Latest issue of my curated #cybersecurity and #infosec list of resources for week #11/2025 is out!

It includes the following and much more:

➝ Alleged Co-Founder of #Garantex Arrested in India;

➝ X Suffered a #DDoS Attack;

➝ Microsoft #PatchTuesday Fixes 7 Zero-days;

➝ UK Hospital Discovered 5,000 to 10,000 Unknown Devices Connected to its Network;

➝ #NVIDIA Chips Smugglers Granted Bail in Singapore;

➝ #Tenable tested #DeepSeek's Ability to Generate #Malware;

➝ #OpenAI labelling DeepSeek as "state-controlled";

➝ New #Jailbreak Method called Context Compliance Attack (CCA) Works Against Most #AI Models

Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end

https://infosec-mashup.santolaria.net/p/template-infosec-mashup-xx-2025-7eb9e43f2aebd47f?utm_source=beehiiv&utm_medium=mastodon

@cR0w @mttaggart Another good approach, if you have Tenable.sc or Tenable.io is to uses Plugin ID 136618 which inventories all #vscode extensions. You can then look for the "long tail" to find suspicious extensions or legitimate services that use tunnels. (vscode server).

I've seen recipes to use a powershell command to get a list of extensions, but if your vuln scanner already does it... win.

Latest issue of my curated #cybersecurity and #infosec list of resources for week #31/2023 is out! It includes the following and much more:

➝ Researchers Uncover New High-Severity #Vulnerability in #PaperCut Software
➝ #Israel cybersecurity agency says no breach after senior official self-infects home PC with #malware
➝ CISA’s strategic plan adheres to overall Biden administration direction on cybersecurity
➝ Top 12 vulnerabilities list highlights troubling reality: many organizations still aren’t #patching
➝ Hacking tool #FlipperZero tracked by intelligence agencies, which fear white nationalists may deploy it against power grid
➝ Hundreds of #Citrix NetScaler ADC and Gateway Servers Hacked in Major Cyber Attack
➝ ️ Researchers jailbreak a #Tesla to get free in-car feature upgrades
➝ Industrial Control Systems Vulnerabilities Soar: Over One-Third Unpatched in 2023
➝ Russian hackers target govt orgs in #Microsoft Teams #phishing attacks
➝ #Rapid7 found a bypass for the recently patched actively exploited #Ivanti EPMM bug
➝ #Tenable CEO accuses Microsoft of negligence in addressing security flaw
➝ Hackers exploited #Salesforce zero-day in #Facebook phishing attack
➝ US internet hosting company appears to facilitate global #cybercrime, researchers say
➝ #China's #APT31 Suspected in Attacks on Air-Gapped Systems in Eastern Europe
➝ Schools Are Now the Leading Target for Cyber Gangs as Ransom Payments Encourage Attacks
➝ Possible Chinese Malware in US Systems - a ‘Ticking Time Bomb’
➝ Cybercriminals Renting #WikiLoader to Target Italian Organizations with Banking Trojan
➝ Microsoft downplays damaging report on Chinese hacking its own engineers vetted
➝ #Jordan adopts cybercrime law seen as threat to #freespeech
➝ Hacker Claims to Have Stolen Sensitive Medical Records from #Egypt's Ministry of Health
➝ #BankCard USA surrenders and pays #ransom

This week's recommended reading is: "Art of Software Security Assessment, The: Identifying and Preventing Software Vulnerabilities" by Mark Dowd, John McDonald, and Justin Schuh

Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end

https://infosec-mashup.santolaria.net/p/infosec-mashup-week-312023