malware
+5
![🕵🏻♂️ [InfoSec MASHUP] 05/2026](https://media.beehiiv.com/cdn-cgi/image/format=auto,width=720,fit=scale-down,onerror=redirect/uploads/publication/thumbnail/ab407690-3f0c-4109-add5-5e9bf75e0e54/landscape_infosecMASHUP-substack-banner.png)
Jan 31, 2026
•
16 min read
🕵🏻♂️ [InfoSec MASHUP] 05/2026
Trump’s acting cybersecurity chief uploaded sensitive government docs to ChatGPT; Hugging Face abused to spread thousands of Android malware variants; Former Google engineer was convicted for stealing over 2,000 AI-related trade secret documents; France fined its national employment agency €5 million after the 2024 data breach; Google disrupted a China-based residential proxy network;
malware
+5
Jan 24, 2026
•
13 min read
🕵🏻♂️ [InfoSec MASHUP] 04/2026
LastPass warns of a phishing campaign pretending to be LastPass; Under Armour investing breach; Jordanian authorities used Cellebrite phone-cracking tools to extract data from activists’ phones without consent; Ireland plans a new law to let police use spyware; Moxie Marlinspike launched Confer, a ChatGPT-like service built to protect user privacy; Attackers exploiting critical Fortinet FortiCloud flaw; Russian government hackers likely tried to knock out parts of Poland’s power grid;
malware
+5
Jan 17, 2026
•
14 min read
🕵🏻♂️ [InfoSec MASHUP] 03/2026
BreachForums had its user database leaked; RedVDS Infrastructure seized by Microsoft and Law Enforcement; Europol and Spanish police arrested 34 people linked to the Black Axe; New modular Linux malware framework called VoidLink; MongoBleed, a critical, unauthenticated MongoDB memory-leak vulnerability; Microsoft Patch Tuesday addresses 112 defects, including one actively exploited zero-day;
malware
+5
Dec 19, 2025
•
12 min read
🕵🏻♂️ [InfoSec MASHUP] 51/2025
France's Interior Ministry Breached; European authorities dismantled a Ukraine-based call center fraud ring; Eight browser extensions with over 8 million installs collect full AI conversations and sell them; Google linked five more Chinese hacking groups to attacks exploiting the severe React2Shell flaw;
malware
+5
Dec 12, 2025
•
17 min read
🕵🏻♂️ [InfoSec MASHUP] 50/2025
New Prompt Injection Attack Vectors Through MCP Sampling; Insights from Internal DPRK Chat Logs; North Korean hackers exploit React2Shell flaw in EtherRAT malware attacks; MITRE Posts Results of 2025 ATT&CK Enterprise Evaluations; The UK cyber agency warns large language models are inherently vulnerable to prompt injection; The UK fined LastPass £1.2 million after a 2022 breach exposed data and encrypted vaults; Germany accuses Russia of 2024 cyber attack and election disinformation campaign;
malware
+5
Dec 5, 2025
•
16 min read
🕵🏻♂️ [InfoSec MASHUP] 49/2025
European authorities shut down Cryptomixer and seized about $28 million in Bitcoin; India plans to verify and record every smartphone in circulation... and rolls back; Vulnerability in OpenAI’s Codex CLI; Microsoft Silently Mitigated Exploited LNK Vulnerability; Russia blocks FaceTime and Snapchat over use in terrorist attacks; Chinese Hackers Started Exploiting React2Shell Vulnerability;
malware
+5
Nov 28, 2025
•
13 min read
🕵🏻♂️ [InfoSec MASHUP] 48/2025
OpenAI says some user data was exposed in a Mixpanel breach; Gainsight says more customers were affected by suspicious activity tied to its Salesforce apps; The House Homeland Security Committee asked Anthropic CEO Dario Amodei to testify about a likely Chinese espionage campaign; The self-replicating worm called Shai-Hulud is back; French Soccer Federation Hit by Cyberattack, Member Data Stolen;
malware
+5
Nov 22, 2025
•
14 min read
🕵🏻♂️ [InfoSec MASHUP] 47/2025
Jaguar Land Rover Hack Cost $260 Million; Fortinet warns of new FortiWeb zero-day exploited in attacks; Dozens of groups call for governments to protect encryption; Five Eyes nations and the Netherlands sanctioned two bulletproof hosting providers; Hundreds of Salesforce customers hit by yet another third-party vendor breach;
malware
+5
Nov 15, 2025
•
18 min read
🕵🏻♂️ [InfoSec MASHUP] 46/2025
Anthropic disrupted the first reported AI-orchestrated cyber espionage campaign; Wiz found that 65% of Forbes AI 50 companies with GitHub accounts leaked sensitive secrets; Amazon rolls out AI bug bounty program; The U.S. government may ban sales of TP-Link routers; Europol-led Operation Endgame disrupted Rhadamanthys stealer, Venom RAT, and the Elysium botnet; New WhatsApp-spreading malware;
malware
+5
Nov 7, 2025
•
14 min read
🕵🏻♂️ [InfoSec MASHUP] 45/2025
Anthropic’s Claude tricked into stealing user files; Vibe-Coded Malicious VS Code Extension Found with Built-In Ransomware Capabilities; State-sponsored hackers stole all SonicWall cloud backup files; Microsoft found a new backdoor called SesameOp that uses the OpenAI Assistants API; Google’s $32 billion acquisition of cloud security firm Wiz has cleared U.S. Department of Justice antitrust review;
malware
+5
Oct 31, 2025
•
19 min read
🕵🏻♂️ [InfoSec MASHUP] 44/2025
Google disputes false claims of massive Gmail data breach; The EU says Facebook and Instagram broke Digital Services Act (DSA) rules; Former US Defense Contractor Executive Admits to Selling Exploits to Russia; F5 says a nation-state attacker had long-term access to its systems; OpenAI releases ‘Aardvark’ security and patching model;
malware
+5
Oct 16, 2025
•
11 min read
🕵🏻♂️ [InfoSec MASHUP] 42/2025
Harvard is investigating a data breach; Vietnam Airlines hit by Salesforce CRM instance breach, exposes data of 7.3 Million customers; F5 says hackers stole undisclosed BIG-IP flaws and source code;
malware
+5
Oct 11, 2025
•
15 min read
🕵🏻♂️ [InfoSec MASHUP] 41/2025
13-Year Redis Flaw Exposed: CVSS 10.0 Vulnerability Lets Attackers Run Code Remotely; Google DeepMind’s New AI Agent Finds and Fixes Vulnerabilities; 5.5 Million People Impacted in Discord Breach; Qilin ransomware says it attacked Japan’s Asahi; Microsoft says the Storm-1175 cybercrime group exploited a zero-day in GoAnywhere MFT; The Cl0p ransomware group stole data from Oracle E-Business Suite customers; SonicWall admits attacker accessed all customer firewall configurations stored on cloud portal;
malware
+5
Oct 3, 2025
•
16 min read
🕵🏻♂️ [InfoSec MASHUP] 40/2025
'You'll never need to work again': Criminals offer reporter money to hack BBC; First Malicious MCP server in the Wild; NIST released SP 1334, a two-page guide to reduce USB and removable-media risks in industrial control systems; Microsoft says AI can create “zero day” threats in biology; HackerOne paid $81 million in bug bounties over the past year; North Korea’s IT Workers expand beyond US big tech;
malware
+5
Sep 27, 2025
•
14 min read
🕵🏻♂️ [InfoSec MASHUP] 39/2025
EU cyber agency confirms ransomware attack causing airport disruptions; DDoS Service Lets Customers Self-Manage Attacks; European police arrested five suspects in a crypto investment scam; Search engine ads are impersonating services to trick Mac users; The U.S. Secret Service shut down a massive SIM farm; Cisco Patches Zero-Day Flaw Affecting Routers and Switches; Co-op says it lost $107 million after Scattered Spider attack; Iran released documents it says show secret details of Israel’s nuclear program;
malware
+5
Sep 19, 2025
•
12 min read
🕵🏻♂️ [InfoSec MASHUP] 38/2025
ShinyHunters claims 1.5 billion Salesforce records stolen in Drift hacks; Jaguar Land Rover has extended its production shutdown by a week; "Pompompurin" was resentenced to three years in prison; Self-replicating worm named Shai-Hulud infected at least 187 JavaScript packages on NPM; Salesforce launches ‘Missonforce’, a national security-focused business unit;
malware
+5
Sep 12, 2025
•
12 min read
🕵🏻♂️ [InfoSec MASHUP] 37/2025
Salesloft GitHub Account Compromised Months Before Salesforce Attack; 20 Popular npm Packages With 2 Billion Weekly Downloads Compromised in Supply Chain Attack; Another breach at Plex; Signal now offers secure chat backups; Jaguar Land Rover Admits Data Breach Caused by Recent Cyberattack; Senator Ron Wyden asked the FTC to investigate Microsoft for gross cybersecurity negligence;
malware
+5
Sep 5, 2025
•
14 min read
🕵🏻♂️ [InfoSec MASHUP] 36/2025
Salesloft breach impact Tenable, Cloudflare, Zscaler, Palo Alto Networks; Google denies Gmail massive hack; ICE reactivated a $2 million contract with Israeli spyware maker Paragon; FTC fines toy manufacturer for allowing Chinese third-party to collect kids' data; Google (US) and Shein (CN) Fined by French Regulator for Cookie Consent Violations; Texas sues PowerSchool over breach; Apple is accepting applications for its 2026 Security Research Device Program until October 31; Cloudflare blocked a record DDoS of 11.5 Tbps; Nepal moves to block Facebook, X, YouTube and others;
malware
+5
Aug 29, 2025
•
12 min read
🕵🏻♂️ [InfoSec MASHUP] 35/2025
Typo-squatted site that pretends to be the GitHub container registry; FCC removes 1,200 voice providers from telephone networks in major robocall crackdown; Exposed TeslaMate Instances Leak Sensitive Tesla Data; A whistleblower says DOGE employees uploaded the Social Security database to a vulnerable cloud; FBI says the Chinese-backed group called Salt Typhoon has hacked at least 200 U.S. companies and firms; TransUnion breach exposed personal information of over 4.4 million people in the U.S.; OpenAI Says It's Scanning Users' ChatGPT Conversations and Reporting Content to the Police;
malware
+5
Aug 23, 2025
•
15 min read
🕵🏻♂️ [InfoSec MASHUP] 34/2025
Speed cameras in the Netherlands knocked out after cyber attack; Workday, the major HR technology provider, has confirmed a data breach; Orange Belgium Data Breach Impacts 850,000 Customers; Interpol-led Operation Serengeti 2.0 arrested over 1,200 suspected cybercriminals across Africa; Workday has confirmed a data breach; A new startup in the UAE is offering up to $20 million for hacking tools;
malware
+5
Aug 15, 2025
•
15 min read
🕵🏻♂️ [InfoSec MASHUP] 33/2025
August Patch Tuesday; U.S. government seized $1 million in Bitcoin from Russian ransomware gang; OpenAI's GPT-5 has faced backlash for poor performance in security and safety; WinRAR vulnerability exploited; New MadeYouReset HTTP/2-based DDoS Attacks; Booking.com phishing campaign uses sneaky 'ん' character to trick you;
malware
+5
Aug 8, 2025
•
19 min read
🕵🏻♂️ [InfoSec MASHUP] 32/2025
CrowdStrike investigated over 320 cases of North Korean operatives taking IT jobs; The UK's Online Safety Act has failed to protect privacy; New Linux backdoor called Plague; Google & Cisco have disclosed separate data breaches stemming from voice phishing (vishing) attacks; Mozilla Alerts add-on Developers about a Phishing Campaign; Air France and KLM disclose Data Breach; Bouygues Telecom has confirmed a data breach affecting 6.4 million customers; Microsoft unveils Project Ire: AI that autonomously detects malware;
malware
+5
Jul 25, 2025
•
19 min read
🕵🏻♂️ [InfoSec MASHUP] 30/2025
Microsoft SharePoint Mayhem; The Lumma infostealer malware is making a comeback; Dior is notifying U.S. customers about a data breach; The UK government has imposed sanctions on three Russian military intelligence units; French authorities announced the arrest of an alleged administrator of the XSS.is cybercrime forum in Ukraine; Proton has launched Lumo, a privacy-focused AI assistant that does not log user conversations or use prompts for training;
malware
+5
Jul 12, 2025
•
15 min read
🕵🏻♂️ [InfoSec MASHUP] 28/2025
Teenagers arrested in connection with cyber attacks on M&S and the Co-op; AI voice clones have hit the White House AGAIN; Exploit for CitrixBleed2 Released; Trend where European authorities are detaining individuals on behalf of the U.S. for cybercrime-related accusations; eSIMs can be cloned to spy on mobile communications; Chinese hackers suspected in breach of powerful Washington DC law firm; Millions of cars exposed through Bluetooth Flaw;
