Newsletters

Written content from the Risky Business Media team

Risky Bulletin: US sanctions another Russian bulletproof hosting provider

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

The US Treasury Department has sanctioned the Aeza Group, a well-known provider of bulletproof web hosting services for malware, disinformation campaigns, and dark web marketplaces.

Sanctions were levied on the main company, three subsidiaries, its three owners, and a fourth high-ranking executive. They cover:

Officials have linked Aeza Group's server infrastructure to the Lumma, Meduza, and RedLine infostealers, the BianLian ransomware, and the BlackSprut dark web drugs marketplace.

Risky Bulletin: Scattered Spider goes after aviation sector

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

Individuals associated with a large cluster of hackers known as Scattered Spider (Muddled Libra, UNC3944) are targeting companies in the aviation and transportation sectors.

The group, which was previously very active in 2023 and had some members arrested in 2024, saw a resurgence in activity this year.

It returned with a bang with attacks that targeted UK retail chains, moved to go after US retailers, and then targeted US insurance businesses before a new change in targets this month.

Risky Bulletin: Phishers abuse forgotten Direct Send feature

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

Phishing gangs are abusing a little-known Microsoft Exchange Online feature to send malicious emails to Microsoft 365 tenants and their employees.

The feature is named Direct Send and allows hardware devices inside a company's network to use the Exchange Online server to send emails. It is typically used by printers and scanners to send scanned documents via email or by phone or video conferencing applications to send invites and reminders to participants.

Direct Send is basically an endpoint that can be accessed via a smart host URL that has the format of tenantname.mail.protection.outlook.com.

Comparing the American and Chinese 0day Pipelines

Presented by

Tom Uren
Tom Uren

Policy & Intelligence

A new report from the Atlantic Council suggests the US needs to strengthen its exploit development pipeline if it wants to remain competitive in cyberspace. 

That report, Crash (exploit) and burn, compares how the 0day supply chain approaches differ between China and the United States. 

The author interviewed security researchers, national security and intelligence officials, and senior leaders from offensive hacking and vulnerability research companies in the Five Eyes countries.

Risky Bulletin: CoinMarketCap hacked via a doodle image

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

CoinMarketCap—the go-to website where everyone goes to check cryptocurrency exchange rates—was hacked on Friday.

Hackers exploited a vulnerability in CoinMarketCap's animated logo (see CoinMarketCap's doodle obsession here) to append malicious code that displayed an unauthorized popup.

The popup ran a specialized phishing kit called a "crypto-drainer" that prompted users to connect their crypto-wallet accounts and then stole their funds.

Risky Bulletin: Russian hackers abuse app-specific passwords to bypass MFA

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

Russian cyber-spies have developed a new social engineering technique designed to extract application-specific passwords from their targets.

Also known as app passwords, or ASPs, these allow attackers to bypass multi-factor authentication and access a victim's Gmail accounts.

App passwords are supported on multiple online platforms, but this campaign specifically targeted Google's ASPs. These are 16-character codes that users manually generate from their Google account security page. They can be copy-pasted inside older apps that don't support Google's more modern 2FA/MFA authentication procedures.

Data Brokers are a Killer's Best Friend

Presented by

Tom Uren
Tom Uren

Policy & Intelligence

A Minnesota man has allegedly used people-search services to locate, stalk and eventually murder political targets.

The alleged shooter, Vance Boelter, is accused of killing Democratic state representative Melissa Hortman and her husband Mark on Saturday night. He is also facing charges for shooting Democratic state senator John Hoffman and his wife Yvette earlier that night. Both Hoffman and his wife survived with multiple gunshot wounds. 

According to an FBI affidavit, notebooks containing the names of more than 45 Minnesota state and federal public officials were found in Boelter's abandoned car. One notebook listed 11 different people search services that sell personal information of individuals online,  including physical addresses, emails, and phone numbers. 

Risky Bulletin: Chrome gets a new prompt to prevent sneaky local network attacks

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

Google Chrome is adding a new prompt that will ask for permissions when websites or mobile apps want to connect to a user's localhost or access devices hosted on their internal local network (LAN).

The new prompt is designed to block a rising trend on the internet, where threat actors lure users to malicious sites that access and relay malicious code through their browsers.

This code can contain CSRF (cross-site request forgery) exploits that hack local routers and IoT devices sitting on the same network and abuse them for ad fraud or other types of botnets.

Risky Bulletin: Cock[.]li gets hacked

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

A threat actor named Satoshi has allegedly hacked controversial email provider Cock[.]li and is now selling its data on an underground hacking forum.

They are selling this data on a Russian language underground hacking forum named XSS for 1 Bitcoin, or approximately $105,000.

The hacker allegedly used a recently disclosed zero-day in the Roundcube webmail software (CVE-2025-49113) to dump Cock[.]li's database and steal the details of over one million registered users.