Illusion of Security

Cisco says hackers have been exploiting a critical bug to break into big customer networks since 2023 | TechCrunch The U.S. government and its allies said hackers have been exploiting the newly identified bug in Cisco networking gear around the world for years, and urged organizations to patch.

Cisco's Critical Bug Exploitation techcrunch.com/2026/02/26/c...

What is a T.O.A.D. attack?

The acronym T.O.A.D. stands for Telephone-Oriented Attack Delivery. Which is an advanced cyberattack known as smishing that blends both emails, text messages & voice calls as well as social engineering to manipulate users into revealing sensitive data & information.

When Zoom Phishes You: Unmasking a Novel TOAD Attack Hidden in Legitimate Infrastructure Prophet AI discovered a novel TOAD attack weaponizing Zoom’s legitimate infrastructure to bypass Secure Email Gateways. Learn how attackers abuse "Display Names" to mimic PayPal and how Prophet AI det...

Zoom's T.O.A.D. attack
www.prophetsecurity.ai/blog/when-zo...

SolarWinds Fixes Four Critical Web Help Desk Flaws With Unauthenticated RCE and Auth Bypass SolarWinds fixed six Web Help Desk vulnerabilities, including four critical flaws that allow unauthenticated remote code execution.

SolarWind patches critical vulnerabilities
thehackernews.com/2026/01/sola...

SmarterMail Fixes Critical Unauthenticated RCE Flaw with CVSS 9.3 Score SmarterTools fixed critical SmarterMail flaws, including CVSS 9.3 unauthenticated RCE and NTLM relay bugs, urging users to update immediately.

SmarterMail fixes critical vulnerabilities
thehackernews.com/2026/01/smar...

Two High-Severity n8n Flaws Allow Authenticated Remote Code Execution Researchers disclosed two n8n vulnerabilities that let authenticated users bypass JavaScript and Python sandboxes to run arbitrary code.

n8n High Severity Vulnerabilities
thehackernews.com/2026/01/two-...

Trump's acting cybersecurity chief uploaded sensitive government docs to ChatGPT | TechCrunch A report cited officials as saying that Homeland Security sought to determine if there was any harm to government security as a result of the lapse.

Uploaded sensitive documents to ChatGPT
techcrunch.com/2026/01/28/t...

Password Reuse in Disguise: An Often-Missed Risky Workaround Near-identical password reuse bypasses security policies, enabling attackers to exploit predictable patterns using breached credentials at scale.

Password Reuse
thehackernews.com/2026/01/pass...

Founder of spyware maker pcTattletale pleads guilty to hacking and advertising surveillance software | TechCrunch Bryan Fleming, the founder of hacked stalkerware company pcTattletale, pleaded guilty to federal charges linked to the running of his now-defunct Michigan-based spyware company.

U.S. Spyware Company Founder pleads guilty
techcrunch.com/2026/01/06/f...

US insurance giant Aflac says customers' personal data stolen during cyberattack | TechCrunch Aflac, which provides supplemental insurance to around 50 million individuals whose expenses are not covered by their primary providers, said it was not yet known how many customers are affected by th...

Aflac Insurance Data Breach
techcrunch.com/2025/06/23/u...

Hackers stole over $2.7B in crypto in 2025, data shows | TechCrunch This was another banner year for crypto hacks and heists — 2025 was the third year in a row that a new crypto theft record was set.

2.7 Billion in Crypto stolen
techcrunch.com/2025/12/23/h...

LastPass 2022 Breach Led to Years-Long Cryptocurrency Thefts, TRM Labs Finds Stolen LastPass vaults from the 2022 breach enabled about $35M in crypto thefts through 2025, according to TRM Labs.

LastPass 2022 Data Breach
thehackernews.com/2025/12/last...

CrowdStrike fires 'suspicious insider' who passed information to hackers | TechCrunch Cybersecurity giant CrowdStrike denied it had been hacked following claims from a hacker group, which leaked screenshots from inside CrowdStrike's network.

Crowdstrike Insider Threat Actor
techcrunch.com/2025/11/21/c...

Your Brain on ChatGPT:
arxiv.org/pdf/2506.08872

New ChatGPT Atlas Browser Exploit Lets Attackers Plant Persistent Hidden Commands Researchers uncover a CSRF flaw in ChatGPT Atlas letting attackers inject persistent malicious code.

ChatGPT Atlas Browser Exploit
thehackernews.com/2025/10/new-...

Why You Should Swap Passwords for Passphrases Passphrases boost security and usability by prioritizing length over complexity, aligning with NIST guidance.

Passwords vs. Passphrases
thehackernews.com/2025/10/why-...

Spyware maker NSO Group blocked from WhatsApp | TechCrunch A federal judge has granted Meta-owned WhatsApp’s request for a permanent injunction blocking Israeli cyberintelligence company NSO Group from targeting the messaging app’s users. At the same time, th...

NSO Group blocked on Whatsapp techcrunch.com/2025/10/18/s...

Hackers Abuse Blockchain Smart Contracts to Spread Malware via Infected WordPress Sites UNC5142 exploits blockchain smart contracts and WordPress flaws to deliver stealer malware worldwide.

Malware Infected Wordpress Websites
thehackernews.com/2025/10/hack...

Satellites found exposing unencrypted data, including phone calls and some military comms | TechCrunch Researchers spent the past year alerting affected organizations, including T-Mobile and AT&T, but warn that large amounts of satellite data will remain unencrypted and exposed for some years to come.

Satellites unencrypted data exposed
techcrunch.com/2025/10/14/s...

Spyware maker NSO Group confirms acquisition by US investors | TechCrunch NSO Group confirmed to TechCrunch that an unnamed group of American investors has taken “controlling ownership” of the surveillance tech maker.

Spyware maker NSO Group acquired
techcrunch.com/2025/10/10/s...

Discord data breach affects at least 70,000 users | TechCrunch The platform said in a press release that hackers breached a third-party vendor that Discord uses for age-related appeals.

Discord Data Breach
techcrunch.com/2025/10/09/d...

Clop hackers caught exploiting Oracle zero-day bug to steal executives' personal data | TechCrunch Oracle fixes another security flaw that Clop hackers were using to steal sensitive personal information about executives as part of a mass-extortion campaign.

Oracle Zero-Day Bug
techcrunch.com/2025/10/06/c...

Google's New AI Doesn't Just Find Vulnerabilities — It Rewrites Code to Patch Them Google’s DeepMind unveils CodeMender, an AI agent that auto-fixes code vulnerabilities and enhances software security.

Google's New AI finds Vulnerabilities
thehackernews.com/2025/10/goog...

$50 Battering RAM Attack Breaks Intel and AMD Cloud Security Protections Battering RAM lets attackers bypass Intel SGX and AMD SEV-SNP with a $50 DDR4 interposer.

Battering RAM
thehackernews.com/2025/10/50-b...

CISA Sounds Alarm on Critical Sudo Flaw Actively Exploited in Linux and Unix Systems CISA adds critical Sudo flaw CVE-2025-32463 and four other exploited vulnerabilities to KEV list.

Critical Flaw in Linux & Unix systems
thehackernews.com/2025/09/cisa...

TruSources to show off its on-device identity-checking tech at TechCrunch Disrupt 2025 | TechCrunch Age-verification laws are a privacy and security nightmare. This startup performs age checks on-device, without users having to upload their IDs to the internet.

On Device Identity-Checking Tech
techcrunch.com/2025/09/26/t...

Neon, the No. 2 social app on the Apple App Store, pays users to record their phone calls and sells data to AI firms | TechCrunch A new call recording app is gaining traction for offering to pay users for voice data from calls, which is sold to AI companies.

Neon Mobile pays to record users phone calls
techcrunch.com/2025/09/24/n...

EU cyber agency confirms ransomware attack causing airport disruptions  | TechCrunch A cyberattack targeting Collins Aerospace, a provider of airport check-in systems, sparked delays and disrupted flights across Europe over the weekend.

Ransomware Attacks in E.U. cause airport disruptions
techcrunch.com/2025/09/22/e...

Automaker giant Stellantis says customers’ personal data stolen during breach | TechCrunch One report says, citing the hackers who took credit for the breach, that 18 million customer records were stolen from Stellantis' customer database.

Automaker Stellantis data breach
techcrunch.com/2025/09/22/a...

Jaguar Land Rover to pause production for third week due to cyberattack  | TechCrunch The company owned by Tata Motors is estimated to be losing millions of pounds a week due to the shutdown.

Jaguar's Land Rover Pause in Production due to Cyberattack
techcrunch.com/2025/09/17/j...