Reader

As a profession, cyber/information security has been telling itself that it is “risk-based”, but often fails to live up to that in practice. We see this from hyping threats because they're cool and make for a good conference talk, to having to make a market for a new Gartner product category.

We therefore often mistake the possible for the probable, and the PoC for a Production threat we have to invest to fix. Nowhere is this more extreme than in post quantum cryptography (PQC) and the false urgency of fixing it now, just in case.

Crypto Agility and PQC

Don't get me wrong. Crypto agility and PQC are good things. It is good to know which libraries in your code provide crypto functions so you can keep them up-to-date, whether for PQC or otherwise. That is not the debate. What I have trouble with is the urgency on a problem that everybody agrees to isn't real yet. There are no working quantum computers. Estimates are 5 (optimistic) to 10 (more realistic) to 20 (maybe) years out. Are we still doing risk-based infosec if we're spending time and effort on a problem that realistically won't occur for years?

Are we, when most organizations can't even keep on top of known vulnerabilities or running an effective CSPM program? Between your phishing defense, ransomware resilience and XDR adoption, where does this rate?

“Harvest Now, Decrypt Later” isn't Real

“Oh, but adversaries could capture TLS traffic, store it till a later date and decrypt when quantum computers are viable”.

Yes. Theoretically. But TLS + storage for 10 years is not free – especially when you consider the volume of TLS traffic that runs across the internet on a continuous basis. Google Search gives me daily internet traffic volumes running from 33 exabytes to 0.4 zettabytes which is quite the range, but enough to make it clear that is “stupid scale”. Therefore, simply due to volume, any HNDL would have to be targeted. Unless you're a foreign government or critical industry, that almost certainly already puts you outside of danger.

But BGP Hijacks...

BGP hijacks do happen, where adversaries route vast traffic volumes through infrastructure they control. This is almost certainly to capture metadata, not to HNDL. Even after filtering, what worth is a snapshot of a few hours or days after a decade? At the very least you'd want a continuous stream.

BGP hijacks would be incredibly wasteful to adversaries – storing data in the hope a fragment of a conversation might one day prove useful.

What About Targeted Organizations or Journalists?

If you're a targeted organization watch your XDR and network detection! If you're a journalist, use safe modes and reboot often as surveillance tools targeting you are already on the market.

You're WRONG, I have Clearance and Know it Happens

Very good. And maybe it is, but that still doesn't mean it's a threat. Those adversaries may believe it and waste their time. And you should still start your crypto agility program if not already done, for reasons nothing to do with PQC. Either way, I am happy to admit I am wrong, if that proves to be the case a decade from now. I'll wear the badge “PQC, The One I Got Wrong”.

But I'll take those chances. At least as long as the front doors remain wide open in most of our organizations.

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!

---

News For All

🤔 WhatsApp is officially getting ads privacy – WhatsApp introduces ads in its Updates tab, using limited user data for personalization. While it promises not to misuse personal information, privacy concerns remain. https://www.theverge.com/news/687519/whatsapp-launch-advertising-status-updates

🔓 Hackers Leak Data of 10,000 VirtualMacOSX Customers in Alleged Breach data breach – A data breach at VirtualMacOSX exposed sensitive information of 10,000 customers, including personal and financial details, posing significant security risks and potential account takeovers. https://hackread.com/hackers-leak-virtualmacosx-customers-data-breach/

🎮 Minecraft Players Targeted in Sophisticated Malware Campaign malware – A malware campaign disguises itself as Minecraft mods, stealing sensitive data from players. This threat particularly targets the younger player base, raising significant security concerns. https://blog.checkpoint.com/research/minecraft-players-targeted-in-sophisticated-malware-campaign/

😟 Meta Users Feel Less Safe Since It Weakened ‘Hateful Conduct’ Policy, Survey Finds security news – A survey reveals that users feel increasingly unsafe on Meta platforms following weakened policies against harmful content, with many reporting exposure to hate speech and online harassment. https://www.404media.co/meta-users-feel-less-safe-since-it-weakened-hateful-conduct-policy-survey-finds/

🔒 The WIRED Guide to Protecting Yourself From Government Surveillance privacy – With increased government surveillance, individuals are urged to enhance privacy protections through encrypted communications, secure devices, and careful data management to safeguard against potential threats. https://www.wired.com/story/the-wired-guide-to-protecting-yourself-from-government-surveillance/

🚫 SEC withdraws cyber rules for investment companies, advisers security news – The SEC has retracted proposed cybersecurity regulations for investment firms, citing industry concerns that public disclosures could compromise security and divert focus from actual threats. https://cyberscoop.com/sec-withdrawals-cyber-rules-for-investment-companies-advisers/

🚔 Police dismantle Archetyp dark web drug market, arrest administrator cybercrime – Authorities have shut down Archetyp Market, a major dark web drug marketplace, arresting its administrator and seizing assets worth €7.8 million, disrupting a significant drug trafficking network. https://therecord.media/archetyp-market-dark-web-takedown-europol

🚨 Car-sharing giant Zoomcar says hacker accessed personal data of 8.4 million users data breach – Zoomcar reported a data breach affecting 8.4 million users, with names and phone numbers compromised. The company is enhancing security measures but has not confirmed if customers were notified. https://techcrunch.com/2025/06/16/car-sharing-giant-zoomcar-says-hacker-accessed-personal-data-of-8-4-million-users/

👁️ Emails Reveal the Casual Surveillance Alliance Between ICE and Local Police security news – Emails expose informal collaborations between local Oregon police and federal agencies like ICE, sharing surveillance tools and tactics, raising concerns about privacy and the extent of law enforcement surveillance. https://www.404media.co/emails-reveal-the-casual-surveillance-alliance-between-ice-and-local-police/

💸 Malicious Loan App Removed from iOS and Google Play App Store Posed Severe Risks to Users malware – The 'RapiPlata' app, posing as a loan service, harvested sensitive data from users and threatened them with false debts. It was downloaded by over 150K victims before removal. https://blog.checkpoint.com/research/malicious-loan-app-removed-from-ios-and-google-play-app-store-posed-severe-risks-to-users/

💻 Freedman HealthCare targeted by cyber extortionists data breach – Freedman HealthCare faces threats from an extortion gang claiming to have stolen sensitive data, potentially affecting millions. However, the company asserts that no protected health information was compromised. https://www.theregister.com/2025/06/16/extortionists_claim_freedman_healthcare_hack/

🔍 Minnesota Shooting Suspect Allegedly Used Data Broker Sites to Find Targets’ Addresses security news – The suspect in a Minnesota shooting allegedly used data broker sites to find the addresses of lawmakers he targeted, raising concerns about privacy and the dangers of accessible personal information. https://www.wired.com/story/minnesota-lawmaker-shootings-people-search-data-brokers/

📧 State-sponsored hackers compromised the email accounts of several Washington Post journalists security news – State-sponsored hackers compromised the Microsoft email accounts of several Washington Post journalists, potentially exposing sensitive work emails related to national security and economic policy. https://securityaffairs.com/179065/security/state-sponsored-hackers-compromised-the-email-accounts-of-several-washington-post-journalists.html

📚 AI Scraping Bots Are Breaking Open Libraries, Archives, and Museums security news – AI scraping bots are increasingly targeting libraries, archives, and museums, raising concerns about privacy and the potential misuse of easily accessible personal information. https://www.404media.co/ai-scraping-bots-are-breaking-open-libraries-archives-and-museums/

🎣 Arctic Wolf Observes Social Engineering Campaign Targeting IT Staff of Healthcare Providers to Reset User Credentials security news – The Arctic Wolf Threat Report highlights a social engineering campaign aimed at IT staff in healthcare, seeking to reset user credentials, emphasizing ongoing cybersecurity challenges in the sector. https://arcticwolf.com/resources/blog/arctic-wolf-observes-social-engineering-campaign-targeting-it-staff-of-healthcare-providers-reset-user-credentials/

🩺 More than 5 million affected by data breach at healthcare tech firm Episource data breach – Episource reported a data breach affecting over 5.4 million individuals, with stolen information including Social Security numbers and medical records. The company is working with law enforcement and customers to address the incident. https://therecord.media/5-million-affected-episource-data-breach

💔 A ransomware attack pushed the German napkin firm Fasana into insolvency cybercrime – Fasana, a German napkin manufacturer, filed for insolvency after a ransomware attack paralyzed operations, causing significant financial losses and halting production for two weeks. https://securityaffairs.com/179160/security/ransomware-attack-napkin-firm-fasana-insolvency.html

🔍 Attack on Oxford City Council exposes 21 years of staff data data breach – A cyberattack on Oxford City Council compromised 21 years of staff data related to elections, affecting current and former employees. The council is investigating and has assured the public of limited data access. https://www.theregister.com/2025/06/20/oxford_city_council_breach/

🛡️ Aflac duped by social-engineering attack, marking another hit on insurance industry cybercrime – Aflac disclosed a cyberattack on June 12, linked to social engineering tactics, marking it as the third insurance company targeted in a recent wave of attacks. No ransomware was detected. https://cyberscoop.com/aflac-cyberattack-insurance-sector-scattered-spider/

📞 Netflix, Apple, BofA sites hijacked with fake help numbers cybercrime – Scammers are hijacking search results for major companies like Netflix and Apple, tricking victims into calling fake support numbers to steal personal and financial information through manipulated ads. https://www.theregister.com/2025/06/20/netflix_apple_bofa_websites_hijacked/

---

Some More, For the Curious

🐠 How Long Until the Phishing Starts? About Two Weeks security news – A new Google Workspace account received targeted phishing emails just two weeks after creation, highlighting the need for security training for new hires to combat such threats. https://isc.sans.edu/diary/rss/32052

🤖 Cato CTRL™ Threat Research: WormGPT Variants Powered by Grok and Mixtral security research – Cato CTRL reports on new WormGPT variants that exploit uncensored LLMs for malicious purposes, showcasing how threat actors adapt existing models like Grok and Mixtral for cybercrime. https://www.catonetworks.com/blog/cato-ctrl-wormgpt-variants-powered-by-grok-and-mixtral/

🔐 Path Traversal Vulnerability Discovered in ZendTo vulnerability – A path traversal vulnerability in ZendTo versions 6.15-7 allows attackers to access sensitive user information. Users are urged to upgrade to version 6.15-8 to mitigate risks. https://horizon3.ai/attack-research/attack-blogs/cve-2025-34508-another-file-sharing-application-another-path-traversal/

⚠️ Dangerous by default: Insecure GitHub Actions found in MITRE, Splunk, and other open source repositories vulnerability – Sysdig's research reveals critical security gaps in GitHub Actions across popular open source projects, exposing secrets through insecure workflows like pullrequesttarget. Recommendations for securing CI/CD processes are provided. https://sysdig.com/blog/insecure-github-actions-found-in-mitre-splunk-and-other-open-source-repositories/

🛠️ libxml2 Maintainer Ends Embargoed Vulnerability Reports, Citing Unsustainable Burden security news – The maintainer of libxml2 has stopped supporting embargoed vulnerability reports, citing unsustainable demands on unpaid volunteers. This change reflects frustrations with big tech's reliance on open source without adequate support. https://socket.dev/blog/libxml2-maintainer-ends-embargoed-vulnerability-reports

🔒 Critical Vulnerability in Veeam Backup & Replication vulnerability – Veeam has announced a critical vulnerability (CVE-2025-23121) in Backup & Replication, allowing remote code execution by authenticated domain users. Users are urged to update immediately to mitigate risks. https://cert.europa.eu/publications/security-advisories/2025-021/

📞 How to Design and Execute Effective Social Engineering Attacks by Phone hacking write-up – John Malone outlines strategies for executing social engineering attacks via phone, emphasizing confidence, reconnaissance, and crafting believable ruses to manipulate targets into revealing sensitive information. https://www.blackhillsinfosec.com/how-to-design-and-execute-effective-social-engineering-attacks-by-phone/

💼 Qilin Offers “Call a lawyer” Button For Affiliates Attempting To Extort Ransoms From Victims Who Won't Pay cybercrime – The Qilin ransomware group has introduced a 'Call Lawyer' feature for affiliates, providing legal support to enhance ransom negotiations and exert pressure on victims, reflecting a disturbing professionalization of cybercrime. https://www.tripwire.com/state-of-security/qilin-offers-call-lawyer-button-affiliates-attempting-extort-ransoms-victims

🚫 Iran's government says it shut down internet to protect against cyberattacks security news – Iran's government confirmed a national internet blackout was ordered to protect against Israeli cyberattacks, severely limiting communication and information access for citizens amid ongoing conflicts. https://techcrunch.com/2025/06/20/irans-government-says-it-shut-down-internet-to-protect-against-cyberattacks/

🔑 Why Kerberoasting Still Matters for Security Teams cyber defense – Kerberoasting remains a prevalent and effective technique for attackers to gain credentials in Windows environments. Mitigation strategies include using strong passwords and auditing service accounts to reduce vulnerabilities. https://www.varonis.com/blog/kerberoasting-still-matters

🕵️‍♂️ Unusually patient suspected Russian hackers pose as State Department in ‘sophisticated’ attacks on researchers cybercrime – Suspected Russian hackers employed a sophisticated approach to compromise researcher Keir Giles' accounts, using social engineering and app-specific passwords to bypass security measures, showcasing a new level of patience and planning in cyberattacks. https://cyberscoop.com/russian-hackers-state-department-sophisticated-attacks-researchers-citizen-lab/

🔒 Severe Vulnerabilities in Citrix Products vulnerability – Citrix has identified two high-severity vulnerabilities in NetScaler ADC and Gateway, urging users to update to secure versions immediately to prevent exploitation. https://cert.europa.eu/publications/security-advisories/2025-022/

🐧 Linux flaws chain allows Root access across major distributions vulnerability – Researchers found two local privilege escalation vulnerabilities (CVE-2025-6018 and CVE-2025-6019) that can be chained to allow unprivileged users to gain root access on major Linux distributions. Users are urged to apply security patches. https://securityaffairs.com/179174/security/linux-flaws-chain-allows-root-access-across-major-distributions.html

🌐 Record DDoS pummels site with once-unimaginable 7.3Tbps of junk traffic security news – Cloudflare reported a record DDoS attack peaking at 7.3Tbps, flooding a target with 37.4TB of traffic in 45 seconds. The attack utilized UDP floods and reflection techniques, overwhelming the target's resources. https://arstechnica.com/security/2025/06/record-ddos-pummels-site-with-once-unimaginable-7-3tbps-of-junk-traffic/

🔑 Sitecore CMS flaw let attackers brute-force 'b' for backdoor vulnerability – A serious vulnerability in Sitecore CMS allows attackers to exploit hardcoded passwords and path traversal flaws, potentially leading to full system takeover for many high-profile companies. https://www.theregister.com/2025/06/17/sitecore_rce_vulnerabilities/

---

CISA Corner

⚠️ CISA Adds Two Known Exploited Vulnerabilities to Catalog warning – CISA has included two new vulnerabilities, targeting Apple and TP-Link, in its Known Exploited Vulnerabilities Catalog, highlighting active exploitation risks. https://www.cisa.gov/news-events/alerts/2025/06/16/cisa-adds-two-known-exploited-vulnerabilities-catalog ⚠️ CISA Adds One Known Exploited Vulnerability to Catalog warning – CISA has added a new Linux Kernel vulnerability to its Known Exploited Vulnerabilities Catalog, urging all organizations to prioritize remediation. https://www.cisa.gov/news-events/alerts/2025/06/17/cisa-adds-one-known-exploited-vulnerability-catalog

⚙️ CISA Releases Five Industrial Control Systems Advisories vulnerability – CISA issued five advisories on June 17, 2025, addressing vulnerabilities in Industrial Control Systems by Siemens, LS Electric, Fuji and Dover, urging users to review them for security details and mitigation strategies. https://www.cisa.gov/news-events/alerts/2025/06/17/cisa-releases-five-industrial-control-systems-advisories

---

While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.

One of the symptoms I hate the most in fibromyalgia is how it messes with my internal temperature perception. Whatever the season we're in, if I'm in pain, I'm sweating. If I do something that my body interprets as physical effort, I transform into a human sweat waterfall. Sometimes, things get even worse, and I feel so hot that I have trouble breathing.

Let me use today as an example. When I woke up, I brushed my teeth and then cleaned Chico's toilet. In a matter of seconds, my t-shirt was soaked in sweat, and my eyes were burning from the perspiration dripping from my forehead and into my eyes.

But it gets worse. Sometimes, I feel so hot that I have trouble breathing. And today was another example of that.

All of this because I woke up, got out of bed, brushed my teeth, and cleaned my cat's toilet. Just this.

There's an upside to this, though [I'm trying to look on the bright side of this, ok...]. Occasionally, before I start feeling the pain increasing, I start feeling crazy hot and sweating. This allows me to at least have a few moments to prepare myself for the upcoming pain increase. Those few moments can go from a few seconds to a few minutes, but never more than that, unfortunately.

Better than nothing, though 🤷.

#ChronicPain #Fibromyalgia #Pain

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!

---

News For All

🎭 Over 20 Malicious Crypto Wallet Apps Found on Google Play, CRIL Warns security research – More than 20 malicious apps on Google Play impersonate popular crypto wallets, tricking users into revealing their mnemonic phrases and risking their digital assets. https://thecyberexpress.com/new-crypto-phishing-campaign/

💾 US air traffic control still runs on Windows 95 and floppy disks security news – The FAA plans to replace outdated air traffic control systems still using Windows 95 and floppy disks, citing critical infrastructure needs despite skepticism about timely modernization. https://arstechnica.com/information-technology/2025/06/faa-to-retire-floppy-disks-and-windows-95-amid-air-traffic-control-overhaul/

☎️ A Researcher Figured Out How to Reveal Any Phone Number Linked to a Google Account vulnerability – A researcher exploited a vulnerability to uncover any Google account's linked phone number, raising privacy concerns for users at risk of SIM swapping. Google has since fixed the issue. https://www.wired.com/story/a-researcher-figured-out-how-to-reveal-any-phone-number-linked-to-a-google-account/

✈️ Airlines Don't Want You to Know They Sold Your Flight Data to DHS privacy – Major airlines sold U.S. travelers' flight data, including personal and financial details, to Customs and Border Protection, raising privacy concerns over surveillance and data transparency. https://www.404media.co/airlines-dont-want-you-to-know-they-sold-your-flight-data-to-dhs/

📹 40,000 cameras expose feeds to datacenters, health clinics privacy – Security researchers accessed 40,000 exposed cameras globally, including those in sensitive locations, raising privacy and espionage concerns as vulnerabilities could be exploited by both criminals and state actors. https://www.theregister.com/2025/06/10/40000_iot_cameras_exposed/

🛒 Ongoing cyberattack at US grocery distributor giant UNFI affecting customer orders cybercrime – UNFI is grappling with a cyberattack that disrupts operations and customer orders, leading to limited shipping and potential shortages in grocery stores. The company is working to restore systems. https://techcrunch.com/2025/06/10/ongoing-cyberattack-at-us-grocery-distributor-giant-unfi-affecting-customer-orders/

🛠️ Microsoft Patch Tuesday addresses 66 vulnerabilities, including an actively exploited zero-day vulnerability – Microsoft's latest security update fixed 66 vulnerabilities, including a zero-day exploited by the Stealth Falcon group for targeted attacks. Users are urged to patch systems due to widespread risks. https://cyberscoop.com/microsoft-patch-tuesday-june-2025/

🌐 DNS4EU: Die EU startet eigenen DNS-Resolver-Dienst mit optionalen Filtern privacy – Die EU hat DNS4EU eingeführt, einen eigenen DNS-Resolver-Dienst, der digitale Unabhängigkeit fördern soll. Nutzer können zwischen verschiedenen Filteroptionen wählen, während Datenschutz versprochen wird. https://www.kuketz-blog.de/dns4eu-die-eu-startet-eigenen-dns-resolver-dienst-mit-optionalen-filtern/

💼 Crooks posing as job hunters to malware-infect recruiters cybercrime – Cybercriminals from FIN6 are targeting recruiters by posing as job seekers and directing them to fake portfolio sites that deliver malware, enabling remote access and credential theft. https://www.theregister.com/2025/06/11/crooks_posing_job_hunters_target_recruiters/

🤖 AI Therapy Bots Are Conducting 'Illegal Behavior,' Digital Rights Organizations Say security news – Digital rights groups are urging the FTC to investigate Character.AI and Meta for unlicensed therapy bots misleading users about credentials and confidentiality, raising serious ethical concerns. https://www.404media.co/ai-therapy-bots-meta-character-ai-ftc-complaint/

⚠️ Angriffe mit manipulierten SVG warning – CERT.at warnt vor Phishing-Angriffen, die manipulierte SVG-Dateien als Anhänge nutzen, um JavaScript auszuführen und sensible Informationen zu stehlen. Sicherheitsmaßnahmen sind dringend erforderlich. https://www.cert.at/de/warnungen/2025/6/phishing-angriffe-mit-manipulierten-svg-dateien-vorsicht-geboten

🔒 Apple fixes new iPhone zero-day bug used in Paragon spyware hacks vulnerability – Apple has patched a zero-day vulnerability exploited by Paragon spyware to hack iPhones of two journalists, revealing the flaw was fixed in the February iOS update but not disclosed until now. https://techcrunch.com/2025/06/12/apple-fixes-new-iphone-zero-day-bug-used-in-paragon-spyware-hacks/

📢 How to Protest Safely in the Age of Surveillance privacy – With rising surveillance during protests, individuals should consider both physical and digital security. Key strategies include limiting phone use, using encrypted communication, and being cautious about online activity. https://www.wired.com/story/how-to-protest-safely-surveillance-digital-privacy/

🎣 “Anmeldung mit nicht erkanntem Gerät”: Phishing warning – Phishing attacks are using fake websites that mimic official ones, often with subtle changes in the URL, such as replacing a letter, to deceive victims into revealing sensitive information. https://www.watchlist-internet.at/news/phishing-attacke-paypal/

💻 Bert Ransomware: What You Need To Know cybercrime – Bert ransomware encrypts files and demands payment for decryption, also exfiltrating data. Victims are advised to contact hackers for recovery, emphasizing the need for strong cybersecurity measures. https://www.fortra.com/blog/bert-ransomware-what-you-need-know

👮 Dutch police identify users as young as 11-year-old on Cracked.io hacking forum security news – Dutch police identified 126 users from the dismantled Cracked.io hacking forum, including an 11-year-old, highlighting the involvement of young individuals in cybercrime. Authorities aim to educate and warn them about potential consequences. https://www.bitdefender.com/en-us/blog/hotforsecurity/dutch-police-cracked-io-hacking-forum

🎮 Exploiting Heroes of Might and Magic V vulnerability – The article discusses a vulnerability in Heroes of Might and Magic V related to how the game handles map files, allowing attackers to exploit the game's zip file processing to execute arbitrary code. https://www.synacktiv.com/publications/exploiting-heroes-of-might-and-magic-v.html

---

Some More, For the Curious

👾 Internet infamy drives The Com’s crime sprees cybercrime – The Com, a youth-driven cybercrime group, thrives on notoriety, engaging in serious crimes like sextortion and violence, fueled by economic pressures and a need for belonging. https://cyberscoop.com/the-com-subculture-infamy-crimes/

🔎 LinkedIn for OSINT: tips and tricks – Compass Security Blog hacking write-up – LinkedIn is a rich source for open-source intelligence, offering insights into individuals and companies. Caution is advised to maintain privacy while gathering useful data for assessments. https://blog.compass-security.com/2025/06/linkedin-for-osint-tips-and-tricks/

🏢 Breaking down ‘EchoLeak’, the First Zero-Click AI Vulnerability Enabling Data Exfiltration from Microsoft 365 Copilott vulnerability – Aim Labs discovered a zero-click AI vulnerability called EchoLeak in Microsoft 365 Copilot, enabling attackers to exfiltrate sensitive data without user interaction, highlighting critical security risks in AI applications. https://www.aim.security/lp/aim-labs-echoleak-blogpost

⚠️ High Severity Vulnerabilities in Gitlab Products vulnerability – GitLab released security updates addressing multiple high-severity vulnerabilities, including account takeover and XSS issues. Users are urged to update affected installations promptly. https://cert.europa.eu/publications/security-advisories/2025-020/

🛡️ Cyber resilience begins before the crisis security news – Microsoft's Deputy CISO emphasizes the importance of proactive planning and communication for cyber resilience, highlighting misconceptions, actionable steps, and the role of AI in improving response to cyber incidents. https://www.microsoft.com/en-us/security/blog/2025/06/12/cyber-resilience-begins-before-the-crisis/

🔐 Mitigating prompt injection attacks with a layered defense strategy cyber defense – Google addresses the rising threat of indirect prompt injection attacks on AI systems by implementing a layered defense strategy, including content classifiers, user confirmation, and URL redaction to enhance security. https://security.googleblog.com/2025/06/mitigating-prompt-injection-attacks.html

🪂 Paraguay is Being Targeted by Cybercriminals – 7.4 Million Citizen Records for Sale data breach – A significant data breach in Paraguay has exposed 7.4 million citizen records for sale on the dark web, linked to cybercriminals who demand a ransom. The incident highlights increasing cybersecurity threats in the region. https://www.resecurity.com/blog/article/paraguay-is-being-targeted-by-cybercriminals-74-million-citizen-records-for-sale

🪩 NTLM reflection is dead, long live NTLM reflection! – An in-depth analysis of CVE-2025-33073 security research – The article analyzes CVE-2025-33073, a vulnerability allowing NTLM reflection attacks, detailing its exploitation, patching process, and emphasizing the importance of SMB signing for enhanced security. https://www.synacktiv.com/en/publications/ntlm-reflection-is-dead-long-live-ntlm-reflection-an-in-depth-analysis-of-cve-2025.html

🔧 the Microsoft way (part 89): user group policies don't deserve tamper protection vulnerability – The article discusses vulnerabilities in user group policies on Windows, highlighting how unprivileged users can bypass restrictions by manipulating registry files. Recommendations for countermeasures are provided. https://seclists.org/fulldisclosure/2025/Jun/13

🎮 Hijacked Trust: How Malicious Actors Exploited Discord’s Invite System to Launch Global Multi-Stage Attacks cybercrime – Attackers hijacked expired Discord invite links to redirect users to malicious servers, using fake bots and phishing sites to steal credentials and deploy malware, primarily targeting cryptocurrency users. https://blog.checkpoint.com/research/hijacked-trust-how-malicious-actors-exploited-discords-invite-system-to-launch-global-multi-stage-attacks/

🏖️ Check Point Research Warns of Holiday-Themed Phishing Surge as Summer Travel Season Begins cybercrime – Phishing scams spike with over 39,000 new vacation-related domains; cybercriminals mimic trusted platforms to steal personal and payment information from travelers. https://blog.checkpoint.com/research/check-point-research-warns-of-holiday-themed-phishing-surge-as-summer-travel-season-begins/

🔌 The Growing Risk of Malicious Browser Extensions security research – Malicious browser extensions are increasingly hijacking user sessions and manipulating content, posing serious risks to privacy and security, with recent campaigns targeting sensitive data and financial information. https://socket.dev/blog/the-growing-risk-of-malicious-browser-extensions

🪞 Reflective Kerberos Relay Attack Against Domain vulnerability – The Reflective Kerberos Relay Attack allows low-privileged users to gain NT AUTHORITY\SYSTEM privileges on domain-joined Windows systems without SMB signing, posing a high security risk. A patch is available. https://www.redteam-pentesting.de/en/advisories/rt-sa-2025-002/

---

CISA Corner

💁 Ransomware Actors Exploit Unpatched SimpleHelp Remote Monitoring and Management to Compromise Utility Billing Software Provider security news- CISA warns that ransomware actors are exploiting unpatched vulnerabilities in SimpleHelp RMM to compromise utility billing software providers, urging immediate action for software updates and mitigations. https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-163a

⚠️ CISA Adds Two Known Exploited Vulnerabilities to Catalog warning – CISA has added two vulnerabilities in Erlang/OTP SSH Server and Roundcube Webmail to their catalog. https://www.cisa.gov/news-events/alerts/2025/06/09/cisa-adds-two-known-exploited-vulnerabilities-catalog ⚠️ CISA Adds Two Known Exploited Vulnerabilities to Catalog warning – CISA has added two vulnerabilities in Wazuh and WebDAV to its KEV Catalog. https://www.cisa.gov/news-events/alerts/2025/06/10/cisa-adds-two-known-exploited-vulnerabilities-catalog

⚙️ CISA Releases Four Industrial Control Systems Advisories vulnerability – CISA issued four advisories addressing vulnerabilities in industrial control systems by SinoTrack, Hitachi, MicroDicom and Assured Telematics. https://www.cisa.gov/news-events/alerts/2025/06/10/cisa-releases-four-industrial-control-systems-advisories ⚙️ CISA Releases Ten Industrial Control Systems Advisories vulnerability – CISA has published ten advisories addressing vulnerabilities in various industrial control systems by Siemens, AVEVA and PTZOptics. https://www.cisa.gov/news-events/alerts/2025/06/12/cisa-releases-ten-industrial-control-systems-advisories

---

While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.

When I started university, I expected challenges, but not from my teammates. In my university, we had basic physics, chemistry, and calculus before continuing to more focused degree courses. I took a gap year after high school, so I worried I’d forgotten some of it. But I managed fine.

The surprise? My younger groupmates from industrial and environmental engineering — fresh out of high school — had forgotten even the basics. During physics and chemistry practicums, lab assistants would ask simple questions before we began (like formulas for free-fall motion). Out of six people in our group, only two of us could answer: me and one other. Worse, some didn’t even know how to zip files for task submission. But the problem wasn’t just my groupmates – some of the lab assistants were also clueless. I even debated with them because they were teaching students the wrong way to calculate error percentages during practicum. I reported them to the lecturer the next day. The lecturer accepted my complaint, but in class the following week he just told us to “understand the assistants” because they’re students too and can make mistakes. That wasn’t the point. I had already shown the assistants the correct method, but they were too arrogant – they insisted I was the one who couldn’t do math. I was furious. Imagine how many students had been taught the wrong thing by these people.

On social media, I see the same pattern: teens unable to answer basic questions like “What’s the capital of Central Java?” or “What’s 12 × 12?”. Sure, I was lazy in school too — people called me wasted potential — but I wasn’t this bad.

Young Indonesians are stuck at the lowest level of Bloom’s taxonomy:

• ✅ Remembering facts
• ❌ Understanding concepts
• ❌ Applying knowledge
• ❌ Analyzing ideas
• ❌ Evaluating situations
• ❌ Creating something new

Our schools drill memorization. That’s it. No focus on thinking, questioning, or solving problems.

From my perspective, the main causes are:

• Social media + online game addiction –> meaningless consumption –> weaker memory, impulsivity, anxiety, less empathy [source]. The deeper problem? Parents, teachers and even the government aren't prepared to guide healthy digital habits. They're trapped in the same cycle.
• No reading culture –> no curiosity, no new ideas [source]. But this also has a deeper problem. In my country, books are relatively expensive and are harder to reach for grass-roots. Making it hard to contain new information from analog writings.
• Black-and-white thinking –> no room for nuance or creativity. Our education system and media oversimplify complex issues. Critical thought is never encouraged.
• Cultural pressure to stay quiet –> Eastern values teach politeness and respect for authority, so students avoid asking questions or debating because they fear being seen as rude or attention-seeking. This value is so deeply rooted that breaking it risks social rejection, even when the intention is to learn.

See: Indonesian kids don’t know how stupid they are

#thoughts #society #education

To me, a web framework should make web development easy. What I call “easy” is being able to work alone and/or with other people — especially if I have front-end teammates. Since AdonisJS uses TypeScript, both the back-end and front-end can easily understand each other’s code without learning a new language they’ve never seen before.

I’m also looking for a fast framework at runtime. AdonisJS uses Node.js as its runtime, making it fast and offering better performance than frameworks based on popular scripting languages like Python, Ruby, or PHP. The libraries provided by the AdonisJS team on Adonis packages can also fulfill my basic needs for building a web app — though they’re not as rich as what other frameworks like Laravel offer.

AdonisJS also has out-of-the-box support for InertiaJS, which I always use to make full-stack development easy and fun, without needing separate configs to get the front-end and back-end working together. Want a minimal version, like API-only? AdonisJS has templates for that too.

Community is also a key part of what I want in a framework. The community on Discord is quite helpful, even though it’s not huge. A small community is a plus for me, since I can contribute packages and learn more about web engineering — not just be a web developer. Deployment is easy too; it just needs Docker to ship, and there’s a minimal Docker setup in the docs.

I’ve tried several frameworks like Express.js, Django, and Laravel. What I don’t like about Express.js is that it’s so minimal — I have to do everything by hand, which makes development slow (bad DX). It also uses plain JavaScript without types, which can raise runtime errors. I love Django, especially its “batteries included” philosophy, but I don’t enjoy writing Python. If there were an official Python that used braces instead of indentation, I might go back to Django. But since it uses Python, it doesn’t fit my definition of “easy” from the first paragraph — especially when working with front-end teammates who use JavaScript/TypeScript.

Laravel is good — AdonisJS is inspired by Laravel — but the team behind AdonisJS wanted a TypeScript version of Laravel. Personally, I don’t enjoy coding in PHP; using dollar signs for variables is bad DX for me.

I’d like to see the community grow so more people can contribute, improve packages, and enhance the documentation.

#learned #webdev

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!

---

News For All

😩 Teachers Are Not OK security news – Teachers express frustration over AI's impact on education, revealing challenges like grading AI-generated work, maintaining academic integrity, and witnessing students' declining critical thinking skills. https://www.404media.co/teachers-are-not-ok-ai-chatgpt/

🔒 Google fixed the second actively exploited Chrome zero vulnerability – Google patched three vulnerabilities in Chrome, including one actively exploited zero-day that allows attackers to trigger heap corruption via crafted HTML. Users should update to the latest version. https://securityaffairs.com/178560/hacking/google-fixed-the-second-actively-exploited-chrome-zero-day-since-the-start-of-the-year.html

🐊 Crocodilus malware adds fake entries to victims' contact lists in new scam campaign malware – Crocodilus, an evolving Android banking trojan, now inserts fake contacts to impersonate trusted sources, facilitating scams. It's spreading through malicious ads targeting financially stable users across multiple regions. https://therecord.media/crocodilus-android-malware-banking-fraud

❎ Twitter launches 'XChat' encrypted DMs with big caveats security news – Elon Musk's X platform introduces 'XChat' with encryption and file-sharing features, but experts doubt its security claims, citing potential lack of true end-to-end encryption and centralized data control. https://www.theregister.com/2025/06/03/xs_new_encrypted_xchat_feature/

🤬 Meta and Yandex are de-anonymizing Android users’ web browsing identifiers privacy – Meta and Yandex are using tracking code to de-anonymize Android users by exploiting browser protocols, allowing them to link web activity to app identities. Google is investigating these practices. https://arstechnica.com/security/2025/06/meta-and-yandex-are-de-anonymizing-android-users-web-browsing-identifiers/

🧑‍🌾 How the Farm Industry Spied on Animal Rights Activists and Pushed the FBI to Treat Them as Bioterrorists security news – Internal documents reveal a collaboration between the agricultural industry and the FBI to surveil animal rights activists, branding them as bioterrorists while using corporate spies to infiltrate their groups. https://www.wired.com/story/fbi-wmdd-dxe-animal-agriculture-alliance/

💍 Cartier disclosed a data breach following a cyber attack data breach – Cartier reported a data breach that exposed limited customer information, including names and email addresses, following a cyberattack. The company is enhancing security and cooperating with authorities. https://securityaffairs.com/178601/data-breach/cartier-disclosed-a-data-breach-following-a-cyber-attack.html

💼 Google warns of cybercriminals targeting Salesforce app to steal data, extort companies cybercrime – Cybercriminals, known as UNC6040, are exploiting Salesforce's Data Loader tool to steal sensitive data and extort companies. The group uses vishing tactics to trick employees into granting access. https://therecord.media/google-warns-cybercriminals-targeting-salesforce-apps

🔍 Apple Gave Governments Data on Thousands of Push Notifications privacy – Apple disclosed that it provided governments with data on thousands of push notifications, revealing device identities and sometimes unencrypted content, highlighting the extent of governmental data requests. https://www.404media.co/apple-gave-governments-data-on-thousands-of-push-notifications/

💻 Feds seize 145 domains associated with BidenCash cybercrime platform cybercrime – U.S. authorities seized 145 domains and cryptocurrency funds linked to BidenCash, a cybercrime marketplace that trafficked over 15 million stolen credit card numbers, generating $17 million in illicit revenue. https://cyberscoop.com/bidencash-marketplace-domains-seized/

🎸 Musikhaus Thomann: Kriminelle locken in Fake warning – The official Thomann online store is only accessible at thomann.de, with country-specific versions available at respective domains. Any other addresses are fake sites attempting to deceive users. https://www.watchlist-internet.at/news/musikhaus-thomann-fake-shops/

💰 DOJ seizes $7.7M from crypto funds linked to North Korea’s IT worker scheme security news – Federal authorities seized $7.74 million linked to North Korean IT workers illegally employed abroad, funneling wages to the regime. The operation exploits remote contracting and cryptocurrency to evade U.S. sanctions. https://cyberscoop.com/doj-seizure-crypto-north-korea-it-workers/

🚫 OpenAI takes down ChatGPT accounts linked to state-backed hacking, disinformation cybercrime – OpenAI banned accounts using ChatGPT for illicit activities, including malware refinement, social media disinformation, and employment scams tied to North Korea. The operations exploited ChatGPT for various cybercriminal purposes. https://therecord.media/openai-takes-down-chatgpt-accounts-hacking

💔 Marks & Spencer's ransomware nightmare – more details emerge cybercrime – Marks & Spencer suffered a severe ransomware attack, disrupting operations and leading to £40 million in lost sales weekly. The DragonForce group claimed responsibility, stealing customer data and highlighting M&S's cybersecurity vulnerabilities. https://www.bitdefender.com/en-us/blog/hotforsecurity/marks-spencers-ransomware-nightmare-more-details-emerge

🦠 Millions of low-cost Android devices turn home networks into crime platforms cybercrime – The FBI warns that millions of low-cost Android devices are infected with BadBox malware, turning home networks into crime platforms. Users are urged to evaluate and potentially replace suspicious devices. https://arstechnica.com/security/2025/06/millions-of-low-cost-android-devices-turn-home-networks-into-crime-platforms/

🧑‍⚖️ Italian lawmakers say Italy used spyware to target phones of immigration activists, but not against journalist privacy – An Italian parliamentary committee confirmed the government used Paragon spyware to target immigration activists but found no evidence against journalist Francesco Cancellato. The investigation raises questions about who targeted him and the use of spyware in Italy. https://techcrunch.com/2025/06/06/italian-lawmakers-say-italy-used-spyware-to-target-phones-of-immigration-activists-but-not-against-journalist/

😨 Ransomware scum leak patient data after disrupting services cybercrime – Kettering Health faces potential patient data leaks following a ransomware attack by Interlock, which disrupted services and canceled appointments. The leaked data reportedly includes sensitive information, though verification is pending. https://www.theregister.com/2025/06/04/ransomware_scum_leak_kettering_patient_data/

---

Some More, For the Curious

🛠️ Experts published a detailed analysis of Cisco IOS XE WLC flaw CVE vulnerability – A critical vulnerability in Cisco IOS XE WLC could allow remote attackers to upload files and execute commands. Users should disable the affected feature until a fix is applied. https://securityaffairs.com/178497/security/cisco-ios-xe-wlc-flaw-cve-2025-20188.html

💰 Illicit crypto-miners pouncing on insecure DevOps tools cybercrime – A campaign by attackers named JINX–0132 exploits misconfigured DevOps tools like HashiCorp Nomad, Consul, Docker API, and Gitea, risking theft of cloud resources for cryptocurrency mining. https://www.theregister.com/2025/06/03/illicit_miners_hashicorp_tools/

🐳 How to find container-based threats in host-based logs security research – Containers pose security risks despite their isolation, as they share the host kernel. This article outlines methods for threat hunters to analyze host logs to identify container-based threats. https://securelist.com/host-based-logs-container-based-threats/116643/

❤️‍🔥 The strange tale of ischhfd83: When cybercriminals eat their own security research – Sophos X-Ops uncovered a scheme where the Sakura RAT, designed to target cybercriminals, was itself backdoored, revealing a network of malicious repositories aimed at unsuspecting users, particularly gamers and novice hackers. https://news.sophos.com/en-us/2025/06/04/the-strange-tale-of-ischhfd83-when-cybercriminals-eat-their-own/

⚠️ HPE StoreOnce Faces Critical CVE-2025-37093 Vulnerability — Urges Immediate Patch Upgrade vulnerability – HPE disclosed eight vulnerabilities in StoreOnce, with CVE-2025-37093 being critical due to authentication bypass. Users are urged to upgrade to version 4.3.11 immediately to mitigate risks. https://thecyberexpress.com/cve-2025-37093-hits-hpe-storeonce-systems/

🗨️ The Texting Network for the End of the World security news – This article highlights key topics on online privacy protection, the Matter smart home standard, deepfake scams, Google searches in criminal cases, and updates from Google's I/O 2025 conference. https://www.wired.com/story/youre-not-ready-for-phone-dead-zones/

🔒 Critical flaw in Cisco ISE impacts cloud deployments on AWS, Microsoft Azure, and Oracle Cloud Infrastructure vulnerability – Cisco fixed a critical vulnerability (CVE-2025-20286) in its Identity Services Engine, allowing unauthenticated attackers to exploit shared credentials across cloud deployments on AWS, Azure, and OCI. Administrators are urged to implement mitigations. https://securityaffairs.com/178659/uncategorized/critical-flaw-in-cisco-ise-impacts-cloud-deployments-on-aws-microsoft-azure-and-oracle-cloud-infrastructure.html

💻 Attackers exploit Fortinet flaws to deploy Qilin ransomware security news – Qilin ransomware is exploiting Fortinet vulnerabilities, including CVE-2024-21762 and CVE-2024-55591, to gain remote code execution and target organizations, particularly in Spanish-speaking countries. The group uses double extortion tactics. https://securityaffairs.com/178736/hacking/attackers-exploit-fortinet-flaws-to-deploy-qilin-ransomware.html

⚙️ RCEs and more in the KUNBUS GmbH Revolution Pi PLC vulnerability – Four new vulnerabilities in KUNBUS GmbH's Revolution Pi PLC were discovered, two allowing unauthenticated remote code execution. Users are advised to implement mitigations and upgrade firmware to enhance security. Comment: my former colleagues should take a look at this ;) https://www.pentestpartners.com/security-blog/rces-and-more-in-the-kunbus-gmbh-revolution-pi-plc/

💳 Root Shell on Credit Card Terminal hacking write-up – The article details a security research project on the Worldline Yomani XR payment card terminal, revealing vulnerabilities, tamper protections, and an exposed root shell. The findings highlight significant security concerns in embedded systems. https://stefan-gloor.ch/yomani-hack

🎮 Blitz Malware: A Tale of Game Cheats and Code Repositories malware – Blitz malware, discovered in 2024, exploits backdoored game cheats for distribution and utilizes Hugging Face for command and control infrastructure. The malware operates in two stages: a downloader and a bot payload, with functions including keylogging and cryptocurrency mining. https://unit42.paloaltonetworks.com/blitz-malware-2025/

😱 Camera and Microphone Spying Using Chromium Browsers security research – A dangerous Chromium command allows websites to access cameras and microphones without user consent, enabling continuous recording without any visible indication. https://mrd0x.com/spying-with-chromium-browsers-camera/

---

CISA Corner

⚠️ CISA Adds Five Known Exploited Vulnerabilities to Catalog warning – CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, highlighting serious risks to federal networks and urging timely remediation for all organizations. https://www.cisa.gov/news-events/alerts/2025/06/02/cisa-adds-five-known-exploited-vulnerabilities-catalog ⚠️ CISA Adds Three Known Exploited Vulnerabilities to Catalog warning – CISA has added three Qualcomm vulnerabilities to its Known Exploited Vulnerabilities Catalog, emphasizing their significant risk to federal networks and urging timely remediation. https://www.cisa.gov/news-events/alerts/2025/06/03/cisa-adds-three-known-exploited-vulnerabilities-catalog ⚠️ CISA Adds One Known Exploited Vulnerability to Catalog warning – CISA added CVE-2025-5419, a critical out-of-bounds vulnerability in Google Chromium's V8, to its Known Exploited Vulnerabilities Catalog, urging organizations to prioritize remediation to mitigate risks. https://www.cisa.gov/news-events/alerts/2025/06/05/cisa-adds-one-known-exploited-vulnerability-catalog

⚙️ CISA Releases Three Industrial Control Systems Advisories vulnerability – CISA has issued three advisories addressing vulnerabilities in Schneider Electric and Mitsubishi Electric ICS products. Users are urged to review the advisories for security measures and technical details. https://www.cisa.gov/news-events/alerts/2025/06/03/cisa-releases-three-industrial-control-systems-advisories ⚙️ CISA Releases Seven Industrial Control Systems Advisories vulnerability – CISA has issued seven advisories detailing vulnerabilities and security issues in various Industrial Control Systems, urging users to review for necessary updates and mitigations. https://www.cisa.gov/news-events/alerts/2025/06/05/cisa-releases-seven-industrial-control-systems-advisories

🛡️ Updated Guidance on Play Ransomware security news – CISA, FBI, and ASD's ACSC released updated guidance on Play ransomware, detailing new tactics and IOCs. They recommend multifactor authentication, offline backups, and software updates for mitigation. https://www.cisa.gov/news-events/alerts/2025/06/04/updated-guidance-play-ransomware

---

While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.

WriteFreely is very similar to and may be a sister project of WordPress. However, after following the Fediverse instances, regardless of potential issues, the truth is that there is no such WordPress.org-based server that supports external accounts thus far.

Welcome to the Fediverse!

Hello! Welcome to the Fediverse!

WriteFreely is very similar to and may be a sister project of WordPress. However, after following the Fediverse instances, regardless of potential issues, the truth is that there is no such WordPress.org-based server that supports external accounts thus far.

WriteFreely is very similar to and may be a sister project of WordPress. However, after following the Fediverse instances, regardless of potential issues, the truth is that there is no such WordPress.org-based server that supports external accounts thus far.

WriteFreely is very similar to and may be a sister project of WordPress. However, after following the Fediverse instances, regardless of potential issues, the truth is that there is no such WordPress.org-based server that supports external accounts thus far.

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!

---

News For All

🎭 Fake software activation videos on TikTok spread Vidar, StealC malware – Cybercriminals exploit TikTok to distribute Vidar and StealC malware through fake software activation videos, tricking users into running harmful PowerShell commands. https://securityaffairs.com/178269/cyber-crime/fake-software-activation-videos-on-tiktok-spread-vidar-stealc.html

🎀 A Starter Guide to Protecting Your Data From Hackers and Corporations privacy – With rising digital surveillance, this guide offers essential tips for enhancing personal privacy, including using multifactor authentication and privacy-focused tools. https://www.wired.com/story/guide-protect-data-from-hackers-corporations/

🦠 MathWorks’ ransomware disruptions rages on into second week cybercrime – MathWorks confirms a ransomware attack causing prolonged outages of MATLAB and other applications, disrupting users, particularly students, as recovery efforts continue with limited functionality. https://go.theregister.com/feed/www.theregister.com/2025/05/27/mathworks_ransomware_attack_leaves_ondeadline/

📝 Text-to-Malware: How Cybercriminals Weaponize Fake AI-Themed Websites cybercrime – Cybercriminals exploit AI interest by creating fake video generator websites to distribute malware like infostealers and backdoors, targeting users through malicious ads on social media. https://cloud.google.com/blog/topics/threat-intelligence/cybercriminals-weaponize-fake-ai-websites/

🔂 The Privacy-Friendly Tech to Replace Your US-Based Email, Browser, and Search privacy – Amid growing concerns over US tech giants, alternatives like Mullvad and Vivaldi for browsing, Qwant and Mojeek for searching, and ProtonMail for email offer privacy-focused options. https://www.wired.com/story/the-privacy-friendly-tech-to-replace-your-us-based-email-browser-and-search/

🥺 Iranian man pleads guilty in Robbinhood ransomware scheme cybercrime – pleaded guilty to charges related to the Robbinhood ransomware scheme, which caused over $19 million in damages to Baltimore and other U.S. cities, facing up to 30 years in prison. https://cyberscoop.com/iranian-man-pleads-guilty-in-robbinhood-ransomware-scheme/

🦠 Crooks use a fake antivirus site to spread Venom RAT and a mix of malware security news – A fake Bitdefender site is distributing the Venom RAT, tricking users into downloading malware designed for password theft and remote access, targeting individuals for financial gain. https://securityaffairs.com/178366/malware/fake-antivirus-spreads-venom-rat.html

📅 Chinese hackers used Google Calendar to aid attacks on government entities security research – Google revealed that APT41, a China-backed hacker group, exploited Google Calendar for command and control in attacks on government entities, using malware dubbed TOUGHPROGRESS to blend in with legitimate activity. https://cyberscoop.com/google-calendar-apt-41-c2-winnti/

🔓 LexisNexis leaked social security numbers and other personal data of over 364,000 people data breach – LexisNexis reported a data breach exposing personal information of over 364,000 individuals, including Social Security numbers, after unauthorized access through a third-party software platform was discovered months later. https://www.theverge.com/news/675702/lexisnexis-data-broker-breach-social-security-numbers

🗺️ Oregon becomes second state to ban sale of precise geolocation data privacy – Oregon's legislature passed a law banning the sale of precise geolocation data, following Maryland's similar legislation, and strengthening protections for children's data privacy. https://therecord.media/oregon-passes-geolocation-kids-data-bill

🤏 Thousands of Asus routers are being hit with stealthy, persistent backdoors cybercrime – Thousands of Asus routers are infected with a persistent backdoor allowing unauthorized access via SSH, exploiting patched vulnerabilities, raising concerns of potential nation-state involvement in the ongoing campaign. https://arstechnica.com/security/2025/05/thousands-of-asus-routers-are-being-hit-with-stealthy-persistent-backdoors/

👙 Victoria's Secret hit by outages as it battles security incident security news – Victoria’s Secret is addressing a security incident causing website outages and disruptions to online orders, prompting precautionary measures including website takedown while in-store services remain operational. https://techcrunch.com/2025/05/28/victorias-secret-hit-by-outages-as-it-battles-security-incident/

📚 No One Knows How to Deal With 'Student-on-Student' AI CSAM security news – A Stanford report highlights the lack of preparedness among schools, parents, and law enforcement to handle cases of students using AI to create nonconsensual intimate imagery, emphasizing the normalization of such practices and the need for better training and reporting mechanisms. https://www.404media.co/no-one-knows-how-to-deal-with-student-on-student-ai-csam/

💸 US government sanctions tech company involved in cyber scams cybercrime – The U.S. government sanctioned Funnull for facilitating 'pig butchering' crypto scams, linked to $200 million in losses for victims. The company provided infrastructure for cybercriminals, including domain generation and web design templates. https://techcrunch.com/2025/05/29/us-government-sanctions-tech-company-involved-in-cyber-scams/

🏰 White House investigating how Trump's chief of staff's phone was hacked security news – The White House is investigating a hack involving chief of staff Susie Wiles' phone, where hackers accessed her contacts and impersonated her using AI to contact other officials. https://techcrunch.com/2025/05/30/white-house-investigating-how-trumps-chief-of-staffs-phone-was-hacked/

🌠 Ransomware kingpin “Stern” apparently IDed by German law enforcement cybercrime – German law enforcement has identified 'Stern,' the leader of the Trickbot ransomware group, linking him to significant cybercrime activities, including targeting hospitals and businesses. https://arstechnica.com/security/2025/05/german-police-say-theyve-identified-trickbot-ransomware-kingpin/

🔒 Chinese-Owned VPNs security news Comment: Don't really like the article, but the topic is essential. https://www.schneier.com/blog/archives/2025/05/chinese-owned-vpns.html

🪥 unlikely household item proved husband was cheating' privacy – Private investigator Paul Jones reveals how a smart toothbrush app exposed a husband's affair by tracking unusual brushing times, highlighting that digital clues can uncover infidelity beyond typical signs. https://www.mirror.co.uk/lifestyle/sex-relationships/relationships/im-private-investigator-unlikely-household-35256619

---

Some More, For the Curious

❄️ New Russia-affiliated actor Void Blizzard targets critical sectors for espionage security research – Void Blizzard, a new Russia-linked threat actor, targets NATO and Ukraine for espionage, using stolen credentials and spear phishing to access sensitive information across various sectors. https://www.microsoft.com/en-us/security/blog/2025/05/27/new-russia-affiliated-actor-void-blizzard-targets-critical-sectors-for-espionage/

🐻 Dutch intelligence unmasks previously unknown Russian hacking group 'Laundry Bear' security news – Dutch intelligence reveals 'Laundry Bear,' a Russian hacking group targeting organizations for espionage, notably impacting the police and NATO-related entities, using automated, stealthy techniques. https://therecord.media/laundry-bear-void-blizzard-russia-hackers-netherlands

🔗 DragonForce operator chained SimpleHelp flaws to target an MSP and its customers security research – Sophos warns that DragonForce ransomware exploited three SimpleHelp vulnerabilities to target a managed service provider, gaining unauthorized access and enabling data theft. https://securityaffairs.com/178350/cyber-crime/dragonforce-operator-chained-simplehelp-flaws-to-target-an-msp.html

🚨 Pakistan Arrests 21 in ‘Heartsender’ Malware Service – Krebs on Security cybercrime – Pakistan arrested 21 individuals linked to the 'Heartsender' malware service, which facilitated cybercrime operations resulting in over $50 million in losses, primarily targeting business email compromise schemes. https://krebsonsecurity.com/2025/05/pakistan-arrests-21-in-heartsender-malware-service/

🐍 New PumaBot targets Linux IoT surveillance devices malware – PumaBot, a new Go-based botnet, targets Linux IoT devices using SSH brute-force attacks to steal credentials, spread malware, and mine cryptocurrency while employing stealthy evasion tactics. https://securityaffairs.com/178386/malware/pumabot-targets-linux-iot-devices.html

🤔 Questions mount as Ivanti tackles another round of zero-days vulnerability – Ivanti faces multiple attacks exploiting two zero-day vulnerabilities in its Endpoint Manager Mobile software, linked to the China-backed group UNC5221. https://cyberscoop.com/ivanti-epmm-defects-exploited/

🏞️ ConnectWise says nation-state attack targeted multiple ScreenConnect customers security news – ConnectWise is investigating a nation-state attack affecting a small number of its ScreenConnect customers, involving suspicious activity linked to sophisticated threat actors. https://therecord.media/connectwise-nation-state-attack-targeted-some-customers

⏳ Why Take9 Won’t Improve Cybersecurity security news – The Take9 campaign urging a nine-second pause before online actions is criticized for being unrealistic and ineffective, as it fails to address deeper issues in cybersecurity awareness and places undue blame on users for attacks. https://www.schneier.com/blog/archives/2025/05/why-take9-wont-improve-cybersecurity.html

⚠️ New Apache InLong Vulnerability (CVE-2025-27522) Exposes Systems to Remote Code Execution Risks vulnerability – A new vulnerability (CVE-2025-27522) in Apache InLong allows for remote code execution due to insecure deserialization of data during JDBC processing. Users are urged to upgrade to version 2.2.0 or apply the necessary patch. https://thecyberexpress.com/apache-inlong-cve-2025-27522/

🚨 Top counter antivirus service disrupted in global takedown security news – Law enforcement seized the AVCheck service, used by cybercriminals to test malware against antivirus tools, as part of a global crackdown on cybercrime, disrupting operations of malicious tool providers. https://cyberscoop.com/avcheck-global-takedown/

🦆 Two Linux flaws can lead to the disclosure of sensitive data vulnerability – Qualys warns of two vulnerabilities in Ubuntu's Apport and systemd-coredump that allow local attackers to access sensitive data from core dumps. https://securityaffairs.com/178464/hacking/two-linux-flaws-can-lead-to-the-disclosure-of-sensitive-data.html

🥽 Deep Dive into a Dumped Malware without a PE Header malware – The article details the analysis of malware without a PE header, revealing its capabilities for remote access, data exfiltration, and communication with a C2 server. https://www.fortinet.com/blog/threat-research/deep-dive-into-a-dumped-malware-without-a-pe-header

⚠️ Researchers Drop PoC for Fortinet CVE-2025-32756, Urging Quick Patching vulnerability – A critical vulnerability (CVE-2025-32756) in Fortinet products allows unauthenticated remote code execution and is actively exploited. Researchers released a proof of concept, urging users to patch immediately. https://hackread.com/researchers-poc-fortinet-cve-2025-32756-quick-patch/

🖼️ SANS Internet Storm Center security news – The article discusses the use of steganography in SVG images, highlighting their advantages over bitmap formats for data hiding, while emphasizing the importance of encryption and potential risks from compression. https://isc.sans.edu/diary/rss/31978

🥃 FiberGateway GR241AG – Full Exploit Chain hacking write-up – The article details the discovery of vulnerabilities in the FiberGateway GR241AG router, allowing root access through physical and remote exploitation methods, impacting over 1.6 million households in Portugal. https://r0ny.net/FiberGateway-GR241AG-Full-Exploit-Chain/

---

CISA Corner

🛡️ New Guidance for SIEM and SOAR Implementation security news – CISA and international partners released guidance for implementing SIEM and SOAR platforms, aiming to enhance cybersecurity through improved threat detection, incident response, and log prioritization. https://www.cisa.gov/news-events/alerts/2025/05/27/new-guidance-siem-and-soar-implementation

⚙️ CISA Releases One Industrial Control Systems Advisory vulnerability – CISA issued an advisory on the Johnson Controls iSTAR Configuration Utility tool, highlighting current security issues and vulnerabilities in Industrial Control Systems. Users are urged to review for mitigations. https://www.cisa.gov/news-events/alerts/2025/05/27/cisa-releases-one-industrial-control-systems-advisory ⚙️ CISA Releases Five Industrial Control Systems Advisories vulnerability – CISA issued five advisories regarding security vulnerabilities in various Industrial Control Systems, urging users to review the advisories for technical details and mitigation strategies. https://www.cisa.gov/news-events/alerts/2025/05/29/cisa-releases-five-industrial-control-systems-advisories

---

While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!

---

News For All

🚨 UK government confirms massive data breach following hack of Legal Aid Agency data breach – A major data breach at the Legal Aid Agency may expose sensitive information of legal aid applicants, affecting millions. Security measures are being intensified to prevent further incidents. https://therecord.media/uk-legal-aid-agency-data-breach

🧬 Pharma giant Regeneron to buy 23andMe and its customers' data for $256M privacy – Regeneron plans to purchase 23andMe, including sensitive genetic data from 15 million customers, raising privacy concerns after a previous data breach. Compliance with privacy laws is promised. https://techcrunch.com/2025/05/19/pharma-giant-regeneron-to-buy-23andme-and-its-customers-data-for-256m/

🔒 days demonstrated at Pwn2Own Berlin 2025 vulnerability – Mozilla patched two critical zero-day vulnerabilities in Firefox that could allow sensitive data access or code execution. Users are urged to update their browsers immediately. https://securityaffairs.com/178064/security/mozilla-fixed-zero-days-demonstrated-at-pwn2own-berlin-2025.html

💁 Russia-linked disinformation floods Poland, Romania as voters cast ballots security news – Ahead of presidential elections, Romania and Poland report increased Russian disinformation efforts aiming to sway voters. Authorities warn of impersonation tactics and funded campaigns on social media. https://therecord.media/russia-disinformation-poland-presidential-election

👁️ Cocospy stalkerware apps go offline after data breach security news – Cocospy, Spyic, and Spyzie, stalkerware apps spying on millions, have gone offline following a significant data breach exposing user emails. Users are advised to remove any remaining spyware from their devices. https://techcrunch.com/2025/05/19/cocospy-stalkerware-apps-go-offline-after-data-breach/

🚪 DoorDash Hack security research https://www.schneier.com/blog/archives/2025/05/doordash-hack.html

🛒 Consumer Reports: Kroger using loyalty program to package, sell customer data privacy – Kroger allegedly sells detailed consumer data from its loyalty program, creating potentially inaccurate profiles of shoppers for marketing. Consumer Reports urges stronger privacy protections against such practices. https://therecord.media/kroger-using-loyalty-program-to-sell-customer-data

📚 Chicago Sun-Times prints summer reading list full of fake books security news – The Chicago Sun-Times published a summer reading list with fake books generated by AI, prompting backlash from readers and staff. The publication is investigating the incident and terminating its relationship with the creator. https://arstechnica.com/ai/2025/05/chicago-sun-times-prints-summer-reading-list-full-of-fake-books/

🔍 3 Teens Almost Got Away With Murder. Then Police Found Their Google Searches privacy – Three teens set a house fire that killed five people, but police traced their Google searches for the address to solve the case. The investigation raises concerns about privacy and law enforcement's use of digital data. https://www.wired.com/story/find-my-iphone-arson-case/

💬 Researchers Scrape 2 Billion Discord Messages and Publish Them Online privacy – A database of over 2 billion Discord messages scraped from 3,167 servers has been published online, raising privacy concerns despite claims of anonymization. A separate tool reveals non-anonymized chat histories. https://www.404media.co/researchers-scrape-2-billion-discord-messages-and-publish-them-online/

📸 Signal says no to Windows 11’s Recall screenshots privacy – Signal has implemented screen security in its Windows 11 client to prevent Microsoft’s Recall feature from capturing secured chats. This move highlights concerns over user privacy and accessibility issues. https://www.theverge.com/news/672210/signal-desktop-app-microsoft-recall-block-windows-11-ai

🐒 Kids Say They're Using Photos of Trump and Markiplier to Bypass 'Gorilla Tag' Age Verification security news – Players of the VR game Gorilla Tag are reportedly using images of Trump and Markiplier to circumvent age verification measures. https://www.404media.co/kids-say-theyre-using-photos-of-trump-and-markiplier-to-bypass-gorllia-tag-age-verification/

🤖 Should Children Use AI Chatbots? Google Thinks So, Critics Strongly Disagree privacy – Google's rollout of its AI chatbot Gemini for children under 13 has sparked backlash from privacy advocates, who argue it may violate COPPA and poses risks to kids' mental health and well-being. https://thecyberexpress.com/google-gemini-ai-for-kids/

📱 Russia to pass law to track migrants using their smartphone privacy – A new Russian law will require migrants in Moscow to use a smartphone app for tracking and reporting their location. Critics raise concerns about privacy and potential abuse of power. https://www.theregister.com/2025/05/22/russia_expected_to_pass_experimental/

🔓 Trojanized KeePass Used to Deploy Cobalt Strike and Steal Credentials malware – A malware campaign has trojanized the KeePass password manager to deliver Cobalt Strike and exfiltrate credentials. The compromised installer mimicked the real one, making detection difficult. https://securityonline.info/trojanized-keepass-used-to-deploy-cobalt-strike-and-steal-credentials/

---

Some More, For the Curious

🔑 OpenPGP.js bug enables encrypted message spoofing vulnerability – A critical vulnerability in OpenPGP.js allows spoofing of signed and encrypted messages, undermining public key cryptography. Users are urged to upgrade to patched versions to mitigate risks. https://www.theregister.com/2025/05/20/openpgp_js_flaw/

🌃 Does ENISA EUVD live up to all the hype? cyber defense – The article critically examines the effectiveness and impact of the European Union Agency for Cybersecurity (ENISA) in relation to the EU's cybersecurity directives, questioning if it meets expectations. https://vulncheck.com/blog/enisa-euvd

📊 CISA, NIST Researchers Develop Metric to Determine Likelihood of Vulnerability Exploitation security research – NIST and CISA researchers have created a new metric, Likely Exploited Vulnerabilities (LEV), to better predict which vulnerabilities may be exploited, enhancing existing systems like EPSS and KEV. https://thecyberexpress.com/cisa-nist-vulnerability-exploit-metric/

🔒 Lumma Stealer toppled by globally coordinated takedown cybercrime – Lumma Stealer, a notorious infostealer malware, was dismantled in a global operation that seized its core infrastructure, blocking 2,300 malicious domains. Microsoft and law enforcement aim to disrupt cybercrime operations. https://cyberscoop.com/lumma-stealer-infostealer-takedown/

⚠️ Active Directory dMSA Privilege Escalation Attack Detailed by Researchers vulnerability – Akamai researchers discovered a privilege escalation vulnerability in Windows Server 2025's dMSA feature, allowing attackers to compromise any Active Directory user with minimal permissions. Microsoft acknowledges the issue but rates it as moderate severity. https://thecyberexpress.com/active-directory-dmsa-attack/

📂 Mysterious Database of 184 Million Records Exposes Vast Array of Login Credentials cybercrime – A recent indictment highlights how a Russian malware operation facilitates both criminal activities and state-sponsored hacking, with various cybersecurity issues and incidents, including a breach involving the Signal clone TeleMessage. https://www.wired.com/story/mysterious-database-logins-governments-social-media/

💻 Oops: DanaBot Malware Devs Infected Their Own PCs cybercrime – The U.S. government has charged 16 individuals linked to DanaBot malware, which has infected over 300,000 systems. Developers accidentally infected their own PCs, revealing their identities and leading to their arrest. https://krebsonsecurity.com/2025/05/oops-danabot-malware-devs-infected-their-own-pcs/

💰 Decentralized crypto platform Cetus hit with $223 million hack security news – Cetus, a decentralized cryptocurrency exchange, was hacked for $223 million. The platform paused operations and secured $162 million of the stolen funds, while investigations into the attack continue. https://therecord.media/decentralized-crypto-platform-cetus-theft

🐩 Mysterious hacking group Careto was run by the Spanish government, sources say cybercrime – Research indicates that Careto, a sophisticated hacking group targeting various nations, was operated by the Spanish government. Initially identified in 2014, the group has resurfaced with advanced malware capabilities. https://techcrunch.com/2025/05/23/mysterious-hacking-group-careto-was-run-by-the-spanish-government-sources-say/

🚔 Operation RapTor led to the arrest of 270 dark web vendors and buyers cybercrime – Operation RapTor resulted in the arrest of 270 individuals involved in dark web trafficking across 10 countries, seizing over €184M in assets, drugs, and weapons. Law enforcement continues to target dark web activities. https://securityaffairs.com/178221/deep-web/operation-raptor-arrest-270-dark-web-vendors-and-buyers.html

🔒 Large-scale sting tied to Operation Endgame disrupts ransomware infrastructure cybercrime – Law enforcement from Europe and North America dismantled key ransomware infrastructure in Operation Endgame, taking down 300 servers and 650 domains, disrupting malware tools like Qakbot and Trickbot, and issuing arrest warrants for 20 suspects. https://cyberscoop.com/operation-endgame-ransomware-infrastructure-takedown-europol/

⚙️ Researchers cause GitLab AI developer assistant to turn safe code malicious vulnerability – Researchers demonstrated how GitLab's AI assistant, Duo, could be manipulated into inserting malicious code through prompt injections, exposing private data. GitLab has since implemented measures to mitigate this vulnerability. https://arstechnica.com/security/2025/05/researchers-cause-gitlab-ai-developer-assistant-to-turn-safe-code-malicious/

🦠 Compromised RVTools Installer Spreading Bumblebee Malware malware – A compromised RVTools installer was found spreading Bumblebee malware, detected by security researcher Aidan Leon. The malicious file originated from the official website, which has since been taken offline temporarily. https://hackread.com/compromised-rvtools-installer-drop-bumblebee-malware/

🔓 Bypass SharePoint Restricted View to exfiltrate data using Copilot AI and more… hacking writeup – Red Teamers demonstrate methods to circumvent SharePoint's Restricted View, allowing data exfiltration through techniques like screenshots, OCR, and using AI tools like Microsoft Copilot. The findings highlight the inadequacy of relying on Restricted View for data security. https://www.pentestpartners.com/security-blog/bypass-sharepoint-restricted-view-to-exfiltrate-data-using-copilot-ai-and-more/

🔑 Passwords are okay, impulsive Internet isn't security news – The article criticizes the push for passwordless authentication, arguing that passkeys create vendor lock-in and compromise user security. It emphasizes that the real issue lies in human behavior and impulse control, rather than technology itself. Comment: missed this one. thankfully cert.at pushed it this week. https://www.dedoimedo.com/life/passwords-passkeys.html

😡 Red Team Gold: Extracting Credentials from MDT Shares hacking write-up – The article explores how Microsoft Deployment Toolkit (MDT) can be targeted during Red Team engagements to extract credentials. It discusses misconfigurations in MDT shares that can lead to unauthorized access to sensitive information. https://trustedsec.com/blog/red-team-gold-extracting-credentials-from-mdt-shares

---

CISA Corner

⚠️ CISA Adds Six Known Exploited Vulnerabilities to Catalog warning – CISA has added six vulnerabilities to its catalog due to active exploitation, highlighting serious risks to federal systems. Agencies are required to remediate these vulnerabilities promptly. https://www.cisa.gov/news-events/alerts/2025/05/19/cisa-adds-six-known-exploited-vulnerabilities-catalog ⚠️ CISA Adds One Known Exploited Vulnerability to Catalog warning – CISA has added a new vulnerability, CVE-2025-4632, related to Samsung MagicINFO 9 Server, to its Known Exploited Vulnerabilities Catalog, urging organizations to prioritize remediation efforts. https://www.cisa.gov/news-events/alerts/2025/05/22/cisa-adds-one-known-exploited-vulnerability-catalog

⚙️ CISA Releases Thirteen Industrial Control Systems Advisories vulnerability – CISA issued thirteen advisories on May 20, 2025, addressing security vulnerabilities in various Industrial Control Systems. Users are urged to review these advisories for important technical details and mitigations. https://www.cisa.gov/news-events/alerts/2025/05/20/cisa-releases-thirteen-industrial-control-systems-advisories ⚙️ CISA Releases Two Industrial Control Systems Advisories vulnerability – CISA has issued two advisories on security vulnerabilities affecting Lantronix Device Installer and Rockwell Automation FactoryTalk Historian. Users are urged to review the advisories for details and mitigation strategies. https://www.cisa.gov/news-events/alerts/2025/05/22/cisa-releases-two-industrial-control-systems-advisories

🎯 Russian GRU Cyber Actors Targeting Western Logistics Entities and Tech Companies security news – CISA and other agencies issued a Cybersecurity Advisory on Russian GRU cyber actors targeting Western tech and logistics firms, particularly those supporting Ukraine. The advisory highlights their espionage tactics. https://www.cisa.gov/news-events/alerts/2025/05/21/russian-gru-cyber-actors-targeting-western-logistics-entities-and-tech-companies 🎯 Threat Actors Target U.S. Critical Infrastructure with LummaC2 Malware security news – CISA and the FBI issued a Cybersecurity Advisory on LummaC2 malware, which targets U.S. critical infrastructure by infiltrating networks and exfiltrating sensitive data. Organizations are urged to implement recommended mitigations. https://www.cisa.gov/news-events/alerts/2025/05/21/threat-actors-target-us-critical-infrastructure-lummac2-malware

🔐 New Best Practices Guide for Securing AI Data Released security news – CISA, NSA, and FBI released a Cybersecurity Information Sheet outlining best practices for securing AI data. It emphasizes the importance of data security throughout the AI lifecycle for accuracy and trustworthiness. https://www.cisa.gov/news-events/alerts/2025/05/22/new-best-practices-guide-securing-ai-data-released 🔒 Advisory Update on Cyber Threat Activity Targeting Commvault’s SaaS Cloud Application (Metallic) security news – Commvault is investigating potential unauthorized access to customer data in their Metallic SaaS solution on Azure. CISA urges users to apply mitigations, monitor logs, and implement security best practices. https://www.cisa.gov/news-events/alerts/2025/05/22/advisory-update-cyber-threat-activity-targeting-commvaults-saas-cloud-application-metallic

---

While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.

I've been using Ubuntu daily for a few months. I was a bit afraid of having some major issue and having to try another distro before thinking about returning to Arch, but the balance is positive so far.

I admit there have been a few things that've annoyed me. Then again, I've had that on any OS I've used, so... yeah, computers... At least they're not printers, right?! 👀

✔️ The positives

I find the default GNOME experience on Ubuntu to be good. Back in the day, I enjoyed the hell out of Unity, and having a similar experience is nice. Of course, we're talking about GNOME here; extensions are necessary, but I didn't install that many, and some were only to improve the interface's bling (I like pretty things 🤷).

It's also nice to have a free tier for the Ubuntu Pro program. If, for whatever reason, I decide to stick with this version, I'll have 10 years of security updates (at the time of writing). The specifics are on the link above, so don't forget to check it out to know more about them.

When it comes to regular home users, Pro's free tier can be a nice thing to have. This way, they can slowly prepare the migration to a newer LTS and still stay reasonably secure. Well, to be honest, also because they don't tend to like changes, and keeping a stable environment for some time reduces the stress of computing for them.

This, of course, is also beneficial for self-hosters, for example. But it might not be for you, and that's fair, too. 🍻

Snaps have also improved quite a lot. You may find the occasional exception, but they have become quite performant compared to just a few years ago. Even the Steam snap has improved; however, it can take a little bit more time to launch than the native package when you have a lot of games installed and/or they take up a lot of disk space.

Another plus for the Steam snap is being able to change Mesa versions. There might be some games that require more recent versions than the included one, so this is a nice feature to have.

❌ The negatives

There's an issue with the Steam snap, where right-clicking on something to show a menu and then clicking on a menu entry just closes the menu and doesn't perform the action. This one can be annoying as hell sometimes! 💢

I do miss having some utilities I use already packaged or from a trusted enough source on the AUR, but I compiled them from source, and I keep tabs on new updates occasionally.

It's also a shame there is no official gamescope package, and you're left compiling it from source. I do think there are a few issues with that on the 24.04 LTS version, but I'm just remembering this as I type, so I might be misremembering.

I was also having the best KDE experience I've had in ~20 years with Plasma 6.x on Arch, but it's not packaged for Ubuntu 24.04. One time, I tried using a repo from Kubuntu or something, but I ended up borking the package and dependency lists, and couldn't remove the upgraded packages. 💀 I ended up reinstalling, which was faster than spending a day debugging dependency issues and force-installing some packages manually.

I had forgotten how PPAs can be a headache if you just YOLO it. 😅

👋 Conclusion

At least for now, I'm sticking with the latest stable LTS. When I switched, my goal was to have a system that doesn't change much over time and, in doing so, doesn't bother me every day to install a ton of updates. I also wanted something more reliable. While the verdict is yet to be reached on the latter, it has been reached on the former — most days, I only have flatpak updates.

I'll stick with Ubuntu LTS for a few more months, so I can safely say if it is what I'm looking for or if I need to find another distribution. Although I think I'll probably stick to it until the next LTS — unless I have a major issue with it —and then reevaluate it.

#Ubuntu #Linux #Arch #KDE #GNOME #Steam #Gaming #LinuxGaming #DesktopLinux