Newsletters

For the second time this year, an Iranian hacktivist group has crippled the satellite communications systems on 64 Iranian ships at sea.

The incident took place last week and impacted 39 oil tankers and 25 cargo ships operated by the National Iranian Tanker Company (NITC) and the Islamic Republic of Iran Shipping Lines (IRISL).

The hack didn't target the ships directly, but Fannava, an Iranian tech company that provides satellite communication terminals for the ships.

Cisco and the FBI have asked "the public, private sector, and international community"—also known as "anyone willing to listen"—to patch their stupid end-of-life Cisco routers for an ancient 2018 vulnerability that's being "broadly" exploited by Russian hackers linked to the country's FSB intelligence service.

A group known as Static Tundra has been abusing a bug tracked as CVE-2018-0171 over the past year to install backdoors on old and outdated Cisco routers that are still haunting many corporate and government networks.

Static Tundra has been abusing the vulnerability ever since it was discovered back in 2018, but they expanded operations in 2022 and then again last year, as Russia's war in Ukraine has forced the FSB to ramp up intelligence collection capabilities.

A new report has taken a look at how the relationships between Russian cyber security firms and their government have changed since the country's 2022 invasion of Ukraine. 

The analysis by the CNA think tank shows that when it comes to cyber security and great power competition, it pays in record-making margins for companies to choose sides.

The report thoroughly explores three Russian firms that offer different cyber security services: Kaspersky, Security Code and Positive Technologies. All three had ties to the Russian state predating the war. Unsurprisingly, these ties have strengthened. 

The US National Institute of Standards and Technology released guidance this week to help companies detect face morphing incidents.

The technique involves blending photos of two or more real people to generate a new face that can be used to bypass facial recognition scans.

The new photo can be used to trick face recognition systems into identifying the morphed, combined face as both original individuals at the same time.

A team of academics has developed a novel attack that can downgrade 5G traffic to weaker states without using a rogue base station.

The attack uses a new software toolkit named Sni5Gect to intercept, sniff, and alter 5G data packets before the 5G authentication steps.

Once a 5G connection is altered, the attacker can crash the user's equipment (phone, tablet, or other device), harvest user equipment details, and finally downgrade it to a lower-generation connection where other attacks can be carried out with a higher success rate.

A new vulnerability in the HTTP/2 protocol can allow threat actors to launch nearly unlimited DDoS attacks to exhaust memory and crash servers.

The new attack is named MadeYouReset, was discovered by researchers at Deepness Lab, and is a variation of a previous attack known as HTTP/2 Rapid Reset.

The Rapid Reset attack was discovered in October 2023 after it was used to launch some of the largest DDoS attacks seen that year (Google, Amazon, and Cloudflare).

One by one, US federal government agencies are learning that the sensitive but unclassified information they hold is susceptible to theft by hackers. Unfortunately, education-by-breach is very costly.

Last week, Politico reported the electronic case filing system used by the federal judiciary had been breached in a "sweeping cyber intrusion". Hackers breached the Case Management/Electronic Case Files (CM/ECF) system that legal professionals use to upload and manage case documents. They also breached PACER, the system that gives the public limited access to some of the same data. 

The hack sounds just about as bad as can be, with officials concerned that Latin American drug cartels have obtained sensitive court data. Per Politico's follow-up reporting:

Crypto-thieves have found a new package repository to terrorize, and it's Open VSX, an independent database of Visual Studio Code extensions managed by the Eclipse Foundation.

While the VS Code editor has its official marketplace, Microsoft changed its licensing terms this year to block third-party code editors based on the original VS Code from using its marketplace to pull their extensions.

The change in policy, understandably, came after several AI-powered IDEs started cutting into VS Code's market share, all while Microsoft was paying to run and keep the VS Code marketplace online.

Google has awarded a massive $250,000 reward to a bug bounty hunter for discovering a novel sandbox escape in the company's Chrome web browser.

The bug was reported in April and patched a month later, in May, with fixes also going out to the other Chromium browsers, such as Edge, Opera, Vivaldi, Brave, and others.

Tracked as CVE-2025-4609, the vulnerability resides in the ipcz library of Mojo, a Chrome component for managing how the browser's internal processes talk to each other.

CISA has released a rare emergency directive ordering federal agencies to patch a new attack vector in Microsoft Exchange email servers.

Federal agencies have four days, until August 11, to address the issue and apply mitigations shared by Microsoft on Wednesday.

The guidance addresses a vulnerability (actually more of a design flaw) in hybrid environments, where Exchange on-premise servers sync data to an Exchange Online instance.