A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!

---

News For All

🤦‍♂️ WhatsApp provides no cryptographic management for group messages security research – WhatsApp's group messaging lacks cryptographic safeguards, allowing potential unauthorized users to join chats unnoticed, raising privacy concerns for sensitive discussions. https://arstechnica.com/security/2025/05/whatsapp-provides-no-cryptographic-management-for-group-messages/

🚫 Mr. Deepfakes, the Biggest Deepfake Porn Site on the Internet, Says It’s Shutting Down for Good cybercrime – Mr. Deepfakes, notorious for nonconsensual deepfake porn, has announced its permanent shutdown due to loss of service and data, leaving users with no access. https://www.404media.co/mr-deepfakes-the-biggest-deepfake-porn-site-on-the-internet-says-its-shutting-down-for-good/

🔑 Passkeys for Normal People cyber defense – Passkeys offer a phishing-resistant alternative to traditional passwords and OTPs for secure logins, enhancing online safety, but still require careful management across devices. https://www.troyhunt.com/passkeys-for-normal-people/

🔓 The modified Signal app used by Mike Waltz was reportedly hacked data breach – A breach involving a modified Signal app used by Mike Waltz has led to the exposure of message contents and contact information of government officials. https://www.theverge.com/news/661173/telemessage-signal-clone-hacked-mike-waltz

📱 Smishing on a Massive Scale: ‘Panda Shop’ Chinese Carding Syndicate cybercrime – Resecurity has uncovered a new smishing kit, ‘Panda Shop,’ linked to a Chinese syndicate, capable of sending millions of fraudulent messages daily and targeting vast consumer data. https://securityaffairs.com/177502/cyber-crime/smishing-on-a-massive-scale-panda-shop-chinese-carding-syndicate.html

🎓 Fake Student Fraud in Community Colleges cybercrime – Community colleges face rising fraud from fake students using AI-generated work to exploit financial aid, challenging detection efforts and disrupting class structures. https://www.schneier.com/blog/archives/2025/05/fake-student-fraud-in-community-colleges.html

🚨 Samsung MagicINFO flaw exploited days after PoC publication vulnerability – A high-severity vulnerability (CVE-2024-7399) in Samsung MagicINFO was exploited shortly after a proof-of-concept was released, allowing unauthenticated users to execute code with system-level access. https://securityaffairs.com/177529/hacking/samsung-magicinfo-vulnerability-exploited-after-poc-publication.html

🕵️‍♂️ Meta awarded $167.25 million over Pegasus spyware attack security news – Meta has been awarded $167.25 million after suing the NSO Group for using Pegasus spyware to target over 1,400 WhatsApp users. https://www.theverge.com/news/662242/meta-nso-group-pegasus-whatsapp-hack-damages

🔑 Tulsi Gabbard Reused the Same Weak Password on Multiple Accounts for Years security news – Tulsi Gabbard reportedly used the same easily cracked password across multiple accounts for years, raising concerns about her cybersecurity practices following a sensitive incident involving a Signal group chat. https://www.wired.com/story/tulsi-gabbard-dni-weak-password/

💻 COLDRIVER Using New Malware To Steal Documents From Western Targets and NGOs cybercrime – Google's Threat Intelligence Group reports on COLDRIVER's new malware, LOSTKEYS, used to steal files from Western targets, utilizing a multi-stage infection process involving social engineering techniques. https://cloud.google.com/blog/topics/threat-intelligence/coldriver-steal-documents-western-targets-ngos/

💰 PowerSchool customers hit by downstream extortion threats cybercrime – After PowerSchool paid a ransom to delete stolen data, some of its school district customers are now facing extortion threats to leak that data, highlighting ongoing supply chain risks. https://cyberscoop.com/powerschool-customers-hit-by-downstream-extortion-threats/

🔒 Polish authorities arrested 4 people behind DDoS cybercrime – Polish police arrested four individuals operating DDoS-for-hire platforms used in global attacks, offering services for as little as €10, as part of an international crackdown on cybercrime. https://securityaffairs.com/177590/cyber-crime/polish-police-arrested-4-people-behind-ddos-for-hire-platforms.html

🎭 NCSC warns of IT helpdesk impersonation trick being used by ransomware gangs after UK retailers attacked security news – Following ransomware attacks on Marks & Spencer and Co-op, the NCSC warns that hackers are using social engineering to impersonate employees and exploit helpdesk staff for account access. https://www.exponential-e.com/blog/ncsc-warns-of-it-helpdesk-impersonation-trick-being-used-by-ransomware-gangs-after-uk-retailers-attacked

🐕‍🦺 DOGE software engineer’s computer infected by info-stealing malware security news – Kyle Schutt, a software engineer at CISA, had his login credentials exposed multiple times in public leaks from info-stealing malware, raising concerns about potential access to sensitive government information. https://arstechnica.com/security/2025/05/doge-software-engineers-computer-infected-by-info-stealing-malware/

✈️ Hackers hit deportation airline GlobalX, leak flight manifests, and leave an unsubtle message for “Donnie” Trump cybercrime – Hacktivists claiming to be part of Anonymous breached GlobalX Airlines, leaking flight records and passenger manifests related to US deportation flights while defacing the airline's website with a message targeting Trump. https://www.bitdefender.com/en-us/blog/hotforsecurity/hackers-globalx-message-trump

🛡️ FBI and Dutch police seize and shut down botnet of hacked routers cybercrime – A joint operation by the FBI and Dutch police dismantled a botnet of hacked routers used for cybercrime, indicting four individuals for running proxy services Anyproxy and 5Socks built on compromised devices. https://techcrunch.com/2025/05/09/fbi-and-dutch-police-seize-and-shut-down-botnet-of-hacked-routers/

💰 German operation shuts down crypto mixer eXch, seizes millions in assets cybercrime – German police seized over $30 million in assets from the crypto mixer eXch, which was linked to laundering funds from the $1.46 billion Bybit hack, as part of a crackdown on money laundering activities. https://therecord.media/exch-cryptocurrency-mixer-germany-takedown

🔒 How to turn on Lockdown Mode for your iPhone and Mac privacy – Apple's Lockdown Mode enhances security for those facing sophisticated threats, limiting device functionality. It can be easily enabled or disabled on iPhones, iPads, and Macs through settings. https://www.theverge.com/tech/663794/lockdown-mode-iphone-mac-how-to

💰 Google will pay Texas $1.4 billion over its location tracking practices privacy – Google will pay Texas $1.4 billion to settle lawsuits over unauthorized location tracking and biometric data retention, marking a significant victory for user privacy against Big Tech violations. https://securityaffairs.com/177683/laws-and-regulations/google-will-pay-texas-1-4-billion-over-its-location-tracking-practices.html

---

Some More, For the Curious

⚠️ Security Researchers Warn a Widely Used Open Source Tool Poses a 'Persistent' Risk to the US security research – Researchers highlight security concerns over easyjson, an open source tool linked to a Russian company, fearing it could be exploited for espionage or cyberattacks against the US. https://www.wired.com/story/easyjson-open-source-vk-ties/

5️⃣ 5 Common Cybersecurity Mistakes That Attackers Love cyber defense – Cybersecurity experts highlight five common mistakes—improper secrets management, excessive user privileges, lack of network segmentation, overreliance on user training, and poor security detections—that leave organizations vulnerable to attacks. https://bishopfox.com/blog/before-red-team-fix-these-5-common-mistakes

💳 Hundreds of e-commerce sites hacked in supply-chain attack security research – A supply-chain attack has compromised hundreds of e-commerce sites, injecting malware that steals payment information from visitors, linked to three software providers over six years. https://arstechnica.com/security/2025/05/hundreds-of-e-commerce-sites-hacked-in-supply-chain-attack/

⚖️ Lawmakers grill Noem over CISA funding cuts, demand Trump cyber plan security news – Homeland Security Secretary Kristi Noem faced bipartisan criticism over a proposed $491 million budget cut to CISA, with lawmakers demanding details on the Trump administration's cyber strategy amid rising threats. https://therecord.media/noem-house-hearing-proposed-cisa-funding-cuts

🛡️ New 'Bring Your Own Installer (BYOI)' technique allows to bypass EDR vulnerability – A new BYOI technique allows attackers to exploit SentinelOne's upgrade process, disabling EDR protection and enabling Babuk ransomware deployment by interrupting the installation. https://securityaffairs.com/177494/hacking/new-bring-your-own-installer-byoi-technique-allows-to-bypass-edr.html

➰ Curl takes action against time-wasting AI bug reports security news – Curl founder Daniel Stenberg implements a checkbox for bug reports to filter out AI-generated submissions, citing their overwhelming volume and lack of validity as a drain on maintainers' resources. https://www.theregister.com/2025/05/07/curl_ai_bug_reports/

🔓 Play ransomware affiliate leveraged zero cybercrime – The Play ransomware gang exploited a Windows zero-day vulnerability (CVE-2025-29824) to gain SYSTEM privileges and deploy malware, including the Grixba infostealer, in targeted attacks. https://securityaffairs.com/177573/cyber-crime/play-ransomware-affiliate-leveraged-zero-day-to-deploy-malware.html

💻 CVE-2024-44236: Remote Code Execution vulnerability in Apple macOS vulnerability – A remote code execution vulnerability in macOS allows attackers to exploit ICC Profile files, potentially executing code on victims' machines. A patch has been released, but no attacks have been detected yet. https://www.thezdi.com/blog/2025/5/7/cve-2024-44236-remote-code-execution-vulnerability-in-apple-macos

🔐 CVE-2025-20188: Cisco Fixes 10.0-Rated Wireless Controller Flaw vulnerability – Cisco has patched a critical vulnerability (CVE-2025-20188) in its IOS XE Wireless Controller software that allows unauthenticated attackers to gain root access. Administrators are urged to apply fixes and check configurations. https://thecyberexpress.com/cisco-patches-cve-2025-20188/

🫦 The LockBit ransomware site was breached, database dump was leaked online cybercrime – The LockBit ransomware group's dark web site was breached, leaking a database with victim data, negotiation logs, and configurations, revealing insights into their operations and potential decryption keys. https://securityaffairs.com/177619/cyber-crime/the-lockbit-ransomware-site-was-breached-database-dump-was-leaked-online.html

📅 A timeline of South Korean telco giant SKT's data breach data breach – SK Telecom suffered a major data breach affecting 23 million customers, prompting investigations and customer backlash, as the company works to mitigate damage and replace compromised SIM cards. https://techcrunch.com/2025/05/08/a-timeline-of-south-korean-telco-giant-skts-data-breach/

🔒 SonicWall fixed SMA 100 flaws that could be chained to execute arbitrary code vulnerability – SonicWall patched three critical vulnerabilities in SMA 100 that could allow remote attackers to chain them for arbitrary code execution, including a potential zero-day. Users are advised to update to the latest version. https://securityaffairs.com/177626/hacking/sonicwall-fixed-sma-100-flaws-that-could-be-chained-to-execute-arbitrary-code.html

🔒 CVSS 10.0 Vulnerability Found in Ubiquity UniFi Protect Cameras vulnerability – Ubiquity disclosed critical vulnerabilities in UniFi Protect, including a CVSS 10.0 flaw (CVE-2025-23123) allowing remote code execution. Users are urged to update firmware and applications immediately to mitigate risks. https://thecyberexpress.com/ubiquity-unifi-protect-flaws-cve-2025-23123/

---

CISA Corner

😶 Unsophisticated Cyber Actor(s) Targeting Operational Technology cyber defense – CISA warns of unsophisticated cyber actors targeting ICS/SCADA systems in U.S. critical infrastructure, urging asset owners to improve cyber hygiene to prevent potential operational disruptions and physical damage. https://www.cisa.gov/news-events/alerts/2025/05/06/unsophisticated-cyber-actors-targeting-operational-technology

⚠️ CISA Adds One Known Exploited Vulnerability to Catalog warning – CISA has added CVE-2025-3248, a missing authentication vulnerability in Langflow, to its catalog, highlighting its active exploitation and risks to federal networks. https://www.cisa.gov/news-events/alerts/2025/05/05/cisa-adds-one-known-exploited-vulnerability-catalog ⚠️ CISA Adds One Known Exploited Vulnerability to Catalog warning – CISA has included CVE-2025-27363, an out-of-bounds write vulnerability in FreeType, in its catalog due to evidence of active exploitation posing risks to federal networks. https://www.cisa.gov/news-events/alerts/2025/05/06/cisa-adds-one-known-exploited-vulnerability-catalog ⚠️ CISA Adds Two Known Exploited Vulnerabilities to Catalog warning – CISA has included two new OS command injection vulnerabilities (CVE-2024-6047 and CVE-2024-11120) in its catalog, highlighting their active exploitation and risks to federal networks. https://www.cisa.gov/news-events/alerts/2025/05/07/cisa-adds-two-known-exploited-vulnerabilities-catalog

⚙️ CISA Releases Three Industrial Control Systems Advisories vulnerability – CISA has issued three advisories regarding vulnerabilities in industrial control systems, urging users to review the advisories for technical details and recommended mitigations. https://www.cisa.gov/news-events/alerts/2025/05/06/cisa-releases-three-industrial-control-systems-advisories ⚙️ CISA Releases Five Industrial Control Systems Advisories vulnerability – CISA has issued five advisories regarding vulnerabilities in various Industrial Control Systems, urging users to review the details and recommended mitigations for enhanced security. https://www.cisa.gov/news-events/alerts/2025/05/08/cisa-releases-five-industrial-control-systems-advisories

---

While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.

Каква е разликата между птици и фрагменти?

Каква е приликата между желание и адмирация?

Какво е представлявала първата прашинка пясък?

---

I bought one so you don't have to. (Edit: at least until Eaton supports Matter over WiFi)

These devices connect to Azure IOT Platform. While I am sure Eaton has a great deal for that, it means that every time I turn the lights on or off, Azure gets paid a small amount of money.

The switch, while not multi-touch capable, will wait 0.5s before turning the load on or off.

In an event of a network connection disruption, when you are back online the switch will take ~5 minutes to become available in the app. There is no local control even though the ESP32-C3-MINI1 (datasheet) module can do this. The unit is provisioned with WiFi credentials over Bluetooth but other than that Bluetooth is not used.

And when you use schedules, the status LED does not correspond to the actual state of the switch.

I am still debating whether to give Schneider Electric Matter-over-WiFi a try, but the more I read the specs the more I become convinced that Z-Wave network I already have is the best.

Edit: https://www.eaton.com/us/en-us/products/wiring-devices-connectivity/Matter.html suggests that at some point these WiFi devices will gain Matter support. If/when that happens, these switches, dimmers, and receptacles will become much more useful.

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!

---

News For All

🎣 Zoom attack tricks victims into allowing remote access to install malware and steal money cybercrime – The ELUSIVE COMET group exploits Zoom to trick victims into granting remote access, allowing malware installation and asset theft. A recent attack succeeded on one CEO but failed on another. https://www.malwarebytes.com/blog/news/2025/04/zoom-attack-tricks-victims-into-allowing-remote-access-to-install-malware-and-steal-money

💳 NFC Fraud Wave: Evolution of Ghost Tap on the Dark Web cybercrime – NFC fraud is surging as cybercriminals exploit contactless payment systems for large-scale theft. The 'Ghost Tap' technique enables remote access to stolen data, posing serious security risks. https://www.resecurity.com/blog/article/nfc-fraud-wave-evolution-of-ghost-tap-on-the-dark-web

🐡 Beware of this sneaky Google phishing scam warning – Scammers are using Google and PayPal tools to craft convincing fake emails that bypass security checks, making them harder to detect. Stay vigilant against these phishing attempts. https://www.theverge.com/news/652509/google-no-reply-dkim-phishing-scam

💂 How to Protect Yourself From Phone Searches at the US Border privacy – As border searches intensify, travelers should consider using a travel phone or modifying their primary device to minimize personal data. Simple precautions can help protect privacy during crossings. https://www.wired.com/story/how-to-protect-yourself-from-phone-searches-at-the-us-border/

🛍️ Marks & Spencer confirms cybersecurity incident amid ongoing disruption cybercrime – Marks & Spencer has confirmed a cybersecurity incident affecting its operations, causing disruptions in payment systems and order pickups. The retailer is investigating with external experts, but details on customer data impact remain unclear. https://techcrunch.com/2025/04/22/marks-spencer-confirms-cybersecurity-incident-amid-ongoing-disruption/

🎥 Beware of video call links that are attempts to steal Microsoft 365 access, researchers tell NGOs security news – Researchers warn that Russia-linked hackers are targeting NGOs with phishing attempts disguised as video call invitations to capture Microsoft 365 access tokens via OAuth. Vigilance is advised against unsolicited contacts. https://therecord.media/russia-linked-phishing-microsoft365-ukraine-ngos

⛪ The Tech That Safeguards the Conclave’s Secrecy security news – As the Vatican prepares for the conclave to elect a new pope, advanced security measures like signal jammers, opaque window films, and thorough inspections are in place to ensure secrecy and integrity. https://www.wired.com/story/technology-used-to-shield-conclave-pope-francis/

💰 EU fines Apple €500 million and Meta €200 million for breaking digital market rules security news – The European Commission fined Apple €500 million and Meta €200 million for violating the Digital Markets Act, marking the first penalties under the new regulations. Both companies plan to appeal the decisions. https://therecord.media/eu-fines-apple-steering-meta-data-privacy-dma

🧿 Blue Shield of California shared the private health data of millions with Google for years data breach – Blue Shield of California disclosed a data breach involving the sharing of sensitive health information with Google since 2021, affecting 4.7 million individuals. The data sharing ended in January 2024 due to a misconfiguration. https://techcrunch.com/2025/04/23/blue-shield-of-california-shared-the-private-health-data-of-millions-with-google-for-years/

©️ WhatsApp now lets you block people from exporting your entire chat history privacy – WhatsApp's new 'Advanced Chat Privacy' feature allows users to prevent others from exporting chat histories and automatically downloading media, enhancing privacy in conversations, although it won't stop screenshots. https://www.theverge.com/news/654592/whatsapp-advanced-chat-privacy-block-exporting-chats

⚰️ Crooks exploit the death of Pope Francis cybercrime – Cybercriminals are exploiting the death of Pope Francis to launch scams and spread malware, leveraging public emotion and curiosity. Strong security practices are essential to counter these risks. https://securityaffairs.com/176917/cyber-crime/crooks-exploit-the-death-of-pope-francis.html

🌍 Even the U.S. Government Says AI Requires Massive Amounts of Water security news – A new GAO report highlights the significant environmental costs of generative AI, emphasizing its heavy demand for power and water, raising concerns about its long-term societal impact. https://www.404media.co/even-the-u-s-government-says-ai-requires-massive-amounts-of-water/

🎮 UK bans export of video game controllers to Russia to hinder attack drone pilots security news – The UK government has banned the export of video game controllers to Russia to prevent their use in piloting drones in Ukraine. This is part of a broader sanctions package aimed at limiting Russia's war efforts. https://therecord.media/uk-bans-video-game-controllers

🤌 Gmail’s New Encrypted Messages Feature Opens a Door for Scams cybercrime – Google's new end-to-end encrypted email feature may enhance security but raises concerns about phishing scams targeting non-Gmail users, as scammers could exploit the invitation system to steal credentials. https://www.wired.com/story/gmail-end-to-end-encryption-scams/

💻 North Korean IT workers seen using AI tools to scam firms into hiring them cybercrime – North Korean IT workers are leveraging generative AI tools to secure jobs at U.S. and European tech firms, facilitating their onboarding and communication while funneling earnings back to the DPRK government. https://therecord.media/north-korean-it-workers-seen-using-ai-recruitment-scams

🥴 Government officials are kind of bad at the internet security news – U.S. officials, including Secretary of Defense Pete Hegseth, have mishandled sensitive information through tech blunders, such as sharing military plans in unsecured messaging apps, highlighting poor digital security practices. https://techcrunch.com/2025/04/26/government-officials-are-kind-of-bad-at-the-internet/

🎒 Storm-1977 targets education sector with password spraying security news – Microsoft reports that the threat actor Storm-1977 is conducting password spraying attacks on the education sector, using AzureChecker.exe to validate credentials and create resources for cryptomining. https://securityaffairs.com/177067/hacking/storm-1977-targets-education-sector-with-password-spraying-microsoft-warns.html

🔑 Who needs phishing when your login's already in the wild? security news – Mandiant's report reveals that stolen credentials have become a major infection vector, surpassing email phishing. The rise in infostealers and cloud attacks emphasizes the need for multi-factor authentication. https://www.theregister.com/2025/04/23/stolen_credentials_mandiant/

🥏 A Look at a Novel Discord Phishing Attack cybercrime – Researchers from Binary Defense investigated MalenuStealer, an infostealer exploiting compromised Discord accounts to distribute malware disguised as a beta game. The attack uses social engineering to trick users into downloading malicious software. https://www.binarydefense.com/resources/blog/a-look-at-a-novel-discord-phishing-attack/

---

Some More, For the Curious

🤬 Microsoft’s patch for CVE-2025–21204 symlink vulnerability introduces another symlink vulnerability vulnerability – A fix for a symlink vulnerability inadvertently creates another, allowing users to block future Windows updates, risking security. Microsoft has not yet addressed this issue. https://doublepulsar.com/microsofts-patch-for-cve-2025-21204-symlink-vulnerability-introduces-another-symlink-vulnerability-9ea085537741

🔍 CERT.at – DOGE, CISA, Mitre und CVE Published security news – Concerns arose when funding for the CVE system was threatened, but a solution was found. The CVE identifiers remain vital for effective vulnerability management across organizations. https://www.cert.at/de/blog/2025/4/doge-cisa-mitre-und-cve

🎭 Example of a Payload Delivered Through Steganography malware – This article illustrates how steganography conceals malicious payloads in seemingly harmless images, making detection by security tools challenging. It explores obfuscation techniques used in malware. https://isc.sans.edu/diary/rss/31892

🦠 How Lumma Stealer sneaks into organizations malware – Lumma Stealer exploits fake CAPTCHA pages and other social engineering tactics to infiltrate systems, primarily targeting individuals and organizations. Its methods include DLL sideloading and malicious payload injections. https://securelist.com/lumma-fake-captcha-attacks-analysis/116274/

⏳ Eight days from patch to exploitation for Microsoft flaw vulnerability – Just eight days after Microsoft patched CVE-2025-24054, attackers exploited it in campaigns against targets in Poland and Romania, highlighting urgent patching needs for NTLM vulnerabilities. https://www.theregister.com/2025/04/21/microsoft_apple_patch/

🏗️ Attacker Infrastructure cyber defense – The article discusses the various components and setups used by cybercriminals to conduct attacks, including servers, tools, and networks that facilitate malicious activities. https://vulncheck.com/blog/attacker-infrastructure

🃏 Attackers stick with effective intrusion points, valid credentials and exploits security news – IBM X-Force's report reveals that identity-based attacks and exploitation of public-facing applications remain the top intrusion methods. Credential theft and phishing continue to rise, particularly in critical infrastructure sectors. https://cyberscoop.com/ibm-x-force-threat-intelligence-index-2025/

🧑‍🏫 Ex-NSA boss: AI devs' lesson to learn from early infosec security news – Former NSA chief Mike Rogers urges AI developers to integrate security from the start, learning from cybersecurity's past mistakes, to avoid costly fixes later and ensure responsible use in national security. https://www.theregister.com/2025/04/23/exnsa_boss_ai/

🔮 A Vulnerable Future: MITRE’s Close Call in CVE Management cyber defense – MITRE faced a crisis regarding the CVE program's future but secured an 11-month contract extension. The incident highlights the need for robust vulnerability management practices amid uncertainty. https://jfrog.com/blog/mitres-close-call-in-cve-management/

🃏 M-Trends 2025: Data, Insights, and Recommendations From the Frontlines security news – Mandiant's M-Trends 2025 report highlights evolving attack sophistication, particularly by China-linked groups using custom malware and zero-day vulnerabilities, while also noting a rise in credential theft as a major infection vector. https://cloud.google.com/blog/topics/threat-intelligence/m-trends-2025/

⛓️‍💥 Ripple NPM supply chain attack hunts for private keys cybercrime – Compromised versions of the Ripple NPM package, xrpl, have been found to contain malware designed to steal private keys from users, affecting developers who interact with the cryptocurrency ledger. https://www.theregister.com/2025/04/23/ripple_npm_supply_chain/

⚖️ DOGE Worker’s Code Supports NLRB Whistleblower security research – A whistleblower alleges that Elon Musk's DOGE group illegally downloaded sensitive data from the NLRB using privileged accounts, raising concerns about unfair advantages in labor disputes and data security. https://krebsonsecurity.com/2025/04/doge-workers-code-supports-nlrb-whistleblower/

🃏 VulnCheck spotted 159 actively exploited vulnerabilities in first few months of 2025 security news – In Q1 2025, VulnCheck reported that attackers exploited nearly a third of vulnerabilities within a day of disclosure, identifying 159 actively exploited vulnerabilities and highlighting the need for rapid response to emerging threats. https://cyberscoop.com/vulncheck-known-exploited-cves-q1-2025/

⛓️ Operation SyncHole: Lazarus APT targets supply chains in South Korea security research – The Lazarus Group has launched Operation SyncHole, targeting at least six South Korean firms through cyber espionage, using malware like ThreatNeedle and exploiting vulnerabilities in local software for data theft. https://securityaffairs.com/176964/apt/operation-synchole-lazarus-apt-targets-supply-chains-in-south-korea.html

⚠️ Critical Commvault Flaw Rated 10/10: CSA Urges Immediate Patching vulnerability – The CSA of Singapore warns of a critical vulnerability (CVE-2025-34028) in Commvault Command Center, rated 10/10, allowing remote code execution. Users are urged to update to patched versions immediately. https://thecyberexpress.com/commvault-vulnerability-cve-2025-34028/

🚨 SAP zero-day vulnerability under widespread active exploitation vulnerability – A critical zero-day vulnerability (CVE-2025-31324) in SAP NetWeaver systems allows unauthorized file uploads, leading to full system compromise. Active exploitation is reported, urging immediate patching for affected customers. https://cyberscoop.com/sap-netweaver-zero-day-exploit-cve-2025-31324/

📱 How to Root Android Phones hacking write-up – This guide explains rooting Android devices, detailing the process for both emulators and physical phones like the Pixel 6. It discusses the pros and cons of rooting, including the benefits for testing applications and the associated security risks. https://www.blackhillsinfosec.com/how-to-root-android-phones/

🐞 How a 20 year old bug in GTA San Andreas surfaced in Windows 11 24H2 security news – A long-standing bug in GTA San Andreas caused the Skimmer plane to disappear on Windows 11 24H2 due to changes in how the OS handles stack memory, exposing uninitialized variables and corrupting game data. https://cookieplmonster.github.io/2025/04/23/gta-san-andreas-win11-24h2-bug/

🛡️ io_uring Rootkit Bypasses Linux Security Tools security research – ARMO researchers reveal a significant security gap in Linux due to the io_uring interface, allowing rootkits to evade detection by traditional security tools. Their rootkit, Curing, exploits this blind spot, underscoring the need for improved detection methods like KRSI. https://www.armosec.io/blog/io_uring-rootkit-bypasses-linux-security/

---

CISA Corner

⚙️ CISA Releases Five Industrial Control Systems Advisories vulnerability – CISA issued five advisories on April 22, 2025, addressing vulnerabilities in various ICS products, including Siemens and Schneider Electric systems. Users are urged to review for mitigation strategies. https://www.cisa.gov/news-events/alerts/2025/04/22/cisa-releases-five-industrial-control-systems-advisories ⚙️ CISA Releases Seven Industrial Control Systems Advisories vulnerability – CISA issued seven advisories on April 24, 2025, addressing vulnerabilities in various ICS products, including Schneider Electric and Johnson Controls. Users are urged to review for technical details and mitigations. https://www.cisa.gov/news-events/alerts/2025/04/24/cisa-releases-seven-industrial-control-systems-advisories

---

While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!

---

News For All

🕵️ Chrome extensions with 6 million installs have hidden tracking code malware – 57 risky Chrome extensions, used by 6 million, secretly track users and access sensitive data. Some have been removed, but others still pose a threat. https://www.bleepingcomputer.com/news/security/chrome-extensions-with-6-million-installs-have-hidden-tracking-code/

💻 The Most Dangerous Hackers You’ve Never Heard Of cybercrime – A roundup of recent cybersecurity incidents, including a suspected breach of 4chan, the rise of smishing scams, and vulnerabilities in government cybersecurity programs. https://www.wired.com/story/most-dangerous-hackers-youve-never-heard-of/

🎤 Silicon Valley crosswalk buttons hacked to imitate Musk, Zuckerberg's voices security news – Audio traffic crosswalk buttons in Silicon Valley were hacked to play AI-generated messages mimicking Elon Musk and Mark Zuckerberg, raising concerns over security and potential hacktivism. https://techcrunch.com/2025/04/14/silicon-valley-crosswalk-buttons-hacked-to-imitate-musk-zuckerberg-voices/

🗂️ Don't delete inetpub folder. It's a Windows security fix vulnerability – The newly created inetpub folder on Windows systems post-update is a security measure to prevent privilege escalation vulnerabilities. Users are advised to keep it intact. https://www.theregister.com/2025/04/14/windows_update_inetpub/

🕹️ Infinity Global Services’ Cyber Park Launches “Beacon in the Dark” – A New Cyber Security Escape Room Adventure security news – The new escape room 'Beacon in the Dark' challenges players to solve cyber risk puzzles, enhancing awareness about threats like credential theft. It's a fun way to learn about cybersecurity! https://blog.checkpoint.com/infinity-global-services/infinity-global-services-cyber-park-launches-beacon-in-the-dark-a-new-cyber-security-escape-room-adventure/

⚠️ Microsoft’s Recall AI Tool Is Making an Unwelcome Return privacy – A series of incidents highlight the risks of AI mismanagement, including a chatbot creating false policies and government officials exposing sensitive data on Venmo. https://www.wired.com/story/microsoft-recall-returns-privacy/

🔍 Meta will use public EU user data to train its AI models privacy – Meta plans to resume using public data from EU users to train its AI models, emphasizing user choice and transparency while addressing prior data protection concerns raised by regulators. https://securityaffairs.com/176569/digital-id/meta-will-use-public-eu-user-data-to-train-its-ai-models.html

🚗 Hertz says customers' personal data and driver's licenses stolen in data breach data breach – Hertz has notified customers of a data breach involving personal data and driver's licenses, attributed to a cyberattack on vendor Cleo. The breach affects thousands across several countries. https://techcrunch.com/2025/04/14/hertz-says-customers-personal-data-and-drivers-licenses-stolen-in-data-breach/

📱 Report: EC issues burner phones for visits to US security news – The European Commission is providing burner devices to staff visiting the US to prevent espionage, reflecting growing concerns over cybersecurity and strained transatlantic relations. https://www.theregister.com/2025/04/15/ec_burner_devices/

💸 Inside the Economy of AI Spammers Getting Rich By Exploiting Disasters and Misery cybercrime – The article explores how accounts like FutureRiderUS profit from creating AI-generated disaster content, manipulating emotions for views, while ethical concerns about misinformation and audience deception grow. https://www.404media.co/inside-the-economy-of-ai-spammers-getting-rich-by-exploiting-disasters-and-misery/

🔒 Android phones will soon reboot if they’re locked for a few days security news – Android devices will now require users to enter their PIN after three days of inactivity to enhance security, helping protect user data from unauthorized access. https://www.theverge.com/news/648757/google-android-update-automatic-reboot-phone-locked

💻 4chan’s ‘cesspool of the internet’ is down after apparently being hacked security news – 4chan's forums are currently inaccessible, leading to speculation and unverified rumors regarding potential data leaks following an apparent hack of the site. https://www.theverge.com/news/648908/4chan-hacked-down-outage-leak

📜 Here’s What Happened to Those SignalGate Messages security news – Attorneys allege that the Trump administration used disappearing Signal messages to evade transparency laws regarding military operations, with new court filings revealing inconsistent efforts to preserve these communications. https://www.wired.com/story/heres-what-happened-to-those-signalgate-messages/

🛒 Massenhaft irreführende Werbung von problematischen Online warning – Problematic online shops are using misleading advertising on social media, particularly on Meta platforms, claiming fake sales and non-existent stores, often featuring AI-generated images and deceptive return policies. https://www.watchlist-internet.at/news/irrefuehrende-werbung-auf-meta-plattformen/

🧊 ICE Just Paid Palantir Tens of Millions for ‘Complete Target Analysis of Known Populations’ security news – ICE has contracted Palantir for tens of millions to enhance its database for target analysis and enforcement priorities, raising concerns about potential rights violations and the impact on immigrant communities. https://www.404media.co/ice-just-paid-palantir-tens-of-millions-for-complete-target-analysis-of-known-populations/

🚨 Whistleblower describes how DOGE tore through NLRB IT system security news – An NLRB tech staffer alleges DOGE operatives were granted unauthorized superuser access, leading to data exfiltration attempts and a Russian IP login. Democratic lawmakers call for an investigation into potential misconduct. https://www.theregister.com/2025/04/17/whistleblower_nlrb_doge/

🔒 Apple released emergency updates for actively exploited flaws vulnerability – Apple has issued urgent updates for iOS, iPadOS, and macOS to fix two vulnerabilities, CVE-2025-31200 and CVE-2025-31201, which have been exploited in sophisticated attacks against targeted individuals. https://securityaffairs.com/176644/security/apple-emergency-updates-actively-exploited-ios-ipados-macos-bugs.html

✍️ Florida draft law mandating encryption backdoors for social media accounts billed 'dangerous and dumb' privacy – A Florida draft bill requiring social media platforms to provide encryption backdoors for law enforcement has passed a committee vote. Critics argue it undermines user security and compromises private communications. https://techcrunch.com/2025/04/17/florida-draft-law-mandating-encryption-backdoors-for-social-media-accounts-billed-dangerous-and-dumb/

💳 New payment-card scam involves a phone call, some malware and a personal tap cybercrime – A new scam targets Android users, using social engineering and NFC-enabled malware called SuperCard X to steal payment card information by tricking victims into sharing details and bringing cards near infected devices. https://therecord.media/new-payment-card-scam-involves-malware-tap

---

Some More, For the Curious

🐎 How I Got Hacked: A Warning about Malicious PoCs hacking write-up – After running a seemingly legitimate PoC exploit, the author unwittingly installed malware that stole sensitive data. A cautionary tale highlighting the risks of unverified code. https://chocapikk.com/posts/2025/s1nk/

🦸‍♂️ PowerShell for Hackers: Exploitation Essentials hacking write-up – PowerShell is a powerful tool for attackers, blending in with normal operations and allowing stealthy post-exploitation activities. Defenders must enhance their security measures against its misuse. https://hetmehta.com/posts/powershell-for-hackers/

🔍 iDRAC to Domain Admin security research – A penetration tester shares a method for escalating privileges to domain admin via iDRAC, highlighting vulnerabilities like default credentials and IPMI hash disclosure. https://infosecwriteups.com/idrac-to-domain-admin-4acb89391070

🔧 p0dalirius/FindUnusualSessions: A tool to remotely detect unusual sessions opened on windows machines using RPC cyber defense – FindUnusualSessions is a Python tool that detects unusual remote sessions on Windows machines using RPC, offering various authentication methods and output formats for analysis. Comment: TOOL https://github.com/p0dalirius/FindUnusualSessions

⏰ Analysis of Threat Actor Activity warning – Fortinet reports a threat actor exploiting known vulnerabilities to maintain read-only access to FortiGate devices. They have implemented mitigations and urged customers to update their systems promptly. https://www.fortinet.com/blog/psirt-blogs/analysis-of-threat-actor-activity

🔍 Chinese espionage group leans on open-source tools to mask intrusions security research – The Chinese hacking group UNC5174 is using open-source tools like VShell and WebSockets to blend in with cybercriminal activity while targeting Western entities, indicating a shift in their tactics. https://cyberscoop.com/chinese-espionage-group-unc5174-open-source-tools/

⚔️ China accuses NSA of launching cyberattacks on Asian Winter Games security news – China has accused three alleged NSA employees of conducting cyberattacks during the Asian Winter Games, claiming they targeted critical infrastructure and event management systems. https://therecord.media/china-accuses-nsa-hack-asian-winter-games

🧟 LLMs Create a New Supply Chain Threat: Code Package Hallucinations vulnerability – Code-generating LLMs can create non-existent package references, leading to security risks as attackers exploit these 'hallucinations' to distribute malicious code. Researchers emphasize the need for detection and mitigation strategies. https://thecyberexpress.com/genai-llm-code-package-hallucinations/

🏢 The Sophos Annual Threat Report: Cybercrime on Main Street 2025 cyber defense – The report highlights the continued threat of ransomware to small and midsized businesses, noting a rise in attacks, evolving tactics, and the importance of securing network edge devices and adopting defense-in-depth strategies. https://news.sophos.com/en-us/2025/04/16/the-sophos-annual-threat-report-cybercrime-on-main-street-2025/

🤯 Researchers claim breakthrough in fight against AI’s frustrating security hole security research – Google DeepMind introduces CaMeL, a new method to combat prompt injection attacks in AI by treating language models as untrusted components and applying established security principles to ensure safe data handling. https://arstechnica.com/information-technology/2025/04/researchers-claim-breakthrough-in-fight-against-ais-frustrating-security-hole/

🛡️ Former CISA director Chris Krebs vows to fight back against Trump-ordered federal investigation security news – Chris Krebs, former CISA director, plans to resign from SentinelOne to contest a federal investigation ordered by Trump, which accuses him of falsely denying election fraud and stripped him of his security clearance. https://techcrunch.com/2025/04/16/former-cisa-director-chris-krebs-vows-to-fight-back-against-trump-ordered-federal-investigation/

⚠️ ‘Stupid and Dangerous’: CISA Funding Chaos Threatens Essential Cybersecurity Program security news – CISA renewed funding for the CVE Program amid concerns over its sustainability, as it plays a critical role in tracking software vulnerabilities. Future independence from government funding is uncertain. https://www.wired.com/story/cve-program-cisa-funding-chaos/

📠 Age Verification Using Facial Scans privacy – Discord is testing facial scansprivacy for age verification, claiming no biometric data is stored. https://www.schneier.com/blog/archives/2025/04/age-verification-using-facial-scans.html

---

CISA Corner

🔑 CISA Releases Guidance on Credential Risks Associated with Potential Legacy Oracle Cloud Compromise warning – CISA warns of potential unauthorized access to a legacy Oracle cloud environment, highlighting risks related to exposed credentials that could lead to unauthorized access across systems and long-term security threats. https://www.cisa.gov/news-events/alerts/2025/04/16/cisa-releases-guidance-credential-risks-associated-potential-legacy-oracle-cloud-compromise

⚙️ CISA Releases Nine Industrial Control Systems Advisories vulnerability – CISA has issued nine advisories detailing vulnerabilities and security issues for various Industrial Control Systems, urging users to review the advisories for mitigation strategies. https://www.cisa.gov/news-events/alerts/2025/04/15/cisa-releases-nine-industrial-control-systems-advisories ⚙️ CISA Releases Six Industrial Control Systems Advisories vulnerability – CISA has issued six advisories detailing vulnerabilities in various Industrial Control Systems, urging users to review them for important security information and mitigation strategies. https://www.cisa.gov/news-events/alerts/2025/04/17/cisa-releases-six-industrial-control-systems-advisories

⚠️ CISA Adds One Known Exploited Vulnerability to Catalog warning – CISA has added CVE-2021-20035, a SonicWall SMA100 Appliances OS command injection vulnerability, to its Known Exploited Vulnerabilities Catalog, highlighting its active exploitation and risk to federal networks. https://www.cisa.gov/news-events/alerts/2025/04/16/cisa-adds-one-known-exploited-vulnerability-catalog ⚠️ CISA Adds Three Known Exploited Vulnerabilities to Catalog warning – CISA has added three vulnerabilities, including two Apple memory corruption issues and a Microsoft NTLM hash disclosure vulnerability, to its Known Exploited Vulnerabilities Catalog due to active exploitation concerns. https://www.cisa.gov/news-events/alerts/2025/04/17/cisa-adds-three-known-exploited-vulnerabilities-catalog

---

While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.

In case you want more #IOT in your life, Eaton ships remotely actuated circuit breakers.

The breakers are provisioned using a “BlinkUp” system through your phone. You start the provisioning on your device, then put your screen to the sensor on the circuit breaker, your screen blinks a number of times sending WiFi credentials to the device, and then the latter connects to the Electric Imp servers. Eaton is using impOs as the basis of their offering, and Electric Imp is adamant they are secure.

Now, Eaton provides API to these circuit breakers – https://api.em.eaton.com/docs, but there is no true local access – there is apparently a way to get local control, but your device must phone home weekly to receive configuration that would allow you to talk to your device locally.

As I was writing this I decided to scan GitHub for the URLs I found so far, and, well, people smarter than me have already written a home_assistant integration against #SEW, but it is a bit different from what I saw in the field:

• https://github.com/cnecrea/hidroelectrica

I'd still like to describe how to locate the endpoints and the login process, so here we go...

This is the second post about #SEW SCM API – Smart Customer Mobile API by Smart Energy Water, this time we will learn about different APIs using real world utility websites.

It appears that there are at least two different API “flavors”. The one that uses ModuleName.svc/MethodNameMob naming convention and usually resides under PortalService endpoint, and the newer one, which lives under /API/.

So e.g. Nebraska Public Power District has endpoints at https://onlineaccount.nppd.com/PortalService/, e.g. https://onlineaccount.nppd.com/PortalService/UserLogin.svc/help. Rochester Public Utilities runs a different set of endpoints, with the root at https://connectwith.rpu.com/api.

The endpoints for the latter API can also be browsed at https://scmcx.smartcmobile.com/API/Help/.

Different utilities pay for different set of modules, and here's some of the modules I have discovered so far:

• AdminBilling
• CompareSpending
• ConnectMe
• EnergyEfficiency
• Generation
• Notifications
• Outage
• PaymentGateway
• Usage
• UserAccount
• UserLogin

For /PortalService/ endpoints you can visit BASE_URL + /PortalService/ + ModuleName + .svc + /help to get the list of RPC calls you can issue. In order to find out what to send in the requests, you need to look into the calls within the apps for your utility. Note that some utilities opted out of the AES/CBC/PKCS5Padding PasswordPassword encryption, so let's hope this will be a trend forward. Currently SEW web portals talk to a completely different set of APIs to populate the interface, even though they are querying the same thing.

So to start, here's how to login to your favorite utility:

from typing import Mapping, Any

import base64
import json
import hashlib
import requests
import urllib.parse

from Crypto.Cipher import AES

BASE_URL = "https://example.com/PortalService"


def _encrypt_query(
    params: Mapping[str, str], encryption_key: str = "PasswordPassword"
) -> str:
    """Encrypt with AES/CBC/PKCS5Padding."""
    cipher = AES.new(encryption_key, AES.MODE_CBC, IV=encryption_key)

    cleartext = urllib.parse.urlencode(params).encode()

    # PKCS5 Padding - https://www.rfc-editor.org/rfc/rfc8018#appendix-B.2.5
    padding_length = 16 - len(cleartext) % 16
    cleartext += padding_length * chr(padding_length).encode()

    return base64.b64encode(cipher.encrypt(cleartext)).decode("ascii")


def request(module: str, method: str, data: Mapping[str, Any]) -> Mapping[str, str]:
    enc_query = _encrypt_query(data)
    # Or module + '.svc/'
    url = BASE_URL + "/" + module + "/" + method

    resp = requests.post(url, json={"EncType": "A", "EncQuery": enc_query})
    if not resp.ok:
        raise Exception(resp.status_code)
    return resp.json()


password_digest = hashlib.sha256("PASSWORD".encode()).hexdigest()
# Or ValidateUserLoginMob
response = request(
    "UserLogin",
    "ValidateUserLogin",
    {"UserId": "USERNAME", "Password": password_digest},
)
print(response)

response will contain some object, you will need LoginToken and AccountNumber to proceed with most of the other calls.

It's a bit awkward that different utilities have different endpoints, which makes creating a universal client challenging, so for now I am researching the ways to get info from the Usage module. The parameters are weird (“type”: “MI”, or “HourlyType”: “H”), but we will get there.

Once upon a time I learned about Opower HomeAssistant integration. But my utility does not use Opower, it was using something called “Smart Energy Water”.

Smart Energy Water, or #SEW is a SaaS provider, and they ship the whole thing – the backend, frontend, and the phone apps, the latter under the name SCM, which means Smart Customer Mobile.

So I embarked on a journey to figure out how these phone apps worked and, if successful, get my data out and into homeassistant.

APK

I pulled an APK of my utility from Google Play Store and found that something secret is hidden in a libnative-lib.so binary, under com.sew.scm.gcm.SecureConstant, under a few methods returning String, and some methods that decrypt these strings using a heavily obfuscated set of routines, which essentially XOR'd (in case of Android APK) the values of gcm_default_sender_id + google_app_id + Android_App_RatingConstant_File, all the values from the strings.xml within the app resources.

One of the decoded tokens contains a key for request encryption. It was ...

PasswordPassword

SCM apps use private APIs. In order to remain private and hard to use the requests are encrypted.

You urlencode the parameters into key=value&key1=value1... form, then encrypt the resulting string using AES-CBC with PKCS5 Padding (16 bytes variant) using PasswordPassword as both the key and IV.

Then you send {"EncType": "A", "EncQuery": "base64-encoded-encrypted-string"}, and receive response from one of the .../API/Module/MethodName endpoints. The response will be JSON with no extra encryption, so it is definitely a deterrent against making requests, not a security feature.

Login

Armed with that knowledge, and some help from exposed API listing on one of the utility websites I found that I need to use ValidateUserLoginMob call expecting userid and password.

However, password had to be base64-encoded result of applying a secret scheme from that SecurityConstant module above. It is always SHA256.

So my first https://utility.example.net/API/UserLogin/ValidateUserLogin was a success, I got LoginToken and AccountNumber, which was all we needed to start poking APIs.

Tada!

If your utility uses SEW SCM, i.e. one of these at https://play.google.com/store/apps/developer?id=Smart+Energy+Water, you should be able to get API listing by visiting the web interface, and appending /API/Help. Or, if your utility runs an older version of SCM, replace /portal/ with /portalservice/UserLogin.svc/help or /portalservice/Usage.svc/help. You may get the .NET API definitions.

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!

---

Highlight

🔍 Regierung will Messenger-Überwachung vor dem Sommer beschließen privacy – Die österreichische Regierung plant, die Überwachung von Messenger-Diensten zur Bekämpfung von Terrorismus einzuführen, trotz Bedenken über mögliche Massenüberwachung und verfassungsrechtliche Fragen. https://futurezone.at/netzpolitik/messenger-ueberwachung-whatsapp-oesterreich-regierung-chat-staatstrojaner-oevp-spoe-neos-pegasus/403030634

---

News For All

🎨 Social Media Flooded with Ghibli AI Images—But What Are We Really Feeding the Algorithms? privacy – The viral trend of AI-generated Ghibli-style portraits raises privacy concerns as users unknowingly share sensitive facial data, potentially fueling identity theft and misuse of personal information. https://thecyberexpress.com/social-media-flooded-with-ghibli-ai-images/

🙈 UK's demand for Apple backdoor should not be heard in secret, says court privacy – The UK government lost its attempt to keep secret a surveillance order against Apple, allowing parts of the case to be public despite national security concerns over accessing encrypted data. https://techcrunch.com/2025/04/07/uk-demand-for-apple-backdoor-should-not-be-heard-in-secret-says-court/

😶‍🌫️ Oracle tells customers its public cloud was compromised data breach – Oracle has admitted to a data breach of its public cloud, revealing the theft of client data, including security keys, after initially denying the incident amid claims of exploitation of unpatched vulnerabilities. https://www.theregister.com/2025/04/08/oracle_cloud_compromised/

🤖 Russian bots hard at work spreading political unrest on Romania's internet security news – An investigation reveals a surge in pro-Russian propaganda on Romanian social media, inciting anti-EU sentiment and support for Putin, with bots promoting divisive messages and false narratives. https://www.bitdefender.com/en-us/blog/hotforsecurity/russian-bots-hard-at-work-spreading-political-unrest-on-romanias-internet

🔒 Google fixed two actively exploited Android zero vulnerability – Google's April 2025 security update fixed 62 vulnerabilities, including two actively exploited zero-days affecting the Linux kernel and ALSA USB audio, highlighting ongoing security risks in Android. https://securityaffairs.com/176337/hacking/google-fixed-two-actively-exploited-android-zero-days.html

🔍 To tackle espionage, Dutch government plans to screen university students and researchers security news – The Dutch government plans to vet university students and researchers accessing sensitive technology to combat espionage, assessing backgrounds amid rising concerns over foreign threats, particularly from China. https://therecord.media/netherlands-plan-vetting-researchers-students-espionage

🔧 WhatsApp fixed a spoofing flaw that could enable Remote Code Execution vulnerability – WhatsApp patched CVE-2025-30401, a spoofing vulnerability in Windows versions before 2.2450.6, allowing attackers to execute remote code by sending files with misleading MIME types. https://securityaffairs.com/176357/security/whatsapp-fixed-a-spoofing-flaw-that-could-enable-remote-code-execution.html

🗼 Governments identify dozens of Android apps bundled with spyware malware – A coalition of governments has revealed that numerous legitimate-looking Android apps, identified as spyware families BadBazaar and Moonshine, were used to target civil society groups opposing Chinese state interests. https://techcrunch.com/2025/04/09/governments-identify-dozens-of-android-apps-bundled-with-spyware/

👁️‍🗨️ Spyware Maker NSO Group Is Paving a Path Back Into Trump’s America cybercrime – NSO Group is shifting lobbying strategies to regain access to US markets under a new administration, raising concerns about surveillance and human rights abuses. https://www.wired.com/story/nso-group-the-vogel-group-lobbying-trump-administration/

🛡️ Cyber experts offer lukewarm praise for voluntary code governing use of commercial hacking tools security news – Cybersecurity professionals gave mixed reviews to a new voluntary code for using commercial hacking tools, expressing cautious optimism while noting concerns over human rights and the absence of the U.S. as a signatory. https://cyberscoop.com/pall-mall-process-global-cybersecurity-code-conduct-commercial-hacking-tools/

🩻 Researcher uncovers dozens of sketchy Chrome extensions with 4 million installs malware – A researcher discovered 35 suspicious Chrome extensions, collectively installed on over 4 million devices, that exhibit spyware-like behavior, including excessive permissions and obfuscated code, raising concerns about their safety. https://arstechnica.com/security/2025/04/researcher-uncovers-dozens-of-sketchy-chrome-extensions-with-4-million-installs/

💔 Lab provider for Planned Parenthood discloses breach affecting 1.6 million people data breach – Laboratory Services Cooperative reported a data breach affecting 1.6 million individuals, revealing sensitive medical and personal information after a cyberattack discovered in October. Victims are offered credit monitoring services. https://therecord.media/lab-provider-planned-parenthood-breach

📨 That groan you hear is users’ reaction to Recall going back into Windows security news – Microsoft is reintroducing Recall, an AI tool in Windows 11 that screenshots and indexes user activity, prompting privacy concerns despite opt-in features. Critics warn it could expose sensitive information and be exploited by malicious actors. https://arstechnica.com/security/2025/04/microsoft-is-putting-privacy-endangering-recall-back-into-windows-11/

⚠️ Attackers are exploiting recently disclosed OttoKit WordPress plugin flaw vulnerability – Attackers are actively exploiting a critical vulnerability (CVE-2025-3102) in the OttoKit WordPress plugin, allowing unauthorized admin account creation on unconfigured sites. Immediate updates are advised to mitigate risks. https://securityaffairs.com/176461/security/ottokit-wordpress-plugin-flaw-exploitation.html

💻 Back in the Game: Privacy Concerns of Second-Hand Game Consoles security research – Game consoles have been able to store personally identifiable information for years; what is less well known is what remains when they are bought or sold on the second-hand market. We share the results of two case studies on Nintendo devices: the Switch and the 3DS. https://www.computer.org/csdl/magazine/sp/5555/01/10960377/25LWluDWP8A

---

Some More, For the Curious

🛞 The Renaissance of NTLM Relay Attacks: Everything You Need to Know hacking write-up – NTLM relay attacks, once thought outdated, are resurging as a serious threat, allowing attackers to easily compromise systems through lateral movement without needing to crack passwords. https://posts.specterops.io/the-renaissance-of-ntlm-relay-attacks-everything-you-need-to-know-abfc3677c34e

🎣 VibeScamming — From Prompt to Phish: Benchmarking Popular AI Agents’ Resistance to the Dark Side security research – A new benchmark reveals how generative AI can easily facilitate phishing scams, with different AI platforms showing varied levels of resistance to misuse, raising urgent security concerns. https://labs.guard.io/vibescamming-from-prompt-to-phish-benchmarking-popular-ai-agents-resistance-to-the-dark-side-1ec2fbdf0a35

🤔 The controversial case of the threat actor EncryptHub cybercrime – EncryptHub, a conflicted figure in cybersecurity, reported two Windows vulnerabilities while also engaging in cybercrime, highlighting the balance between ethical research and criminal activity. https://securityaffairs.com/176251/cyber-crime/the-controversial-case-of-the-threat-actor-encrypthub.html

🐈 APT group ToddyCat exploits a vulnerability in ESET for DLL proxying security research – The ToddyCat APT group exploited a vulnerability in ESET's Command Line Scanner to execute malware stealthily, utilizing DLL proxying and an old malicious tool modified for their purposes. https://securelist.com/toddycat-apt-exploits-vulnerability-in-eset-software-for-dll-proxying/116086/

🏔️ Someone hacked ransomware gang Everest’s leak site security news – The Everest ransomware gang's leak site was hacked and defaced with a message against crime, though it remains unclear if a data breach occurred. https://techcrunch.com/2025/04/07/someone-hacked-everest-ransomware-gang-dark-web-leak-site/

💻 Windows Remote Desktop Protocol: Remote to Rogue cyber defense – A phishing campaign attributed to UNC5837 exploited RDP by using signed .rdp files to access victim systems, allowing file exfiltration and clipboard capture, underscoring RDP's security risks. https://cloud.google.com/blog/topics/threat-intelligence/windows-rogue-remote-desktop-protocol/

🛡️ Server in der EU und eigene Schlüssel: Schützt das vor US-Zugriffen? privacy – Despite claims from US cloud providers about data security in EU data centers, physical server locations and encryption measures do not guarantee protection from US government access due to laws like the CLOUD Act. https://www.kuketz-blog.de/server-in-der-eu-und-eigene-schluessel-schuetzt-das-vor-us-zugriffen/

🔒 Zero Day Initiative — The April 2025 Security Update Review security news – In April 2025, Adobe and Microsoft released updates addressing multiple vulnerabilities, including critical flaws in Adobe products and 124 CVEs from Microsoft, with a focus on security risks and active exploits. https://www.thezdi.com/blog/2025/4/8/the-april-2025-security-update-review

👧 “The girl should be calling men.” Leak exposes Black Basta’s influence tactics. security research – A leak of 190,000 messages from the Black Basta ransomware group reveals their structured operations, including social engineering tactics, vulnerability exploitation, and negotiation strategies during ransom demands. https://arstechnica.com/security/2025/04/leaked-messages-expose-trade-secrets-of-prolific-black-basta-ransomware-group/

🔑 Critical Fortinet FortiSwitch flaw allows remote attackers to change admin passwords vulnerability – Fortinet has patched a critical vulnerability (CVE-2024-48887) in FortiSwitch devices, allowing remote attackers to change admin passwords. Users are advised to disable HTTP/HTTPS access as a temporary measure. https://securityaffairs.com/176380/security/fortinet-fortiswitch-flaw.html

🐛 How cyberattackers exploit domain controllers using ransomware cyber defense – Cyberattackers are increasingly targeting domain controllers in ransomware attacks, leveraging high-privilege accounts and centralized network access to inflict widespread damage, necessitating enhanced security measures. https://www.microsoft.com/en-us/security/blog/2025/04/09/how-cyberattackers-exploit-domain-controllers-using-ransomware/

🩼 Tainted drive appears to be source of malware attack on Western military mission in Ukraine security research – The Russia-backed group Gamaredon exploited an infected removable drive to deploy updated GammaSteel malware against a Ukraine-based military mission, showcasing increased sophistication in their cyberespionage tactics. https://therecord.media/gamaredon-removable-drive-malware-western-military-mission-ukraine

🖖 AI Vulnerability Finding security news – Microsoft's AI has identified multiple vulnerabilities in GRUB2 and U-Boot, which could potentially allow attackers to bypass security on devices using UEFI Secure Boot. https://www.schneier.com/blog/archives/2025/04/ai-vulnerability-finding.html

🧧 China Secretly (and Weirdly) Admits It Hacked US Infrastructure security news – In a rare admission, Chinese officials acknowledged hacking U.S. infrastructure during a secret meeting, attributing the attacks to U.S. policies on Taiwan. The disclosure adds tension amid ongoing cybersecurity concerns. https://www.wired.com/story/china-admits-hacking-us-infrastructure/

🚧 STRIDE GPT cyber defense – STRIDE GPT is an AI-driven threat modeling tool that generates threat models and attack trees based on the STRIDE methodology, allowing users to input application details and providing various features such as risk scoring and customizable reports. https://github.com/mrwadams/stride-gpt

---

CISA Corner

🗞️ Fortinet Releases Advisory on New Post-Exploitation Technique for Known Vulnerabilities security news – Fortinet issued an advisory regarding a threat actor exploiting vulnerabilities in FortiGate products to create a malicious file that grants read-only access to device files. Users are advised to upgrade their systems and reset credentials. https://www.cisa.gov/news-events/alerts/2025/04/11/fortinet-releases-advisory-new-post-exploitation-technique-known-vulnerabilities

⚠️ CISA Adds One Known Exploited Vulnerability to Catalog warning – CISA has added CVE-2025-31161, an authentication bypass vulnerability in CrushFTP, to its Known Exploited Vulnerabilities Catalog due to evidence of active exploitation, emphasizing the risk to federal networks. https://www.cisa.gov/news-events/alerts/2025/04/07/cisa-adds-one-known-exploited-vulnerability-catalog ⚠️ CISA Adds Two Known Exploited Vulnerabilities to Catalog warning – CISA has added two vulnerabilities to its Known Exploited Vulnerabilities Catalog: CVE-2025-30406 related to Gladinet CentreStack and CVE-2025-29824 affecting Microsoft Windows, highlighting risks to federal networks. https://www.cisa.gov/news-events/alerts/2025/04/08/cisa-adds-two-known-exploited-vulnerabilities-catalog ⚠️ CISA Adds Two Known Exploited Vulnerabilities to Catalog warning – CISA has included two Linux kernel vulnerabilities, CVE-2024-53197 and CVE-2024-53150, in its Known Exploited Vulnerabilities Catalog due to active exploitation, highlighting risks to federal networks. https://www.cisa.gov/news-events/alerts/2025/04/09/cisa-adds-two-known-exploited-vulnerabilities-catalog

⚙️ CISA Releases Ten Industrial Control Systems Advisories vulnerability – CISA issued ten advisories on April 10, 2025, addressing vulnerabilities in various Industrial Control Systems, including Siemens and Rockwell Automation products, urging users to review for mitigations. https://www.cisa.gov/news-events/alerts/2025/04/10/cisa-releases-ten-industrial-control-systems-advisories

---

While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.

רָז

(...) 14 1 17 22 7 16 14 26 18 7 2 3 14 6 6 7 21 14 7 2 1 18 26 2 5 1 22 1 20 14 17 14 26 15 18 21 18 25 17 15 18 19 2 5 18 21 22 26 14 10 2 26 14 1 16 25 2 7 21 18 17 22 1 20 14 5 26 18 1 7 6 2 19 7 21 18 6 8 1 14 1 17 14 17 22 14 17 18 26 2 19 18 26 18 5 14 25 17 8 3 2 1 21 18 5 15 5 2 10 14 1 17 8 3 2 1 7 21 18 17 22 14 17 18 26 10 14 6 22 1 6 16 5 22 15 18 17 26 12 6 7 18 5 12 14 1 17 7 21 18 21 18 14 5 7 2 19 26 14 1 7 5 18 26 15 25 18 17 22 1 7 21 18 7 18 26 3 18 6 7 14 1 17 21 18 10 14 6 8 1 14 15 25 18 7 2 8 7 7 18 5 14 10 2 5 17 19 2 5 21 22 6 18 12 18 6 10 18 5 18 15 25 22 1 17 18 17 15 12 7 21 18 15 5 22 25 25 22 14 1 16 18 14 1 17 21 22 6 26 22 1 17 16 2 8 25 17 1 2 7 16 2 26 3 5 18 21 18 1 17 7 21 18 25 18 7 7 18 5 6 8 3 2 1 21 18 5 17 22 14 17 18 26 19 2 5 26 14 1 24 1 18 10 1 2 7 12 18 7 7 21 18 6 22 20 1 6 1 2 5 8 1 17 18 5 6 7 2 2 17 7 21 18 26 18 14 1 22 1 20 2 19 7 21 18 18 1 20 5 14 9 22 1 20 6 7 21 18 1 7 21 18 10 2 26 14 1 17 5 18 10 1 22 20 21 14 1 17 6 3 14 24 18 6 14 12 22 1 20 22 14 26 18 9 18 10 21 2 6 2 18 9 18 5 3 14 6 6 18 7 21 1 2 7 7 21 5 2 8 20 21 26 18 6 21 14 25 25 1 2 7 14 7 7 14 22 1 8 1 7 2 20 2 17 7 21 18 5 18 19 2 5 18 17 22 17 26 12 16 5 18 14 7 2 5 16 14 25 25 26 18 7 21 18 26 2 7 21 18 5 2 19 7 21 18 25 22 9 22 1 20 14 1 17 14 17 14 26 5 18 23 2 22 16 18 17 21 22 6 21 18 14 5 7 10 14 6 10 14 5 26 18 17 14 1 17 14 6 26 22 25 18 17 22 17 6 21 22 1 18 8 3 2 1 21 22 6 16 2 8 1 7 18 1 14 1 16 18 1 2 10 22 7 16 14 26 18 7 2 3 14 6 6 7 21 14 7 2 1 14 16 18 5 7 14 22 1 17 14 12 10 21 18 1 7 21 18 21 18 14 7 10 14 6 20 5 18 14 7 14 1 17 18 9 18 17 22 17 17 5 22 1 24 19 5 2 26 7 21 18 10 18 25 25 6 14 7 14 1 14 22 25 3 14 6 6 18 17 7 21 5 2 8 20 21 18 17 18 1 15 2 10 18 17 2 9 18 5 7 21 18 19 2 8 1 7 14 22 1 18 9 18 17 5 14 1 24 7 21 18 21 18 26 2 19 21 18 5 20 14 5 26 18 1 7 10 14 6 25 22 19 7 18 17 14 1 17 21 18 5 25 18 20 10 14 6 19 8 25 25 12 5 18 9 18 14 25 18 17 6 14 7 14 1 14 22 25 15 18 21 18 25 17 21 18 5 25 18 20 10 21 22 7 18 14 6 7 21 18 26 22 25 24 10 21 22 7 18 16 21 14 25 16 18 17 2 1 12 14 1 17 17 18 6 22 5 18 6 7 22 5 5 18 17 10 22 7 21 22 1 21 22 6 21 18 14 5 7 17 18 6 22 5 18 15 18 20 14 7 3 14 6 6 22 2 1 14 1 17 3 14 6 6 22 2 1 25 2 1 20 22 1 20 14 1 17 19 2 5 7 21 18 19 22 5 6 7 7 22 26 18 6 14 7 14 1 14 22 25 17 22 17 12 18 14 5 1 19 2 5 14 10 2 26 14 1 10 21 18 1 2 1 18 26 2 5 1 22 1 20 18 9 18 6 25 18 3 7 15 18 1 18 14 7 21 7 21 18 6 21 14 17 18 2 19 14 20 5 18 14 7 16 18 17 14 5 6 14 7 14 1 14 22 25 19 22 5 6 7 17 22 6 16 18 5 1 18 17 7 21 14 7 6 21 18 10 14 6 19 14 22 5 19 2 5 21 18 25 2 1 20 18 17 19 2 5 21 18 5 12 18 7 6 21 8 1 1 18 17 7 2 20 14 13 18 8 3 2 1 21 18 5 19 2 5 26 14 1 17 1 2 10 21 18 15 18 21 18 25 17 21 18 5 21 18 5 25 22 3 6 10 18 5 18 14 6 16 5 22 26 6 2 1 14 1 17 21 18 5 15 5 2 10 6 17 22 17 16 14 6 7 14 9 22 2 25 18 7 6 21 14 17 2 10 8 3 2 1 21 18 5 18 12 18 6 6 21 18 22 6 19 14 22 5 4 8 2 7 21 6 14 7 14 1 14 22 25 14 1 17 21 18 17 18 6 22 5 18 17 21 18 5 14 1 17 10 21 18 1 18 9 18 14 10 2 24 18 6 14 7 14 1 14 22 25 3 5 18 6 18 1 7 18 17 8 1 7 2 21 18 5 14 9 18 6 6 18 25 19 22 25 25 18 17 10 22 7 21 23 8 22 16 18 2 19 16 8 26 22 1 14 1 17 6 18 18 17 6 2 19 26 14 1 17 5 14 24 18 6 14 1 17 7 21 18 10 2 26 14 1 25 14 8 20 21 18 17 14 6 22 1 14 17 5 18 14 26 6 21 18 25 14 8 20 21 18 17 14 1 17 16 25 2 6 18 17 21 18 5 18 12 18 6 7 21 18 1 22 1 14 17 14 13 18 6 21 18 17 5 14 1 24 2 19 7 21 18 3 2 7 22 2 1 14 1 17 7 21 18 17 5 22 1 24 10 14 6 10 14 5 26 19 5 14 20 5 14 1 7 14 1 17 22 1 7 2 11 22 16 14 7 22 1 20 14 1 17 14 6 6 21 18 17 5 14 1 24 18 9 18 10 14 6 22 20 1 22 7 18 17 21 18 5 18 12 18 6 15 18 16 14 26 18 26 2 22 6 7 14 1 17 21 18 5 20 14 13 18 20 5 18 10 17 22 26 14 6 7 21 18 25 2 2 24 2 19 14 26 14 17 26 14 1 6 21 18 16 2 8 25 17 1 2 7 5 18 6 7 5 14 22 1 21 18 5 19 25 18 6 21 14 1 17 19 2 5 7 21 18 19 22 5 6 7 7 22 26 18 6 21 18 24 1 18 10 7 21 14 7 6 21 18 10 14 6 14 10 2 26 14 1 14 1 17 6 21 18 7 21 18 1 6 8 5 5 18 1 17 18 5 18 17 21 18 5 6 18 25 19 8 1 7 2 6 14 7 14 1 14 22 25 6 21 18 12 22 18 25 17 18 17 8 1 7 2 21 22 26 15 2 25 17 25 12 14 1 17 10 22 7 21 2 8 7 6 21 14 26 18 25 22 24 18 8 1 7 2 14 10 2 26 14 1 10 21 2 21 14 7 21 24 1 2 10 1 26 14 1 12 26 18 1 14 1 17 10 21 18 1 6 14 7 14 1 14 22 25 17 18 3 14 5 7 18 17 19 5 2 26 21 18 5 6 21 18 6 7 22 25 25 10 5 22 7 21 18 17 22 1 7 21 18 7 21 5 2 18 6 2 19 21 18 5 8 1 4 8 18 1 16 21 18 17 3 14 6 6 22 2 1 14 1 17 6 21 18 16 14 25 25 18 17 8 1 7 2 21 22 26 10 22 7 21 21 18 5 20 14 13 18 14 1 17 6 21 18 5 18 26 18 26 15 18 5 18 17 7 21 18 7 8 26 8 25 7 8 2 8 6 26 14 17 1 18 6 6 2 19 26 14 1 25 12 21 14 1 17 6 15 8 7 14 19 7 18 5 7 21 18 6 22 1 6 14 7 14 1 14 22 25 19 18 25 7 10 18 14 24 14 1 17 16 2 8 25 17 16 5 18 14 7 18 1 14 8 20 21 7 21 22 6 18 12 18 6 10 18 5 18 17 14 5 24 18 1 18 17 14 1 17 18 9 18 15 18 21 18 25 17 7 21 14 7 21 18 6 8 19 19 18 5 18 17 8 3 2 1 21 22 6 19 14 16 18 10 14 6 10 5 22 7 7 18 1 14 1 8 1 24 1 2 10 1 25 2 1 20 22 1 20 14 6 2 5 5 2 10 19 2 5 6 2 26 18 7 21 22 1 20 1 18 10 14 1 17 22 20 1 2 5 14 1 16 18 3 5 18 6 6 18 17 8 3 2 1 21 22 6 6 2 8 25 14 1 17 21 18 25 2 2 24 18 17 1 2 7 8 3 2 1 7 21 18 10 2 26 14 1 10 22 7 21 18 12 18 6 2 19 17 18 6 22 5 18 14 1 17 18 9 18 10 14 6 7 5 2 8 15 25 18 17 19 2 5 6 14 7 14 1 14 22 25 21 14 17 16 14 6 7 21 18 5 14 6 22 17 18 19 2 5 21 18 10 14 6 6 7 5 2 1 20 14 1 17 21 22 6 20 14 13 18 10 14 6 14 6 7 21 18 6 8 1 14 1 17 21 22 6 24 22 6 6 15 8 5 1 18 17 25 22 24 18 14 25 22 9 22 1 20 16 2 14 25 (...)

Като вехтошар на спомени, аз искрено вярвам в идеята за енергията, таяща се във всяко нещо – от човека, с който разговаряш – до пръстена на баба ти, който носиш.

Но

Вещите помнят ли завинаги? Има ли давност приетата енергия? Забравят ли те имената на собствениците си, както ние забравяме имената на познати?

Или просто не можеш да усетиш енергията на някои предмети, както някои хора не те допускат до себе си веднага?

---

“I like this car,” Yuki spoke up after a while. “What is it?” “A Subaru,” I said. “I got it used from a friend. Not many people look twice at it.” “I don’t know much about cars, but I like the way it feels.” “It’s probably because I shower it with warmth and affection.” “So that makes it nice and friendly?” “Harmonics,” I explained. “What?” “The car and I are pals. We help each other out. I enter its space, and I give off good vibes. Which creates a nice atomsphere. The car picks up on that. Which makes me feel good, and it makes the car feel good too.” “A machine can feel good?” “You didn’t know that? Don’t ask me how, though. Machines can get happy, but they can get angry too. I have no logical explanation for it. I just know from experience.” “You mean, machines are like humans?” I shook my head. “No, not like humans. With machines, the feeling is, well, more finite. It doesn’t go any further. With humans, it’s different. The feeling is always changing. Like if you love somebody, the love is always shifting or wavering. It’s always questioning or inflating or disappearing or denying or hurting. And the thing is, you can’t do anything about it, you can’t control it. With my Subaru, it’s not so complicated.”

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!

---

News For All

🚗 Europcar GitLab breach exposes data of up to 200,000 customers data breach – A breach of Europcar's GitLab exposed source code and personal data of up to 200,000 customers, with no financial information compromised. The company is assessing the damage and notifying affected users. https://www.bleepingcomputer.com/news/security/europcar-gitlab-breach-exposes-data-of-up-to-200-000-customers/

📱 Evolution of Sophisticated Phishing Tactics: The QR Code Phenomenon security research – Phishing attacks are evolving with QR codes that disguise malicious URLs, using legitimate redirection techniques and human verification to enhance deception. This trend highlights the need for improved security awareness. https://unit42.paloaltonetworks.com/qr-code-phishing/

💸 £3 million fine for healthcare MSP with sloppy security after it was hit by ransomware attack security news – Advanced Computer Software Group was fined £3 million for inadequate security measures, leading to a ransomware attack that compromised personal data of over 79,000 individuals and disrupted NHS services. https://www.exponential-e.com/blog/3-million-fine-for-healthcare-msp-with-sloppy-security-after-it-was-hit-by-ransomware-attack

🛡️ Flirts: Was tun, wenn ich mit Nacktfotos erpresst werde? privacy – The Take It Down service helps individuals under 18 report and prevent the unwanted spread of intimate images on various platforms, ensuring their photos remain secure. https://www.watchlist-internet.at/news/online-flirts-was-tun-wenn-ich-mit-nacktfotos-erpresst-werde/

🚨 An AI Image Generator’s Exposed Database Reveals What People Really Used It For data breach – An exposed database from AI image generator GenNomis revealed over 95,000 explicit images, including AI-generated child sexual abuse material. This incident underscores the urgent need for better controls and regulations on AI-generated content. https://www.wired.com/story/genomis-ai-image-database-exposed/

📩 The Weaponization of PDFs: 68% of Cyber attacks begin in your inbox, with 22% of these hiding in PDFs cybercrime – PDFs are increasingly used in cyber attacks, with 22% of malicious email attachments hiding threats. Their complexity allows attackers to bypass security measures, making them a significant risk. https://blog.checkpoint.com/research/the-weaponization-of-pdfs-68-of-cyberattacks-begin-in-your-inbox-with-22-of-these-hiding-in-pdfs/

🧬 Open Source Genetic Database Shuts Down to Protect Users From 'Authoritarian Governments' security news – OpenSNP founder Bastian Greshake Tzovaras has shut down the genetic database due to concerns over its potential misuse by authoritarian governments, prioritizing user safety over scientific data preservation. https://www.404media.co/open-source-genetic-database-opensnp-shuts-down-to-protect-users-from-authoritarian-governments/

🐨 The North Korea worker problem is bigger than you think cybercrime – North Korean nationals have infiltrated global businesses, gaining high-level access and performing roles beyond IT. Their presence raises significant security concerns as they could exploit their positions for espionage or sabotage. https://cyberscoop.com/north-korea-technical-workers-full-time-jobs/

🔥 Oracle under fire for its handling of separate security incidents security news – Oracle faces backlash for its management of two data breaches, one involving patient data at Oracle Health and another regarding alleged Oracle Cloud server breaches, as transparency remains lacking. https://techcrunch.com/2025/03/31/oracle-under-fire-for-its-handling-of-separate-security-incidents/

⚖️ France’s antitrust authority fines Apple €150M for issues related to its App Tracking Transparency security news – France fines Apple €150M for abusing its market dominance in App Tracking Transparency practices, found to disadvantage third-party apps and distort competition, despite the framework's intended privacy goals. https://securityaffairs.com/176092/laws-and-regulations/frances-antitrust-authority-fines-apple-e150m.html

🔍 Cybersecurity Professor Mysteriously Disappears as FBI Raids His Homes security news – Professor Xiaofeng Wang, a prominent cybersecurity expert, has gone missing following FBI raids on his homes. Indiana University has erased his and his wife's profiles amid an unexplained investigation. https://www.wired.com/story/cybersecurity-professor-mysteriously-disappears-as-fbi-raids-his-homes/

🔐 European Commission takes aim at end-to-end encryption and proposes Europol become an EU FBI security news – The European Commission unveiled its ProtectEU strategy, aiming to enhance internal security and establish Europol as a robust police agency, while seeking lawful access to encrypted data amidst ongoing security challenges. https://therecord.media/european-commission-takes-aim-encryption-europol-fbi-proposal

🪱 Apple issues fixes for vulnerabilities in both old and new OS versions vulnerability – Apple released security updates addressing 62 vulnerabilities in iOS and iPadOS, 131 in macOS, and two zero-day vulnerabilities in older OS versions, including risks to sensitive data and unauthorized actions. https://cyberscoop.com/apple-security-update-march-2025/

📧 Trump adviser reportedly used personal Gmail for ‘sensitive’ military discussions security news – A Washington Post report raises concerns about US National Security Advisor Michael Waltz using personal Gmail for sensitive military discussions, following a recent Signal leak. https://www.theverge.com/news/641144/michael-waltz-gmail-national-security-signal

🚨 T-Mobile Shows Users the Names, Pictures, and Exact Locations of Random Children privacy – T-Mobile's SyncUP GPS tracker malfunctioned, displaying the real-time locations of random children instead of users' own kids, raising serious privacy concerns among parents. https://www.404media.co/t-mobile-shows-users-the-names-pictures-and-exact-locations-of-random-children/

🚫 CSAM platform Kidflix shut down by international operation cybercrime – A major international operation led to the shutdown of the CSAM platform Kidflix, resulting in 79 arrests and the protection of 39 children, with authorities seizing 72,000 illegal videos. https://therecord.media/csam-platform-kidflix-shut-down-europol

⚠️ AI bots strain Wikimedia as bandwidth surges 50% security news – Wikimedia Foundation reports a 50% increase in bandwidth usage due to AI bots scraping data for training models, straining resources and impacting service for human users. The organization calls for responsible use of infrastructure and better coordination with AI developers. https://arstechnica.com/information-technology/2025/04/ai-bots-strain-wikimedia-as-bandwidth-surges-50/

📱 New Triada Trojan comes preinstalled on Android devices malware – A new variant of the Triada trojan has been found preinstalled on counterfeit Android devices, enabling extensive data theft. Kaspersky reports over 2,600 infections in Russia, urging users to buy from authorized distributors. https://securityaffairs.com/176143/malware/new-triada-comes-preinstalled-on-android-devices.html

🦠 This sneaky Android spyware needs a password to uninstall. Here's how to remove it without one. security research – A stealthy Android spyware app blocks uninstallation with a password set by the installer. Users can remove it by rebooting into safe mode, which disables the app, allowing for its uninstallation. https://techcrunch.com/2025/04/03/this-sneaky-android-spyware-needs-a-password-to-uninstall-heres-how-to-remove-it-without-one/

🔐 Gmail unveils end-to-end encrypted messages. Only thing is: It’s not true E2EE. privacy – Google's new 'end-to-end encryption' for Gmail is criticized as not being true E2EE, as keys are managed by organizations, allowing potential access to messages. The feature simplifies compliance for businesses but may not ensure privacy for individual users. https://arstechnica.com/security/2025/04/are-new-google-e2ee-emails-really-end-to-end-encrypted-kinda-but-not-really/

💰 Threat actors leverage tax season to deploy tax-themed phishing campaigns warning – As Tax Day approaches, Microsoft warns of phishing campaigns using tax themes to steal credentials and deploy malware, leveraging tactics like URL shorteners and QR codes. Various malware, including BRc4 and Latrodectus, are being used to exploit users during this period. https://www.microsoft.com/en-us/security/blog/2025/04/03/threat-actors-leverage-tax-season-to-deploy-tax-themed-phishing-campaigns/

📱 White House reportedly blames auto-suggested iPhone contact for Signal scandal security news – An internal investigation revealed that National Security Adviser Mike Waltz accidentally added Atlantic editor Jeffrey Goldberg to a Signal group chat due to an iPhone auto-suggestion. https://techcrunch.com/2025/04/06/white-house-reportedly-blames-auto-suggested-iphone-contact-for-signal-scandal/

🖨️ Canon CVE-2025-1268 Vulnerability: A Buffer Overflow Threatening Printer Security vulnerability – Canon has issued a security update for CVE-2025-1268, a critical buffer overflow vulnerability in certain printer drivers that could allow unauthorized code execution. Users are advised to update their drivers to mitigate risks. https://thecyberexpress.com/canon-printer-vulnerability-cve-2025-1268/

---

Some More, For the Curious

🦊 PhaaS actor uses DoH and DNS MX to dynamically distribute phishing cybercrime – A phishing-as-a-service platform named Morphing Meerkat uses DNS techniques to create targeted phishing campaigns, dynamically serving fake login pages for over 100 brands, enhancing the threat landscape. https://blogs.infoblox.com/threat-intelligence/a-phishing-tale-of-doh-and-dns-mx-abuse/

📈 Heightened In-The-Wild Activity On Key Technologies Observed On March 28 security research – A significant increase in attacks targeting technologies like SonicWall and Zoho suggests threat actors are actively probing for vulnerabilities. Security teams must enhance monitoring and patch systems promptly. https://www.greynoise.io/blog/heightened-in-the-wild-activity-key-technologies

🦮 New guidance on securing HTTP-based APIs cyber defense – With increasing API use, security breaches are rising. New guidance addresses vulnerabilities like poor authentication and insufficient monitoring to help organizations protect their systems and customer data. https://www.ncsc.gov.uk/blog-post/new-guidance-on-securing-http-based-apis

🧑‍🏫 Mark of the Web (MoTW) Bypass Vulnerability security research – Recent vulnerabilities in the Mark of the Web (MoTW) feature allow attackers to bypass security warnings and execute malware without detection, highlighting the need for updated security measures. https://asec.ahnlab.com/en/87091/

🚨 CrushFTP CVE-2025-2825 flaw actively exploited in the wild vulnerability – A critical authentication bypass vulnerability, CVE-2025-2825, in CrushFTP is being actively exploited, allowing unauthenticated access to vulnerable devices. Users are urged to patch immediately or implement temporary security measures. https://securityaffairs.com/176097/hacking/crushftp-cve-2025-2825-flaw-actively-exploited.html

🏔️ Spike in Palo Alto Networks scanner activity suggests imminent cyber threats warning – Researchers at GreyNoise report a surge in scanning activity targeting Palo Alto Networks GlobalProtect portals, with over 24,000 unique IPs probing for vulnerabilities, indicating potential preparations for targeted attacks. https://securityaffairs.com/176108/hacking/spike-in-palo-alto-networks-scanner-activity-suggests-imminent-cyber-threats.html

🏫 Getting Started with AI Hacking: Part 1 security research – Brian Fehrman from BHIS introduces AI hacking, focusing on classifier models and adversarial examples. The post covers image classification hacking, malware classifiers, model extraction, and data poisoning attacks, highlighting vulnerabilities in AI systems. https://www.blackhillsinfosec.com/getting-started-with-ai-hacking-part-1/

🌏 Suspected China-Nexus Threat Actor Actively Exploiting Critical Ivanti Connect Secure Vulnerability (CVE-2025-22457) security research – Ivanti disclosed a critical buffer overflow vulnerability (CVE-2025-22457) in Ivanti Connect Secure VPN appliances, with evidence of active exploitation by suspected China-nexus actor UNC5221, leading to the deployment of various malware families. https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-exploiting-critical-ivanti-vulnerability/

⚠️ NSA warns “fast flux” threatens national security. What is fast flux anyway? security news – The NSA warns that 'fast flux' techniques, used by cybercriminals and nation-state actors, complicate detection of malicious operations by rapidly changing IP addresses and DNS records, posing significant threats to national security. https://arstechnica.com/security/2025/04/nsa-warns-that-overlooked-botnet-technique-threatens-national-security/

🪪 Expert used ChatGPT-4o to create a replica of his passport in just 5 minutes bypassing KYC security research – A Polish researcher used ChatGPT-4o to generate a realistic replica of his passport in five minutes, exposing vulnerabilities in KYC systems that rely on photo verification. The incident raises concerns about identity theft and calls for stronger digital verification methods. https://securityaffairs.com/176224/security/chatgpt-4o-to-create-a-replica-of-his-passport-in-just-five-minutes.html

🤫 39M secrets exposed: GitHub rolls out new security tools security news – GitHub revealed that 39 million secrets were leaked in 2024, prompting the launch of new security tools, including standalone Secret Protection and enhanced scanning features to help developers secure sensitive data. https://securityaffairs.com/176170/security/39m-secrets-exposed-github-rolls-out-new-security-tools.html

---

CISA Corner

⚙️ CISA Releases Two Industrial Control Systems Advisories vulnerability – CISA issued two advisories on April 1, 2025, addressing security vulnerabilities in Rockwell Automation and Hitachi Energy ICS. Users are urged to review the advisories for technical details and mitigation strategies. https://www.cisa.gov/news-events/alerts/2025/04/01/cisa-releases-two-industrial-control-systems-advisories ⚙️ CISA Releases Five Industrial Control Systems Advisories vulnerability – On April 3, 2025, CISA released five advisories addressing security vulnerabilities in various Industrial Control Systems, urging users to review the advisories for technical details and mitigation strategies. https://www.cisa.gov/news-events/alerts/2025/04/03/cisa-releases-five-industrial-control-systems-advisories

⚠️ CISA Adds One Known Exploited Vulnerability to Catalog warning – CISA has included CVE-2024-20439, a vulnerability in Cisco's Smart Licensing Utility, in its Known Exploited Vulnerabilities Catalog due to evidence of active exploitation, emphasizing the need for federal agencies to address it. https://www.cisa.gov/news-events/alerts/2025/03/31/cisa-adds-one-known-exploited-vulnerability-catalog ⚠️ CISA Adds One Known Exploited Vulnerability to Catalog warning – CISA has added CVE-2025-24813, a vulnerability in Apache Tomcat, to its Known Exploited Vulnerabilities Catalog due to evidence of active exploitation, highlighting risks to federal networks. https://www.cisa.gov/news-events/alerts/2025/04/01/cisa-adds-one-known-exploited-vulnerability-catalog ⚠️ Ivanti Releases Security Updates for Connect Secure, Policy Secure & ZTA Gateways Vulnerability (CVE-2025-22457) vulnerability – Ivanti has released security updates for CVE-2025-22457, a vulnerability that could allow cyber attackers to take control of affected systems. CISA has added this vulnerability to its Known Exploited Vulnerabilities Catalog and urges users to patch their systems and conduct threat hunting actions. https://www.cisa.gov/news-events/alerts/2025/04/04/ivanti-releases-security-updates-connect-secure-policy-secure-zta-gateways-vulnerability-cve-2025

---

While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.

I was sent to a psychiatric hospital experiencing a “haunting”. It was one of those old school places that looks like a mansion out of a horror movie, a place that people spend a great deal of money to get access to. As usual, I was handed a folder and USB drive full of research the investigative team had already completed. This building had a series of unused sub-levels from the bad old days and an honest to god death tunnel. The dead don't bother me so I snuck in through the external hatch, where they used to occasionally remove the bodies. I'll skip the gory details if you don't mind and get right to setting up camp in the unused administrative office in the abandoned sub-level. Ears aching, neck hairs standing up, gooseflesh, like a cold spark pulsing through the whole place. I disguised myself as maintenance before grabbing my toolkit and heading up the stairs. The drywall dust only served to make my appearance more convincing. I did odd jobs around the place, listening, gathering intel. Patients escaping their rooms was too common to narrow down, but talk of a frozen swimming pool pointed me in the right direction. I had to be close. Walking down a wide, empty hallway, I heard something plink and stopped. “You dropped a button,” a husky voice said. I looked down and saw, sure enough, a button on the linoleum behind me. As I bent to pick it up, I got a look at the feet of the being who'd spoken to me. It was about an inch off the ground, barefooted, skin dry as stone and cragged, spotted with brown and gray. My heart rate was steady, my breathing normal, I chuckled to myself. “Thank you,” I said as I stood up and saw the whole thing. It was morbidly obese, pale and dry as a porcelain doll, and stark naked. Fat hid any discernible sex. Long white hair floated around its head like a bleached anemone. Eyes were yellow surrounded by black and the mouth was little more than a horizontal slash. No smell other than ozone. “I haven't seen you around,” I said. “Oh?” it said. “I'm new here.” I held up the button. “Thanks again, uh…Miss…ter?” I said, gazing expectantly. “It's Doctor, actually,” it said, without moving its mouth, “Doctor Sharpe.” “Thank you, Doctor Sharpe, then.” I turned and started to walk away. When you encounter an entity during a haunting, they typically want to be seen. The theory is that they literally feed on your strong emotions, your reactions. “Wait a moment,” it said in a softer tone. “Yeah?” I didn't turn around. “Would you—like to play a game with me?” I grinned and I'm sure it felt my elation. “I thought you'd never ask,” I said and turned back to face it. There was a table in between us that hadn't been there. “Nice,” I said, running my hand over its obsidian smooth surface. The entity was standing on the other side, no longer a floating ball. White hair hung down its oval face, wearing the same yellow eyes but with a delicate nose and pink lips around the mouth. Broad shoulders were draped with a white gown more appropriate for a gothic sleepover. She was smiling, shaking her cupped hands as something jingled inside. “What's your name?” she asked, showing her yellow teeth this time. “Anderson,” I said, giving her an alias. “I don't think so,” she said, tilting her head, her hair fluttering briefly to life. My ears tingled, and my hair ruffled just a little under my hat. A breeze ran down my sides to my feet, up my calves and thighs, met in my crotch, ran up my torso, by my chest, then split and went down both arms. She knew me now. Whether she'd be intrigued, confused, or angry remained to be seen. “Ooh,” she said and that was all. Coins clanged on the table as she opened her hands. They were colored, shaped, and sized like American quarters but without the ridges. “Take some,” she said. “And keep your button out.” I counted out four and slid them over in front of me. Picking one up, I glanced over, “May I?” Her yellow teeth smiled back as she nodded. Dense, heavy in my fingers, like real metal. Looked like cuneiform writing and instead of George Washington and an eagle, it was something like a lamprey's mouth on one side and a burning bush on the other. “You can see?” she asked, squinting. “Yeah,” I said. “A real beauty.” And it's true. I've seen lots of manifestations and this one was extremely detailed and surprisingly solid. In other words, this place was very, very tangled with the other. I stacked the coins in front of me and put the button beside. “So, Doctor Sharpe,” I asked. “What are the rules?” Her hair twitched. “Please call me Amelia,” she replied. “Okay, Amelia,” I said. “Then you can call me Alex.” She leaned in, asking, “Is that short for something.” While her hair started to writhe. “Maybe,” I told her, visibly grinning. I can play games, too. Sometimes, they like that. She leaned back and I felt nothing but anticipation from her. “You've already stacked the coins, I see. “Put your button on top of them.” I did as I was instructed. When I looked over at hers, the table had a mock temple made of old cardboard tubes from toilet paper and paper towels. I blinked a few times and it was still there. Another thing about hauntings. Even though we are tangled with another reality, there are still some things we aren't able to see. Our brains can't interpret it. As a safety mechanism, it'll hide things from us until they can happen when we aren't looking. When you look away, when you turn your back, when you blink your eyes, then your brain lets you see the change. You couldn’t see it happen. That's not possible. So I blinked to make sure she was done modifying the table. “You can go first, Alex,” she said. “You have to use your finger to flick the button at the temple. “The goal is to be the first person to knock it down.” The button on her stack of coins glinted when I tilted my head. “That hardly seems fair,” I said. “What would you prefer?” she asked. I looked down and saw my coins and button were replaced with food. I looked up and the temple and everything was now desserts. “First one to finish eating the temple?” I picked up one of the pastries and took a bite. Flaky, honey sweet, hint of pecan, powdered sugar on top. “Extremely good job on these,” I said. “They taste freshly baked.” “I'm glad you like them,” she replied, the table now covered in sweets of all kinds. Instead of eating more, I put it down. When they give you food, you have no idea what you are actually eating. You really don't want to know some of the things I've put in my mouth. She frowned, bunching up her bottom lip. Frustration. “I thought you wanted to play?” she said. “Actually, I'm down here because I heard about a frozen swimming pool. “Was that you?” Her hair danced. “They really seem to like it,” she said. “I'd like to see it, too, if that's okay.” She pointed beside us. “It's right there.” And it was. An Olympic sized swimming pool, frozen solid. I could see people at the far end. There was a faint impression of ice skaters, of Christmas trees, of carolers singing. “Christmas,” I said. I felt myself slipping into it, could smell hot cocoa and cookies, could feel a fireplace nearby. “It is lovely,” I said before shaking myself out of the reverie. “I cannot image how much effort that must have been to create for them.” Her face was stoic, stern, but her yellow eyes were moist, red tears welled. “They deserve it,” is all she said before she and her entire table slid into the floor and vanished. I hadn't felt malice or mischief, only remorse and pity. I headed toward the crowd, the illusion playing at the edges of my senses, eager to pull me back in coming in waves with a dull thump each time. As I got closer, I saw them pointing out on the ice, laughing and hugging, pretending to drink mugs of coffee or cocoa that were real to them. And the thumps got louder and louder. In fact, the thumps were so loud they had to be real. I looked over the ice, underneath the illusion of kids ice skating and throwing snowballs, underneath the sleds and snowmen. I saw something under the ice. A black mass moving and pushing up and failing to find a way out. It was desperate, I could feel that now that I knew it was there. I went out on the ice to the shouts of the others telling me to get off because I wasn't dressed for it, to stay out of the way, to be careful, to be nice to the kids. I knelt down and felt the ice. It wasn't cold. I still had my toolkit. No axe, but a hammer and a flat-head screwdriver might do. I started tapping, chiseling, then banging. The others were angry now, yelling that I was putting their kids in danger, that if I wanted to fish I'd have to wait until after the kids were done playing. The “ice” chipped like old concrete until I had a hole big enough to stick a hand through, an arm. It was only an inch thick. I had no idea how it was even holding my weight. The water was a syrupy but I waved my hand as much as I could until the black mass saw me and swam toward me. The “ice” bulged up under its pressure but wouldn't break. I pulled my arm out of the hole and pressed my ear to it instead. “Free me, please,” whispered. “Free me, please,” again and again. Hope and fear in equal measure came from whatever it was. At this point, I had an idea of what was down there and I hoped my hormones would keep me safe. I hammered and hammered, hearing her voice from the water the whole time, hearing the people screaming, begging me to stop, but unwilling to come out on the ice. Until it was a hole big enough for a person to climb out of, or be pulled into. I put both arms in the slushy water and told her to come to me. The black mass was already underneath and I felt its weight. I felt its urgency and its hesitancy. I felt it taste me, a tingle running through both arms all the way to my core. It pulled slightly before reversing and allowing me to pull it up. It resembled a horse, a bundle of wet grass, a pile of stones, a hag, a maiden, until it was simply a woman with green skin and seaweed for hair. I'd been so fascinated that I was able to see the transformations, the shifting, the refocusing of reality with my own eyes that I didn't hear the crowd's crying until it was over. The water sprit pierced my soul with a glance, looking me up and down. “Hmmph!” the green woman said, shaking her head. “Oh,” I said, putting my right hand over my heart and raising my left hand in a symbol involving the first and second fingers as well as the pinky and thumb. “By the secret name inscribed on my soul, I release you from any and all obligations borne of this transaction.” That got her attention. “Thank you,” she said reaching a trembling hand toward my face. I did not pull away as she touched my cheek. She had tropical lagoons for eyes, like a warm bath, like a mother's embrace. It was another glamour, of course, but I allowed it, almost against my will. Almost. I was on a beach. The ocean's roar behind me like an out of tune radio. She was in front of me, wearing a Tahitian pāreu, fragrant flowers in her thick, black hair, brown skin instead of green. “I'm so tired of the snow and ice, so tired of Christmas,” she said, looking up at the sky and squinting. I heard music, singing, like a choir but it was just her laughing as she spun in place. “I'm free!” she sang. “You freed me.” She stopped spinning and faced me again. She was getting closer but not walking. “Why did you reject your prize?” She was circling me but also still standing in front of me. I felt her eyes all over me, I felt her probing me. The sky turned to storm clouds. I looked down, closed my eyes, to avoid her million eyes. I answered, “You tell me. “By now, you know me at least as well as I know myself.” The sun returned. “You aren't like the men and women I normally meet,” she sang. I felt the urge to lift my head, a gentle breeze stroking my chin. “Please look at me,” she pleaded. I took a deep breath, faced her, opened my eyes, and saw her. She was beautiful, of course, like a live action Nani Pelekai? My heart fluttered as if she was my first true love and heat flooded out to my hands and feet. I wobbled, nauseated, like I might stumble or fall to my knees. “You do have a heart, after all,” she sang, “and I see how it beats.” I felt the warm breeze circling around my ankles, looked down, saw myself clearly for the first time. I, too, was dressed in a bright pāreu, barefoot, dark skin. Not my body. I tested my muscles to see how real I was: toes, feet, calves, knees, thighs, pelvis, stomach. Wait. Something was different. I went numb. Something was different. Impossible, but as real as my own flesh. My hands trembled, stomach racked with nausea, my legs buckled, I was on the ground, sand in my mouth and eyes. Tears, great torrents and I couldn’t stop crying. I couldn’t stop. I heard her fluttering toward me. “You refused my gift before I even offered.” She paused. “And it was because you thought you were doing me a favor.” She put a steadying hand on my naked shoulder. “That thing trapped me,” she said. “It told me to give them their children back. “I didn't even take their children.” I heard her kneel down beside me. I felt pity from her, pity but also longing. I shivered at her breath in my ear. “But you rescued me.” I couldn't see her through my sobs. I could barely hear her as I forced myself to remember this, to remember it. The ocean was coming in. Not sure how I could tell, but it was coming in fast. “Thank you,” she whispered, voice like an ice pick. It was a phrase that carried power, when a fae speaks it is wise to consider that any words can be full of power and magic and gratitude, genuine gratitude, is powerful indeed. Then I was lying on the false ice, lying in my own snot and tears, surrounded by grieving parents. The sorrow, the emptiness, drove away whatever had been haunting the place. I could feel that almost immediately. I carved some carefully designed sigils around at precise locations to help anchor against future resonance. I went back out the same way I came in, hiked to my concealed vehicle, climbed inside, and cried for an hour. I drove home in mute resignation of what I'd been allowed to experience. I left the personal details out of my full report, but they've never left me. And. Sometimes. When I dream. Instead, I'm back on that beach. I look out at the ocean, at the eternal cycle of waves in and out; at the horizon in the unreachable distance. I hear singing. But. This time. It's just the birds. I feel the sand between my toes, I smell the brine, the seaweed, fruit trees in the distance. I feel the warmth of the sun that never sets, the breeze that meanders along the water line. I sit in the surf, rubbing my belly, savoring every sensation, marveling at what I should not have. Waiting for her to come back. So I can tell her, “thank you.” But she never will.

---

#WhenIDream #Dreams #Dreaming #Dreamlands #Writer #Writing #Writers #WritingCommunity #WritersOfMastodon #ShortFiction #Fiction #Paranormal

CC BY-NC-SA 4.0

This work is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License

It is definitely not okay to feed this into a dataset to be used to train an genAI or LLM. Nobody is authorized to used it for genAI or LLM.

Hello world!

I write this as a test to see what’s possible on infosec.press.

Can I use markdown? Yes I can!

Did the use of my browsers ‘back’ button spawn a new post instead of an edit? I think it did.

A few days ago, I saw a post on r/fibromyalgia with a list of symptoms related to fibromyalgia, both common and uncommon. As I was looking at them, I couldn't tell what was scaring me the most: the size of the list or the fact that I have a lot of them. Today, after trying to cope with this for a few days, I copied the full post and applied bold to the ones I've had since this shit started, just to get a more precise grasp of how many of these I've had. Oh boy! I shouldn't have, because now I'm stressing out, and I'm trying to vent with this blog post.

I already had a few of them, due to other comorbidities, like allergies, asthma or IBS (this one is common in people with fibromyalgia), but they got worse after this fucking syndrome ruined my life. I also always had a sensitive nose, but not to the point of detecting a gas leak from a bottle with a hair-thin hole in it (the hole was barely visible with the naked eye, and no one around me noticed the leak except my now way too sensitive nose!).

Some sources suggest there are up to 200 symptoms associated with fibromyalgia. Below is a comprehensive list categorized by system:

Musculoskeletal Symptoms

• Widespread muscle pain • Muscle stiffness • Joint pain • Muscle spasms • Muscle weakness • Chronic fatigue • Tender points (sensitive areas on the body) • Reduced exercise tolerance • Restless legs syndrome • Feeling unrefreshed after sleep

Neurological Symptoms

• Chronic headaches or migraines • Numbness and tingling in extremities • Burning or prickling sensations • Sensory overload (hypersensitivity to light, sound, and touch) • Poor coordination • Dizziness or vertigo • Brain fog (cognitive dysfunction) • Memory problems • Difficulty concentrating (“fibro fog”) • Slowed processing speed • Speech difficulties (word-finding issues) • Increased pain sensitivity (hyperalgesia) • Phantom pain (pain with no clear cause) • Sensory processing disorder-like symptoms

Sleep Disturbances

• Insomnia • Frequent awakenings at night • Light, unrefreshing sleep • Delayed sleep phase disorder • Sleep apnea • Hypersomnia (excessive sleepiness) • Difficulty maintaining sleep • Increased pain sensitivity at night

Psychological Symptoms

• Anxiety • Depression • Panic attacks • Mood swings • Irritability • Emotional sensitivity • Feeling overwhelmed easily • Post-traumatic stress disorder (PTSD) • Increased stress response • Low stress tolerance

Gastrointestinal Symptoms

• Irritable bowel syndrome (IBS) • Constipation • Diarrhea • Abdominal cramping • Bloating • Nausea • Acid reflux (GERD) • Food intolerances • Sensitivity to gluten or dairy

Cardiovascular Symptoms

• Palpitations • Irregular heartbeat • Orthostatic intolerance (dizziness when standing) • Low blood pressure • Raynaud’s phenomenon (cold, discolored fingers/toes) • Poor circulation

Immune System Symptoms

• Frequent infections • Swollen lymph nodes • Flu-like symptoms • Allergies or worsening allergies • Sensitivity to mold or chemicals

Hormonal & Endocrine Symptoms

• Menstrual irregularities • Painful periods (dysmenorrhea) • Premenstrual syndrome (PMS) • Low libido • Thyroid dysfunction symptoms (even with normal labs) • Adrenal fatigue-like symptoms • Weight fluctuations • Hot flashes or night sweats

Sensory & Skin Symptoms

• Skin sensitivity • Rashes or hives • Itching (pruritus) • Temperature sensitivity (hot or cold intolerance) • Excessive sweating • Bruising easily • Dry eyes or mouth (similar to Sjögren’s syndrome) • Tinnitus (ringing in the ears) • Blurred vision • Heightened sense of smell

Urinary & Reproductive Symptoms

• Bladder pain (interstitial cystitis) • Frequent urination • Urinary urgency • Painful intercourse • Pelvic pain • Erectile dysfunction (in men)

Metabolic & Energy Symptoms

• Chronic fatigue • Hypoglycemia symptoms (without diabetes) • Sugar cravings • Difficulty maintaining energy levels • Feeling drained after minor exertion • Non-restorative rest

Temperature Regulation Issues

• Feeling excessively hot or cold • Sweating abnormalities • Poor heat tolerance • Cold hands and feet

This list captures many of the most commonly reported symptoms, but fibromyalgia is highly variable, meaning people experience different combinations of symptoms.

Here are some of the less common (but still reported) symptoms:

Neurological & Sensory Symptoms

• Olfactory hallucinations (smelling things that aren’t there) • Tingling or buzzing sensations in the skin (paresthesia) • Feeling like your skin is sunburned without an actual burn • Electric shock sensations in the brain or body • Difficulty distinguishing temperatures (e.g., not realizing something is too hot or too cold) • Changes in depth perception (difficulty judging distances) • Spatial disorientation (walking into door frames, tripping) • Sudden “jelly legs” or leg weakness

Psychological & Cognitive Symptoms

• Derealization or depersonalization (feeling detached from reality) • Hypersensitivity to emotions (excessive empathy or feeling drained around people) • Intrusive thoughts or mental overstimulation • Extreme irritability before storms or weather changes • Lack of motivation despite wanting to do things

Skin & Hair Symptoms

• Hair loss or thinning (often linked to stress or inflammation) • Skin mottling or marbling (livedo reticularis) • Sudden bruising with no clear cause • Extreme skin dryness despite moisturizing • Bumps or lumps under the skin (lipomas or fibrous nodules)

Cardiovascular & Circulatory Symptoms

• Feeling faint after standing too long (due to blood pooling) • Heart palpitations with no clear cardiac issue • Frequent cold hands and feet, even in warm weather • Random hot or cold flushes without fever

Gastrointestinal & Metabolic Symptoms

• Metallic taste in the mouth • Burning tongue syndrome • Random aversions to foods once tolerated • Episodes of extreme hunger or complete lack of appetite • Unexplained weight gain or loss despite no change in diet • Swelling in the hands, feet, or face (fluid retention)

Respiratory & ENT (Ear, Nose, Throat) Symptoms

• Feeling like you can’t take a full breath (air hunger) • Chronic post-nasal drip or unexplained nasal congestion • Recurring sore throat with no infection present • Hoarseness or voice changes without a clear reason • Increased sensitivity to strong smells causing nausea or headaches

Urinary & Reproductive Symptoms

• Pain during ovulation (not just during menstruation) • Sudden onset of interstitial cystitis (bladder pain syndrome) • Feeling like you need to urinate immediately after going • Lower abdominal bloating that mimics pregnancy

Sleep & Fatigue Symptoms

• Waking up gasping for air (not sleep apnea related) • Extreme difficulty waking up despite a full night’s sleep • Sudden episodes of body exhaustion with no warning • Vivid or disturbing dreams that feel real

Immune System & Autoimmune-Like Symptoms

• Frequent canker sores or mouth ulcers • Random fevers or flu-like symptoms with no infection • Easily getting sick but recovering slowly • Reactions to vaccines or medications that others tolerate well

Rare Pain Symptoms

• Pain that migrates randomly from one part of the body to another • Tingling scalp or burning sensation on the head • Feeling like your limbs are “too heavy” to move • Painful swelling in one finger or toe with no arthritis diagnosis

Many of these symptoms overlap with other chronic illnesses, which is why fibromyalgia is often misdiagnosed.

#Fibromyalgia

The agreements on data sharing between the EU and the US have been problematic from the start, due to irreconcilable difference in privacy principles. From Safe Harbor to Privacy Shield(s), each time it was clear that any agreement would be challenged. In the meantime, the world moved on regardless.

The debate flares up now, again, because of the fast-changing relationship between the US and Europe, following the first months of a chaotic Trump presidency that is re-defining global alliances. But a lot of the discussion is emotional and imprecise. I am as concerned about security and privacy for private citizens as the next one. But that shouldn't jump to wild claims that the US government can just get at anyone's data or cut them off.

Not All Cloud is the Same

When we're talking about American cloud services, are we talking Google Search and Gmail , Office 365, Facebook, WhatsApp, or Twitter/X? Or are we talking about cloud infrastructure and services like AWS, Azure, Google Cloud? In the first, you don't pay, have no control, and trade your privacy for convenience. In the latter, you orchestrate all your compute, network and storage services, and have access to encryption services of varying strengths. Services like AWS Nitro are specifically designed to guarantee AWS administrators can't access their customers' workloads, and Sovereign Cloud offerings take this further and further.

The debate of privacy of citizens – that is, move to Signal or Fediverse services – is not the same as the debate of European corporate and governmental use of American cloud infrastructure providers. The arguments against Google's and Meta's dominance in retail internet service and advertisement are not new, or suddenly more problematic with the change in US Administrations. Similarly, cloud infrastructure services are not suddenly at greater risk.

Residence or Remote Control?

We talk about EU-only access and data residency, but we forget what is really important about that. If Microsoft can access a server in Europe from America, what use is EU data residency? With strong encryption, the physical location of data on disk doesn't really matter. If the American provider doesn't have access to the key, the European data owner still controls the data.

Meanwhile, the physical equipment and data centers are still in Europe, operated be local residents and subject to local jurisdictions. When Russian sanctions came in, many global technology companies retreated under realistic threat of their facilities being nationalized or “sold” to a local operator. That is an extreme example, but EU governments are not powerless.

The moment the legal status of American cloud infrastructure providers becomes a real problem, immediately you see the foundation of AWS, Europe, Azure Europe and Google Cloud Europe as independent, European corporations.

Can Open Source Save Europe?

Maybe. But not on its own. The top 7 (or 6, if you count Github as Microsoft) corporate contributors are American tech corporations until you get to SAP, and open source software is used equally on both sides of the Atlantic for cloud services.

Does the open source have to be European for independence? Who cares where it comes from? Fork open source projects you rely on, if necessary. Cloud services based on open source are not inherently more secure, private and independent. They still need to be operated by someone. And often the American cloud providers rent from local data center operators.

Lack of Capital, Fragmented Market

The problem of Europe and cloud independence is the lack of capital. While there are 4-5 American global cloud infrastructure providers, there isn't a single one that can claim that from Europe. The market is fragmented with national and regional providers.

Initiatives like IPCEI CIS are interesting, but would still create an odd cloud where services would be provided by a wide variety of different supplier, greater complexity, and lower economies of scale. It's a noble pursuit, but a political one.

Technological Interdependence

We focus on European dependence on America... but we fail to do the same in reverse. There is more competition in cloud infrastructure and services than there is in semiconductor design (Arm Holdings, UK) and photolithography (ASML, NL) or the business application software that runs the global economy and government services (SAP, D).

Serious Times

That is not to say there isn't a problem. We live in strange times, and will have to rethink our threat models. But for the debate to be productive, we need to be nuanced what the real problems are. And not let ourselves be ruled by broad strokes and emotions.