weren't on this model. 🤦‍♂️

Don't miss today's packed Metacurity for the most critical infosec developments you should know, including
--Thai police blew up a Myanmar cyberscam compound,
--FCC blocks more Chinese-made devices,
--Hacking Team successor surfaces,
--Aisuru botnet overhauled to rent out IoT devices,
--Herodotus Android trojan mimics human behavior,
--Ad giant's subsidiary exposed data in cyber incident,
--CBP searches more devices than ever,
--ICE …

Thai police blew up a Myanmar cyberscam compound
FCC blocks more Chinese-made devices, Hacking Team successor surfaces, Aisuru botnet overhauled to rent out IoT devices, Herodotus Android trojan mimics human behavior, Ad giant's subsidiary exposed data in cyber incident, CBP searches more devices than ever, ICE is becoming a spymaster, much more

Apparently there is a hacking world championship and Apparently Denmark won Silver this year.
Tillykke alle! 🇩🇰🏆🇩🇰💻👩‍💻👨‍💻🇩🇰
https://www.version2.dk/artikel/danmark-vinder-soelv-til-hacker-em-jeg-er-helt-overvaeldet-og-meget-roert

R v F (2025): Addressing the Defence of Hacking
Junade Ali
https://arxiv.org/abs/2510.03764 https://arxiv.org/pdf/2510.03764…

R v F (2025): Addressing the Defence of Hacking
The defence of hacking (sometimes referred to as the "Trojan Horse Defence" or the "SODDI Defence", Some Other Dude Did It Defence) is prevalent in computer cases and a challenge for those working in the criminal justice system. Historical reviews of cases have demonstrated the defence operating to varying levels of success. However, there remains an absence in academic literature of case studies of how digital forensics investigators can address this defence, to assist courts in acquitting the…

The US DOJ's rigged-poker-game indictment involved hacking DeckMate, a casino-standard, suitcase-sized, $10K card shuffling machine, to reveal players' hands (Molly Schuetz/Bloomberg)
https://www.bloomberg.com/news/articles/20

“The problem today is that around 80 percent of all the [space data] traffic is downlinked to a single location in Svalbard, which is an island shared between different countries, including Russia”
https://www.politico.eu/article/space-hacks-europe-ramps-up-s…

Hacking space: Europe ramps up security of satellites
Space systems are increasingly targeted with cyberattacks, as the global hybrid warfare rages.

HOPE Hacking Conference Banned From University Venue Over Apparent ‘Anti-Police Agenda’ https://www.404media.co/hope-hacking-conference-banned-from-university-venue-over-apparent-anti-police-agenda/

Faced with the possibility of scrapping old computers on which Windows 11 is not supported by Microsoft: some users resort to hacking.
Others prefer a switch to free software, to no longer depend on Microsoft.
https://www.radio…

#FreeSoftwareAdvent for today: #Ansible
It's what I'm using to provision and update our renderfarm, workstations and servers. Instead of hacking shell scripts to install apps and edit config files on every new workstation you write yaml files ("playbooks") that get e…

@… The hacking scene/puzzle in Kathy Rain 2 has this fake BIOS screen (which you're in to change a setting so you can sniff out a pre-boot password to unlock the machine).

Kamel Ghali on what's 'theoretically possible' in car hacking https://therecord.media/car-hacking-interview-kamel-ghali-click-here-podcast

🧑‍💻 Southern California Linux Expo wants to hear from you. Literally, we want you to speak. Kernel hacking, AI modeling, gov transparency, parenting with parental control routers—if it’s open, it’s in. Submit a talk to SCaLE 23x!
https://www.socallinuxexpo.org/scale/23x/cfp

hacking at @… and listening to @… 🥳

Hacking Lab Boss Charged with Seeking to Sell Secrets in Russia
https://www.bloomberg.com/news/articles/2025-10-23/hacking-lab-b…

from my link log —
Always-on processor magic: how “Find My” works while iPhone is powered off.
https://naehrdine.blogspot.com/2021/09/always-on-processor-magic-how-find-my.html
saved 2021-09-30

Always-on Processor magic: How Find My works while iPhone is powered off
Wireless and firmware hacking, PhD life, Technology

North Korean hackers stole a record $2.02B in crypto in 2025, a 51% YoY rise that takes its cumulative stolen total to $6.75B; individual wallet hacks hit 158K (Chainalysis)
https://www.chainalysis.com/blog/crypto-hacking-stolen-funds-2026/

2025 Crypto Theft Reaches $3.4 Billion
North Korean hackers stole $2.02 billion in cryptocurrency in 2025, a 51% year-over-year increase, pushing their all-time total to $6.75 billion.

Whenever a metric is created, it will be perverted.
Today: "Cool URIs don't change."
Developer: HMC, I can do that! *furious hacking* Behold! A single-page-application! Just one URI for all content, all stable.

The Lazarus group stands accused of stealing approximately 45 billion won ($30.6 million) from Upbit, South Korea's largest cryptocurrency platform.
https://en.yenisafak.com/world/north-koreas-lazarus-hackers-steal-30-million…

North Korea's Lazarus hackers steal $30 million from South Korean exchange
North Korea's Lazarus hacking group is suspected of stealing approximately $30.6 million in cryptocurrency from South Korea's largest digital asset exchange, Upbit.

State-aligned hacking groups have sharply escalated their cyber operations against the EU over the past year, says European Union Agency for Cybersecurity (ENISA) Threat Landscape Report
https://www.computing.co.uk/news/2025/security/state-aligned-th…

State-aligned cyber threats against EU intensify, ENISA warns
State-aligned hacking groups have sharply escalated their cyber operations against the EU over the past year, says European Union Agency for Cybersecurity (ENISA) Threat Landscape ...

Lapsus$ publishes a data leak site on the dark web threatening to release about ~1B records stolen from Salesforce-hosted customer databases (TechCrunch)
https://techcrunch.com/2025/10/03/hacking-group-claims-theft-of-1-bi…

Hacking group claims theft of 1 billion records from Salesforce customer databases | TechCrunch
The hacking group claims to have stolen about a billion records from companies, including FedEx, Qantas, and TransUnion, who store their customer and company data in Salesforce.

Oh, ChatGPT scheint da ein paar Anfälligkeiten zu haben, und die sind gar nicht schwierig auszunutzen…
https://thehackernews.com/2025/11/researchers-find-chatgpt.html
»Indirect prompt injection vulnerability über vertrauenswürdige Websites im Browsing-Kontext, …

Inoculation Prompting: Instructing LLMs to misbehave at train-time improves test-time alignment
Nevan Wichers, Aram Ebtekar, Ariana Azarbal, Victor Gillioz, Christine Ye, Emil Ryd, Neil Rathi, Henry Sleight, Alex Mallen, Fabien Roger, Samuel Marks
https://arxiv.org/abs/2510.05024

Inoculation Prompting: Instructing LLMs to misbehave at train-time improves test-time alignment
Large language models are sometimes trained with imperfect oversight signals, leading to undesired behaviors such as reward hacking and sycophancy. Improving oversight quality can be expensive or infeasible, motivating methods that improve learned behavior despite an imperfect training signal. We introduce Inoculation Prompting (IP), a simple but counterintuitive technique that prevents learning of an undesired behavior by modifying training prompts to explicitly request it. For example, to ino…

https://www.axios.com/2025/12/16/ai-models-hacking-stanford-openai-warnings
Leaders from Amazon and Anthropic are testifying before two house committees today.

AI models are perfecting their hacking skills
This is the worst AI tools will likely ever perform, and they're already unnerving researchers and developers.

George Orwell's Surprising Stance on Hypocrisy #Orwell

George Orwell's Surprising Stance on Hypocrisy
George Orwell was deeply concerned about hypocrisy—but in the opposite way you might expect. That’s what struck me about halfway through writing my new book The Hypocrisy Trap. Orwell spent his career hacking away at humbug and falsehoods and famously warned how language gets corrupted by “a gap

Some experts question Anthropic's claims of cyberattack breakthroughs using its tools, noting that white-hat hackers report modest gains from AI-aided hacking (Dan Goodin/Ars Technica)
https://arstechnica.com/security/2025/

Researchers question Anthropic claim that AI-assisted attack was 90% autonomous
The results of AI-assisted hacking aren’t as impressive as many might have us believe.

Three hacking groups, two vulnerabilities and all eyes on China https://therecord.media/three-hacking-groups-two-vulnerabilities-china-microsoft

Apple and Google have released several software updates
to protect against a hacking campaign targeting an unknown number of their users.
On Wednesday, Google released patches for a handful of security bugs in its Chrome browser,
-- noting that one of the bugs was being actively exploited by hackers before the company had time to patch it. 
Unusually for Google, the company provided no further details at the time.  But on Friday, Google updated the page to say that t…

Google and Apple roll out emergency security updates after zero-day attacks | TechCrunch
Apple released patches for all of its flagship devices to fix security flaws under attack. Google also updated Chrome to remediate one vulnerability exploited in the attacks.

RE: https://mastodon.social/@CyReVolt/115326775829183257
Well - if course it'll be Rust! 🥳✨🦀
Alright, the people have spoken.
I will do live streams while hacking on this:

A US judge sentences Matthew Lane, a 20-year-old Massachusetts man, to four years in prison after he pled guilty to hacking two companies, including PowerSchool (Nate Raymond/Reuters)
https://www.reuters.com/legal/government/m

https://techcrunch.com/2025/10/03/hacking-group-claims-theft-of-1-billion-records-from-salesforce-customer-databases/
Hacking group claims theft of 1 billion records from Salesforce customer databases

Hacking group claims theft of 1 billion records from Salesforce customer databases | TechCrunch
The hacking group claims to have stolen about a billion records from companies, including FedEx, Qantas, and TransUnion, who store their customer and company data in Salesforce.

Sources and docs: the US DOJ charges Peter Williams, ex-director of zero-day vendor L3Harris' Trenchant, with stealing trade secrets to sell to a Russian buyer (Bloomberg)
https://www.bloomberg.com/news/articles/2025-10-2…

Virginia brothers charged with hacking, deleting federal databases holding FOIA info https://therecord.media/twin-brothers-arrested-hacking-deleting-foia-databases

University of Michigan surveillance footage shows former co-offensive coordinator Matt Weiss entering three team offices seconds before investigators say he hacked into the personal accounts of college athletes.

UM security cam shows Matt Weiss at time of computer hacking, FBI says
A sealed FBI file alleges Matt Weiss was in UM offices when computer accounts were hacked, leading to the theft of intimate photos and videos.

Google confirms hackers stole Salesforce-stored data from 200 companies via a supply chain hack involving Gainsight, which provides a customer support platform (Lorenzo Franceschi-Bicchierai/TechCrunch)
https://techcrunch.com/2025/11/21/goog

Google says hackers stole data from 200 companies following Gainsight breach | TechCrunch
Notorious hacking collective Scattered Lapsus$ Hunters takes credit for the breach that affected Salesforce customers’ data, and said it is planning another extortion campaign.

I wonder how long until we learn that a popular 3rd (or 1st!) party closed-source (or OSS binary distribution) remote desktop or ssh client/terminal has been keylogging or uploading screenshots to its maker or external attacker to achieve some extortion or fraud or hacking aim

Reinforcement Learning with Verifiable yet Noisy Rewards under Imperfect Verifiers
Xin-Qiang Cai, Wei Wang, Feng Liu, Tongliang Liu, Gang Niu, Masashi Sugiyama
https://arxiv.org/abs/2510.00915

Reinforcement Learning with Verifiable yet Noisy Rewards under Imperfect Verifiers
Reinforcement Learning with Verifiable Rewards (RLVR) trains policies against automated verifiers to avoid costly human labeling. To reduce vulnerability to verifier hacking, many RLVR systems collapse rewards to binary $\{0,1\}$ during training. This choice carries a cost: it introduces \textit{false negatives} (rejecting correct answers, FNs) and \textit{false positives} (accepting incorrect ones, FPs). For instance, a rule-based checker may mark the correct fraction $\frac{12}{36}$ as wrong …

Before you head out for the weekend, check out today's Metacurity for the most critical infosec developments you should know, including
--FBI seized domains for the BreachForums hacking forum operated by ShinyHunters,
--Over 100 companies affected by Cl0p attack on Oracle business products,
--All SonicWall firewall users were affected by last month's breach,
--Pro-Russian DDoS player TwoNet now targets critical infrastructure,
--Storm-2657 engages in pira…

FBI seized domains for the BreachForums hacking forum operated by ShinyHunters
100+ companies affected by Cl0p attack on Oracle business products, All SonicWall firewall users were affected by last month's breach, Pro-Russian DDoS player TwoNet now targets CI, Storm-2657 engages in pirate payroll attacks, ClayRat Android malware poses as popular apps, much more

China says the NSA has been hacking its National Time Service Center, which provides high precision time services for the government and others, since 2023 (Bloomberg)
https://www.bloomberg.com/news/articles/2025-10-19/china-…

DOJ accuses US ransomware negotiators of launching their own ransomware attacks
The Department of Justice indicted Kevin Tyler Martin and another unnamed employee,
who both worked as ransomware negotiators at DigitalMint,
with three counts of computer hacking and extortion related to a series of attempted ransomware attacks against at least five U.S.-based companies.
Prosecutors also charged a third individual, Ryan Clifford Goldberg, a former incident response manage…

DOJ accuses US ransomware negotiators of launching their own ransomware attacks | TechCrunch
Three people, including two U.S. ransomware negotiators, are accused of working on behalf of the ALPHV/BlackCat ransomware gang.

Another Korean cyber incident appears to be emerging involving the major e-commerce platform Gmarket, but the company claims that the unauthorized payments were not due to hacking but were made using account information stolen from outside sources

Gmarket suffers unauthorized payment incident affecting 60 users amid hacking woes
Financial authorities have begun an emergency on-site inspection of the major e-commerce platform Gmarket after reports of unauthorized mobile paym...

Sources: Armadin, launched by Mandiant's founder Kevin Mandia to fight AI hacking, raised a $24M seed and is in talks to raise $100M at a $600M valuation (Wall Street Journal)
https://www.wsj.com/tech/ai/this-buzzy-cyber-startup-wants-…

Every day is a big cyber news day, so don't miss today's Metacurity for the most critical infosec developments you should know, including
--Twin brother hackers arrested for US government hacking, data destruction spree,
--GRU cyber ops sanctioned into Skripal poisoning inquiry,
--Defenders scramble to patch React Server Components' critical flaws,
--AI agents match human attackers in smart contract exploits,
--AZ Atty. General sues Temu for customer …

Twin brother hackers arrested for US government hacking, data destruction spree
GRU cyber ops sanctioned into Skripal poisoning inquiry, Defenders scramble to patch React Server Components' critical flaws, AI agents match human attackers in smart contract exploits, AZ Atty. General sues Temu for customer data theft, Threat intel experts recorded DPRK IT recruiters, much more

So LA Metro digital signs were hacked ostensibly by the Mutarrif Siberislam hacking group that hijacked N. American airport PA systems recently.
LA Metro digital signs taken over by hackers
https://ktla.com/news/california/la-metro-digital-signs-taken-over…

Two suspected Scattered Spider hackers plead not guilty over Transport for London cyberattack https://therecord.media/transport-for-london-hack-scattered-spider-suspects-plead-not-guilty

Each week, Metacurity offers our free and premium subscribers a weekly digest of the best long-form (and longish) infosec-related pieces we couldn't properly fit into our daily news crush.
This week's selection includes,
--A journalist's talks with an Iranian hacking leader ended with murder,
--Hackers attacked Aeroflot's still-insecure infrastructure,
--The war on disinformation has been dismantled,
--Trump's DOJ uses Americans' own data …

Best infosec-related long reads for the week of 12/6/25
A journalist's talks with an Iranian hacking leader ended with murder, Hackers attacked Aeroflot's still-insecure infrastructure, The war on disinformation has been dismantled, Trump's DOJ uses Americans' own data to limit voting rights, The Wassenaar Arrangement can help limit spyware exports

Sources: UK security services including MI5 step up work with the country's largest companies over hacking fears and to improve UK cyber warfare preparedness (Financial Times)
https://www.ft.com/content/6e54967b-48ce-4788-99c7-36b5801e7dfe

UK security services step up work with business to fight cyber threats
High-profile hacks raise fears about the potential economic damage caused by disruption to supply chains and services

Russian police bust bank-account hacking gang that used NFCGate-based malware https://therecord.media/russian-police-bust-banking-hackers-nfcgate-based-malware

Stanford researchers develop AI hacking bot Artemis and say it surpassed nine out of 10 penetration testers by rapidly finding bugs in the university's network (Robert McMillan/Wall Street Journal)
https://www.wsj.com/tech/a…

An interview with Ukrainian cyber-crime kingpin Vyacheslav Penchukov, aka Tank, who was arrested in 2022 after spending ~10 years on the FBI's Most Wanted list (Joe Tidy/BBC)
https://www.bbc.com/news/articles/cm2w0pvg4wko

Tank interview: A hacking kingpin reveals all to the BBC
One of the world's most prominent cyber-criminals speaks to the BBC in an exclusive interview.

Another airline hit by a criminal extortion group, this time Clop.
Regional airline Envoy Air confirms Oracle E-Business Suite compromise
https://therecord.media/regional-airline-envoy-oracle

Regional airline Envoy Air confirms Oracle E-Business Suite compromise
The regional American airline Envoy Air confirmed that its IT system was impacted by a recent hacking campaign targeting Oracle E-Business Suite.

According to the Daily Mail, Russian hackers have stolen hundreds of sensitive military documents containing details of eight RAF and Royal Navy bases as well as Ministry of Defence staff names and emails and posted them on the dark web.
https://www.dailymail.co.uk/news/…

'Catastrophic' attack as Russians hack files on EIGHT MoD bases and post them on the dark web
In what has been described as a 'catastrophic' security breach, cybercriminals accessed the cache of files by hacking a maintenance contractor used by the MoD.

UK confirms Foreign Office hacked, says ‘low risk’ of impact to individuals https://therecord.media/uk-foreign-office-hacked-china

https://www.nextgov.com/people/2025/12/trump-formally-taps-joshua-rudd-lead-nsa-cyber-command/410266/
“Rudd, the current deputy director for Indo-Pacific Command, appears to not have previously held a military cybersecurity po…

Trump formally taps Joshua Rudd to lead NSA, Cyber Command
The nomination marks a turning point for the electronic surveillance and hacking teams that have been without a permanent leader for eight months.

The week's cyber news is really heating up so check out today's Metacurity for the most crucial infosec developments you should know, including
--Two cyber pros became cybercriminals to launch a ransomware campaign,
--Hackers infiltrated trucking and freight companies,
--Lawmakers probe Flock Safety insecurities,
--SK Telecom advised to pay $208 per hacking victim,
--Hackers stole 50K CCTV clips using admin123 password,
--AN0M phone snags 55 more vi…

Two cyber pros became cybercriminals to launch a ransomware campaign
Hackers infiltrated trucking and freight companies, Lawmakers probe Flock Safety insecurities, SK Telecom advised to pay $208 per hacking victim, Hackers stole 50K CCTV clips using admin123 password, AN0M phone snags 55 more victims, Hackers stole $100m+ from DeFi protocol Balancer, much more

Google says Cl0p hackers who exploited vulnerabilities in Oracle's E-Business Suite have stolen data from "dozens" of organizations since at least July 10 (Zack Whittaker/TechCrunch)
https://techcrunch.com/2025/10/09/dozens-of-o…

‘Dozens’ of organizations had data stolen in Oracle-linked hacks | TechCrunch
The mass-hacks targeting Oracle E-Business customers is the latest hacking campaign by Clop, an extortion group known for abusing security flaws in enterprise products to steal large amounts of sensitive data.

"Twenty’s contracts are a rare case of an AI offensive cyber company with VC backing landing Cyber Command work; typically cyber contracts have gone to either small bespoke companies or to the old guard of defense contracting like Booz Allen Hamilton or L3Harris."
The Pentagon Is Spending Millions On AI Hackers

The Pentagon Is Spending Millions On AI Hackers
The U.S. government has been contracting stealth startup Twenty, which is working on AI agents and automated hacking of foreign targets at massive scale.

https://www.azernews.az/region/249665.html
Pro-Russian hacking groups KillNet and Beregini said they had obtained data from several large Ukrainian companies, including defense-sector firms,

Pro-Russian hackers claim data haul from Ukrainian defense firms
Pro-Russian hacking groups KillNet and Beregini said Friday that they had obtained data from several large Ukrainian companies, including defense-sector firms, Azernews reports, citing a KillNet representative who spoke to RIA Novosti.

A look at major UK businesses hit by cyberattacks in 2025; a government survey estimates 43% of businesses and 30% of charities were hit in the past 12 months (Theo Leggett/BBC)
https://www.bbc.com/news/articles/c5ye8zj5l4jo

The true cost of cyber hacking on businesses
Are this year's major attacks the "cumulative effect of a kind of inaction on cyber security" from the government and big business?

Regional airline Envoy Air confirms Oracle E-Business Suite compromise https://therecord.media/regional-airline-envoy-oracle

South Korean police arrest four over hacking 120K home security cameras, whose footage was used to make sexually exploitative material; one person made ~$12K (John Yoon/New York Times)
https://www.nytimes.com/2025/12/02/world/asia/south-korea-cameras-hacked.html…

120,000 Home Cameras Were Hacked for Sexual Videos, South Korean Police Say
The authorities arrested four people this week in the latest turn in the country’s effort to stop exploitative recordings

North Korean hackers seen using blockchain to hide crypto-stealing malware https://therecord.media/north-korean-hackers-using-blockchain-hiding-malware

The US DOJ has indicted two Virginia brothers, Muneeb and Sohaib Akhter, for allegedly deleting 96 US government databases while working as Opexus contractors (Sam Sabin/Axios)
https://www.axios.com/2025/12/03/virgina-twins-doj-arrest-opexus-data-breaches

Virginia brothers arrested for allegedly tampering with government databases
The brothers worked for a contractor and previously pled guilty for hacking into the State Department.

SentinelLabs' Dakota Cary linked Yu Yang and Qiu Daibing, two alleged members of the Chinese state hacking group, to participants of the 2012 Cisco Networking Academy Cup.
https://www.theregister.com/2025/12/11/salt_typhoon_cisco_training/

Researcher claims Salt Typhoon spies attended Cisco training scheme
: Skills gained later fed Beijing's cyber operations, according to SentinelLabs expert

Hackers reportedly breach developer involved with Russia’s military draft database https://therecord.media/hackers-reportedly-breach-developer-involved-in-russian-military-database

This might qualify as a "sophisticated" cyberattack, no?
North Korean state-sponsored hackers hijacked Google accounts to remotely control and wipe smartphones and tablets held by individuals in South Korea, then exploited their KakaoTalk messenger as a channel to spread malware to their contacts

North Korean hackers hijack Google, KakaoTalk accounts to control South Korean phones: Report
The attack marks the first confirmed case of a North Korean state-sponsored hacking group compromising Google accounts. Read more at straitstimes.com. Read more at straitstimes.com.

Germany summons Russian ambassador over cyberattack, election disinformation https://therecord.media/germany-summons-russian-ambassador-cyberattack-disinformation

Portugal updates cybercrime law to exempt security researchers
https://www.bleepingcomputer.com/news/security/portugal-updates-cybercrime-law-to-exempt-security-researchers/

Portugal updates cybercrime law to exempt security researchers
Portugal has modified its cybercrime law to establish a legal safe harbor for good-faith security research and to make hacking non-punishable under certain strict conditions.

Federal agencies not fully patching vulnerable Cisco devices amid ‘active exploitation,’ CISA warns https://therecord.media/federal-cisco-patches-warning

Pro-Russian hackers caught bragging about attack on fake water utility https://therecord.media/fake-water-utility-honeypot-hacked-pro-russian-group

Hackers steal data, extort $350,000 from massage parlor clients
https://koreajoongangdaily.joins.com/news/2025-11-03/national/socialAffairs/Hackers-steal-data-extort-350000-from-massage-parlor-cli…

Hackers steal data, extort $350,000 from massage parlor clients
Police have arrested members of a hacking and phishing crime ring that stole data from massage parlor owner phones in order to scam their clients out of millions of won by threatening to release nonexistent “massage videos” if they didn't pay.

Prosecutors seek 7-year prison term for ‘sophisticated’ PowerSchool hacker https://therecord.media/powerschool-prison-sentence-hacker

Russia’s Sandworm hackers deploying wipers against Ukraine’s grain industry https://therecord.media/russia-sandworm-grain-wipers

Red Hat Investigating Breach Impacting as Many as 28,000 Customers, Including the Navy and Congress https://www.404media.co/red-hat-investigating-breach-impacting-as-many-as-28-000-customers-including-the-navy-and-congress…