Hacker Hacks

Hackers found a new Windows 11 setup bypass after Microsoft blocked the old one. Apple ID phishing scams are on the rise, targeting 2B users. A Canon printer flaw (CVE-2025-1268) allows code execution. The FBI raided IU cybersecurity expert XiaoFeng Wang’s homes, but details remain undisclosed. Israel’s new cyber chief, Yossi Karadi, takes over amid rising threats. Jisc launches a UK cybersecurity center for universities, and Mitel warns users of a severe XSS vulnerability.
Reference: https://www.linkedin.com/newsletters/hacker-hacks-7126276864670670848/

Security firms confirm Oracle Cloud’s potential breach, affecting 140,000 tenants. A critical Windows zero-day threatens NTLM credentials, while Google patches Chrome’s first 2025 zero-day. VMware fixes a privilege escalation flaw, and Signal is now pre-installed on government devices. Meanwhile, a Chinese hacking group has been linked to global cyber espionage. The SEC tightens cybersecurity disclosure rules, and MORSECORP pays $4.6M for cybersecurity fraud.
Reference:https://www.linkedin.com/newsletters/hacker-hacks-7126276864670670848/

A Signal chat leak involving Trump officials raised security concerns. Oracle’s data breach was confirmed, while a Canadian hacker was extradited for major cybercrimes. KLIA faced a cyberattack with a $10M ransom demand. India pushes for cybersecurity self-reliance, while Dragos expands OT security in Canada. VMware and Veeam patched major vulnerabilities. H3C routers remain at risk with no fix. Vodafone launched a cybersecurity hub for German SMEs, and a defense contractor settled a $4.6M fraud case.
Reference: https://www.linkedin.com/newsletters/hacker-hacks-7126276864670670848/

A Kubernetes vulnerability exposes 6,500+ clusters to RCE attacks, while KLIA faces a cyber threat with a $10M ransom demand. Next.js patches a critical security flaw, and Oracle denies claims of a major cloud breach. Microsoft deploys AI agents for cybersecurity automation. India rejects social media rumors about a military drone hack. Meanwhile, UAE activates emergency security measures after cyberattacks on government and private entities.
Reference: https://www.linkedin.com/newsletters/hacker-hacks-7126276864670670848/

Oracle denies an SSO breach despite hacker claims. AI-powered attacks are rising, with leaders overestimating cyber readiness. Kaspersky leads OT security in Asia, while Trend Micro open-sources an AI-driven cybersecurity model. South Africa’s Astral Foods suffers cyber losses, and Singapore boosts AI and quantum defense. Inforte expands cybersecurity reach in META. India’s “Hack the Future” hackathon and Maharashtra’s AI policy aim to enhance cyber resilience.
Reference: https://www.linkedin.com/newsletters/hacker-hacks-7126276864670670848/

 This episode covers Microsoft's unpatched zero-day flaw exploited by 11 APT groups, the $1.4B Bybit hack by Lazarus Group, and the growing risks of quantum hacking. We analyze the impact of DOGE’s cybersecurity cuts, Fortinet’s exploited vulnerability, IBM’s critical AIX flaws, and Hong Kong’s new cyber law. We also discuss Google’s $32B Wiz acquisition, Apache Tomcat’s RCE vulnerability, and key crypto security tips post-Bybit attack.
Reference: https://www.linkedin.com/newsletters/hacker-hacks-7126276864670670848/

China’s MirrorFace (APT10) used ANEL & AsyncRAT for cyber espionage. GitHub supply chain attacks compromised 23,000 repos. A ChatGPT SSRF exploit targeted U.S. government agencies. Apache Tomcat RCE and Apple’s Passwords app flaw exposed users. Google’s OSV-Scanner 2.0 boosts open-source security, while Singapore’s HSA pushes medical device cybersecurity. AI-driven threats rise, demanding stronger defenses.
Reference: https://www.linkedin.com/newsletters/hacker-hacks-7126276864670670848/

Lazarus hackers tried laundering $100M via OKX, prompting a DEX shutdown. Apache Tomcat’s CVE-2025-24813 was exploited 30 hours after disclosure. Google is in talks to acquire Wiz for $30B. A Kolkata tailor hacked ATMs using YouTube tutorials. A GitHub supply chain attack exposed thousands of secrets. Operant AI expands to India, while Linux kernel CVE-2024-36904 gets a PoC exploit. Taiwan’s Poison Vine APT is targeting China, and Mexico’s president faced a cyber breach.
Reference: https://www.linkedin.com/newsletters/hacker-hacks-7126276864670670848/

Hackers are exploiting Gmail lockouts, AI-driven phishing, and Medusa ransomware to target users. China’s quantum satellite link reshapes cybersecurity, while North Korea’s Bitcoin stash grows after the Bybit hack. OKX faces regulatory scrutiny, and private equity firms struggle with cyber defenses. TP-Link routers remain vulnerable to attacks. With cyber threats on the rise, users must update security practices, adopt phishing-resistant authentication, and stay vigilant against evolving threats.
Reference: https://www.linkedin.com/newsletters/hacker-hacks-7126276864670670848/

The White House urges agencies to retain cybersecurity teams amid budget cuts, warning of national security risks. GitHub uncovered high-severity ruby-saml flaws enabling account takeovers. A critical WordPress plugin vulnerability threatens 5M+ sites. Microsoft patched a zero-day exploited since 2023, while Apple released an emergency iOS update for a WebKit flaw. Australia introduced strict cybersecurity laws, and IDRBT launched an AI-driven banking security platform. MSRC continues to lead global cyber defense.
Reference: https://www.linkedin.com/newsletters/hacker-hacks-7126276864670670848/