🚨 Exciting thing🚨 I'm getting back to my content creation roots.
I've missed blogging, podcasting, and community engagement from back before I worked for big companies with scary PR teams.
So... I'm launching a newsletter called Vulnerable U. vulnu.beehiiv.com
🧵 THREAD: A federal whistleblower just dropped one of the most disturbing cybersecurity disclosures I’ve ever read.
He's saying DOGE came in, data went out, and Russians started attempting logins with new valid DOGE passwords
Media's coverage wasn't detailed enough so I dug into his testimony:
🚨BREAKING: Genetics firm 23andMe confirms user data theft in a credential stuffing attack.
The hackers released 1 million lines of data targeting Ashkenazi Jews.
Community note
More context: the company’s servers were not breached. The attackers logged in to user accounts that had simple or reused passwords, and leveraged the “DNA relatives” feature to gain more information. “The information does not appear to include actual, raw genetic data.”
wired.com/story/23andme-
So U.S. uses backdoors in it's own Internet providers to spy on it's citizens.
China says "don't mind if we do" and backdoors the backdoors.
They sat for months undetected on the U.S. wiretap system for Verizon, AT&T, and more...
The DoJ just busted a massive scam involving North Korean IT workers infiltrating major US companies.
They had some help in the US and were posing as remote freelancers to siphon off money and sensitive info.
Holy crap, here's what we know:
Who’s the whistleblower?
Daniel Berulis — a senior DevSecOps architect at the National Labor Relations Board (NLRB), formerly with TS/SCI clearance.
He just told Congress the Department of Government Efficiency (DOGE) pulled off a covert cyber op inside a federal agency.
The most daming claim in this statement IMO:
Within 15 minutes of DOGE accounts being created…
Attackers in Russia tried logging in using those new creds.
Correct usernames and passwords.
2 options here. The DOGE device was hacked. And I don't think I need to explain the 2nd.
DOGE demanded root access.
Not auditor access. Not admin.
They were given “tenant owner” privileges in Azure — full control over the NLRB’s cloud, above the CIO himself.
This is never supposed to happen.
They disabled the logs.
Berulis says DOGE demanded account creation with no recordkeeping.
They even ordered security controls bypassed and disabled tools like network watcher so their actions wouldn’t be logged.
Display of oversized liquids, gels and aerosols that travelers had in their carry-on bags at the @SyracuseAirport @TSA Checkpoint in a 3-day span. The limit for liquids through a checkpoint is 3.4 oz.
So let me get this straight
A teenager hacked Nvidia. Was arrested. Got out on bail
Under supervision and without his laptop, hacked Rockstar to steal unreleased GTA 6 info
How'd he do that without a laptop, you ask? With the hotel TV and a Fire Stick
bbc.com/news/technology-6766…
Then came the intimidation.
While preparing this disclosure, Berulis found a drone surveillance photo of himself taped to his front door with a threatening note.
This was just a few days ago.
And then the data started flowing out.
10+ GB spike in outbound traffic
Exfiltration from NxGen, the NLRB's legal case database
No corresponding inbound traffic
Unusual ephemeral containers and expired storage tokens
Multi-factor authentication? Disabled.
Someone downgraded Azure conditional access rules — MFA was off for mobile.
This was not approved and not logged.
They used an external library that used AWS IP pools to rotate IPs for scraping and brute force attacks.
They downloaded external GitHub tools like requests-ip-rotator and browserless — neither of which the agency uses.
⚠️ Breaking: North Korea just burned an 0-Day in Chromium.
They used it to install a Windows rootkit and the campaign targeted cryptocurrency platforms and users.
Here's what we know:
One of the biggest hacks of the year has mainly gone untalked about.
A Chinese hacker group compromised a $57 billion chip manufacturer in 2017.
They weren't discovered for over 2 years. Here's everything we know:
Whelp. Another North Korean laptop farm just got taken down in the US.
This time at a guy's house in Nashville. The NK team made over $250k for their remote work between 2022 and 2023.
Hey if someone shows up and asks you to host a pile of laptops at your house, just say no?
Holy crap. People are getting an ultimatum at their pharmacies this week - pay full price out of pocket or go without their meds.
All due to a ransomware attack.
Let's dig in:
What in the hell?!
A group of cybercriminals has filed an SEC complaint against a company for not disclosing a data breach.
Here's what we know and what this might mean for the future of ransomware:
🚨 A new vulnerability found in Telegram that can grant access to your camera and microphone.
Found by an engineer at Google, reported to Telegram and they haven't addressed it.
So now we get a detailed public disclosure!
How this works and what it means for your privacy 👇
This woman also hosted laptops from US companies to spoof locations
This bypassed any geofencing making it seem like the North Korean workers were based in the US.
On May 16, the DOJ indicted five people connected to this scheme.
One is an Arizona woman who helped North Korean IT workers by validating stolen identities, making them look like US citizens.
🚨 Woah. Crazy new research paper I just read.
Remotely and inaudibly issue commands to Alexa, Siri, Google Assistant, etc.
"allows attackers to deliver security-relevant commands via an audio signal between 16 and 22 kHz (often outside the range of human adult hearing)" 🔊
The scheme has raked in millions of dollars in wages from over 300 companies.
This money likely supports North Korea's regime, including its nuclear weapons program, according to the FBI.
TARGETED LEAK: The initial data leak was limited but deeply concerning.
The threat actor released 1 million lines of data specifically for Ashkenazi people.
This targeted attack raises serious questions about the motive behind the breach.
How they operated:
North Korean operatives are stationed in countries like China, Russia, and parts of Eastern Europe and Southeast Asia.
They then use fake documents and buy accounts to get remote jobs in the States.
U.S. labs keep finding *undocumented* cellular radios hidden inside some Chinese-made solar inverters & battery packs
Those radios give the gear a second, undocumented path to the internet. Global governments are reacting already: 🧵
23andMe, a renowned U.S. biotech & genomics firm, offers genetic testing services.
A threat actor recently leaked data samples from the firm and is now selling 23andMe customer data packs.
The leaked data includes full names, usernames, profile photos, sex, date of birth, genetic ancestry results, and geographical location.
This is a goldmine for identity thieves and malicious actors.
The Okta hack that keeps on giving!
Cloudflare announced a new data breach today in it's continued battle against creds stolen during a previous Okta hack
Let's dig in:
North Korea's government is highly motivated due to heavy international sanctions.
They've been behind major cyber heists like the $81 million stolen from Bangladesh Bank via the SWIFT system in 2016.
Are you kidding me?
Who had "actually suffering ransomware attacks is good for business" on your bingo card?
That's what is going on at United Healthcare:
Holy hell, security researchers figured out how to bypass TSA and potentially get into a cockpit with super basic SQL Injection.
I can’t get over this one.
Kevin Briggs, a senior advisor at CISA, has publicly revealed ongoing vulnerabilities in U.S. telecom networks.
TL;DR - He has evidence vulns in teleco's are being used to track and spy on U.S. citizens.
Buckle up, here's what we know:
Google uncovered evidence that Russian government hackers (APT29) are using exploits "identical or strikingly similar" to those developed by spyware companies Intellexa and NSO Group.
And we don't know how they got their hands on it...
Here's what we know: 🧵
Hackers are using Google Tag Manager (GTM) to inject credit card skimmers into E-commerce sites.
At least 6 compromised sites identified so far. Here's what we're seeing. 👇
Facilitators, or "mules," are key players in this operation.
They manage multiple fake identities and handle risky tasks like job interviews and drug tests, then pass the credentials to the actual North Korean workers.
New series of Palo Alto Networks vulnerabilities, chained together for a bad time.
“We find that a simple request to that exact endpoint over the web service resets the admin password.”
Well, I don’t like the sound of that… 🧵
These facilitators make big money.
For example, a Ukrainian facilitator managed about 870 identities and hosted 80 computers, earning over $900,000 over six years.
A vulnerability in the way Google implements OAuth was disclosed publicly today and is still not fixed.
It can let employees retain indefinite access to applications like Slack and Zoom after they're offboarded.
Let's dig in:
Betterhelp gave personal mental health info over to Meta and Snapchat for advertising purposes.
$7.8 million fine is a blip for them and won’t buy a coffee for each victim.
The IT workers, often highly skilled, work under harsh conditions with strict oversight.
Their activities include cryptojacking, targeting security researchers(!!!), and other cyber attacks to fund the regime.
I'm hearing reports of a sophisticated 'MFA Bombing' attack that targets Apple users, exploiting a flaw in Apple's password reset feature.
Let's dive in:
The encryption algorithms used in TETRA were kept secret until a group of Dutch researchers got their hands on them and found severe flaws, including a deliberate backdoor.
This backdoor could allow someone to snoop on communications and potentially send harmful commands.
A former TOR operator is in and out of jail.
His wife has been posting footage of the Marshalls coming to the house and messing with them and their dog.
I read the whole court transcript, pls never put me in a situation where I need to be talking about Linux VMs in court...
23andMe's RESPONSE: The company confirmed the data's legitimacy. They believe the hackers used credentials from other breaches to access 23andMe accounts.
"We do not have any indication at this time that there has been a data security incident within our systems."
The technology in question is a European radio standard called TETRA (Terrestrial Trunked Radio).
It's used in radios made by Motorola, Damm, Hytera, and others and is embedded in critical infrastructure like pipelines, railways, and the electric grid.
The compromised accounts had opted into the platform's 'DNA Relatives' feature.
The hacker accessed a few 23andMe accounts and scraped the data of their DNA Relative matches, showing the potential risks of such features.
This is an absolutely wild one by @iangcarroll and @samwcyo
The most basic SQL injection ever in the Known Crewmember (KCM) and Cockpit Access Security System (CASS) used by airlines and TSA.
Literally ' OR 1=1 got them admin access. Here's what we know:
I just got a DM that Bandcamp is mass-emailing people with their plaintext passwords where their first names should be.
This also means they're storing them in plaintext...
Did anyone else get these?
Community note
They are sending User ID's not passwords.
nitter.app/Maxwellcrafter
🚨 Wow. Imagine waking up, and your entire company's online presence is erased.
Email. Domain. Documents. Databases. Gone
Poof.
Well, that's what happened to customers of two hosting providers this week. 👇
🚨 Fortinet CVE-2024-23113 - actively exploited by state-sponsored hackers - is now being exploited by cybercriminals who have reverse-engineered it and are selling access to compromised devices
If you haven't patched, restrict port 541 to approved IPs or enforce cert auth.
A plastic surgeon's office got hacked.
Patients info and nude photos before/after surgery was stolen.
A bunch of the women are suing - buckle up lets look at whats going on:
🧵 THREAD: A federal whistleblower just dropped one of the most disturbing cybersecurity disclosures I’ve ever read.
He's saying DOGE came in, data went out, and Russians started attempting logins with new valid DOGE passwords
Media's coverage wasn't detailed enough so I dug into his testimony:
This is the craziest shit I've ever heard.
A bunch of eBay security employees stalked and harassed a couple that wrote an article criticizing them. They even mailed them cockroaches?!
eBay just settled in court to pay the couple $3M - but the details of this one are insane:
23andMe offers two-factor authentication and urges all users to enable it.
It's a reminder for everyone to refrain from reusing passwords and to always use strong, unique credentials.
🚨 Zero-Click Vulnerability Alert: Microsoft patched a critical zero-click RCE vulnerability in Windows OLE (CVE-2025-21298).
9.8 on CVSS and allows attackers to exploit systems with no user interaction. - Just previewing an email.
Let’s break it down 🧵👇