Vulnerable U
Infosec's favorite weekly newsletter for news, tools, and tips with 19,000+ CISOs, founders, change-makers, and straight up hackers.
Connect
The U.S. announced sanctions against a company and individual tied to major espionage attacks on the Treasury Department and U.S. telecom entities.
Biden's cybersecurity executive order, Anatomy of a voice phishing hack, PlugX malware campaign and subsequent FBI kill switch on it, Fortinet's bad week, FTC sues GoDaddy for not doing security basics, and much more!
The Star Blizzard threat group expanded its typical spear-phishing attack vector to target WhatsApp accounts.
The most serious flaw can lead to remote code execution
The three Windows Hyper-V vulnerabilities (CVE-2025-21333, CVE-2025-21334 and CVE-2025-21335) are being exploited.
The operation was made possible by the efforts of French authorities, who gained access to the C2 server
Fortinet released patches for an authentication bypass bug that is being exploited in the wild.
The operation was used to generate AI images from DALL-E using stolen API keys
Threat actors are trying to trick security researchers with fake PoC exploit code for a recently disclosed, high-severity Windows LDAP flaw.
The group is highly capable and has shown the ability to compromise many different targets
Gravy Analytics massive location data breach, Fake nuclear scare breakdown, License plate cameras open to the public, and so much more!
Threat actors are exploiting a vulnerability in Ivanti Connect Secure appliances.
