GitHub is starting to have a real malware problem
pIn other news Russian intelligence services compromise thousands of Signal accounts Trivy vulnerability scanner compromised for supply chain attack FBI takes down Aisuru and Kimwolf botnetsppThis newsletter is brought to you by Authentik You can subscribe to an audio version of this newsletter as a podcast by searching for Risky Business in your podcatcher or subscribing via this RSS feedppGitHub is slowly becoming a very dangerous website as more and more threat actors are starting to use it to host and distribute malware disguised as legitimate software repositoriesppWhat started as an infrequent sighting in early 2024 is now at the center of an increasing number of infosec and malware reportsppThe tactic is usually the same A threat actor would take a legitimate repository add malware to the filestypically an infostealer or a remote access trojan and then upload the boobytrapped repo back on GitHubppThe attacker would then share links online like social media or forums or use blackhat SEO or malvertising campaigns to lure users to the malicious GitHub reposppAttackers were also seen pushing meaningless commits to their repos or using online services that sell GitHub stars and likes to keep the malicious clones at the top of GitHub search pageppBecause of the nature of GitHub a wellknown portal for hosting software releases users would normally think they landed on the page of an independent software developer and download and run the files without even thinking they might contain malwareppSome of these campaigns abused wellknown known software apps but just as many distributed slightly greymarket tools like gaming cheats and license key cracksppClusters discovered over time ranged from hundreds to thousands of repos at a time with several security vendors arguing that threat actors were using AI to automate campaigns and masspublish Github repositoriesppHere is a list of reports published on these campaigns over the past two yearsppAs can be seen from this timeline these campaigns have increased in frequency as threat actors have understood how efficient they can be Just like ClickFix these campaigns target inattentive users meaning theres an endless supply of new victimsppInitially threat actors were also abusing GitHubs trust factor with security tools but security firms are now taking notice As Golubin pointed out about the only one thats not taking notice appears to be GitHub itselfppJust like we saw ClickFix rear its ugly head on the malware landscape and everyone anticipated it would become a major problem going forward were also expecting this trend of fake GitHub repos to be a mainstay for the next few yearsppBut while security firms appear to be doing a good job spotting this were also gonna need GitHubs security team to step up Unfortunately on a platform designed to copy fork a project and create new versions of it clones spotting malicious additions to clones of legitimate repos might be quite the engineering problem to fixppThe main Risky Business podcast is now on YouTube with video versions of our recent episodes Below is our latest weekly show with Pat and Adam at the helmppTrivy supply chain attack A popular opensource vulnerability scanner was compromised last week in a supply chain attack Hackers compromised Aqua Securitys Trivy tool and used it to deploy malware to downstream users The malware included a backdoor that harvested credentials and a selfspreading worm impacting the npm ecosystem A financially motivated hacking group named TeamPCP took credit for the attack Aikido Security Aqua Security CrowdStrike GitHub advisory Socket Security Step Security WizppRansomware shuts down California city Foster City in California has shut down all public services after a ransomware attack last week All city services are down except emergency systems Officials are considering declaring a state of emergency in order to receive help from state and federal agencies The city has more than 30000 residents and is located 20 miles south of US tech hub San FranciscoppLA Metro cyberattack The Los Angeles Metro system has limited access to its internal system after a cyberattack Its unclear if this is ransomware but it likely is DysruptionHubppNavia breach Almost 27 million Americans had their data stolen after a security breach at employee benefits and retirement funds management platform Navia Social Security numbers and health plan information was included in the stolen data The breach was traced back to December but no other details were provided Navia Maine OAG California OAGppPossible NSCC leak NetAskari believes a recent hack and leak from Chinas National Super Computer Center of China NSCC might be realppRussian intel compromises thousands of Signal accounts Thousands of Signal and other secure messaging accounts have been compromised by Russian intelligence services The campaign targeted government officials military personnel and journalists Attackers posed as support staff and asked victims to share security codes which they used to link their own devices to the victims account and intercept communications The FBI and French authorities issued security alerts last week about the ongoing attacks Dutch intelligence agencies issued a similar warning earlier this monthppOfcom fines 4chan The UKs communications watchdog has fined 4chan 450000 for failing to implement an age verification system An additional 70000 for failing to set up its terms of service and failing to assess the risk of its content according to the UKs new Online Safety Act 4chan previously sued Ofcom in a US court in August challenging its authorityppGrapheneOS refuses to implement age verification Privacycentric mobile OS Graphene has vowed to remain private and not collect any personal user data or implement age verification checksppGrapheneOS will remain usable by anyone around the world without requiring personal information identification or an account GrapheneOS and our services will remain available internationally If GrapheneOS devices cant be sold in a region due to their regulations so be itppMicrosoft realizes it screwed up In a blog post last week Microsoft acknowledged it ignored customer complaints over Windows 11 The company promised to reduce Copilot integrations allow for more user customizations in the OS and cleaner and less buggy updates After the debacle of its Secure Future Initiative 20 Ill believe it when I see it This companys PR team is an expert at crisis management and empty wordsppWordPress adopts AI Automatting will allow thirdparty AI agents to help WordPresscom users write and draft contentppGoogle rewrites SERP headlines Google is running an experiment where it uses AI to rewrite and replace headlines in search results According to reports its doing a horrible job The VergeppAndroid to require 24h wait for sideloading apps Google will require Android users to wait 24 hours before enabling app sideloading on their devices The requirement will be a onetime waiting period when the sideloading feature is enabled for the first time The change will go live later this yearppUS AI framework The White House unveiled a national AI legislative framework that urges Congress to pass AI rules and preempt any state lawsppChina creates new telecom and cyber fraud alliance The Chinese government has invited other countries to join a new international alliance to fight telecom and cyber fraud The new international body will be headquartered in China and launch in September Beijing says twenty countries have expressed an interest in joining CommsRiskppIran internet outage not caused by strikes Irans internet outage has crossed the threeweek mark making it the largest internet outage in the countrys history The outage is being enforced by the government and is not the result of US and Israeli missile strikes on internet infrastructure According to multiple reports Iranian internet backbone networks have been up and maintained upstream connectivity in global BGP tables Kentik Krypt3ia NCC Group PDFppThe current ongoing near total Internet shutdown in Iran disconnecting Iranians from the global Internet is now longer than the January 2026 shutdown during nationwide protests This makes the current shutdown the longest shutdown IODA has documented in
Original post on mastodonsocialppSwitzerland deploys SCION Swiss telcos have deployed SCION a secure alternative to the internet routing protocol BGP Currently the system is used in the financial sector UBOSppRussia expands internet blackout to Sankt Petersburg The Russian government has extended its internet blackout from Moscow to its secondlargest city of Sankt Petersburg All mobile internet is down and experts expect mobile operators to roll out a whitelist of approved sites just like they did in MoscowppSt Petersburg just got its mobile internet fully cut Digital detox Russian editionppIn this Risky Business sponsor interview Casey Ellis chats to Fletcher Heisler founder and CEO of open source identity provider Authentik They chat about Extended Identity Access Management XIAM the companys new acronym that has been seven years in the makingppFBI takes down four botnets US authorities have seized the commandandcontrol servers of four IoT botnets involved in largescale DDoS attacks Servers for Aisuru KimWolf JackSkid and Mossad were seized on Friday by authorities in the US Canada and Germany The botnets powered DDoSforhire services Some of their attacks reached massive sizes as much as 30 TbpsppOperation Alice Europol has seized a network of more than 373000 dark web portals that promoted child pornography and cybercrimeasaservice portals The sites were traced to a 35yearold Chinese national The suspect allegedly made 345000 from selling CSAM material through the sites An international arrest warrant was issued in his nameppThree sentenced for helping DPRK IT workers Three Americans were sentenced last week for helping North Korea remote IT workers pose as USbased individuals The three provided their identities to attackers and hosted laptops at their premises Alexander Paul Travis of Augusta Georgia was sentenced to one year in prison while two others were ordered to forfeit earnings from the scheme Travis received a prison sentence because he was a member of the US Army at the time of the schemeppExtortionist convicted A jury has convicted a Charlotte man for hacking and extorting a former employer The incident took place in 2024 after Cameron Curry worked as a contracted IT data analyst for the unnamed company Curry was found guilty of stealing the firms data and then threatening to release it unless he was paid a huge 25 million ransomppClayRAT author detained in Russia Russian authorities have arrested a student from the city of Krasnodar for developing the ClayRAT Android spyware The student was detained two months after the malware was first spotted in the wild The RAT was used in campaigns targeting Russian organizations and was focused on the theft of financial information Rostelecom SolarppMusic streamer fraudster pleads guilty A North Carolina man has pleaded guilty to defrauding music streaming platforms with AIgenerated songs Michael Smith created hundreds of thousands of songs using AI tools uploaded the songs on popular streaming platforms and used bot accounts to boost their stats He made more than 8 million in royalties from platforms like Apple Music Spotify and YouTubeppAzure Monitor alert abuse Threat actors are abusing the Microsoft Azure Monitor service to send phishing emails Attackers are triggering alerts on their own accounts to send custom alerts to a mailing list that then forwards the mails to victims Since the emails came from a legit Azure Monitor account they bypass security solutions in targeted networks So far the technique has been used for callback phishing campaigns BleepingComputerppDormant malware activated Socket has spotted a cluster of dormant VSCode extensions getting activated over the weekendppMalicious ClawHub skills According to Raxe 4193 of the 238180 unique OpenClaw skills listed on ClawHub appear to be maliciousppFBI alert on Iranian threat actors The FBI has published a flash security alert on the use of Telegram as a malware commandandcontrol system by Iranian threat actors FBI Flash Alert PDFppTycoon2FA survives takedown The Tycoon2FA phishing service has restored its server infrastructure after a law enforcement takedown at the start of the month Phishing activity is now at pretakedown levels According to CrowdStrike the service also didnt bother changing its TTPsppA takedown without an arrest is usually just a pause episode 833
Theres also an asymmetry in that it often takes skilled personnel from several or even many agencies months to coordinate authorities and effect the technical aspects whereas 12 threat actors set it all up again in daysppCECbot DDoS botnet Security researchers have spotted a new IoT botnet that abuses an HDMI API to support universal remotes to take full control over a smart TV The new CECbot botnet uses this interface to turn on smart TVs and disable their screens while it silently carries out DDoS attacks It also uses the devices to portscan local networks and look for more devices to infect While CECbot abuses the HDMI interface the initial entry point for infections are still smart TVs running debug ports open on the internetppKeenadu Sophos published its own analysis of Keenadu a backdoor found planted in the firmware of Android tablets by Kaspersky last monthppGSocket backdoor SANS ISCd Xavier Mertens looks at a new Linux backdoor built around the GSocket networking utilityppRegPhantom backdoor Nextron Systems looks at RegPhantom a stealthy Windows kernel rootkit designed to give attackers code execution in kernel modeppICE Cloud AhnLab has published an analysis of ICE Cloud a new Gobased cloud vulnerability scanner and bruteforce toolppClayRAT Rostelecoms security team published a technical report on ClayRAT an Android spyware used since last year in attacks against Russian usersppMioLab stealer LevelBlue looks at MioLab aka Nova a new macOS infostealer offered through a MaaS portalppAuthentik is an opensource identity provider that is also offered with paid enterprise features In this demo CEO Fletcher Heisler and CTO Jens Langhammer walk Risky Business host Patrick Gray through an overview and a demo of the technologyppHead Mares PhantomPxPigeon backdoor The Head Mare APT is targeting Russian orgs with a new backdoor named PhantomPxPigeonppMuddyWater campaign Krypt3ia looks at a MuddyWater Mango Sandstorm espionage campaign that looks like a strategic prepositioning and intelligence collection operation Synaptics also looks at the groups Telegram naming patternsppLibyan espionage campaign Broadcom looks at an unattributed espionage campaign that hit a Libyan oil refinery a telecom organization and a state institution over the past monthsppUNKVaporVibes A suspected espionage operation is targeting personnel at Pakistani energy firmsppProofpoint identified a targeted campaign against operations personnel at energy firms linked to projects in Pakistan
The messages were sent on 18 March 2026 and mimicked invitations to the upcoming Pakistan Energy Exhibition Conference PEEC
We track the activity as UNKVaporVibes 18ppOracle outofband security update Oracle has released an outofband security update for its Identity Manager and Web Services Manager products Tracked as CVE202621992 the vulnerability can be exploited for unauthenticated remote code execution attacks Oracles normal quarterly security updates are planned for next monthppHimmelblau vulnerability gives root A vulnerability in a Linux enterprise app can allow attackers root access over devices The issue impacts Himmelblau an interoperability suite to integrate Linux with Entra ID and Intune networks Attackers with access to a Linux system running the app can abuse a symlink race condition CVE202631979 in the app to elevate privileges over the entire system AkamaippGainsight bugs Rapid7 has found two vulnerabilities in the Gainsight Assist email template plugin that can be used to attack email clientsppQNAP security updates QNAP has released eleven security updates over the weekend to address issues in multiple software productsppOpenWrt security updates The OpenWrt opensource router firmware project has released four security updatesppCampusNet vulnerability The details of 11 million German students were exposed online The leak impacted CampusNet an IT system used by 22 German universities Fixes were rolled out within days at most affected entities CCCppClaudy Day vulnerabilities Oasis Security has found three vulnerabilities in the Claude platform that can be abused for oneclick attacks that manipulate prompts and steal user datappToxic data flows in MCP servers A scan of 5100 MCP servers found that 555 had toxic data flows which refers to a combination of agent calls that could be abused for malicious actionsppLangflow exploitation starts within a day Threat actors began exploiting a recent vulnerability in Langflow AI servers as soon as a patch was available Tracked as CVE202633017 the vulnerability allows threat actors to run malicious code via the Langflow API without needing to authenticate Cloud security firm Sysdig spotted attacks 20 hours after the patch was released giving companies almost no time to install fixesppMore n8n exploited bugs While CISA added one n8n bug to its KEV database VulnCheck says two other bugs are also being exploited in the wild and should also be on the listppKEV update CISA has updated its KEV database with five vulnerabilities that are currently exploited in the wild ppThreattrend reports AgentSeal Ernst Young Recorded Future and Red Canary have recently published reports and summaries covering various threats and infosec industry trendsppNew toolAurelian Security firm Praetorian has released Aurelian a new cloud security reconnaissance framework It detects secrets misconfigurations public exposure and privilege escalation paths across AWS Azure and GCP from a single CLIppNew toolStitch Google has launched Stitch a tool for designing user interfaces using artificial intelligenceppNew toolPhantom Offensive security researcher MrZ has released Phantom a new toolkit for IISbased lateral movement and code execution within the IIS memoryppNew toolApatchy Security researcher Shaq has opensourced Apatchy a fuzzing framework for Apache HTTPDppBSides SF 2026 streams Live streams from the BSides San Francisco 2026 security conference which took place over the weekend are available on YouTubeppBSides Zagreb 2026 videos Talks from the BSides Zagreb 2026 security conference which took place earlier this month are now available on YouTubeppIn this edition of Seriously Risky Business Tom Uren and Amberleigh Jack talk about how successfully achieving Americas war goals could force Iran to double down on cyber power Its resilient to bombing and is the cheapest quickest way for the regime to get some wins postwarppWe recently also launched a new podcast series called Risky Business Features In this episode James Wilson takes a ridiculously deep dive into the Coruna exploit kitppIn other news US government wants Mythos access Supreme Court hacker gets no prison time ransomware kingpin arrested in KazakhstanppIn other news Russia tried to disrupt Swedish power plant EU releases age verification app OpenAI announces its own private cyber modelppYour weekly dose of Seriously Risky Business news is written by Tom Uren and edited by Amberleigh Jack This weeks edition is sponsored by Corelight
You can hear a podcast discussion of this newsletter by searching for Risky Business News in your podcatcher or subscribing viappIn other news Fake Ledger cryptowallet stole 95m in two weeks Silent group hit almost 40 law firms in a year Google cracks down on back button hijacking pp
Risky Business publishes cybersecurity newsletters and podcasts for security professionals
ppp
Original post on mastodonsocialppSwitzerland deploys SCION Swiss telcos have deployed SCION a secure alternative to the internet routing protocol BGP Currently the system is used in the financial sector UBOSppRussia expands internet blackout to Sankt Petersburg The Russian government has extended its internet blackout from Moscow to its secondlargest city of Sankt Petersburg All mobile internet is down and experts expect mobile operators to roll out a whitelist of approved sites just like they did in MoscowppSt Petersburg just got its mobile internet fully cut Digital detox Russian editionppIn this Risky Business sponsor interview Casey Ellis chats to Fletcher Heisler founder and CEO of open source identity provider Authentik They chat about Extended Identity Access Management XIAM the companys new acronym that has been seven years in the makingppFBI takes down four botnets US authorities have seized the commandandcontrol servers of four IoT botnets involved in largescale DDoS attacks Servers for Aisuru KimWolf JackSkid and Mossad were seized on Friday by authorities in the US Canada and Germany The botnets powered DDoSforhire services Some of their attacks reached massive sizes as much as 30 TbpsppOperation Alice Europol has seized a network of more than 373000 dark web portals that promoted child pornography and cybercrimeasaservice portals The sites were traced to a 35yearold Chinese national The suspect allegedly made 345000 from selling CSAM material through the sites An international arrest warrant was issued in his nameppThree sentenced for helping DPRK IT workers Three Americans were sentenced last week for helping North Korea remote IT workers pose as USbased individuals The three provided their identities to attackers and hosted laptops at their premises Alexander Paul Travis of Augusta Georgia was sentenced to one year in prison while two others were ordered to forfeit earnings from the scheme Travis received a prison sentence because he was a member of the US Army at the time of the schemeppExtortionist convicted A jury has convicted a Charlotte man for hacking and extorting a former employer The incident took place in 2024 after Cameron Curry worked as a contracted IT data analyst for the unnamed company Curry was found guilty of stealing the firms data and then threatening to release it unless he was paid a huge 25 million ransomppClayRAT author detained in Russia Russian authorities have arrested a student from the city of Krasnodar for developing the ClayRAT Android spyware The student was detained two months after the malware was first spotted in the wild The RAT was used in campaigns targeting Russian organizations and was focused on the theft of financial information Rostelecom SolarppMusic streamer fraudster pleads guilty A North Carolina man has pleaded guilty to defrauding music streaming platforms with AIgenerated songs Michael Smith created hundreds of thousands of songs using AI tools uploaded the songs on popular streaming platforms and used bot accounts to boost their stats He made more than 8 million in royalties from platforms like Apple Music Spotify and YouTubeppAzure Monitor alert abuse Threat actors are abusing the Microsoft Azure Monitor service to send phishing emails Attackers are triggering alerts on their own accounts to send custom alerts to a mailing list that then forwards the mails to victims Since the emails came from a legit Azure Monitor account they bypass security solutions in targeted networks So far the technique has been used for callback phishing campaigns BleepingComputerppDormant malware activated Socket has spotted a cluster of dormant VSCode extensions getting activated over the weekendppMalicious ClawHub skills According to Raxe 4193 of the 238180 unique OpenClaw skills listed on ClawHub appear to be maliciousppFBI alert on Iranian threat actors The FBI has published a flash security alert on the use of Telegram as a malware commandandcontrol system by Iranian threat actors FBI Flash Alert PDFppTycoon2FA survives takedown The Tycoon2FA phishing service has restored its server infrastructure after a law enforcement takedown at the start of the month Phishing activity is now at pretakedown levels According to CrowdStrike the service also didnt bother changing its TTPsppA takedown without an arrest is usually just a pause episode 833
Theres also an asymmetry in that it often takes skilled personnel from several or even many agencies months to coordinate authorities and effect the technical aspects whereas 12 threat actors set it all up again in daysppCECbot DDoS botnet Security researchers have spotted a new IoT botnet that abuses an HDMI API to support universal remotes to take full control over a smart TV The new CECbot botnet uses this interface to turn on smart TVs and disable their screens while it silently carries out DDoS attacks It also uses the devices to portscan local networks and look for more devices to infect While CECbot abuses the HDMI interface the initial entry point for infections are still smart TVs running debug ports open on the internetppKeenadu Sophos published its own analysis of Keenadu a backdoor found planted in the firmware of Android tablets by Kaspersky last monthppGSocket backdoor SANS ISCd Xavier Mertens looks at a new Linux backdoor built around the GSocket networking utilityppRegPhantom backdoor Nextron Systems looks at RegPhantom a stealthy Windows kernel rootkit designed to give attackers code execution in kernel modeppICE Cloud AhnLab has published an analysis of ICE Cloud a new Gobased cloud vulnerability scanner and bruteforce toolppClayRAT Rostelecoms security team published a technical report on ClayRAT an Android spyware used since last year in attacks against Russian usersppMioLab stealer LevelBlue looks at MioLab aka Nova a new macOS infostealer offered through a MaaS portalppAuthentik is an opensource identity provider that is also offered with paid enterprise features In this demo CEO Fletcher Heisler and CTO Jens Langhammer walk Risky Business host Patrick Gray through an overview and a demo of the technologyppHead Mares PhantomPxPigeon backdoor The Head Mare APT is targeting Russian orgs with a new backdoor named PhantomPxPigeonppMuddyWater campaign Krypt3ia looks at a MuddyWater Mango Sandstorm espionage campaign that looks like a strategic prepositioning and intelligence collection operation Synaptics also looks at the groups Telegram naming patternsppLibyan espionage campaign Broadcom looks at an unattributed espionage campaign that hit a Libyan oil refinery a telecom organization and a state institution over the past monthsppUNKVaporVibes A suspected espionage operation is targeting personnel at Pakistani energy firmsppProofpoint identified a targeted campaign against operations personnel at energy firms linked to projects in Pakistan
The messages were sent on 18 March 2026 and mimicked invitations to the upcoming Pakistan Energy Exhibition Conference PEEC
We track the activity as UNKVaporVibes 18ppOracle outofband security update Oracle has released an outofband security update for its Identity Manager and Web Services Manager products Tracked as CVE202621992 the vulnerability can be exploited for unauthenticated remote code execution attacks Oracles normal quarterly security updates are planned for next monthppHimmelblau vulnerability gives root A vulnerability in a Linux enterprise app can allow attackers root access over devices The issue impacts Himmelblau an interoperability suite to integrate Linux with Entra ID and Intune networks Attackers with access to a Linux system running the app can abuse a symlink race condition CVE202631979 in the app to elevate privileges over the entire system AkamaippGainsight bugs Rapid7 has found two vulnerabilities in the Gainsight Assist email template plugin that can be used to attack email clientsppQNAP security updates QNAP has released eleven security updates over the weekend to address issues in multiple software productsppOpenWrt security updates The OpenWrt opensource router firmware project has released four security updatesppCampusNet vulnerability The details of 11 million German students were exposed online The leak impacted CampusNet an IT system used by 22 German universities Fixes were rolled out within days at most affected entities CCCppClaudy Day vulnerabilities Oasis Security has found three vulnerabilities in the Claude platform that can be abused for oneclick attacks that manipulate prompts and steal user datappToxic data flows in MCP servers A scan of 5100 MCP servers found that 555 had toxic data flows which refers to a combination of agent calls that could be abused for malicious actionsppLangflow exploitation starts within a day Threat actors began exploiting a recent vulnerability in Langflow AI servers as soon as a patch was available Tracked as CVE202633017 the vulnerability allows threat actors to run malicious code via the Langflow API without needing to authenticate Cloud security firm Sysdig spotted attacks 20 hours after the patch was released giving companies almost no time to install fixesppMore n8n exploited bugs While CISA added one n8n bug to its KEV database VulnCheck says two other bugs are also being exploited in the wild and should also be on the listppKEV update CISA has updated its KEV database with five vulnerabilities that are currently exploited in the wild ppThreattrend reports AgentSeal Ernst Young Recorded Future and Red Canary have recently published reports and summaries covering various threats and infosec industry trendsppNew toolAurelian Security firm Praetorian has released Aurelian a new cloud security reconnaissance framework It detects secrets misconfigurations public exposure and privilege escalation paths across AWS Azure and GCP from a single CLIppNew toolStitch Google has launched Stitch a tool for designing user interfaces using artificial intelligenceppNew toolPhantom Offensive security researcher MrZ has released Phantom a new toolkit for IISbased lateral movement and code execution within the IIS memoryppNew toolApatchy Security researcher Shaq has opensourced Apatchy a fuzzing framework for Apache HTTPDppBSides SF 2026 streams Live streams from the BSides San Francisco 2026 security conference which took place over the weekend are available on YouTubeppBSides Zagreb 2026 videos Talks from the BSides Zagreb 2026 security conference which took place earlier this month are now available on YouTubeppIn this edition of Seriously Risky Business Tom Uren and Amberleigh Jack talk about how successfully achieving Americas war goals could force Iran to double down on cyber power Its resilient to bombing and is the cheapest quickest way for the regime to get some wins postwarppWe recently also launched a new podcast series called Risky Business Features In this episode James Wilson takes a ridiculously deep dive into the Coruna exploit kitppIn other news US government wants Mythos access Supreme Court hacker gets no prison time ransomware kingpin arrested in KazakhstanppIn other news Russia tried to disrupt Swedish power plant EU releases age verification app OpenAI announces its own private cyber modelppYour weekly dose of Seriously Risky Business news is written by Tom Uren and edited by Amberleigh Jack This weeks edition is sponsored by Corelight
You can hear a podcast discussion of this newsletter by searching for Risky Business News in your podcatcher or subscribing viappIn other news Fake Ledger cryptowallet stole 95m in two weeks Silent group hit almost 40 law firms in a year Google cracks down on back button hijacking pp
Risky Business publishes cybersecurity newsletters and podcasts for security professionals
ppp
