Hi folks,

Here we are again with another issue, and unfortunately another long list of breaches.

I struggle sometimes with the balance between sharing every item I find interesting, and keeping the newsletter short. It's supposed to be a curated experience after all, and I feel like I often fail at that and make it too long.

Maybe I should hard-cap it to something like the five or six top items, plus the special sections like "breaches and leaks" and this weeks "exploits and issues", since those are easier to skim to see if anything is relevant to you.

Any feedback on this is welcome. As always, you can just reply to this email to reach me.

Have a good one!

Dieter Van der Stock

Breaches and leaks

  • Johnson & Johnson discloses IBM data breach impacting patients: link.
  • Freecycle confirms massive data breach impacting 7 million users: link.
  • Alleged LockBit attack shuts down city networks in Seville: link.
  • Minneapolis school district says data breach affected more than 100,000 people: link.
  • See Tickets alerts 300,000 customers after web skimmer attack: link.
  • Golf gear company Callaway exposes info of 1.1 million: link.
  • Crypto casino loses $41 million to hot wallet hackers: link.
  • Coffee Meets Bagel says recent outage caused by destructive cyberattack: link.
  • Insurer fined $3M for exposing data of 650k clients for two years: link.
Dieter Van der Stock

Exploits and issues

This is an experimental section: I'll gather the exploits and vulnerabilities that make the news, but wouldn't otherwise make the newsletter because they are too specific. But since they might be super relevant to you if you happen to run the affected software, I still want to share them.

  • Apache RocketMQ: critical vulnerability being exploited in the wild: link.
  • Cisco BroadWorks: critical vulnerability rated 10/10: link.
  • AtlasVPN: zero-day that reveals IP address: link.
  • MinIO storage system: large scale exploitation of two recent vulnerabilities: link.
  • VMware's Aria Operations for Networks analysis tool: proof-of-concept exploit code for a critical SSH vulnerability: link.
  • PHPFusion CMS: critical vulnerability: link.
Dieter Van der Stock