Wyden: AT&T, T-Mobile, and Verizon weren’t notifying senators of surveillance requests | TechCrunch - In the letter, Wyden, a longstanding member of the Senate Intelligence Committee, said that an investigation by his staff found that carriers were not notifying senators of legal requests — including from the White House — to surveil their phones. A report last year by the Inspector General, revealed that the Trump administration in 2017 and 2018 secretly obtained logs of calls and text messages of 43 congressional staffers and two serving House lawmakers, imposing gag orders on the phone companies that received the requests.
TeleMessage security SNAFU worsens • The Register - Evidence of an attack on administration officials appeared last week on leak site Distributed Denial of Secrets, hosted an archive of messages that included details of over 60 government workers, a White House staffer, and members of the Secret. Interviews with the hacker show that an overly permissive endpoint and sensitive data in logs allowed the hack to occur in less than 30 minutes.
Signal signals discontent with Microsoft Recall • The Register - Signal hijacks Microsoft’s DRM api to protect itself from Recall, Microsoft’s new all-encompassing spyware
Google extends sovereign cloud options over US anxieties • The Register - Google Distributed Cloud Air-Gapped offers non-US hosting options, with extensive data boundaries for those worried about US Tech companies, Geopolitics, and IP/Data security.
OpenPGP.js bug enables encrypted message spoofing • The Register - Signed messages can be spoofed on affected versions of OpenPGP.js. If attackers have a signed message, and the plaintext of a message they can spoof a “signed” message saying anything they want. Messages that are encrypted then signed are not subject to this attack. CVE-2025-47934 Users are advised to upgrade to either 5.11.3 or 6.1.1 as soon as possible to fix the problem. Versions 4.x aren’t affected.
Delta’s lawsuit against CrowdStrike given go-ahead • The Register - Judge allows Delta to move forward but have cut language from the case stating fraud by omission and intentional misrepresentation. Instead claiming negligence and computer trespass. Georgia law (where Delta is based) caps such lawsuits to under 10mil in this case, something Crowdstrike is counting on.
SaaS companies in firing line following Commvault attack • The Register - CISA warns of attacks against SaaS companies to pivot into our companies. CISA has released reports alongside Commvault of nation-states exploiting the SaaS vendor to move into customers M365 environments. A la BeyondTrust, Solarwinds, et al.
Mysterious hacking group Careto was run by the Spanish government, sources say | TechCrunch - Title says it all, check out a rare look at a Western governments hacking group, courtesy of Kaspersky Labs
Fake KeePass password manager leads to ESXi ransomware attack - Please only get your security software from secure sources. This vault let you save all your passwords, then installed a Cobalt Strike beacon, and shipped all your credentials off to the bad guys. Users were targeted through malvertising, malicious ads that intentionally point to wrong sites.
FTC finalizes order requiring GoDaddy to secure hosting services - FTC sticks to its guns,…er gavels? GoDaddy will be forced to implement a robust infosec program, secure APIs using HTTPS, setup vulnerability management and patching processes, and conduct security assessments regularly. Wait…they weren’t doing that??
Glitch to end app hosting and user profiles on July 8 - Glitch paid and free accounts gone after July 8th. Paid users get refunds, all apps will remain hosted until 2026, supposedly. Pull your projects now, while you can.
Teen to plead guilty to PowerSchool extortion attack • The Register - 19yo Assumption Uni student accepts plea deal for PowerSchool hack and extortion. Sometimes it really is a bad guy in a hoodie.
FBI, Microsoft, intl cops bust Lumma infostealer service • The Register - Lumma’s busted, but not disappeared. Microsoft and Govs found 1.7m thefts from Lumma with 400k Windows machines being infected currently. The public private partnership worked to pull thousands of domains offline across the globe.
Russian hackers breach orgs to track aid routes to Ukraine - Targeted organizations are located in the United States, Bulgaria, Chechnya, France, Germany, Greece, Italy, Moldova, Netherlands, Poland, Romania, Slovakia, and Ukraine hackers gained initial access using multiple techniques, among them:
- Credential guessing or brute force
- Spear-phishing for credentials
- Spear-phishing to deliver malware
- Exploiting the Outlook NTLM vulnerability CVE-2023-23397
- Leveraging vulnerabilities (CVE-2020-12641, CVE-2020-35730, CVE-2021-44026) in the Roundcube open-source webmail software
- Exploiting internet-facing infrastructure, corporate VPNs included, via public vulnerabilities and SQL injection
- Exploiting WinRAR vulnerability CVE-2023-38831 To hide the origin of the attack, APT28 routed their communication through compromised small office/home office devices that were in proximity to the target. For lateral movement and data extraction, native commands and open-source tools were used, like PsExec, Impacket, Remote Desktop Protocol, Certipy and ADExplorer to exfiltrate Active Directory information.
Chinese hackers breach US local governments using Cityworks zero-day - Utilities companies hit in Cityworks Zero Day. Attackers were observed trying to pivot to other utilities, gas, water, waste-water, electricity, etc….