Catalin Cimpanu
@campuscodi.risky.biz
Earlier this month, a global effort was launched to mass-report Google to authorities for monopolistic behavior on Android for forcing all developers to verify themselves with Google: keepandroidopen.org
Yesterday, Google backed off on the new rule: android-developers.googleblog.com/2025/11/andr...
Yesterday, Google backed off on the new rule: android-developers.googleblog.com/2025/11/andr...
November 13, 2025 at 4:05 PM
Earlier this month, a global effort was launched to mass-report Google to authorities for monopolistic behavior on Android for forcing all developers to verify themselves with Google: keepandroidopen.org
Yesterday, Google backed off on the new rule: android-developers.googleblog.com/2025/11/andr...
Yesterday, Google backed off on the new rule: android-developers.googleblog.com/2025/11/andr...
There is no way Europol made a CGI animation on Rhadamanthys
The trolling level is off the charts
The trolling level is off the charts
November 13, 2025 at 1:34 PM
There is no way Europol made a CGI animation on Rhadamanthys
The trolling level is off the charts
The trolling level is off the charts
Check Point looks at a very niche phishing group named Payroll Pirates that uses malvertising to target the users of payroll systems, credit unions, and trading platforms
cyberint.com/blog/threat-...
cyberint.com/blog/threat-...
November 13, 2025 at 10:29 AM
Check Point looks at a very niche phishing group named Payroll Pirates that uses malvertising to target the users of payroll systems, credit unions, and trading platforms
cyberint.com/blog/threat-...
cyberint.com/blog/threat-...
Ok my beloved APT crowd.... it's time to update all those APT charts
The DPRK RGB is now the RIGB
Let's go! I want new charts by next month!
The DPRK RGB is now the RIGB
Let's go! I want new charts by next month!
November 13, 2025 at 12:53 AM
Ok my beloved APT crowd.... it's time to update all those APT charts
The DPRK RGB is now the RIGB
Let's go! I want new charts by next month!
The DPRK RGB is now the RIGB
Let's go! I want new charts by next month!
November 11, 2025 at 10:06 PM
A new OWASP Top 10 is close to being released, with supply chain risks entering the ranking at #3 directly
owasp.org/Top10/2025/0...
owasp.org/Top10/2025/0...
November 11, 2025 at 11:31 AM
A new OWASP Top 10 is close to being released, with supply chain risks entering the ranking at #3 directly
owasp.org/Top10/2025/0...
owasp.org/Top10/2025/0...
Looks like the need to fire staff to cover AI costs has hit the Windows team
RIP Windows Insider
RIP Windows Insider
November 10, 2025 at 11:19 PM
Looks like the need to fire staff to cover AI costs has hit the Windows team
RIP Windows Insider
RIP Windows Insider
Bank of England has confirmed the Jaguar Land Rover ransomware attack impacted the UK's GDP growth, as the government first claimed back in August
www.bankofengland.co.uk/monetary-pol...
www.bankofengland.co.uk/monetary-pol...
November 10, 2025 at 11:01 PM
Bank of England has confirmed the Jaguar Land Rover ransomware attack impacted the UK's GDP growth, as the government first claimed back in August
www.bankofengland.co.uk/monetary-pol...
www.bankofengland.co.uk/monetary-pol...
-KubeVirt security audit
-QNAP security updates
-LangGraph RCE
-Monsta FTP RCE
-Django SQLi
-ASP.NET request smuggling
-RunC vuln allows container breakout
-Loads of new tools: GMSGadget, NoMoreStealers, VenomC2, DonPwner, Blade, MAD-CAT
-QNAP security updates
-LangGraph RCE
-Monsta FTP RCE
-Django SQLi
-ASP.NET request smuggling
-RunC vuln allows container breakout
-Loads of new tools: GMSGadget, NoMoreStealers, VenomC2, DonPwner, Blade, MAD-CAT
November 10, 2025 at 8:43 AM
-KubeVirt security audit
-QNAP security updates
-LangGraph RCE
-Monsta FTP RCE
-Django SQLi
-ASP.NET request smuggling
-RunC vuln allows container breakout
-Loads of new tools: GMSGadget, NoMoreStealers, VenomC2, DonPwner, Blade, MAD-CAT
-QNAP security updates
-LangGraph RCE
-Monsta FTP RCE
-Django SQLi
-ASP.NET request smuggling
-RunC vuln allows container breakout
-Loads of new tools: GMSGadget, NoMoreStealers, VenomC2, DonPwner, Blade, MAD-CAT
-Stalkerware goes down (somewhat)
-MEOW database attacks decline
-123456 remains top password
-Ransomware in VS Code extensions
-Samsung zero-day delivers Landfall spyware
-Silent Lynx targets Azerbaidjan
-DarkHotel keeps hammering Japan
-Konni APT wipes victim Android phones
-Whisper Leak attack
-MEOW database attacks decline
-123456 remains top password
-Ransomware in VS Code extensions
-Samsung zero-day delivers Landfall spyware
-Silent Lynx targets Azerbaidjan
-DarkHotel keeps hammering Japan
-Konni APT wipes victim Android phones
-Whisper Leak attack
November 10, 2025 at 8:40 AM
-Stalkerware goes down (somewhat)
-MEOW database attacks decline
-123456 remains top password
-Ransomware in VS Code extensions
-Samsung zero-day delivers Landfall spyware
-Silent Lynx targets Azerbaidjan
-DarkHotel keeps hammering Japan
-Konni APT wipes victim Android phones
-Whisper Leak attack
-MEOW database attacks decline
-123456 remains top password
-Ransomware in VS Code extensions
-Samsung zero-day delivers Landfall spyware
-Silent Lynx targets Azerbaidjan
-DarkHotel keeps hammering Japan
-Konni APT wipes victim Android phones
-Whisper Leak attack
-Trump ally named as NSO Group new boss
-FBI goes after Archive[.]is
-Samourai Wallet dev gets prison sentence
-Hackers sentenced over gambling site hacks in Singapore
-Pakistani arrested for selling citizens data
-Cambodia raids Bavet scam centers
-Judge rules mistrial in MEV hacker case
-FBI goes after Archive[.]is
-Samourai Wallet dev gets prison sentence
-Hackers sentenced over gambling site hacks in Singapore
-Pakistani arrested for selling citizens data
-Cambodia raids Bavet scam centers
-Judge rules mistrial in MEV hacker case
November 10, 2025 at 8:38 AM
-Trump ally named as NSO Group new boss
-FBI goes after Archive[.]is
-Samourai Wallet dev gets prison sentence
-Hackers sentenced over gambling site hacks in Singapore
-Pakistani arrested for selling citizens data
-Cambodia raids Bavet scam centers
-Judge rules mistrial in MEV hacker case
-FBI goes after Archive[.]is
-Samourai Wallet dev gets prison sentence
-Hackers sentenced over gambling site hacks in Singapore
-Pakistani arrested for selling citizens data
-Cambodia raids Bavet scam centers
-Judge rules mistrial in MEV hacker case
-Hungary opposition party hacked, blamed on Russians
-WaPo breach linked to Oracle zero-day
-Tinder to rummage through your photos
-Akamai reports disruptions in Russia
-EU GDPR to replace cookie popups with device signals
-Australia sanctions North Korean hackers
-ICC, Austria replace MSFT software
-WaPo breach linked to Oracle zero-day
-Tinder to rummage through your photos
-Akamai reports disruptions in Russia
-EU GDPR to replace cookie popups with device signals
-Australia sanctions North Korean hackers
-ICC, Austria replace MSFT software
November 10, 2025 at 8:35 AM
-Hungary opposition party hacked, blamed on Russians
-WaPo breach linked to Oracle zero-day
-Tinder to rummage through your photos
-Akamai reports disruptions in Russia
-EU GDPR to replace cookie popups with device signals
-Australia sanctions North Korean hackers
-ICC, Austria replace MSFT software
-WaPo breach linked to Oracle zero-day
-Tinder to rummage through your photos
-Akamai reports disruptions in Russia
-EU GDPR to replace cookie popups with device signals
-Australia sanctions North Korean hackers
-ICC, Austria replace MSFT software
-Myanmar blows up KK Park scam compound
-Yanluowang ransomware IAB pleads guilty
-US CBO hacked by foreign APT
-Singapore to punish scammers with cane beatings
-Chrome will remove XSLT support for security reasons
Podcast: risky.biz/RBNEWS502/
Newsletter: news.risky.biz/risky-bullet...
-Yanluowang ransomware IAB pleads guilty
-US CBO hacked by foreign APT
-Singapore to punish scammers with cane beatings
-Chrome will remove XSLT support for security reasons
Podcast: risky.biz/RBNEWS502/
Newsletter: news.risky.biz/risky-bullet...
November 10, 2025 at 8:33 AM
-Myanmar blows up KK Park scam compound
-Yanluowang ransomware IAB pleads guilty
-US CBO hacked by foreign APT
-Singapore to punish scammers with cane beatings
-Chrome will remove XSLT support for security reasons
Podcast: risky.biz/RBNEWS502/
Newsletter: news.risky.biz/risky-bullet...
-Yanluowang ransomware IAB pleads guilty
-US CBO hacked by foreign APT
-Singapore to punish scammers with cane beatings
-Chrome will remove XSLT support for security reasons
Podcast: risky.biz/RBNEWS502/
Newsletter: news.risky.biz/risky-bullet...
This is a gigantic scam complex, with 250 buildings
24 of 250 have been demolished with dynamite by the local border force
www.vietnam.vn/en/myanmar-t...
24 of 250 have been demolished with dynamite by the local border force
www.vietnam.vn/en/myanmar-t...
November 9, 2025 at 7:04 PM
This is a gigantic scam complex, with 250 buildings
24 of 250 have been demolished with dynamite by the local border force
www.vietnam.vn/en/myanmar-t...
24 of 250 have been demolished with dynamite by the local border force
www.vietnam.vn/en/myanmar-t...
Two weeks ago, there were weird reports online of explosions at KK Park, Myanmar's largest scam compound, and people fleeing the streets.
I thought some internal military groups were fighting for control, but it appears the junta is demolishing the park outright
www.irrawaddy.com/news/myanmar...
I thought some internal military groups were fighting for control, but it appears the junta is demolishing the park outright
www.irrawaddy.com/news/myanmar...
November 9, 2025 at 7:03 PM
Two weeks ago, there were weird reports online of explosions at KK Park, Myanmar's largest scam compound, and people fleeing the streets.
I thought some internal military groups were fighting for control, but it appears the junta is demolishing the park outright
www.irrawaddy.com/news/myanmar...
I thought some internal military groups were fighting for control, but it appears the junta is demolishing the park outright
www.irrawaddy.com/news/myanmar...
Microsoft has discovered a side-channel attack (Whisper Leak) on the network communications between AI chatbots and their backend LLMs
www.microsoft.com/en-us/securi...
www.microsoft.com/en-us/securi...
November 9, 2025 at 2:38 PM
Microsoft has discovered a side-channel attack (Whisper Leak) on the network communications between AI chatbots and their backend LLMs
www.microsoft.com/en-us/securi...
www.microsoft.com/en-us/securi...
Someone uploaded malware on NuGet in 2023 that destroys systems in 2027 and 2028
That's quite the long game!!!
socket.dev/blog/9-malic...
That's quite the long game!!!
socket.dev/blog/9-malic...
November 6, 2025 at 8:54 PM
Someone uploaded malware on NuGet in 2023 that destroys systems in 2027 and 2028
That's quite the long game!!!
socket.dev/blog/9-malic...
That's quite the long game!!!
socket.dev/blog/9-malic...
AhnLab looks at the new Cephalus ransomware, a strain first seen in August.
The group leverages RDP accounts for initial access and operates a dark web leak site that hasn't been updated in more than two months, suggesting the group might have disbanded already.
asec.ahnlab.com/en/90878/
The group leverages RDP accounts for initial access and operates a dark web leak site that hasn't been updated in more than two months, suggesting the group might have disbanded already.
asec.ahnlab.com/en/90878/
November 6, 2025 at 1:38 PM
AhnLab looks at the new Cephalus ransomware, a strain first seen in August.
The group leverages RDP accounts for initial access and operates a dark web leak site that hasn't been updated in more than two months, suggesting the group might have disbanded already.
asec.ahnlab.com/en/90878/
The group leverages RDP accounts for initial access and operates a dark web leak site that hasn't been updated in more than two months, suggesting the group might have disbanded already.
asec.ahnlab.com/en/90878/
NVISO has linked VShell to UNC5174, a cyber contractor for the Chinese MSS
www.nviso.eu/blog/nviso-a...
www.nviso.eu/blog/nviso-a...
November 6, 2025 at 11:15 AM
NVISO has linked VShell to UNC5174, a cyber contractor for the Chinese MSS
www.nviso.eu/blog/nviso-a...
www.nviso.eu/blog/nviso-a...
-MrICQ arrested
-US sanctions DPRK money launderers
-India arrests CCTV hackers
-SesameOp malware abuses OpenAI API
-Curly COMrades APT returns
-AMD patches RDSEED failures
-Microsoft patches Teams bugs
-Android and Apple security updates
-KASLR not working on Android
-USENIX Security videos
-US sanctions DPRK money launderers
-India arrests CCTV hackers
-SesameOp malware abuses OpenAI API
-Curly COMrades APT returns
-AMD patches RDSEED failures
-Microsoft patches Teams bugs
-Android and Apple security updates
-KASLR not working on Android
-USENIX Security videos
November 5, 2025 at 9:34 AM
-MrICQ arrested
-US sanctions DPRK money launderers
-India arrests CCTV hackers
-SesameOp malware abuses OpenAI API
-Curly COMrades APT returns
-AMD patches RDSEED failures
-Microsoft patches Teams bugs
-Android and Apple security updates
-KASLR not working on Android
-USENIX Security videos
-US sanctions DPRK money launderers
-India arrests CCTV hackers
-SesameOp malware abuses OpenAI API
-Curly COMrades APT returns
-AMD patches RDSEED failures
-Microsoft patches Teams bugs
-Android and Apple security updates
-KASLR not working on Android
-USENIX Security videos
-UPenn hack gets feisty
-Major breach in Poland, at SuperGrosz
-Hack exposes Kansas City dirty cops
-Twitter to show more user info
-US to face-scan all foreign travelers
-Australia expands kids social media ban to Reddit and Kick
-SMS blaster detained in Cambodia
-Scammers arrested in Europe
-Major breach in Poland, at SuperGrosz
-Hack exposes Kansas City dirty cops
-Twitter to show more user info
-US to face-scan all foreign travelers
-Australia expands kids social media ban to Reddit and Kick
-SMS blaster detained in Cambodia
-Scammers arrested in Europe
November 5, 2025 at 9:32 AM
-UPenn hack gets feisty
-Major breach in Poland, at SuperGrosz
-Hack exposes Kansas City dirty cops
-Twitter to show more user info
-US to face-scan all foreign travelers
-Australia expands kids social media ban to Reddit and Kick
-SMS blaster detained in Cambodia
-Scammers arrested in Europe
-Major breach in Poland, at SuperGrosz
-Hack exposes Kansas City dirty cops
-Twitter to show more user info
-US to face-scan all foreign travelers
-Australia expands kids social media ban to Reddit and Kick
-SMS blaster detained in Cambodia
-Scammers arrested in Europe
-US indicts two rogue cybersecurity employees for ransomware attacks
-Hackers extort massage parlor visitors
-Balancer hacked for $128 million
-Cargo thieves use hackers to go after trucking and freight companies
Podcast: risky.biz/RBNEWS500/
Newsletter: news.risky.biz/risky-bullet...
-Hackers extort massage parlor visitors
-Balancer hacked for $128 million
-Cargo thieves use hackers to go after trucking and freight companies
Podcast: risky.biz/RBNEWS500/
Newsletter: news.risky.biz/risky-bullet...
November 5, 2025 at 9:30 AM
-US indicts two rogue cybersecurity employees for ransomware attacks
-Hackers extort massage parlor visitors
-Balancer hacked for $128 million
-Cargo thieves use hackers to go after trucking and freight companies
Podcast: risky.biz/RBNEWS500/
Newsletter: news.risky.biz/risky-bullet...
-Hackers extort massage parlor visitors
-Balancer hacked for $128 million
-Cargo thieves use hackers to go after trucking and freight companies
Podcast: risky.biz/RBNEWS500/
Newsletter: news.risky.biz/risky-bullet...
KELA has published a profile on a hacker who goes online under multiple names, but is referenced in this report as 303, their username on the old BreachForums.
KELA believes the suspect, a prolific leaker, is a Spanish-speaking user based in Uruguay.
www.kelacyber.com/blog/threat-...
KELA believes the suspect, a prolific leaker, is a Spanish-speaking user based in Uruguay.
www.kelacyber.com/blog/threat-...
November 4, 2025 at 10:37 AM
KELA has published a profile on a hacker who goes online under multiple names, but is referenced in this report as 303, their username on the old BreachForums.
KELA believes the suspect, a prolific leaker, is a Spanish-speaking user based in Uruguay.
www.kelacyber.com/blog/threat-...
KELA believes the suspect, a prolific leaker, is a Spanish-speaking user based in Uruguay.
www.kelacyber.com/blog/threat-...
-Operation SkyCloak targets Russian, Belarusian militaries
-DarkHotel was pretty active this summer
-Kimsuky's new HttpTroy backdoor
-Linux bug exploited by ransomware groups
-GameMaker IDE vulnerability
-New agent session smuggling attack
-Loads of new tools
-Infosec drama, episode 28,311
-DarkHotel was pretty active this summer
-Kimsuky's new HttpTroy backdoor
-Linux bug exploited by ransomware groups
-GameMaker IDE vulnerability
-New agent session smuggling attack
-Loads of new tools
-Infosec drama, episode 28,311
November 3, 2025 at 9:35 AM
-Operation SkyCloak targets Russian, Belarusian militaries
-DarkHotel was pretty active this summer
-Kimsuky's new HttpTroy backdoor
-Linux bug exploited by ransomware groups
-GameMaker IDE vulnerability
-New agent session smuggling attack
-Loads of new tools
-Infosec drama, episode 28,311
-DarkHotel was pretty active this summer
-Kimsuky's new HttpTroy backdoor
-Linux bug exploited by ransomware groups
-GameMaker IDE vulnerability
-New agent session smuggling attack
-Loads of new tools
-Infosec drama, episode 28,311
-Couple loses fortune to scammers
-Valid accounts still rule the day for initial access
-Open VSX rotate leaked creds
-ZeroAccess botnet dev is now a software dev
-BadCandy flourishes in Australia
-New Katreus miner
-Malware reports on Aura Stealer, SectopRAT, SleepyDuck RAT, OysterLoader
-Valid accounts still rule the day for initial access
-Open VSX rotate leaked creds
-ZeroAccess botnet dev is now a software dev
-BadCandy flourishes in Australia
-New Katreus miner
-Malware reports on Aura Stealer, SectopRAT, SleepyDuck RAT, OysterLoader
November 3, 2025 at 9:32 AM
-Couple loses fortune to scammers
-Valid accounts still rule the day for initial access
-Open VSX rotate leaked creds
-ZeroAccess botnet dev is now a software dev
-BadCandy flourishes in Australia
-New Katreus miner
-Malware reports on Aura Stealer, SectopRAT, SleepyDuck RAT, OysterLoader
-Valid accounts still rule the day for initial access
-Open VSX rotate leaked creds
-ZeroAccess botnet dev is now a software dev
-BadCandy flourishes in Australia
-New Katreus miner
-Malware reports on Aura Stealer, SectopRAT, SleepyDuck RAT, OysterLoader