Nate Hess

A Message To Our Customers

A cyberattack claimed by pro-Iran hackers has caused a “global network disruption” to a major US medical device maker, according to a company statement.
www.stryker.com/us/en/about/...

Cyberattack hits US medical equipment company Stryker, Iran-linked group’s logo reported Iranian-linked cyber group Handala claimed responsibility for the attack on social media.  

Cyberattack hits US medical equipment company Stryker, Iran-linked group's logo reported

OpenAI announced they'll now have ads in ChatGPT

It's slop inside of slop. It's recursive slop. Slopception.

Study concludes cybersecurity training doesn’t work A lot of companies use cybersecurity training to prevent phishing attacks. A UC San Diego study says they should find a better way to protect their digital assets.

Study concludes cybersecurity training doesn’t work

A UC San Diego study reveals that cybersecurity training is ineffective in preventing phishing attacks, suggesting companies should seek alternative methods to safeguard their digital assets.

Incredible talks so far at the Hybrid Identity Protection Conference. Glad I’m getting the chance to attend. #hipconf

Shoutout to @trustedsec.com for the free shirt! 🤙 love it!

Same! We always guess which one we’re going to get and see who wins.

Salty 2FA: Undetected PhaaS from Storm-1575 Hitting US and EU Industries  - ANY.RUN's Cybersecurity Blog Dive deeper into malware analysis of a PhaaS framework discovered by ANY.RUN's experts: Salty2FA, targeting industries in the USA and EU.

any.run/cybersecurit...

I drove to Orlando a few days ago from about the same distance and listened to my son sing that the whole way anyways, …so yes, definitely.

Well this isn’t going as expected #f1

Time to see how this weekend goes. #f1

Hackers

17K+ SharePoint Servers Exposed to Internet - 840 Servers Vulnerable to 0-Day Attacks A massive exposure of Microsoft SharePoint servers to internet-based attacks has been identified, with over 17,000 servers exposed and 840 specifically vulnerable to the critical zero-day vulnerability CVE-2025-53770, according to new findings from Shadowserver Foundation.

17K+ SharePoint Servers Exposed to Internet – 840 Servers Vulnerable to 0-Day Attacks

Flaw in Gemini CLI AI coding assistant allowed stealthy code execution A vulnerability in Google's Gemini CLI allowed attackers to silently execute malicious commands and exfiltrate data from developers' computers using allowlisted programs.

A vulnerability in Google's Gemini CLI allowed attackers to silently execute malicious commands and exfiltrate data from developers' computers using allowlisted programs.

PoisonSeed Hackers Bypass FIDO Keys Using QR Phishing and Cross-Device Sign-In Abuse Hackers bypass FIDO keys using spoofed portals and QR codes, exposing MFA weaknesses and risking user accounts.

thehackernews.com/2025/07/pois...

Mandating that orgs declare to Gov they paid a ransom isn’t the silver bullet some paint it as. Loopholes will be found or worse it will make paying potentially more socially acceptable. Governments are avoiding tackling the hard issues imo - one of those is more transparency in the crypto space.

Analysis PuTTY-setup.exe (MD5: BB50383EAC05377D7FEAE5B9C3024550) Malicious activity - Interactive analysis ANY.RUN Interactive malware hunting service. Live testing of most type of threats in any environments. No installation and no waiting necessary.

Always check your sources. The recently registered putty[.]network drops a botnet/c2.

app.any.run/tasks/8d1d72...

AI Creates Realistic Honeypots for Cybersecurity Trapping cybercriminals in artificial intelligence–enhanced honeypots can improve higher education institutions’ security posture.

AI Creates Realistic Honeypots for Cybersecurity | EdTech Magazine edtechmagazine.com/higher/artic...

Citrix Releases Emergency Patches for Actively Exploited CVE-2025-6543 in NetScaler ADC #cybersecurity #hacking #news #infosec #security #technology #privacy thehackernews.com/20...

Attackers Unleash TeamFiltration: Account Takeover Campaign (UNK_SneakyStrike) Leverages Popular Pentesting Tool | Proofpoint US Key takeaways  Proofpoint threat researchers have recently uncovered an active account takeover (ATO) campaign, tracked as UNK_SneakyStrike, using the TeamFiltration pentesting

www.proofpoint.com/us/blog/thre...

16 billion passwords for Google, Apple, Facebook leaked in massive data dump, report says It's one of the largest ever compilations of compromised passwords, Cybernews reports.

More than 16 billion login credentials for Google, Facebook, Apple and other platforms have been exposed in one of the largest databases of cybersecurity breaches of all time, according to a Cybernews report.
www.axios.com/2025/06/20/d...

#CanadianGP 🇨🇦 Moments!!

#formula1 #f12025

VIA: [F1]

Yelp was way ahead of Apple on this new design language.  #liquidglass

Microsoft, CrowdStrike, other cyber firms collaborate on threat actor taxonomy After years of confusion, leading threat-intelligence companies will streamline how they name threat groups.

www.cybersecuritydive.com/news/microso...

Excitement in my 30’s is opening the dishwasher and realizing it hasn’t been ran yet, so I can add to it without emptying it first.

If your article starts with something like “in today’s fast growing technological landscape” then I’m skipping it.

Chart showing the Top dual-use tools observed in all incidents by frequency for the year 2024.

Security Firm @SophosXOps published another report, this one on incidents at small and medium-sized businesses by @thepacketrat and Anna Szalay. One of the things I always look for in these reports are easy #cybersecurity wins -- and this report has a bunch […]

[Original post on infosec.exchange]

It’s not snow unless it sticks

His AI posts sound like paid scaremongering ads.

This also has my vote. Feels like this graphic conveys a HomePod/hub device with a display.