Sami Laiho
LightNews LightNews
banner
samilaiho.com
Sami Laiho
@samilaiho.com
1.6K followers 180 following 2.6K posts
Keynote-speaker, Chief Research Officer, Microsoft MVP since 2011

More info: https://samilaiho.com/
Posts Replies Media Videos
samilaiho.com
Ubisoft shuts down ‘Rainbow Six Siege’ servers following hack
www.theverge.com/news/850551/...
Ubisoft shuts down ‘Rainbow Six Siege’ servers following hack
Ubisoft shut down Rainbow Six Siege servers after hackers handed out 2 billion in-game credits to every player.
www.theverge.com
December 29, 2025 at 1:04 PM
samilaiho.com
Hunting MongoBleed (CVE-2025-14847)
blog.ecapuano.com/p/hunting-mo...
Hunting MongoBleed (CVE-2025-14847)
Detecting CVE-2025-14847 Exploitation with Velociraptor
blog.ecapuano.com
December 28, 2025 at 1:53 PM
samilaiho.com
www.infostealers.com/article/wire...
WIRED Database Leaked: 40 Million Record Threat Looms for Condé Nast
WIRED Database Leaked: 40 Million Record Threat Looms for Condé NastA comprehensive investigation into the current WIRED database leak and the threat of an imminent, much larger compromise targeting t...
www.infostealers.com
December 27, 2025 at 9:33 PM
samilaiho.com
Critical LangChain Core Vulnerability Exposes Secrets via Serialization
Injection
thehackernews.com/2025/12/crit...
Critical LangChain Core Vulnerability Exposes Secrets via Serialization Injection
A critical LangChain Core vulnerability (CVE-2025-68664, CVSS 9.3) allows secret theft and prompt injection through unsafe serialization; updates fix
thehackernews.com
December 27, 2025 at 12:25 PM
samilaiho.com
Pro-Russian hackers claim attack on French postal service operator
therecord.media/pro-russia-h...
Pro-Russian hackers claim attack on French postal service operator
France’s national postal service La Poste said on Friday that operations had been restored following a distributed denial-of-service (DDoS) attack that began earlier in the week.
therecord.media
December 27, 2025 at 12:25 PM
samilaiho.com
MongoDB - Make minimally sized buffers for uncompressed Messages
URL: jira.mongodb.org/browse/SERVE...
Classification: Severe, Solution: Official Fix, Exploit Maturity: Functional, CVSSv4.0: 8.7
Loading...
jira.mongodb.org
December 27, 2025 at 8:10 AM
samilaiho.com
github.com/joe-desimone...
GitHub - joe-desimone/mongobleed
Contribute to joe-desimone/mongobleed development by creating an account on GitHub.
github.com
December 26, 2025 at 8:38 PM
samilaiho.com
An amateur codebreaker may have just solved the Black Dahlia and Zodiac
killings
www.latimes.com/california/s...
An amateur codebreaker may have just solved the Black Dahlia and Zodiac killings
Two retired LAPD homicide detectives say that both notorious cases are solved -- with a single culprit -- thanks to the work of a novice sleuth.
www.latimes.com
December 26, 2025 at 12:34 PM
samilaiho.com
Fake MAS Windows activation domain used to spread PowerShell malware
www.bleepingcomputer.com/news/securit...
Fake MAS Windows activation domain used to spread PowerShell malware
A typosquatted domain impersonating the Microsoft Activation Scripts (MAS) tool was used to distribute malicious PowerShell scripts that infect Windows systems with the 'Cosmali Loader'.
www.bleepingcomputer.com
December 26, 2025 at 12:33 PM
samilaiho.com
Lumma Stealer: Danger lurking in fake game updates from itch.io and Patreon
www.gdatasoftware.com/blog/2025/12...
Download the latest indie games
itch.io is a simple way to find, download and distribute indie games online. Whether you're a developer looking to upload your game or just someone looking for something new to play itch.io has you co...
itch.io
December 25, 2025 at 12:05 PM
samilaiho.com
Pen testers accused of 'blackmail' after reporting Eurostar chatbot flaws
www.theregister.com/2025/12/24/p...
Pen testers accused of 'blackmail' over Eurostar AI flaws
: AI goes off the rails … because of shoddy guardrails
www.theregister.com
December 25, 2025 at 12:04 PM
samilaiho.com
techcommunity.microsoft.com/blog/windows...
Announcing hardware-accelerated BitLocker - Windows IT Pro Blog
BitLocker takes advantage of the latest and modern SoC and CPU capabilities for better performance and security.   
techcommunity.microsoft.com
December 25, 2025 at 9:22 AM
samilaiho.com
New MacSync malware dropper evades macOS Gatekeeper checks
www.bleepingcomputer.com/news/securit...
New MacSync malware dropper evades macOS Gatekeeper checks
The latest variant of the MacSync information stealer targeting macOS systems is delivered through a digitally signed, notarized Swift application.
www.bleepingcomputer.com
December 24, 2025 at 2:21 PM
samilaiho.com
Microsoft Teams strengthens messaging security by default in January
www.bleepingcomputer.com/news/microso...
Microsoft Teams strengthens messaging security by default in January
Microsoft Teams will automatically enable messaging safety features by default in January to strengthen defenses against content tagged as malicious.
www.bleepingcomputer.com
December 24, 2025 at 2:20 PM
samilaiho.com
Remote Code Execution via Expression Injection in n8n
URL: github.com/n8n-io/n8n/s...
Classification: Critical, Solution: Official Fix, Exploit Maturity: Not Defined, CVSSv3.1: 9.9
Remote Code Execution via Expression Injection
### Impact n8n contains a critical Remote Code Execution (RCE) vulnerability in its workflow expression evaluation system. Under certain conditions, expressions supplied by authenticated users dur...
github.com
December 24, 2025 at 6:50 AM
samilaiho.com
DDoS incident disrupts France’s postal and banking services ahead of Christmas
therecord.media/la-poste-fra...
DDoS incident disrupts France’s postal and banking services ahead of Christmas
France's La Poste confirmed that a distributed denial-of-service (DDoS) attack was the source of problems with its websites and mobile applications.
therecord.media
December 23, 2025 at 4:46 PM
samilaiho.com
Critical RCE flaw impacts over 115,000 WatchGuard firewalls
www.bleepingcomputer.com/news/securit...
Critical RCE flaw impacts over 115,000 WatchGuard firewalls
Over 115,000 WatchGuard Firebox devices exposed online remain unpatched against a critical remote code execution (RCE) vulnerability actively exploited in attacks.
www.bleepingcomputer.com
December 23, 2025 at 4:46 PM
samilaiho.com
Ukrainian hacker admits affiliate role in Nefilim ransomware gang
www.bleepingcomputer.com/news/securit...
Ukrainian hacker admits affiliate role in Nefilim ransomware gang
A Ukrainian national pleaded guilty on Friday to conducting Nefilim ransomware attacks that targeted high-revenue businesses across the United States and other countries.
www.bleepingcomputer.com
December 23, 2025 at 4:45 PM
samilaiho.com
Interpol-led action decrypts 6 ransomware strains, arrests hundreds
www.bleepingcomputer.com/news/securit...
Interpol-led action decrypts 6 ransomware strains, arrests hundreds
An Interpol-coordinated initiative called Operation Sentinel led to the arrest of 574 individuals and the recovery of $3 million linked to business email compromise, extortion, and ransomware incident...
www.bleepingcomputer.com
December 23, 2025 at 4:45 PM
samilaiho.com
www.techradar.com/pro/security...
Ransomware attack on Romanian water agency hits over a thousand systems
An unknown threat actor wreaked some serious havoc across Romania
www.techradar.com
December 23, 2025 at 4:44 PM
samilaiho.com
Acting CISA director failed a polygraph. Career staff are now under
investigation.
www.politico.com/news/2025/12...
Acting CISA director failed a polygraph. Career staff are now under investigation.
At least six career staff were placed on leave after DHS opened an investigation into whether they misled the agency’s acting director, Madhu Gottumukkala, into taking the test.
www.politico.com
December 22, 2025 at 12:13 PM
samilaiho.com
NIST tried to pull the pin on NTP servers after blackout caused atomic clock
drift
www.theregister.com/2025/12/21/n...
NIST warns of NTP inaccuracy after blackouts across Colorado
UPDATED: A rare case of deliberately trying to induce an outage
www.theregister.com
December 22, 2025 at 12:13 PM
samilaiho.com
China's open AI models are in a dead heat with the West - here's what happens
next
www.zdnet.com/article/chin...
China's open AI models are in a dead heat with the West - here's what happens next
With the rising technological prowess and greater openness of Chinese models, the world is increasingly turning to the East for efficient and customizable AI, a new report finds.
www.zdnet.com
December 22, 2025 at 12:13 PM
samilaiho.com
WatchGuard Firebox iked Out of Bounds Write Vulnerability
URL: www.watchguard.com/wgrd-psirt/a...
Classification: Critical, Solution: Official Fix, Exploit Maturity: High, CVSSv4.0: 9.3
WatchGuard Firebox iked Out of Bounds Write Vulnerability | WatchGuard Technologies
Updated 19 December 2025: Updated to clarify the significance of outbound vs inbound connections involving the IP addresses listed under the Indicators of Attack An Out-of-bounds Write vulnerability i...
www.watchguard.com
December 22, 2025 at 6:26 AM
samilaiho.com
CISA warns ASUS Live Update backdoor is still exploitable, seven years on
www.malwarebytes.com/blog/news/20...
CISA warns ASUS Live Update backdoor is still exploitable, seven years on
Seven years after the original attack, CISA has added the ASUS Live Update backdoor to its Known Exploited Vulnerabilities catalog.
www.malwarebytes.com
December 21, 2025 at 12:59 PM