My daily cybersecurity flow keeps me ahead of threats. Here's my 6-site routine:
Staying up to date in cybersecurity feels impossible. News breaks every hour. Threats move faster than most teams can react.
But I have found a daily system that works. I keep these 6 sites in my rotation for real-time alerts and deep dives.
โ The Hacker News
Fast updates on new exploits, CVEs, and breaches. I keep this tab open all day. TG: @thehackernews
โ Bleeping Computer
Trusted for alerts, malware analysis, and patch news. TG: @BleepingComputer
โ tl;dr sec
7 minutes a week for the best tools and resources. Categories for tech, AI, infosec, and more.
โ CISA
America's Cyber Defense Agency. I subscribe to their alerts for breaking news on threats.
โ Sans Internet Storm Center
Daily "Stormcast" for threat trends, malware outbreaks, and vulnerability news.
โ CVEdetails
Not just a CVE database. Advisories, exploits, and RSS feeds for vulnerability intelligence.
Each week, I scan these sites. I don't read every article. I focus on major trends and alerts. This habit keeps my team ready for what's next.
Cybersecurity is not about knowing everything. It's about having the right signals at the right time.
What am I missing? Which sites do You trust to stay ahead?
Share, save, and stay secure.๐
___
Enjoy this? ๐ Repost it to your network and follow @securediary for more.
Join me on LinkedIn.
#Cybersecurity #InfoSec #ThreatIntel
Staying up to date in cybersecurity feels impossible. News breaks every hour. Threats move faster than most teams can react.
But I have found a daily system that works. I keep these 6 sites in my rotation for real-time alerts and deep dives.
โ The Hacker News
Fast updates on new exploits, CVEs, and breaches. I keep this tab open all day. TG: @thehackernews
โ Bleeping Computer
Trusted for alerts, malware analysis, and patch news. TG: @BleepingComputer
โ tl;dr sec
7 minutes a week for the best tools and resources. Categories for tech, AI, infosec, and more.
โ CISA
America's Cyber Defense Agency. I subscribe to their alerts for breaking news on threats.
โ Sans Internet Storm Center
Daily "Stormcast" for threat trends, malware outbreaks, and vulnerability news.
โ CVEdetails
Not just a CVE database. Advisories, exploits, and RSS feeds for vulnerability intelligence.
Each week, I scan these sites. I don't read every article. I focus on major trends and alerts. This habit keeps my team ready for what's next.
Cybersecurity is not about knowing everything. It's about having the right signals at the right time.
What am I missing? Which sites do You trust to stay ahead?
Share, save, and stay secure.
___
Enjoy this? ๐ Repost it to your network and follow @securediary for more.
Join me on LinkedIn.
#Cybersecurity #InfoSec #ThreatIntel
Please open Telegram to view this post
VIEW IN TELEGRAM
๐14๐คฏ1
#CyberMonday Hackers breached a Norwegian dam and opened the floodgates.
Norvay Critical infrastructure is under attack. Unidentified hackers have breached the systems of a Norwegian dam and opened its water valve at full capacity.
Single breach can impact communities, economies, and daily life.
Cyber risk = real-world consequences.
๐ฅ Top News:
โ Taiwan's National Security Bureau warned about apps like TikTok and Weibo. Too much data collection. Data flowing where it shouldn't.
โ Exposed JDWP interfaces let attackers mine crypto and launch DDoS on your servers.
โ A new APT, NightEagle, is using zero-days to target Microsoft Exchange.
โ Two new Sudo flaws on Linux. Local users can get root access. Major distros affected Ubuntu, RHEL, Fedora.
โ Google faces a $314M fine for passive Adroid cellular data misuse.
โ Over 40 Firefox extensions are stealing crypto wallet secrets.
โ Glasgow City Council is offline after an attack. City services, disrupted.
๐ซข New Critical CVEs:
โ CVE-2025-6554 (#Chrome #KnownExploited)
โ CVE-2025-6543 (#Citrix #KnownExploited)
๐ Exploitability spike +50%:
โ CVE-2024-5247 (#Netgear #RCE)
โ CVE-2002-1623 (#IKE #UserEnumaration)
Stay sharp, because these threats are not stopping.
Stay secure๐
___
Enjoy this? ๐ Repost it to your network and follow @securediary for more.
Join me on LinkedIn.
#Cybersecurity #InfoSec #ThreatIntel
Norvay Critical infrastructure is under attack. Unidentified hackers have breached the systems of a Norwegian dam and opened its water valve at full capacity.
Single breach can impact communities, economies, and daily life.
Cyber risk = real-world consequences.
โ Taiwan's National Security Bureau warned about apps like TikTok and Weibo. Too much data collection. Data flowing where it shouldn't.
โ Exposed JDWP interfaces let attackers mine crypto and launch DDoS on your servers.
โ A new APT, NightEagle, is using zero-days to target Microsoft Exchange.
โ Two new Sudo flaws on Linux. Local users can get root access. Major distros affected Ubuntu, RHEL, Fedora.
โ Google faces a $314M fine for passive Adroid cellular data misuse.
โ Over 40 Firefox extensions are stealing crypto wallet secrets.
โ Glasgow City Council is offline after an attack. City services, disrupted.
โ CVE-2025-6554 (#Chrome #KnownExploited)
โ CVE-2025-6543 (#Citrix #KnownExploited)
๐ Exploitability spike +50%:
โ CVE-2024-5247 (#Netgear #RCE)
โ CVE-2002-1623 (#IKE #UserEnumaration)
Stay sharp, because these threats are not stopping.
Stay secure
___
Enjoy this? ๐ Repost it to your network and follow @securediary for more.
Join me on LinkedIn.
#Cybersecurity #InfoSec #ThreatIntel
Please open Telegram to view this post
VIEW IN TELEGRAM
๐8๐คฏ2
Explaining cyber risk: ๐๐ค๐ฌ ๐ ๐ฉ๐๐๐ฃ๐ ๐ ๐ก๐ค๐ค๐ ๐ซ๐จ. ๐๐ค๐ฌ ๐ ๐๐๐ฉ๐ช๐๐ก๐ก๐ฎ ๐ก๐ค๐ค๐
Everyone been there. You walk into the boardroom with slides, ready to talk risk. Picture yourself as Einstein-clear, smart, in control.
But two minutes in?
Drawing messy lines, talking about threats, and compliance.
Eyes glaze over.
Did I lose them? (Probably.)
Here's what worked for me:
โ ๐ฆ๐ต๐ผ๐ ๐๐ต๐ฒ ๐ป๐๐บ๐ฏ๐ฒ๐ฟ๐ค
"$2M at risk if things go wrong"
Beats "Here's how many vulnerabilities we have."
โ ๐จ๐๐ฒ ๐๐ต๐ฒ๐ถ๐ฟ ๐๐ผ๐ฟ๐ฑ๐
"Business risks," not "attack vectors."
"Disruptions," not "threat actors"
โ ๐ฆ๐ต๐ฎ๐ฟ๐ฒ ๐๐๐ผ๐ฟ๐ถ๐ฒ๐
"Our competitor lost $50M last year to ransomware."
People connect with real events, not long reports.
โ ๐๐ฎ๐น๐น ๐ผ๐๐ ๐๐ฎ๐น๐๐ฒ๐
Security helps us move faster, not slower.
Clarity builds trust.
That's where true security starts.
Got a better way to explain risk to non-technical leaders?
I want to hear your best tip.๐
___
Enjoy this? ๐ Repost it to your network and follow @securediary for more.
Join me on LinkedIn.
#InfoSec #SecurityLeadership
Everyone been there. You walk into the boardroom with slides, ready to talk risk. Picture yourself as Einstein-clear, smart, in control.
But two minutes in?
Drawing messy lines, talking about threats, and compliance.
Eyes glaze over.
Did I lose them? (Probably.)
Here's what worked for me:
โ ๐ฆ๐ต๐ผ๐ ๐๐ต๐ฒ ๐ป๐๐บ๐ฏ๐ฒ๐ฟ
"$2M at risk if things go wrong"
Beats "Here's how many vulnerabilities we have."
โ ๐จ๐๐ฒ ๐๐ต๐ฒ๐ถ๐ฟ ๐๐ผ๐ฟ๐ฑ๐
"Business risks," not "attack vectors."
"Disruptions," not "threat actors"
โ ๐ฆ๐ต๐ฎ๐ฟ๐ฒ ๐๐๐ผ๐ฟ๐ถ๐ฒ๐
"Our competitor lost $50M last year to ransomware."
People connect with real events, not long reports.
โ ๐๐ฎ๐น๐น ๐ผ๐๐ ๐๐ฎ๐น๐๐ฒ
Security helps us move faster, not slower.
Clarity builds trust.
That's where true security starts.
Got a better way to explain risk to non-technical leaders?
I want to hear your best tip.๐
___
Enjoy this? ๐ Repost it to your network and follow @securediary for more.
Join me on LinkedIn.
#InfoSec #SecurityLeadership
Please open Telegram to view this post
VIEW IN TELEGRAM
๐13๐คฏ1
AI is rewriting the rules of cybersecurity. And not everyone is ready. Join live panel on July 10!
โ Hear Dr. Oleh Polihenko, Anastasiia Voitova, and Taras Loboda dive into how AI is changing threat detection, response, and prevention.
โ Learn how to use AI securely - without adding risk
โ Live Q&A + networking at SKELAR Office, Kyiv (๐ฎ๐ป๐ฑ ๐ผ๐ป๐น๐ถ๐ป๐ฒ!)
I see big shifts in both the field and on the frontline. (The pace is real.)
Will you join us?
Event info & registration๐
https://meetup.skelar.tech/skelar-meetup-ai-in-security-10-07
___
Enjoy this? ๐ Repost it to your network and follow @securediary for more.
Join me on LinkedIn.
#AI #CyberResilience
โ Hear Dr. Oleh Polihenko, Anastasiia Voitova, and Taras Loboda dive into how AI is changing threat detection, response, and prevention.
โ Learn how to use AI securely - without adding risk
โ Live Q&A + networking at SKELAR Office, Kyiv (๐ฎ๐ป๐ฑ ๐ผ๐ป๐น๐ถ๐ป๐ฒ!)
I see big shifts in both the field and on the frontline. (The pace is real.)
Will you join us?
Event info & registration๐
https://meetup.skelar.tech/skelar-meetup-ai-in-security-10-07
___
Enjoy this? ๐ Repost it to your network and follow @securediary for more.
Join me on LinkedIn.
#AI #CyberResilience
๐7๐คฏ1
AI-Cybersecurity Reality Check
Yesterday I joined a live panel with some of the sharpest minds in the field.
We talked about how AI is changing cybersecurity fast.
๐ฅ Here are key takeaways:
1๏ธโฃ "Privacy is already abused." (Taras Loboda)
Our phones, our apps, even AI tools-they know us better than we think. Privacy is not what it was. We need to accept this and make smarter choices about what we share, which tools we trust, and how we protect our data.
2๏ธโฃ "Cybersecurity should not prohibit but enable." (Anastasiia Voitova)
Security does not mean stopping progress. Good security guides people. It helps everyone use new tools, like AI, safely.
3๏ธโฃ "Don't blindly trust AIs, check your data." (Dr. Oleh Polihenko)
AI makes mistakes. Sometimes it gives wrong or even risky advice. Our experience and critical thinking are more important than ever. Always check, always verify.
What can we do now?
โ Use AI for boring tasks-emails, reports, compliance checklists. Let machines do the heavy lifting.
โ For sensitive data, use local LLMs that you control.
โ When using online AI tools like ChatGPT or Gemini, always anonymize or pseudonymize your data.
โ Only allow corporate and licensed AI tools. Block everything else.
These lessons feel urgent. In both private sector and military defense, I see how fast the rules change.
Adapting is not optional.
P.S. Thank you, Andrii Popovych and SKELAR, for organizing such a great event! We need more events like this.
Thank you Anastasiia Voitova for merch from Cossacks Labs, love it.
Stay secure๐
___
Enjoy this? ๐ Repost it to your network and follow @securediary for more.
Join me on LinkedIn.
#AI #DataProtection #CyberResilience
Yesterday I joined a live panel with some of the sharpest minds in the field.
We talked about how AI is changing cybersecurity fast.
1๏ธโฃ "Privacy is already abused." (Taras Loboda)
Our phones, our apps, even AI tools-they know us better than we think. Privacy is not what it was. We need to accept this and make smarter choices about what we share, which tools we trust, and how we protect our data.
2๏ธโฃ "Cybersecurity should not prohibit but enable." (Anastasiia Voitova)
Security does not mean stopping progress. Good security guides people. It helps everyone use new tools, like AI, safely.
3๏ธโฃ "Don't blindly trust AIs, check your data." (Dr. Oleh Polihenko)
AI makes mistakes. Sometimes it gives wrong or even risky advice. Our experience and critical thinking are more important than ever. Always check, always verify.
What can we do now?
โ Use AI for boring tasks-emails, reports, compliance checklists. Let machines do the heavy lifting.
โ For sensitive data, use local LLMs that you control.
โ When using online AI tools like ChatGPT or Gemini, always anonymize or pseudonymize your data.
โ Only allow corporate and licensed AI tools. Block everything else.
These lessons feel urgent. In both private sector and military defense, I see how fast the rules change.
Adapting is not optional.
P.S. Thank you, Andrii Popovych and SKELAR, for organizing such a great event! We need more events like this.
Thank you Anastasiia Voitova for merch from Cossacks Labs, love it.
Stay secure
___
Enjoy this? ๐ Repost it to your network and follow @securediary for more.
Join me on LinkedIn.
#AI #DataProtection #CyberResilience
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
๐17๐คฏ1
#CyberMonday Office RCEs. Bluetooth car hacks. Four teens arrested after cyberattacks.
The National Crime Agency arrested three young men and one woman-ages 17 to 20-used, who used social engineering to breach two of the UKโs biggest retailer stores (M&S and Co-op).
๐ฅ Top News:
โ Patch Tuesday: Microsoft Office RCEs
โ PerfektBlue Bluetooth Vulnerabilities Expose Millions of Vehicles to Remote Code Execution
โ An Iranian-backed ransomware-as-a-service (RaaS) named Pay2Key has resurfaced in the wake of the Israel-Iran-U.S. conflict last month
โ Fortinet's critical SQL injection flaw affecting FortiWeb
โ Wing FTP Server vulnerability actively exploited
๐ซข New Critical/High CVEs:
โ CVE-2016-10033 (#PHPMailer #PublicExploit)
โ CVE-2019-9621 (#Zimbra #PublicExploit)
โ CVE-2019-5418 (#ActionView #PublicExploit)
โ CVE-2025-5777 (#NetScaler #KnownExploited)
โ CVE-2014-3931 (#MRLG #KnownExploited)
As always, share new CVEs and your thoughts in comments. ๐
Stay secure๐
___
Enjoy this? ๐ Repost it to your network and follow @securediary for more.
Join me on LinkedIn.
#Cybersecurity #InfoSec #ThreatIntel
The National Crime Agency arrested three young men and one woman-ages 17 to 20-used, who used social engineering to breach two of the UKโs biggest retailer stores (M&S and Co-op).
โ Patch Tuesday: Microsoft Office RCEs
โ PerfektBlue Bluetooth Vulnerabilities Expose Millions of Vehicles to Remote Code Execution
โ An Iranian-backed ransomware-as-a-service (RaaS) named Pay2Key has resurfaced in the wake of the Israel-Iran-U.S. conflict last month
โ Fortinet's critical SQL injection flaw affecting FortiWeb
โ Wing FTP Server vulnerability actively exploited
โ CVE-2016-10033 (#PHPMailer #PublicExploit)
โ CVE-2019-9621 (#Zimbra #PublicExploit)
โ CVE-2019-5418 (#ActionView #PublicExploit)
โ CVE-2025-5777 (#NetScaler #KnownExploited)
โ CVE-2014-3931 (#MRLG #KnownExploited)
As always, share new CVEs and your thoughts in comments. ๐
Stay secure
___
Enjoy this? ๐ Repost it to your network and follow @securediary for more.
Join me on LinkedIn.
#Cybersecurity #InfoSec #ThreatIntel
Please open Telegram to view this post
VIEW IN TELEGRAM
๐4๐คฏ1
How to Improve my Cybersecurity Blog.
I asked for your feedback and response was incredible.
A huge thank you to everyone who shared their thoughts! The quality and quantity of the feedback was humbling. I truly appreciate it.
What you like
โ Consistency & Quality
The predictable #CyberMonday posts, sharp insights, and quality visuals all a hit.
โ Clarity & Accessibility
You appreciate that the content is easy to understand, even for beginners, and provides a clear message.
โ Value
Getting relevant news summaries without having to search the internet is something you find valuable.
Now to the exciting part: the improvements. I've gathered all your suggestions into a few key themes.
Here are the top recommendations
1๏ธโฃ Real-World Stories & Case Studies
This was the most requested topic. You want to hear about real cases (mine or others), the biggest hacks and failures. The focus would be on how problems were actually solved, not just what happened.
(Inspired by Oleksandr, Vasyl, Anton, @leleka_marabou)
2๏ธโฃ Career Growth & A Day in the Life
Many of you, especially those looking to enter or switch to cybersecurity, want to know what the job is really like. This could include my present struggles, career paths, and how I look for new opportunities and certifications.
(Inspired by Anna Ovsepian, @OleksTpk, @rdbstrd)
3๏ธโฃ Deep Dives & Niche Research:
A call for more technical content, including reviews of promising tools, deep dives into infosec research, and analysis of bug bounty reports.
(Inspired by Dawid Czarnecki, @TuPa_Ded, @rdbstrd)
4๏ธโฃ More Fun
Injecting more personality, some funny stories or jokes related to the field.
(Inspired by Abel, Anna Ovsepian, @rdbstrd)
As I promissed I've choosen a winner for most valuable comment. The winner is @rdbstrd!
Please send me a DM, and we'll sort out how to send you a book! ๐
Thank you again to everyone who contributed, including Oleksandr Zaliubovskyi, Vladyslav Panchenko, Dawid Czarnecki, Vasyl Kuzyk, Pavlo Somko, Abel Hailu, Anton Kalakutskyi, Anna Ovsepian, Anastasia Mieshkova, @letsencryptssl, @TuPa_Ded, @OleksTpk, @leleka_marabou, and @rdbstrd.
Let's build a better blog together.
As always, stay secure๐ .
___
Enjoy this? ๐ Repost it to your network and follow @securediary for more.
Join me on LinkedIn.
#Cybersecurity #InfoSec #CyberSec
I asked for your feedback and response was incredible.
A huge thank you to everyone who shared their thoughts! The quality and quantity of the feedback was humbling. I truly appreciate it.
What you like
โ Consistency & Quality
The predictable #CyberMonday posts, sharp insights, and quality visuals all a hit.
โ Clarity & Accessibility
You appreciate that the content is easy to understand, even for beginners, and provides a clear message.
โ Value
Getting relevant news summaries without having to search the internet is something you find valuable.
Now to the exciting part: the improvements. I've gathered all your suggestions into a few key themes.
Here are the top recommendations
1๏ธโฃ Real-World Stories & Case Studies
This was the most requested topic. You want to hear about real cases (mine or others), the biggest hacks and failures. The focus would be on how problems were actually solved, not just what happened.
(Inspired by Oleksandr, Vasyl, Anton, @leleka_marabou)
2๏ธโฃ Career Growth & A Day in the Life
Many of you, especially those looking to enter or switch to cybersecurity, want to know what the job is really like. This could include my present struggles, career paths, and how I look for new opportunities and certifications.
(Inspired by Anna Ovsepian, @OleksTpk, @rdbstrd)
3๏ธโฃ Deep Dives & Niche Research:
A call for more technical content, including reviews of promising tools, deep dives into infosec research, and analysis of bug bounty reports.
(Inspired by Dawid Czarnecki, @TuPa_Ded, @rdbstrd)
4๏ธโฃ More Fun
Injecting more personality, some funny stories or jokes related to the field.
(Inspired by Abel, Anna Ovsepian, @rdbstrd)
As I promissed I've choosen a winner for most valuable comment. The winner is @rdbstrd!
Please send me a DM, and we'll sort out how to send you a book! ๐
Thank you again to everyone who contributed, including Oleksandr Zaliubovskyi, Vladyslav Panchenko, Dawid Czarnecki, Vasyl Kuzyk, Pavlo Somko, Abel Hailu, Anton Kalakutskyi, Anna Ovsepian, Anastasia Mieshkova, @letsencryptssl, @TuPa_Ded, @OleksTpk, @leleka_marabou, and @rdbstrd.
Let's build a better blog together.
As always, stay secure
___
Enjoy this? ๐ Repost it to your network and follow @securediary for more.
Join me on LinkedIn.
#Cybersecurity #InfoSec #CyberSec
Please open Telegram to view this post
VIEW IN TELEGRAM
๐11
#CyberMonday Microsoft let engineers in China touch US DoD data.
Last week, a ProPublica investigation revealed that Microsoft subcontractors in China helped maintain US Defense Department systems-with little oversight from US staff.
Sensitive data. Minimal control = Maximum risk.
๐ฅ Top News:
โ Salt Typhoon (China-backed APT) quietly compromised the US Army National Guard for nearly a year.
โ Massistant, a new surveillance tool in China โ can silently extract SMS, GPS, and images from confiscated phones.
โ Ivanti Zero-Days Exploited
โ CERT-UA Discovers LAMEHUG Malware Linked to APT28, Using LLM for Phishing Campaign
๐ซข New Critical CVEs:
โ CVE-2025-53770 (#SharePoint #KnownExploited)
โ CVE-2025-25257 (#FortiWeb #KnownExploited)
โ CVE-2025-47812 (#WingFTP #PublicExploit)
Share new CVEs and your thoughts in comments. ๐
Stay secure๐
___
Enjoy this? ๐ Repost it to your network and follow @securediary for more.
Join me on LinkedIn.
#Cybersecurity #InfoSec #ThreatIntel
Last week, a ProPublica investigation revealed that Microsoft subcontractors in China helped maintain US Defense Department systems-with little oversight from US staff.
Sensitive data. Minimal control = Maximum risk.
โ Salt Typhoon (China-backed APT) quietly compromised the US Army National Guard for nearly a year.
โ Massistant, a new surveillance tool in China โ can silently extract SMS, GPS, and images from confiscated phones.
โ Ivanti Zero-Days Exploited
โ CERT-UA Discovers LAMEHUG Malware Linked to APT28, Using LLM for Phishing Campaign
โ CVE-2025-53770 (#SharePoint #KnownExploited)
โ CVE-2025-25257 (#FortiWeb #KnownExploited)
โ CVE-2025-47812 (#WingFTP #PublicExploit)
Share new CVEs and your thoughts in comments. ๐
Stay secure
___
Enjoy this? ๐ Repost it to your network and follow @securediary for more.
Join me on LinkedIn.
#Cybersecurity #InfoSec #ThreatIntel
Please open Telegram to view this post
VIEW IN TELEGRAM
๐6
Cybersecurity in Development - Online Webinar.
I am joining PM Coffee Time with Mykola Kalakutskyi and Kateryna Mandryka for their 40th anniversary session on July 30th. We'll talk about cybersecurity in development-and why you must keep security at the center of every project.
Here's what you can expect ๐
โ How secure development process protects your project
โ Why every person in organization (not just security teams) is responsible for strong cyber defense
โ Practical steps to make security part of your SDLC
โ How can cybersecurity be an enabler for your business
Good security is not something you add at the end. You build it in from day one.
The session is open to everyone - new PMs, senior leaders, and anyone who cares about quality and resilience.
๐
July 30th
๐ Free to join: https://lnkd.in/dgSWvhrQ
___
Enjoy this? ๐ Repost it to your network and follow @securediary for more.
Join me on LinkedIn.
#Cybersecurity #InfoSec #ProjectManagement
I am joining PM Coffee Time with Mykola Kalakutskyi and Kateryna Mandryka for their 40th anniversary session on July 30th. We'll talk about cybersecurity in development-and why you must keep security at the center of every project.
Here's what you can expect ๐
โ How secure development process protects your project
โ Why every person in organization (not just security teams) is responsible for strong cyber defense
โ Practical steps to make security part of your SDLC
โ How can cybersecurity be an enabler for your business
Good security is not something you add at the end. You build it in from day one.
The session is open to everyone - new PMs, senior leaders, and anyone who cares about quality and resilience.
๐ Free to join: https://lnkd.in/dgSWvhrQ
___
Enjoy this? ๐ Repost it to your network and follow @securediary for more.
Join me on LinkedIn.
#Cybersecurity #InfoSec #ProjectManagement
Please open Telegram to view this post
VIEW IN TELEGRAM
๐8๐คฏ1
#CyberMonday SharePoint at risk even after updates.
Attackers are using ToolShell to target unpatched SharePoint servers on-premises.
They install web shell backdoors and steal Machine Keys. That means even after you patch, attackers can stick around, move deeper, and deploy ransomware.
Read more on CVE-2025-53770.
Rapid-response checklist:
โ Isolate vulnerable servers from your network
โ Apply all available SharePoint updates
โ Rotate Machine Keys
โ Ensure anti-malware scanning is enabled
โ Reset all credentials that touched those servers
โ Scan for indicators of compromise
๐ฅ Top News:
โ CrushFTP Critical Flaw Exploited (CVE-2025-54309)
โ UK Plans Ransomware Payment Ban and Reporting Requirements
โ Cyber Espionage Campaign Hits Russian Aerospace Sector Using EAGLET Backdoor
๐ซข New Critical/High CVEs:
โ CVE-2025-2775/2776 (#SysAid #XXE)
โ CVE-2025-6558 (#Chrome #SandboxEscape)
What grabbed your attention this week? Share in comments.
Stay safe๐
___
Enjoy this? ๐ Repost it to your network and follow @securediary for more.
Join me on LinkedIn.
#Cybersecurity #InfoSec #ThreatIntel
Attackers are using ToolShell to target unpatched SharePoint servers on-premises.
They install web shell backdoors and steal Machine Keys. That means even after you patch, attackers can stick around, move deeper, and deploy ransomware.
Read more on CVE-2025-53770.
Rapid-response checklist:
โ Isolate vulnerable servers from your network
โ Apply all available SharePoint updates
โ Rotate Machine Keys
โ Ensure anti-malware scanning is enabled
โ Reset all credentials that touched those servers
โ Scan for indicators of compromise
โ CrushFTP Critical Flaw Exploited (CVE-2025-54309)
โ UK Plans Ransomware Payment Ban and Reporting Requirements
โ Cyber Espionage Campaign Hits Russian Aerospace Sector Using EAGLET Backdoor
โ CVE-2025-2775/2776 (#SysAid #XXE)
โ CVE-2025-6558 (#Chrome #SandboxEscape)
What grabbed your attention this week? Share in comments.
Stay safe
___
Enjoy this? ๐ Repost it to your network and follow @securediary for more.
Join me on LinkedIn.
#Cybersecurity #InfoSec #ThreatIntel
Please open Telegram to view this post
VIEW IN TELEGRAM
๐5๐ค1
#CyberMonday AI-generated npm malware drained 1,500+ Solana wallets.
The kodane/patch-manager package looked normal. It promised "advanced license validation" for Node.js apps.
Hidden in its code: an "enhanced crypto wallet drainer."
Created by AI.
Spread through the npm registry.
Over 1,500 people downloaded it. Their Solana wallets emptied.
Sad truth:
AI makes it easier to create and hide these threats.
๐ฅ Top News:
โ The Russian nation-state threat actor known as Secret Blizzard orchestrated a new cyber espionage campaign targeting foreign embassies located in Moscow by means of an adversary-in-the-middle (AitM).
โ Fake OAuth apps mimicked Adobe & SharePoint to hijack Microsoft 365 accounts.
โ Apple Updates Everything. A total of 89 different vulnerabilities patched.
๐ซข New Critical/High CVEs:
โ CVE-2025-20337/20281 (#CiscoISE)
โ CVE-2025-6558 (#PaperCut)
Less news to report, is the vacation season influencing things?
Stay vigilant๐
___
Enjoy this? ๐ Repost it to your network and follow @securediary for more.
Join me on LinkedIn.
#Cybersecurity #InfoSec #ThreatIntel
The kodane/patch-manager package looked normal. It promised "advanced license validation" for Node.js apps.
Hidden in its code: an "enhanced crypto wallet drainer."
Created by AI.
Spread through the npm registry.
Over 1,500 people downloaded it. Their Solana wallets emptied.
Sad truth:
AI makes it easier to create and hide these threats.
โ The Russian nation-state threat actor known as Secret Blizzard orchestrated a new cyber espionage campaign targeting foreign embassies located in Moscow by means of an adversary-in-the-middle (AitM).
โ Fake OAuth apps mimicked Adobe & SharePoint to hijack Microsoft 365 accounts.
โ Apple Updates Everything. A total of 89 different vulnerabilities patched.
โ CVE-2025-20337/20281 (#CiscoISE)
โ CVE-2025-6558 (#PaperCut)
Less news to report, is the vacation season influencing things?
Stay vigilant
___
Enjoy this? ๐ Repost it to your network and follow @securediary for more.
Join me on LinkedIn.
#Cybersecurity #InfoSec #ThreatIntel
Please open Telegram to view this post
VIEW IN TELEGRAM
๐9
ChatGPT Private Chats Exposed on Google in Privacy Breach
Thousands of private ChatGPT conversations ended up searchable on Google. All because of a misconfigured sharing feature that let search engines crawl unique chat links.
What happened?
โ OpenAI let users share chats with unique URLs.
โ The robots.txt file didn't block Google from crawling them.
โ Many users had no idea their "private" links were public.
OpenAI acted. Disabled the tool, started removing links from search.
I've checked myself and wasn't able to found anything on Google.
However, other search engines (DuckDuckGo, Bing), seem to still have trace of it. Internet doesn't forget. Web archives may hold many of those chats. For people affected, the damage is real and lasting.
Do your own research๐ฅธ
Never assume privacy and security is guaranteed.
Stay secure๐
___
Enjoy this? ๐ Repost it to your network and follow @securediary for more.
Join me on LinkedIn.
#Cybersecurity #InfoSec #DataBreach
Thousands of private ChatGPT conversations ended up searchable on Google. All because of a misconfigured sharing feature that let search engines crawl unique chat links.
What happened?
โ OpenAI let users share chats with unique URLs.
โ The robots.txt file didn't block Google from crawling them.
โ Many users had no idea their "private" links were public.
OpenAI acted. Disabled the tool, started removing links from search.
I've checked myself and wasn't able to found anything on Google.
However, other search engines (DuckDuckGo, Bing), seem to still have trace of it. Internet doesn't forget. Web archives may hold many of those chats. For people affected, the damage is real and lasting.
Do your own research
Never assume privacy and security is guaranteed.
Stay secure
___
Enjoy this? ๐ Repost it to your network and follow @securediary for more.
Join me on LinkedIn.
#Cybersecurity #InfoSec #DataBreach
Please open Telegram to view this post
VIEW IN TELEGRAM
๐14
#CyberMonday CyberArk and HashiCorp Critical Flaws
Last week, researchers found over a dozen new vulnerabilities in CyberArk and HashiCorp vaults. These flaws let attackers take control of enterprise vaults - no credentials needed.
Patch now
๐ฅ Top News:
โ Microsoft released an advisory for a high-severity Exchange Server flaw (CVE-2025-53786). This bug lets attackers gain elevated privileges in hybrid cloud setups.
โ Adobe patched two critical bugs in Experience Manager Forms. Public exploits available.
โ CERT-UA warns of the UAC-0099 threat actor using new malware (MATCHBOIL, MATCHWOK, DRAGSTARE) against Ukraine's infrastructure.
๐ Exploitability spike +50%:
โ CVE-2022-40799 (#DLink)
โ CVE-2025-53770 (#SharePoint)
As always, share new CVEs and your thoughts in comments. ๐
Stay secure๐
___
Enjoy this? ๐ Repost it to your network and follow @securediary for more.
Join me on LinkedIn.
#Cybersecurity #InfoSec #ThreatIntel
Last week, researchers found over a dozen new vulnerabilities in CyberArk and HashiCorp vaults. These flaws let attackers take control of enterprise vaults - no credentials needed.
Patch now
โ Microsoft released an advisory for a high-severity Exchange Server flaw (CVE-2025-53786). This bug lets attackers gain elevated privileges in hybrid cloud setups.
โ Adobe patched two critical bugs in Experience Manager Forms. Public exploits available.
โ CERT-UA warns of the UAC-0099 threat actor using new malware (MATCHBOIL, MATCHWOK, DRAGSTARE) against Ukraine's infrastructure.
๐ Exploitability spike +50%:
โ CVE-2022-40799 (#DLink)
โ CVE-2025-53770 (#SharePoint)
As always, share new CVEs and your thoughts in comments. ๐
Stay secure
___
Enjoy this? ๐ Repost it to your network and follow @securediary for more.
Join me on LinkedIn.
#Cybersecurity #InfoSec #ThreatIntel
Please open Telegram to view this post
VIEW IN TELEGRAM
๐8
Hey guys,
I have been quite busy lately.
I am no longer able to post frequently, so I will, for now, stop posting #CyberMondays.
I know, that is sad. But hey, life happens, and you have to cope with it.
I will, however, post things I find interesting and cybersecurity updates from time to time.
Stay tuned๐
I have been quite busy lately.
I am no longer able to post frequently, so I will, for now, stop posting #CyberMondays.
I know, that is sad. But hey, life happens, and you have to cope with it.
I will, however, post things I find interesting and cybersecurity updates from time to time.
Stay tuned
Please open Telegram to view this post
VIEW IN TELEGRAM
๐25๐ข4
Quick personal note before we dive in.
I owe you an apology โ Iโve been quiet for 5 and a half months.
I needed that time to focus on personal matters and reset.
Iโm back now with more energy. I wonโt promise miracles, but Iโll genuinely try to be more active and consistent.
And of course, I knew I had to come back with Cyber Monday โ because this is what many of you look forward to the most.
If this post resonates, Iโd really appreciate your comments and shares.
โ Yours, @stansecure๐
#CyberMonday headline: Chinese APTs hijacked Notepad++ updates for six months
While we obsess over secure coding, attackers are hijacking the supply chain.
The Incident: Following a new disclosure, itโs confirmed that Notepad++โs hosting infrastructure was compromised by a likely state-sponsored group (attributed to China) from June to December 2025.
TLDR: This wasnโt a vulnerability in the Notepad++ code itself. The attackers compromised the shared hosting provider and selectively intercepted traffic to getDownloadUrl.php. Targeted users โ and only targeted users โ were silently redirected to malicious servers serving infected update manifests.
Why important: This mirrors the recent eScan Antivirus and Open VSX supply chain attacks. The attackers donโt need to break the software's lock if they own the server that delivers it. Notepad++ finally ๐คฆโโ๏ธ enforced XML signing in v8.9.2, but for 6 months, the "trust" was broken.
๐ฅ Top News:
โ Browser attacks: New research shows AI browsers can be hijacked via prompt injection, turning your helpful assistant into an insider threat that exfiltrates data.
โ Ukraine Alert (CERT-UA): APT28 (UAC-0001) is actively targeting UA and EU entities with a malicious doc (Consultation_Topics_Ukraine(Final).doc) exploiting CVE-2026-21509. If you see this file, isolate immediately.
โ Supply Chain hits Open VSX: A legitimate developer account was compromised to push the "GlassWorm" malware via the Open VSX registry.
It feels good to be back.
Iโm curious, what was the biggest security shift you noticed in the last 5 months while I was gone? Let me know in the comments.
Stay vigilant๐
P.S. Look for the CVE alert in the first comment ๐
___
Enjoy this? ๐ Repost it to your network and follow @securediary for more.
Join me on LinkedIn.
#CyberSecurity #Infosec #NotepadPlusPlus
I owe you an apology โ Iโve been quiet for 5 and a half months.
I needed that time to focus on personal matters and reset.
Iโm back now with more energy. I wonโt promise miracles, but Iโll genuinely try to be more active and consistent.
And of course, I knew I had to come back with Cyber Monday โ because this is what many of you look forward to the most.
If this post resonates, Iโd really appreciate your comments and shares.
โ Yours, @stansecure
#CyberMonday headline: Chinese APTs hijacked Notepad++ updates for six months
While we obsess over secure coding, attackers are hijacking the supply chain.
The Incident: Following a new disclosure, itโs confirmed that Notepad++โs hosting infrastructure was compromised by a likely state-sponsored group (attributed to China) from June to December 2025.
TLDR: This wasnโt a vulnerability in the Notepad++ code itself. The attackers compromised the shared hosting provider and selectively intercepted traffic to getDownloadUrl.php. Targeted users โ and only targeted users โ were silently redirected to malicious servers serving infected update manifests.
Why important: This mirrors the recent eScan Antivirus and Open VSX supply chain attacks. The attackers donโt need to break the software's lock if they own the server that delivers it. Notepad++ finally ๐คฆโโ๏ธ enforced XML signing in v8.9.2, but for 6 months, the "trust" was broken.
โ Browser attacks: New research shows AI browsers can be hijacked via prompt injection, turning your helpful assistant into an insider threat that exfiltrates data.
โ Ukraine Alert (CERT-UA): APT28 (UAC-0001) is actively targeting UA and EU entities with a malicious doc (Consultation_Topics_Ukraine(Final).doc) exploiting CVE-2026-21509. If you see this file, isolate immediately.
โ Supply Chain hits Open VSX: A legitimate developer account was compromised to push the "GlassWorm" malware via the Open VSX registry.
It feels good to be back.
Iโm curious, what was the biggest security shift you noticed in the last 5 months while I was gone? Let me know in the comments.
Stay vigilant
P.S. Look for the CVE alert in the first comment ๐
___
Enjoy this? ๐ Repost it to your network and follow @securediary for more.
Join me on LinkedIn.
#CyberSecurity #Infosec #NotepadPlusPlus
Please open Telegram to view this post
VIEW IN TELEGRAM
๐16
In Ukraine, cyber defense is not theoretical. Itโs forged in a war with aggressor.
Thatโs why I'm planning to attend Kyiv International Cyber Resilience Forum (Feb 19-20), not for trends, but for lessons forged in real conditions.
These events for me are:
โข A chance to learn what works on the front lines
โข Meet people who get the high-stakes environment (and the stress)
โข Share how we level up our own cyber posture
Iโm especially looking forward to insights from:
Vitaly Balashov -- shaping cloud security and Ukraine's national standards.
Serhii Khariuk -- building and testing defenses for EU and U.S. markets.
Forums like this matter because they compress years of learning into conversations.
Are you planning to attend? Let's meetup!
#CyberResilience #CyberSecurity #InfoSec
@securediary
Thatโs why I'm planning to attend Kyiv International Cyber Resilience Forum (Feb 19-20), not for trends, but for lessons forged in real conditions.
These events for me are:
โข A chance to learn what works on the front lines
โข Meet people who get the high-stakes environment (and the stress)
โข Share how we level up our own cyber posture
Iโm especially looking forward to insights from:
Vitaly Balashov -- shaping cloud security and Ukraine's national standards.
Serhii Khariuk -- building and testing defenses for EU and U.S. markets.
Forums like this matter because they compress years of learning into conversations.
Are you planning to attend? Let's meetup!
#CyberResilience #CyberSecurity #InfoSec
@securediary
๐10
This started like a normal developer interview.
A recruiter reached out to my colleague, Mykyta Kurochka, about a Node.js role at Cryptan Labs.
Honestly, at first, everything just felt totally normal.
The interview felt routine. Figma designs. Tech specs that matched the role. The kind of call most of us have.
But then, little things started to feel off...
The recruiter turned the camera off after a few minutes.
The project was supposedly brand new โ only 2โ3 weeks old.
Mykyta was asked to review their code and join a GitHub org.
The repository arrived as a ZIP archive.
None of these alone screams โscam.โ
Together, they deserved a pause.
Before running anything, Mykyta checked <๐๐๐๐๐๐๐.๐๐๐๐>.
Some outdated dependencies โ not the weirdest thing ever.
Still, he decided not to run the project until he understood what it actually did.๐
Frankly, many people wouldโve skipped that step.
The repo itself was strange: very little real logic, but a massive structure.
That alone raised questions.
Then <๐๐๐ ๐๐๐๐๐๐๐> finishedโฆ
and the app ๐๐๐ฎ๐ฟ๐๐ฒ๐ฑ ๐ฟ๐๐ป๐ป๐ถ๐ป๐ด ๐ฎ๐๐๐ผ๐บ๐ฎ๐๐ถ๐ฐ๐ฎ๐น๐น๐.
The reason was concealed in a <๐๐๐๐๐๐๐> script that launched <๐๐๐๐๐๐/๐๐๐๐๐๐.๐๐> (๐พ2๐พ).
When Mykyta asked why anything was auto-executing, the response was:
โJust part of the process.โ
He was pushed to run it again.
Thatโs where he stopped.
Instead of proceeding, he shut things down:
โข Closed active ports
โข Regenerated SSH keys
โข Ran the code through security checks
โข Reviewed what data could have been exposed
What turned up wasnโt minor.
There was code enabling remote execution.
Environment variables were being sent out.
At that point, it was clear this wasnโt sloppy engineering.
It looked intentional.
And it was hiding behind a โjob interview.โ
Mykytaโs decision to slow down likely prevented a real incident.
If thereโs one takeaway here, itโs this:
interviews donโt deserve blind trust.
A few reminders worth repeating:
โข Always check what scripts run during setup
โข Never auto-launch unfamiliar code
โข Be cautious with new GitHub org invites
โข If something feels rushed or strange, pause, always
Iโm sharing this because these tactics are becoming more common.
Have you seen anything similar during interviews or test tasks?
Sharing stories like this helps us stay safe.
___
Enjoy this? ๐ Repost it to your network and follow @securediary for more.
Join me on LinkedIn.
#JobScams #CyberSecurity #InfoSec
A recruiter reached out to my colleague, Mykyta Kurochka, about a Node.js role at Cryptan Labs.
Honestly, at first, everything just felt totally normal.
The interview felt routine. Figma designs. Tech specs that matched the role. The kind of call most of us have.
But then, little things started to feel off...
The recruiter turned the camera off after a few minutes.
The project was supposedly brand new โ only 2โ3 weeks old.
Mykyta was asked to review their code and join a GitHub org.
The repository arrived as a ZIP archive.
None of these alone screams โscam.โ
Together, they deserved a pause.
Before running anything, Mykyta checked <๐๐๐๐๐๐๐.๐๐๐๐>.
Some outdated dependencies โ not the weirdest thing ever.
Still, he decided not to run the project until he understood what it actually did.๐
Frankly, many people wouldโve skipped that step.
The repo itself was strange: very little real logic, but a massive structure.
That alone raised questions.
Then <๐๐๐ ๐๐๐๐๐๐๐> finishedโฆ
and the app ๐๐๐ฎ๐ฟ๐๐ฒ๐ฑ ๐ฟ๐๐ป๐ป๐ถ๐ป๐ด ๐ฎ๐๐๐ผ๐บ๐ฎ๐๐ถ๐ฐ๐ฎ๐น๐น๐.
The reason was concealed in a <๐๐๐๐๐๐๐> script that launched <๐๐๐๐๐๐/๐๐๐๐๐๐.๐๐> (๐พ2๐พ).
When Mykyta asked why anything was auto-executing, the response was:
โJust part of the process.โ
He was pushed to run it again.
Thatโs where he stopped.
Instead of proceeding, he shut things down:
โข Closed active ports
โข Regenerated SSH keys
โข Ran the code through security checks
โข Reviewed what data could have been exposed
What turned up wasnโt minor.
There was code enabling remote execution.
Environment variables were being sent out.
At that point, it was clear this wasnโt sloppy engineering.
It looked intentional.
And it was hiding behind a โjob interview.โ
Mykytaโs decision to slow down likely prevented a real incident.
If thereโs one takeaway here, itโs this:
interviews donโt deserve blind trust.
A few reminders worth repeating:
โข Always check what scripts run during setup
โข Never auto-launch unfamiliar code
โข Be cautious with new GitHub org invites
โข If something feels rushed or strange, pause, always
Iโm sharing this because these tactics are becoming more common.
Have you seen anything similar during interviews or test tasks?
Sharing stories like this helps us stay safe.
___
Enjoy this? ๐ Repost it to your network and follow @securediary for more.
Join me on LinkedIn.
#JobScams #CyberSecurity #InfoSec
1๐11๐ค1
Russian APT28 Exploit Zero-Day Hours After Microsoft Discloses Office Vulnerability.
Ukraineโs cyber defenders warned that Russian hackers weaponized a Microsoft Office zero-day within 24 hours of public disclosure.
The Russia-linked state-sponsored group APT28 exploited CVE-2026-21509 to deliver malicious documents targeting Ukrainian government agencies and European Union institutions.
Ukraineโs Computer Emergency Response Team observed exploitation attempts beginning on January 27 -- just one day after Microsoft disclosed the vulnerability on January 26.
Microsoft acknowledged active exploitation at disclosure, but attribution details were initially withheld. The speed and customization of APT28โs follow-on attacks highlight how narrow the defensive window has become.
Act now, see action advice in the comment section.
๐ฅ Top News:
โ Asian State-Backed Group TGR-STA-1030 Breaches 70 Government, Infrastructure Entities.
โ CISA Orders Federal Agencies to Remove Unsupported Hardware and Software to Reduce Risk.
โ Microsoft Moves to Retire TLS 1.0, 1.1 in Azure Blob Storage.
โ OpenClaw (a.k.a. Moltbot), a cascade of LLMs, poses a significant risk to your data if not properly managed or restricted.
โ German Agencies Warn of Signal Phishing Targeting Politicians, Military, Journalists.
Links to sources and CVEs alert in comments.๐
As always, share your thoughts, ideas, and new CVEs in comments.
Stay secure๐
___
Enjoy this? ๐ Repost it to your network and follow @securediary for more.
Join me on LinkedIn.
#Cybersecurity #InfoSec #ThreatIntel
Ukraineโs cyber defenders warned that Russian hackers weaponized a Microsoft Office zero-day within 24 hours of public disclosure.
The Russia-linked state-sponsored group APT28 exploited CVE-2026-21509 to deliver malicious documents targeting Ukrainian government agencies and European Union institutions.
Ukraineโs Computer Emergency Response Team observed exploitation attempts beginning on January 27 -- just one day after Microsoft disclosed the vulnerability on January 26.
Microsoft acknowledged active exploitation at disclosure, but attribution details were initially withheld. The speed and customization of APT28โs follow-on attacks highlight how narrow the defensive window has become.
Act now, see action advice in the comment section.
โ Asian State-Backed Group TGR-STA-1030 Breaches 70 Government, Infrastructure Entities.
โ CISA Orders Federal Agencies to Remove Unsupported Hardware and Software to Reduce Risk.
โ Microsoft Moves to Retire TLS 1.0, 1.1 in Azure Blob Storage.
โ OpenClaw (a.k.a. Moltbot), a cascade of LLMs, poses a significant risk to your data if not properly managed or restricted.
โ German Agencies Warn of Signal Phishing Targeting Politicians, Military, Journalists.
Links to sources and CVEs alert in comments.๐
As always, share your thoughts, ideas, and new CVEs in comments.
Stay secure
___
Enjoy this? ๐ Repost it to your network and follow @securediary for more.
Join me on LinkedIn.
#Cybersecurity #InfoSec #ThreatIntel
Please open Telegram to view this post
VIEW IN TELEGRAM
๐11