Vulnerable U
Infosec's favorite weekly newsletter for news, tools, and tips with 25,000+ CISOs, founders, change-makers, and straight up hackers.
Connect
A phishing operation tied to Russian intelligence mimics Ukrainian paramilitary recruitment pages to unmask citizens opposing the war. Search engines helped rank the fakes — exposing users to surveillance, arrest, or worse.
Security researchers found a way to exfiltrate internal binaries and proto files from Google Gemini's Python sandbox—without breaking out of it.
A Russia-backed campaign is using deceptive documents to hack Ukraine-linked targets. Here's how the malware works and what defenders should watch for.
Nearly 900 spoofed domains impersonate defense and aerospace firms supporting Ukraine. Credential theft and malware delivery linked to large phishing ops.
Russia is abusing domain registrars to run global disinformation campaigns. Learn how spoofed infrastructure enables phishing, propaganda, and evasion.
Attackers are hiding malware in WordPress mu-plugins, bypassing detection and gaining persistent access. Learn how it works and how to secure your site.
SignalGate, Next.js auth vuln, Kubernetes major RCE bug, Chinese shell companies hiring laid off gov employees, and much more!
More CISA DOGE drama, US softening on Russia cyber defenses, 60M malware app downloads from Google Play Store, Massive Github supply chain hack, and much more!
