Please check your spam filters for today's Metacurity
Someone reported today's Metacurity as a phishing email, and Google has moved it to the spam folder. Please check, and if today's issue is in spam, please let Google know it's a safe email.
Some ChatGPT customers' data were exposed by a breach at vendor Mixpanel
Lazarus Group suspected of $30.6m breach of Upbit, Korea's shopping platform Coupang hacked by a former insider to access 30m customers' data, Lazarus Group and Kimsuky are DPRK's most prolific hackers, Korea arrests four for hacking 120K IP cameras, OnSolve CodeRED platform hit by attack, much more
Cyberattack on a critical third-party vendor could expose top banks' customer data
An insider shared internal CrowdStrike screenshots on Telegram, Hackers stole Salesforce-stored data from 200+ companies, DOGE has purportedly disbanded, Harvard is the latest Ivy to get hacked, AI models can sabotage coding projects, Singapore raids scam-connected firm, much more
Best infosec-related long reads for the week of 11/15/25
Scammers who go to unbelievable lengths, How to expose a DPRK hacker seeking IT work, A Kiwi hacker conference installed a literal anti-virus system, Trump is turning his back on supercharged disinformation, How the EU and US acted differently to the Collins Aerospace hack
SEC drops ill-fated cyberattack lawsuit against SolarWinds, CISO
FCC gets rid of Biden-era reporting rules addressing Salt Typhoon intrusions, Cybercrime money laundering network active in the UK bought a bank, Russian intel services funded former Wirecard exec's spy ring, Salesforce probes another third-party cyber incident, NSO appeals judge's ruling, much more
The US, UK, and Australia sanction Russian bulletproof hosting providers
Alice Guo sentenced to life for running scam compound, Samourai Wallet operator sentenced to four years, SK Telecom rejects breach mediation proposal, USBP is massively surveilling Americans, Trump to preempt state AI safety laws, Eternidade Stealer gets more aggressive in Brazil, much more
MI5 warns that China uses LinkedIn to recruit and compromise lawmakers
WhatsApp feature can extract 3.5B users' phone numbers, Police raid KT for allegedly hiding breach evidence, Beijing rumors cost TP-Link $1B, LG Energy Solution was hit by a cyberattack, Airlines won't sell passenger data to the US, Toronto schools weren't prepared for PowerSchool breach, much more
CISA says it will rebuild with more staff in 2026 to redress cuts in 2025
Microsoft’s Azure cloud computing service was hit with 15.7 Tbps DDoS attack, Russian telecom Protei was hacked and site defaced, Companies warn of inflexibility if UK bans ransom payments, A crew of companies reject efforts to weaken encryption, 460k FTSE compromised credentials found, much more
US issues seizure warrants for Starlink terminals in Myanmar cyberscam compounds
US citizens plead guilty to aiding DPRK IT worker fraud, $28B tied to cybercrime activity over the last two years, Princeton got hit by a data-stealing cyberattack, Anthropic's report of autonomous AI Chinese hacks hits pushback, Cybercom invests in cyberwarfare AI agents, much more
Best infosec-related long reads for the week of 11/8/25
Massive surveillance in Mexico City leaves crime high, Workplace surveillance can harm workers, Machine learning privacy attacks are less effective in reality than they are in theory, LLMs produce more secure code when trained on flaw-free code, Three major kinds of bots cause web resource headaches
Chinese state hackers used Anthropic to automate cyber intrusions
UK MoD knew of Excel's security risks before Afghan data leak, NHS investigates Clop's attack claims, ASUS patches DSL router critical flaws, DoorDash reveals October security incident, US feds warn of Akira's expanded encryption capabilities, Kraken is testing how fast it can encrypt, much more
Operation Endgame dismantled Rhadamanthys, VenomRAT, and Elysium
DC US Attorney launches investigation into crypto scams, APT exploited Citrix Bleed2 flaws in Cisco ISE, CISA orders patching of Cisco ASA and Firepower devices, Extremist group 764 member faces charges related to online child exploitation, Musk fumbles X security key switchover, much more