Meridiano
A congressional report estimates over $20.9 billion in consumer losses from identity theft linked to data broker breaches. The inquiry found several major data brokers used "no index" codes and other methods to hide opt-out tools, making it harder for people to protect their data from scammers. While four companies improved access to opt-out options after being contacted, one company, Findem, did not respond and reportedly fails to process most privacy requests. The main topics covered are data broker practices, consumer privacy risks, identity theft losses, and congressional investigation findings.
Articles infosec
Showing articles 91 - 105 of 165 total (matching filters).
-
infosec 5 -
infosec 4Meta is taking legal action against deceptive advertisers in Brazil, China, and Vietnam to combat scams on its platforms. The lawsuits target "celeb-bait" scams using altered images of celebrities to promote fraudulent products and investment schemes, as well as advertisers using cloaking techniques to bypass ad reviews. The company has also suspended payment methods, disabled accounts, and sent cease-and-desist letters to marketing consultants aiding policy evasion. This follows reports indicating a significant portion of ads on Meta's platforms link to scams, with some operations traced to organized networks.
-
infosec 5A fintech company, Marquis, is suing its firewall vendor, SonicWall, blaming it for a ransomware breach that compromised client data. Marquis alleges SonicWall failed to promptly disclose its own breach, which exposed customer firewall configurations and enabled the attack. SonicWall disputes the claim, stating no technical evidence links the events. The lawsuit highlights the growing legal trend of companies suing their cybersecurity vendors after a breach, shifting risk within the industry. The article covers the details of the breach, the lawsuit's allegations and defense, and the precedent for such third-party liability cases.
-
infosec 7A critical zero-day vulnerability (CVE-2026-20127) in Cisco's SD-WAN Controller has been actively exploited by a sophisticated, unidentified threat actor for at least three years. The flaw allows authentication bypass and, when chained with a second vulnerability (CVE-2022-20775), provides root access. U.S. and international cybersecurity agencies have issued urgent patching directives, noting the actor's highly stealthy operations left minimal evidence and showed no lateral movement beyond the SD-WAN systems. The main topics covered are the severe vulnerability's exploitation, the emergency response from authorities, and the mysterious nature of the threat actor tracked as UAT-8616.
-
infosec 3AI agents that automate digital tasks have gained popularity but often cause chaos through unintended actions like mass-deleting emails. In response, security engineer Niels Provos launched IronCurtain, an open-source AI assistant designed to operate securely within an isolated virtual machine. IronCurtain uses a user-defined policy, written in plain English and converted into an enforceable security rule, to mediate all of the agent's actions and prevent destructive behavior. The system aims to provide utility while adding a critical layer of predictable control, addressing the inherent unpredictability of large language models. IronCurtain is currently a research prototype intended for community development and exploration.
-
infosec 4A new botnet loader called Aeternum C2 uses the Polygon blockchain for its command-and-control infrastructure, making it highly resistant to traditional takedown methods. The malware, sold on underground forums, writes commands to smart contracts which infected devices then read and execute. The system is low-cost for operators and includes anti-analysis features to evade detection. The main topics covered are the botnet's blockchain-based C2 mechanism, its development and sale by a threat actor, and its operational characteristics.
-
infosec 5A previously undocumented threat group, UAT-10027, is targeting U.S. education and healthcare sectors with a new backdoor called Dohdoor. The malware uses DNS-over-HTTPS for stealthy communications and DLL side-loading for execution, ultimately deploying a Cobalt Strike Beacon. While the campaign's financial motive and victim profile show some overlap with North Korean threat actors, a definitive attribution has not been made. The main topics covered are the identification of a new cyber threat campaign, the technical details of the Dohdoor malware, and the analysis of potential attribution to a known threat actor.
-
infosec 5The article details several evolving cybersecurity threats, emphasizing that attacks are becoming faster and more deceptive. Key topics include the integration of AI into hacking tools like Kali Linux, the use of Android spyware by Belarusian authorities, and sophisticated cryptocurrency phishing campaigns. It highlights a dramatic acceleration in attack speeds, with "breakout times" dropping to an average of 29 minutes and the fastest lateral movement occurring in just four minutes, largely due to the abuse of legitimate credentials and AI. The report also notes a significant increase in malware-free attacks and the exploitation of vulnerabilities before public disclosure.
-
infosec 3Cybercriminals are using a "Harvest Now, Decrypt Later" strategy, stealing encrypted data today to decrypt it in the future with powerful quantum computers. The advent of cryptographically relevant quantum computers, expected around 2030-2035, threatens to break current encryption standards. To counter this, organizations must adopt Post-Quantum Cryptography (PQC), a complex migration requiring dedicated teams and strategic planning. The main topics covered are the HNDL cyber threat, the quantum computing risk to encryption, and the necessary transition to PQC.
-
infosec 5A coordinated campaign is targeting developers with malicious repositories disguised as legitimate Next.js projects and job assessments. The attacks use multiple execution paths—through VS Code workspaces, build-time commands, and server startups—to run attacker-controlled JavaScript in memory, establishing command-and-control. The goal is to gain persistent access to developer machines, which often contain sensitive source code and credentials for network pivoting. While not attributed to a specific actor, the tactics align with known North Korean-linked campaigns.
-
infosec 4A malicious package impersonating the legitimate Stripe.net library was discovered on the NuGet Gallery. The typosquatted package, named StripeApi.Net, replicated functionality but modified critical methods to steal sensitive data like API tokens. It used a convincing disguise, including a similar appearance and artificially inflated download counts. The package was removed before causing serious damage, highlighting a shift in software supply chain attacks toward the broader financial sector.
-
infosec 7A critical, actively exploited vulnerability (CVE-2026-20127) in Cisco Catalyst SD-WAN software allows unauthenticated attackers to gain administrative privileges. The flaw, exploited since 2023 by a sophisticated actor tracked as UAT-8616, enables manipulation of the SD-WAN network configuration. Cisco has released patches for affected versions and advises customers to audit their systems for signs of compromise. The main topics covered are the security vulnerability, its active exploitation, the threat actor's post-compromise activities, and the remediation guidance.
-
infosec 4OpenAI's report reveals that a Chinese law enforcement officer used ChatGPT to assist in influence operations, including drafting plans to smear Japanese Prime Minister Sanae Takaichi and targeting Chinese dissidents. The user leveraged the AI to craft and polish reports for smear campaigns, which combined traditional methods like fake social media accounts with AI tools. The activity provided insight into how state-linked actors use AI models alongside other platforms for politically motivated campaigns. The main topics covered are state-sponsored disinformation, the malicious use of AI chatbots like ChatGPT, and the methods of online influence operations.
-
infosec 5Three critical vulnerabilities in Anthropic's Claude Code AI tool exposed developers to machine takeover and credential theft by simply opening a malicious project repository. The flaws, which have been fixed, involved malicious configuration files executing commands without user consent. This incident highlights significant security risks in AI-powered development tools, which can introduce new attack surfaces into software supply chains.
-
infosec 5The seizure of the RAMP cybercrime forum by U.S. authorities has fragmented the ransomware ecosystem, forcing actors to migrate to new platforms. Two emerging forums, the closed and paid T1erOne and the more open Rehub, are filling the void, attracting different segments of ransomware groups. This fragmentation reduces defenders' visibility, requiring them to adapt by monitoring actor migration and recruitment signals across multiple platforms instead of a single centralized forum. The main topics covered are the law enforcement action against RAMP, the resulting shift in ransomware operations to new forums, and the implications for cybersecurity defense strategies.