Founder of @vuln_u | Long Island elder emo surviving in ATX | AI and Cybersecurity news from an 18yr industry vet

🚨 Exciting thing🚨 I'm getting back to my content creation roots. I've missed blogging, podcasting, and community engagement from back before I worked for big companies with scary PR teams. So... I'm launching a newsletter called Vulnerable U. vulnu.beehiiv.com
22
40
290
201,862
🧵 THREAD: A federal whistleblower just dropped one of the most disturbing cybersecurity disclosures I’ve ever read. He's saying DOGE came in, data went out, and Russians started attempting logins with new valid DOGE passwords Media's coverage wasn't detailed enough so I dug into his testimony:
2,128
28,072
91,131
9,909,017
🚨BREAKING: Genetics firm 23andMe confirms user data theft in a credential stuffing attack. The hackers released 1 million lines of data targeting Ashkenazi Jews.
Community note
More context: the company’s servers were not breached. The attackers logged in to user accounts that had simple or reused passwords, and leveraged the “DNA relatives” feature to gain more information. “The information does not appear to include actual, raw genetic data.” wired.com/story/23andme-
582
5,071
19,482
5,849,284
So U.S. uses backdoors in it's own Internet providers to spy on it's citizens. China says "don't mind if we do" and backdoors the backdoors. They sat for months undetected on the U.S. wiretap system for Verizon, AT&T, and more...
320
3,437
20,003
1,204,010
The DoJ just busted a massive scam involving North Korean IT workers infiltrating major US companies. They had some help in the US and were posing as remote freelancers to siphon off money and sensitive info. Holy crap, here's what we know:
108
3,368
16,083
3,154,882
Gentle parenting your way through leaking military plans in a group chat.
186
3,013
17,316
296,087
🚨 Woah. An intentional backdoor discovered in encrypted radio comms used globally for over 25 years. Buckle up!
180
2,734
12,888
3,101,643
Best cosplay of 2024?
24
930
10,917
582,500
Who’s the whistleblower? Daniel Berulis — a senior DevSecOps architect at the National Labor Relations Board (NLRB), formerly with TS/SCI clearance. He just told Congress the Department of Government Efficiency (DOGE) pulled off a covert cyber op inside a federal agency.
109
2,116
11,036
819,814
The most daming claim in this statement IMO: Within 15 minutes of DOGE accounts being created… Attackers in Russia tried logging in using those new creds. Correct usernames and passwords. 2 options here. The DOGE device was hacked. And I don't think I need to explain the 2nd.
94
2,209
9,842
555,428
DOGE demanded root access. Not auditor access. Not admin. They were given “tenant owner” privileges in Azure — full control over the NLRB’s cloud, above the CIO himself. This is never supposed to happen.
68
1,889
9,702
555,587
They disabled the logs. Berulis says DOGE demanded account creation with no recordkeeping. They even ordered security controls bypassed and disabled tools like network watcher so their actions wouldn’t be logged.
40
1,586
8,767
505,752
Imagine being in infosec and proudly announcing all the false positives you blocked.
Display of oversized liquids, gels and aerosols that travelers had in their carry-on bags at the ⁦@SyracuseAirport@TSA Checkpoint in a 3-day span. The limit for liquids through a checkpoint is 3.4 oz.
81
1,224
7,422
Turns out the parent company of Temu has a history of publishing malware into their Android apps Let's dig in:
70
1,044
7,782
1,826,532
So let me get this straight A teenager hacked Nvidia. Was arrested. Got out on bail Under supervision and without his laptop, hacked Rockstar to steal unreleased GTA 6 info How'd he do that without a laptop, you ask? With the hotel TV and a Fire Stick bbc.com/news/technology-6766…
160
670
7,759
1,102,375
Then came the intimidation. While preparing this disclosure, Berulis found a drone surveillance photo of himself taped to his front door with a threatening note. This was just a few days ago.
43
1,389
7,802
338,474
Okta got hacked. Leading to impact for CloudFlare, 1Password, and BeyondTrust. Here's everything we know about it:
119
1,898
7,290
1,644,629
And then the data started flowing out. 10+ GB spike in outbound traffic Exfiltration from NxGen, the NLRB's legal case database No corresponding inbound traffic Unusual ephemeral containers and expired storage tokens
30
1,203
7,528
459,125
Multi-factor authentication? Disabled. Someone downgraded Azure conditional access rules — MFA was off for mobile. This was not approved and not logged.
15
1,014
6,956
350,190
US-CERT was about to be called in. CISA’s cyber response team. But senior officials told them to stand down — no report, no investigation.
42
1,093
6,887
314,078
What. The.
137
993
6,569
1,368,010
They used an external library that used AWS IP pools to rotate IPs for scraping and brute force attacks. They downloaded external GitHub tools like requests-ip-rotator and browserless — neither of which the agency uses.
21
926
6,342
391,530
Cost spikes without new resources. Azure billing jumped 8% — likely from short-lived high-cost compute used for data extraction, then deleted.
15
809
5,980
324,795
⚠️ Breaking: North Korea just burned an 0-Day in Chromium. They used it to install a Windows rootkit and the campaign targeted cryptocurrency platforms and users. Here's what we know:
50
977
5,250
815,983
Oh God yes.
42
1,664
4,927
One of the biggest hacks of the year has mainly gone untalked about. A Chinese hacker group compromised a $57 billion chip manufacturer in 2017. They weren't discovered for over 2 years. Here's everything we know:
35
812
4,007
1,456,841
When your cybersecurity team makes you use a different password for every site.
52
541
3,603
331,164
Perspective is really important. It could be a lot worse. You could be this person:
288
284
3,578
713,056
Whelp. Another North Korean laptop farm just got taken down in the US. This time at a guy's house in Nashville. The NK team made over $250k for their remote work between 2022 and 2023. Hey if someone shows up and asks you to host a pile of laptops at your house, just say no?
56
370
3,437
472,456
Nope. You’re doing great! Keep going Kylie!
84
136
3,714
177,128
She’s being acquired by Cisco.
Peppa Pig has a “big surprise” to be announced tomorrow.
93
309
3,198
311,755
Holy crap. People are getting an ultimatum at their pharmacies this week - pay full price out of pocket or go without their meds. All due to a ransomware attack. Let's dig in:
56
693
2,946
741,116
Here is the original reporting by NPR on this story - npr.org/2025/04/15/nx-s1-535…
117
485
3,037
368,676
What in the hell?! A group of cybercriminals has filed an SEC complaint against a company for not disclosing a data breach. Here's what we know and what this might mean for the future of ransomware:
63
403
2,759
567,672
🚨 A new vulnerability found in Telegram that can grant access to your camera and microphone. Found by an engineer at Google, reported to Telegram and they haven't addressed it. So now we get a detailed public disclosure! How this works and what it means for your privacy 👇
73
921
2,509
805,917
Hey remember the Okta breach impacting just 1% of their users? Jk they just figured out all their customers were impacted.
49
474
2,494
396,033
This is too f’n funny.
29
281
2,658
50,269
Why all phishing education is fruitless. This is a legitimate email I just got from a doctor’s payment processor.
68
204
2,288
This woman also hosted laptops from US companies to spoof locations This bypassed any geofencing making it seem like the North Korean workers were based in the US.
9
244
2,209
181,101
🚨 GitHub and GitLab comments are being abused to push malware via Microsoft repo URLs. Let's dive in:
21
408
2,394
585,939
Oh my
12
265
2,311
148,432
On May 16, the DOJ indicted five people connected to this scheme. One is an Arizona woman who helped North Korean IT workers by validating stolen identities, making them look like US citizens.
11
270
2,008
181,253
🚨 Woah. Crazy new research paper I just read. Remotely and inaudibly issue commands to Alexa, Siri, Google Assistant, etc. "allows attackers to deliver security-relevant commands via an audio signal between 16 and 22 kHz (often outside the range of human adult hearing)" 🔊
37
686
2,164
542,370
The scheme has raked in millions of dollars in wages from over 300 companies. This money likely supports North Korea's regime, including its nuclear weapons program, according to the FBI.
10
212
1,881
148,929
TARGETED LEAK: The initial data leak was limited but deeply concerning. The threat actor released 1 million lines of data specifically for Ashkenazi people. This targeted attack raises serious questions about the motive behind the breach.
36
296
1,880
480,686
I want to throw up
131
130
1,961
How they operated: North Korean operatives are stationed in countries like China, Russia, and parts of Eastern Europe and Southeast Asia. They then use fake documents and buy accounts to get remote jobs in the States.
8
282
1,838
185,552
U.S. labs keep finding *undocumented* cellular radios hidden inside some Chinese-made solar inverters & battery packs Those radios give the gear a second, undocumented path to the internet. Global governments are reacting already: 🧵
71
386
2,129
209,951
Internet Explorer being developed by a bunch of strung out people going through divorces makes the most sense of anything I’ve heard recently.
15
224
1,859
23andMe, a renowned U.S. biotech & genomics firm, offers genetic testing services. A threat actor recently leaked data samples from the firm and is now selling 23andMe customer data packs.
28
393
1,747
557,192
The leaked data includes full names, usernames, profile photos, sex, date of birth, genetic ancestry results, and geographical location. This is a goldmine for identity thieves and malicious actors.
18
303
1,748
313,922
The Okta hack that keeps on giving! Cloudflare announced a new data breach today in it's continued battle against creds stolen during a previous Okta hack Let's dig in:
20
310
1,934
393,063
North Korea's government is highly motivated due to heavy international sanctions. They've been behind major cyber heists like the $81 million stolen from Bangladesh Bank via the SWIFT system in 2016.
3
154
1,650
136,746
Are you kidding me? Who had "actually suffering ransomware attacks is good for business" on your bingo card? That's what is going on at United Healthcare:
35
251
1,699
388,799
Holy crap - SEC Charges SolarWinds and Chief Information Security Officer with Fraud, Internal Control Failures sec.gov/news/press-release/2…
30
430
1,727
377,588
Holy hell, security researchers figured out how to bypass TSA and potentially get into a cockpit with super basic SQL Injection. I can’t get over this one.
30
282
1,759
119,744
Kevin Briggs, a senior advisor at CISA, has publicly revealed ongoing vulnerabilities in U.S. telecom networks. TL;DR - He has evidence vulns in teleco's are being used to track and spy on U.S. citizens. Buckle up, here's what we know:
26
372
1,719
394,990
The head of security at Canva shared this on LinkedIn. I don't see him on Twitter to tag for credit, but I needed to share as it's pure gold.
12
284
1,710
351,178
Woah. Unicode 'n' characters in a domain name as a super dangerous spoofed cryptocurrency exchange. Even has an SSL cert.
74
1,160
1,644
You find a Raspberry Pi plugged into a network switch at work. What do you do?
525
186
1,648
Google uncovered evidence that Russian government hackers (APT29) are using exploits "identical or strikingly similar" to those developed by spyware companies Intellexa and NSO Group. And we don't know how they got their hands on it... Here's what we know: 🧵
25
371
1,663
258,378
Hackers are using Google Tag Manager (GTM) to inject credit card skimmers into E-commerce sites. At least 6 compromised sites identified so far. Here's what we're seeing. 👇
25
423
1,724
194,942
Facilitators, or "mules," are key players in this operation. They manage multiple fake identities and handle risky tasks like job interviews and drug tests, then pass the credentials to the actual North Korean workers.
3
120
1,411
135,788
New series of Palo Alto Networks vulnerabilities, chained together for a bad time. “We find that a simple request to that exact endpoint over the web service resets the admin password.” Well, I don’t like the sound of that… 🧵
24
288
1,592
170,824
These facilitators make big money. For example, a Ukrainian facilitator managed about 870 identities and hosted 80 computers, earning over $900,000 over six years.
10
107
1,352
115,047
Replying to @nealagarwal
none of these words are in the Bible
23
41
1,432
147,669
This is ridiculous. Why is a mattress company collecting this kind of data?
94
111
1,412
205,033
Oh no. A lot of people gonna have a bad day.
41
195
1,515
80,500
A vulnerability in the way Google implements OAuth was disclosed publicly today and is still not fixed. It can let employees retain indefinite access to applications like Slack and Zoom after they're offboarded. Let's dig in:
13
276
1,436
288,312
I think infosec should start hiring librarians for documentation, education, and research.
53
155
1,316
Betterhelp gave personal mental health info over to Meta and Snapchat for advertising purposes. $7.8 million fine is a blip for them and won’t buy a coffee for each victim.
31
687
1,248
516,265
The IT workers, often highly skilled, work under harsh conditions with strict oversight. Their activities include cryptojacking, targeting security researchers(!!!), and other cyber attacks to fund the regime.
5
126
1,175
103,791
On October 4, the hacker offered to sell data profiles in bulk, ranging from $1-$10 per 23andMe account, depending on the quantity purchased.
16
158
1,188
314,608
I'm hearing reports of a sophisticated 'MFA Bombing' attack that targets Apple users, exploiting a flaw in Apple's password reset feature. Let's dive in:
14
360
1,305
298,491
I got a quote for $17k to install a gate. So I did the damn thing myself for less than $250
59
21
1,285
The encryption algorithms used in TETRA were kept secret until a group of Dutch researchers got their hands on them and found severe flaws, including a deliberate backdoor. This backdoor could allow someone to snoop on communications and potentially send harmful commands.
7
134
1,254
204,503
A former TOR operator is in and out of jail. His wife has been posting footage of the Marshalls coming to the house and messing with them and their dog. I read the whole court transcript, pls never put me in a situation where I need to be talking about Linux VMs in court...
19
147
1,307
43,988
23andMe's RESPONSE: The company confirmed the data's legitimacy. They believe the hackers used credentials from other breaches to access 23andMe accounts. "We do not have any indication at this time that there has been a data security incident within our systems."
9
138
1,127
293,709
Does anyone else just really want to hire him?
21
7
1,251
74,385
My day job changed today. I'm now the head of Software Security @ Reddit. 🎉
129
15
1,230
79,738
The technology in question is a European radio standard called TETRA (Terrestrial Trunked Radio). It's used in radios made by Motorola, Damm, Hytera, and others and is embedded in critical infrastructure like pipelines, railways, and the electric grid.
6
144
1,196
244,261
The compromised accounts had opted into the platform's 'DNA Relatives' feature. The hacker accessed a few 23andMe accounts and scraped the data of their DNA Relative matches, showing the potential risks of such features.
9
160
1,079
259,717
Who's applying?
108
46
1,188
358,200
This is an absolutely wild one by @iangcarroll and @samwcyo The most basic SQL injection ever in the Known Crewmember (KCM) and Cockpit Access Security System (CASS) used by airlines and TSA. Literally ' OR 1=1 got them admin access. Here's what we know:
21
198
1,199
174,525
If I need to install a keylogger for a job interview - I'll not be interviewing for that job.
Replying to @nv_sonti
@amazon you can put an end to people cheating on your interviews! Happy to chat: dub.sh/try-onsiteful
9
81
1,209
29,108
I wasn't part of your threat model.
11
701
1,043
I just got a DM that Bandcamp is mass-emailing people with their plaintext passwords where their first names should be. This also means they're storing them in plaintext... Did anyone else get these?
Community note
They are sending User ID's not passwords. nitter.app/Maxwellcrafter
34
72
1,126
222,093
🚨 Wow. Imagine waking up, and your entire company's online presence is erased. Email. Domain. Documents. Databases. Gone Poof. Well, that's what happened to customers of two hosting providers this week. 👇
31
447
1,111
454,978
How does your company verify remote worker identities? Would your process stand up to this threat?
15
81
996
82,180
🚨 Fortinet CVE-2024-23113 - actively exploited by state-sponsored hackers - is now being exploited by cybercriminals who have reverse-engineered it and are selling access to compromised devices If you haven't patched, restrict port 541 to approved IPs or enforce cert auth.
19
204
1,141
195,146
*gently puts us-west-2 in rice*
8
65
1,045
A plastic surgeon's office got hacked. Patients info and nude photos before/after surgery was stolen. A bunch of the women are suing - buckle up lets look at whats going on:
25
197
1,095
267,166
Just the high accuracy
19
86
1,025
Replying to @CanFamilyMan
They used correct creds and got geo blocked.
32
17
1,118
45,955
Here is the original reporting by NPR on this story - npr.org/2025/04/15/nx-s1-535…
🧵 THREAD: A federal whistleblower just dropped one of the most disturbing cybersecurity disclosures I’ve ever read. He's saying DOGE came in, data went out, and Russians started attempting logins with new valid DOGE passwords Media's coverage wasn't detailed enough so I dug into his testimony:
46
458
1,120
431,504
This is the craziest shit I've ever heard. A bunch of eBay security employees stalked and harassed a couple that wrote an article criticizing them. They even mailed them cockroaches?! eBay just settled in court to pay the couple $3M - but the details of this one are insane:
19
150
1,038
185,830
23andMe offers two-factor authentication and urges all users to enable it. It's a reminder for everyone to refrain from reusing passwords and to always use strong, unique credentials.
18
118
936
224,350
🚨 Zero-Click Vulnerability Alert: Microsoft patched a critical zero-click RCE vulnerability in Windows OLE (CVE-2025-21298). 9.8 on CVSS and allows attackers to exploit systems with no user interaction. - Just previewing an email. Let’s break it down 🧵👇
12
237
1,093
132,843