Hi folks,

Quite a few articles relating to the US government, the UN, and state-sponsored hacking this week. It's not unusual these days, but it definitely wasn't the case when I started the newsletter. It's interesting to see how, ten years or so ago, cybersecurity was a rather niche topic to the outside world. Where as now it's often front-and-center on the geopolitical stage. We have a ways to go, but at least the world's awareness has grown significantly.

With those ponderings of yours truly aside, enjoy the read my friends :-)


Dieter Van der Stock

Quick links

  • PyPI suspends new user registration to block malware campaign: link.
  • Pentagon lays out strategy to improve defense industrial base cybersecurity: link.
  • CISA publishes 447-page draft of cyber incident reporting rule: link.
  • UN investigating 58 crypto heists by North Korea worth $3 billion: link.
  • 42.parquet – A zip bomb for the Big Data Age: link.

Breaches and leaks

  • Hackers poison source code from Discord bot platform: link.
  • INC Ransom threatens to leak 3TB of NHS Scotland stolen data: link.
  • Retail chain Hot Topic hit by new credential stuffing attacks: link.
  • Harvard Pilgrim health network updates data breach total to nearly 2.9 million: link.
  • Cyberattack on Vietnam securities broker disrupts stock markets: link.
  • Ransomware gang attacks the Big Issue, a street newspaper supporting the homeless: link.
  • St. Cloud most recent in string of Florida cities hit with ransomware: link.

Issues and fixes

  • German cyber agency warns 17,000 Microsoft Exchange servers are vulnerable to critical bugs: link.
  • CISA tags Microsoft SharePoint RCE bug as actively exploited: link.
  • Google fixes Chrome zero-days exploited at Pwn2Own 2024: link.
  • Mozilla fixes two Firefox zero-day bugs exploited at Pwn2Own: link.
  • AWS fixes 1-click Apache Airflow session hijack flaw: link.
  • Thousands of companies using Ray framework exposed to cyberattacks: link.
  • Decade-old Linux ‘wall’ bug helps make fake SUDO prompts, steal passwords: link.