Substack notifies users about a “limited” data breach in October 2025 via a now-patched flaw found on February 3; a threat actor leaked a ~697K-record database
Newsletter platform Substack is notifying users of a data breach after attackers stole their email addresses and phone numbers in October 2025.
Google says North Korea hackers are using “EtherHiding” to embed malware on blockchains, the first time it has seen a nation-state threat actor using the method
North Korean hackers have adopted the ‘EtherHiding’ technique that leverages smart contracts to host and deliver malware …
The US Secret Service says it has dismantled 300+ SIM card servers in the NYC area that could have disrupted communications ahead of the UN General Assembly
NYTimes https://www.nytimes.com/... Anthony Guglielmi / @ajguglielmi : While investigating threats against senior officials, the @SecretService uncovered & dismantled a telecom network capable of disr...
DHS Secretary Kristi Noem fires 24 FEMA IT staffers, including the CIO and CISO; DHS says they failed security protocols and let hackers access FEMA networks
I thought the whole point of DOGE was to expose our data to everyone. Just paying customers then? — Fuck these amateurs. — www.nextgov.com/people/2025/ ... @snacking.dev : The real story isn't th...
Anthropic's Threat Intelligence report for August says Claude was weaponized for sophisticated cybercrimes, including a “vibe-hacking” data extortion scheme
and It Could Happen Again Vyom Ramani / Digit : Vibe-hacking based AI attack turned Claude against its safeguard: Here's how Charlesarthur / The Overspill : Start Up No.2503: Anthropic's Claude helps ...
Microsoft says it “has observed two named Chinese nation-state actors, Linen Typhoon and Violet Typhoon exploiting” the SharePoint zero-day vulnerabilities
He said not as vulnerable as on-prem SharePoint right now. — #nerdromancewithpits @wylienewmark : back in the day, attribution of widespread exploitation of a vulnerability in a ubiquitous piece of ...
Oracle is using very specific words to avoid responsibility for an Oracle Cloud breach, after a report on March 21 that a threat actor claimed responsibility
Being a provider of cloud SaaS (Software-as-a-service) solutions requires certain cybersecurity responsibilities — including being transparent and open.
Oracle customers confirm the authenticity of data samples shared by a threat actor who allegedly breached Oracle Cloud servers, after Oracle denied the breach
Despite Oracle denying a breach of its Oracle Cloud federated SSO login servers and the theft of account data for 6 million people …
Arkham says ZachXBT submitted proof that North Korea's Lazarus Group is behind Bybit's $1.5B hack, which is the largest single theft in crypto history
There are reports that this address was used in an exploit on Bybit. Faarea Masud / BBC : Cryptocurrency theft of £1.1bn could be biggest ever Cas Abbé / Blockchain.News : Lazarus Group Hacks Bybit fo...
Microsoft warns that attackers are using static ASP.NET machine keys found online to inject malware into ViewState, which controls web form state during reloads
https://www.microsoft.com/en-us/ security/blog/2025/02/06/code-injection - attacks-using-publicly-disclosed-asp- net-machine-keys/ @youranonriots : Microsoft warns that attackers are deploying malware...