Cybersecurity Headlines

A widespread React Native Metro bug has left thousands of servers exposed. Greece and Spain aim to ban social media for underage users and push broader youth protections. A misconfigured service leaked agent tokens and private messages, highlighting risks of vibe coding. Changes in vulnerability notice practices and a probe into possible sanctions breaches round out the security headlines.

Malicious OpenClaw skills on Claw Hub fooled users into running crypto malware. A compromised Notepad++ update redirected installs to malicious servers. APT28 is exploiting a Microsoft Office zero-day in phishing campaigns against Ukraine and EU targets. Massive DDoS activity and SaaS extortion tactics, plus a Windows update shutdown bug and security failures in Polish energy infrastructure, make for a busy news roundup.

Nick Espinosa, cybersecurity practitioner focused on incident response and AI risk, and Steve Zalewski, technical analyst with a strategic security lens. They debate CISA's post-quantum cryptography categories and urgency. They call out a misstep uploading sensitive CUI to ChatGPT. They discuss ransomware that destroys keys, NTLM being disabled by default, and autonomous AI agent risks.

A tech CEO is questioned by police in a high-profile data breach probe. A cyberattack on a major Russian bakery halts deliveries and disrupts logistics. Research reveals Australian real estate apps exposing leases, IDs and pay slips. Microsoft outlines plans to retire NTLM and push passwordless authentication.

A major French data breach and a €5M fine for exposing millions of job seekers. New Microsoft Teams feature to flag suspicious calls is discussed. UK officials pushing for offensive deterrence alongside resilience in cyber policy. Reports of a massive DDoS record and high-severity SolarWinds patches are also covered.

A sandbox escape in n8n lets attackers achieve remote code execution on self-hosted instances. A malicious VS Code extension posing as an AI assistant installs persistent remote-access malware. A modular cross-platform espionage framework called PeckBirdy is being used for sophisticated surveillance and data theft.

A senior US cyber official accidentally uploaded sensitive DHS contracting files to public ChatGPT. A vibe-coded 'Sicarii' ransomware strain is effectively undecryptable and may include false-flag indicators. WhatsApp rolls out a high-risk account lock to block unknown media and help protect journalists and activists. Several old and new vulnerabilities keep being exploited by threat actors.

Microsoft issues an emergency Office patch for a actively exploited zero-day. Indian taxpayers are targeted by a tax-themed Black Moon phishing campaign. A DPRK-linked group is going after blockchain developers in Asia and Australia. CISA outlines post-quantum cryptography product categories and procurement guidance. Cloudflare experiences a 25-minute IPv6 BGP leak due to router misconfiguration.

Jason Shockey, CISO at Cenlar FSB, focuses on cybersecurity program maturity and AI governance. Krista Arndt, Associate CISO at St. Luke's, brings hands-on healthcare security and threat modeling experience. They discuss calendar and AI agent risks, LastPass phishing and MFA limits, SmarterMail exploit lessons, UK-China cyber dialogue, AI-generated malware, and selling AI guardrails to the business.

Outlook PST and Windows 11 boot issues after Microsoft's patches. A destructive Sandworm-linked attack hits Poland's power infrastructure. A Dresden museum's ticketing and phone systems go offline due to a network intrusion. New actively exploited vulnerabilities added to CISA's KEV list and fresh claims of voice-phishing breaches circulate.