Sign up to save your podcasts
Or
Share Missile Alert Phishing, Meeting Recordings Exposed and You Already Have A QR Code Generator
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Missile Alert Phishing, Meeting Recordings Exposed and You Already Have A QR Code Generator
This week: attackers are sending fake missile alert emails exploiting real Iran-US-Israel tensions to steal Microsoft credentials via QR code. We also cover a massive leak of sensitive LAPD police documents, an AI model that autonomously finds and exploits thousands of zero-days, and a Windows exploit that went public after a researcher fell out with Microsoft.
This week on The Awareness Angle:
Hackers steal 7.7TB of sensitive LAPD police documents including officer files, internal affairs investigations, and unredacted witness identities, via a third-party storage system. World Leaks (formerly Hunters International) are behind it.
Anthropic's Claude Mythos autonomously discovers and exploits thousands of zero-day flaws across major systems. The same capability that speeds up defence also speeds up attack. We break down what this means for security teams.
GrafanaGhost: a vulnerability in the popular monitoring platform Grafana that allows silent data exfiltration via AI prompt injection. Grafana disputes the severity. We give both sides.
Fake missile alert emails are landing in inboxes right now, exploiting real Iran-US-Israel tensions. They use QR codes to bypass email filters and redirect victims to a fake Microsoft login page. Urgency is the mechanism.
BlueHammer: a Windows local privilege escalation zero-day leaked publicly by a disgruntled researcher after a falling-out with Microsoft's security response team. No patch available. Functional exploit on GitHub.
The White House is proposing a $707 million cut to CISA, the agency that coordinates national cyber defence. A third of staff already left in the first months of Trump's second term.
Phish of the Week (from Hoxhunt): a WhatsApp/Meta impersonation email targeting business accounts that captures your login credentials and your MFA code in real time.
Plus: a North Korean hacker gets caught mid-interview, a job candidate accidentally receives a recording of his interviewers criticising him after he dropped off the call, and TikTok Lite appearing on Android phones after a carrier update.
00:00 Introduction
01:03 Breach of the Week: LAPD Police Documents Stolen and Leaked
03:18 Wynn Resorts - 21,000 Employees Hit by ShinyHunters
05:21 ChipSoft Ransomware Attack Disrupts Dutch Hospitals
06:51 Jones Day Law Firm Confirms Breach - Silent Ransom Group
09:48 Anthropic Project Glasswing: AI Finds Thousands of Zero-Days
13:42 GrafanaGhost: Data Theft via AI Prompt Injection
17:53 Missile Alert Phishing - Fake Civil Defence Emails Steal Microsoft Logins
22:49 BlueHammer: Windows Zero-Day Leaked on GitHub
26:55 White House Proposes $707M Cut to CISA
30:10 Phish of the Week: WhatsApp Meta Impersonation
35:34 Security Socials
Subscribe to the newsletter: https://www.linkedin.com/newsletters/the-awareness-angle-newsletter-7274932363787132928/
Spotify: https://open.spotify.com/show/7rwzcRsKrXbASFBfiXoCZ6
Apple Podcasts: https://podcasts.apple.com/us/podcast/the-awareness-angle-cyber-news-weekly/id1784126196
TikTok: https://www.tiktok.com/@infosecantInstagram: https://www.instagram.com/riskycreative
YouTube: https://www.youtube.com/@riskycreative
Our Intro and Outro Song © 16 by Falling Forever
Bandcamp: https://fallingforever.bandcamp.com/track/16
Licence: https://creativecommons.org/licenses/by/4.0/
View all episodes
By Risky Creative - Cyber Security for HumansThis week: attackers are sending fake missile alert emails exploiting real Iran-US-Israel tensions to steal Microsoft credentials via QR code. We also cover a massive leak of sensitive LAPD police documents, an AI model that autonomously finds and exploits thousands of zero-days, and a Windows exploit that went public after a researcher fell out with Microsoft.
This week on The Awareness Angle:
Hackers steal 7.7TB of sensitive LAPD police documents including officer files, internal affairs investigations, and unredacted witness identities, via a third-party storage system. World Leaks (formerly Hunters International) are behind it.
Anthropic's Claude Mythos autonomously discovers and exploits thousands of zero-day flaws across major systems. The same capability that speeds up defence also speeds up attack. We break down what this means for security teams.
GrafanaGhost: a vulnerability in the popular monitoring platform Grafana that allows silent data exfiltration via AI prompt injection. Grafana disputes the severity. We give both sides.
Fake missile alert emails are landing in inboxes right now, exploiting real Iran-US-Israel tensions. They use QR codes to bypass email filters and redirect victims to a fake Microsoft login page. Urgency is the mechanism.
BlueHammer: a Windows local privilege escalation zero-day leaked publicly by a disgruntled researcher after a falling-out with Microsoft's security response team. No patch available. Functional exploit on GitHub.
The White House is proposing a $707 million cut to CISA, the agency that coordinates national cyber defence. A third of staff already left in the first months of Trump's second term.
Phish of the Week (from Hoxhunt): a WhatsApp/Meta impersonation email targeting business accounts that captures your login credentials and your MFA code in real time.
Plus: a North Korean hacker gets caught mid-interview, a job candidate accidentally receives a recording of his interviewers criticising him after he dropped off the call, and TikTok Lite appearing on Android phones after a carrier update.
00:00 Introduction
01:03 Breach of the Week: LAPD Police Documents Stolen and Leaked
03:18 Wynn Resorts - 21,000 Employees Hit by ShinyHunters
05:21 ChipSoft Ransomware Attack Disrupts Dutch Hospitals
06:51 Jones Day Law Firm Confirms Breach - Silent Ransom Group
09:48 Anthropic Project Glasswing: AI Finds Thousands of Zero-Days
13:42 GrafanaGhost: Data Theft via AI Prompt Injection
17:53 Missile Alert Phishing - Fake Civil Defence Emails Steal Microsoft Logins
22:49 BlueHammer: Windows Zero-Day Leaked on GitHub
26:55 White House Proposes $707M Cut to CISA
30:10 Phish of the Week: WhatsApp Meta Impersonation
35:34 Security Socials
Subscribe to the newsletter: https://www.linkedin.com/newsletters/the-awareness-angle-newsletter-7274932363787132928/
Spotify: https://open.spotify.com/show/7rwzcRsKrXbASFBfiXoCZ6
Apple Podcasts: https://podcasts.apple.com/us/podcast/the-awareness-angle-cyber-news-weekly/id1784126196
TikTok: https://www.tiktok.com/@infosecantInstagram: https://www.instagram.com/riskycreative
YouTube: https://www.youtube.com/@riskycreative
Our Intro and Outro Song © 16 by Falling Forever
Bandcamp: https://fallingforever.bandcamp.com/track/16
Licence: https://creativecommons.org/licenses/by/4.0/