- X’s InfoSec Newsletter
- Topics
- cybersecurity
![🕵🏻♂️ [InfoSec MASHUP] 37/2025](https://media.beehiiv.com/cdn-cgi/image/format=auto,width=800,height=421,fit=scale-down,onerror=redirect/uploads/publication/thumbnail/ab407690-3f0c-4109-add5-5e9bf75e0e54/landscape_infosecMASHUP-substack-banner.png)
🕵🏻♂️ [InfoSec MASHUP] 37/2025
Salesloft GitHub Account Compromised Months Before Salesforce Attack; 20 Popular npm Packages With 2 Billion Weekly Downloads Compromised in Supply Chain Attack; Another breach at Plex; Signal now offers secure chat backups; Jaguar Land Rover Admits Data Breach Caused by Recent Cyberattack; Senator Ron Wyden asked the FTC to investigate Microsoft for gross cybersecurity negligence;
🕵🏻♂️ [InfoSec MASHUP] 36/2025
Salesloft breach impact Tenable, Cloudflare, Zscaler, Palo Alto Networks; Google denies Gmail massive hack; ICE reactivated a $2 million contract with Israeli spyware maker Paragon; FTC fines toy manufacturer for allowing Chinese third-party to collect kids' data; Google (US) and Shein (CN) Fined by French Regulator for Cookie Consent Violations; Texas sues PowerSchool over breach; Apple is accepting applications for its 2026 Security Research Device Program until October 31; Cloudflare blocked a record DDoS of 11.5 Tbps; Nepal moves to block Facebook, X, YouTube and others;
🕵🏻♂️ [InfoSec MASHUP] 35/2025
Typo-squatted site that pretends to be the GitHub container registry; FCC removes 1,200 voice providers from telephone networks in major robocall crackdown; Exposed TeslaMate Instances Leak Sensitive Tesla Data; A whistleblower says DOGE employees uploaded the Social Security database to a vulnerable cloud; FBI says the Chinese-backed group called Salt Typhoon has hacked at least 200 U.S. companies and firms; TransUnion breach exposed personal information of over 4.4 million people in the U.S.; OpenAI Says It's Scanning Users' ChatGPT Conversations and Reporting Content to the Police;
🕵🏻♂️ [InfoSec MASHUP] 34/2025
Speed cameras in the Netherlands knocked out after cyber attack; Workday, the major HR technology provider, has confirmed a data breach; Orange Belgium Data Breach Impacts 850,000 Customers; Interpol-led Operation Serengeti 2.0 arrested over 1,200 suspected cybercriminals across Africa; Workday has confirmed a data breach; A new startup in the UAE is offering up to $20 million for hacking tools;
🕵🏻♂️ [InfoSec MASHUP] 33/2025
August Patch Tuesday; U.S. government seized $1 million in Bitcoin from Russian ransomware gang; OpenAI's GPT-5 has faced backlash for poor performance in security and safety; WinRAR vulnerability exploited; New MadeYouReset HTTP/2-based DDoS Attacks; Booking.com phishing campaign uses sneaky 'ん' character to trick you;
🕵🏻♂️ [InfoSec MASHUP] 32/2025
CrowdStrike investigated over 320 cases of North Korean operatives taking IT jobs; The UK's Online Safety Act has failed to protect privacy; New Linux backdoor called Plague; Google & Cisco have disclosed separate data breaches stemming from voice phishing (vishing) attacks; Mozilla Alerts add-on Developers about a Phishing Campaign; Air France and KLM disclose Data Breach; Bouygues Telecom has confirmed a data breach affecting 6.4 million customers; Microsoft unveils Project Ire: AI that autonomously detects malware;
🕵🏻♂️ [InfoSec MASHUP] 30/2025
Microsoft SharePoint Mayhem; The Lumma infostealer malware is making a comeback; Dior is notifying U.S. customers about a data breach; The UK government has imposed sanctions on three Russian military intelligence units; French authorities announced the arrest of an alleged administrator of the XSS.is cybercrime forum in Ukraine; Proton has launched Lumo, a privacy-focused AI assistant that does not log user conversations or use prompts for training;
🕵🏻♂️ [InfoSec MASHUP] 28/2025
Teenagers arrested in connection with cyber attacks on M&S and the Co-op; AI voice clones have hit the White House AGAIN; Exploit for CitrixBleed2 Released; Trend where European authorities are detaining individuals on behalf of the U.S. for cybercrime-related accusations; eSIMs can be cloned to spy on mobile communications; Chinese hackers suspected in breach of powerful Washington DC law firm; Millions of cars exposed through Bluetooth Flaw;
🕵🏻♂️ [InfoSec MASHUP] 27/2025
A security flaw in the Catwatchful spyware app has exposed the personal data of over 62,000 customers; Qantas has reported a cyberattack; The International Criminal Court (ICC) is investigating a new cyberattack that targeted its systems; Switzerland's government announced that sensitive data was stolen; U.S. authorities have arrested a man and seized assets in a crackdown on North Korean IT workers scheme; Researchers found a serious security flaw in Anthropic's MCP Inspector project;
🕵🏻♂️ [InfoSec MASHUP] 26/2025
The U.S. Department of Homeland Security has warned about increased cyberattack risks from Iranian hacking groups; Hackers linked to the Chinese government exploited a serious vulnerability in a Canadian telecom provider; A Russian court released four members of the REvil ransomware gang after they served their time; The U.S. House of Representatives has banned WhatsApp on staff devices; New malware called SparkKitty was discovered in apps on Google Play and the Apple App Store;
🕵🏻♂️ [InfoSec MASHUP] 25/2025
The Washington Post experienced a cyberattack that compromised the email accounts of several journalists; The U.K. watchdog fined 23andMe £2.31 million; UBS Confirms Data Stolen After Hack at External Supplier; Over 1,500 Minecraft players have been infected by a new Java malware; Researchers say AI hacking tools sold online were powered by Grok, Mixtral;
🕵🏻♂️ [InfoSec MASHUP] 24/2025
SentinelOne Reported That It Faced A Year-long Campaign Of Cyberespionage From Chinese Threat Actors; A New Attack Called "SmartAttack" Uses Smartwatches To Secretly Steal Data From Air-gapped Systems; Interpol Has Dismantled Over 20,000 Malicious Ip Addresses Linked To 69 Types Of Malware; Researchers Found Five Zero-day Vulnerabilities And 15 Common Misconfigurations In Salesforce Industry Cloud; OpenAI Has Banned ChatGPT Accounts Linked To Russian, Iranian, And Chinese Hacker Groups;