#CyberMonday Office RCEs. Bluetooth car hacks. Four teens arrested after cyberattacks.

The National Crime Agency arrested three young men and one woman-ages 17 to 20-used, who used social engineering to breach two of the UK’s biggest retailer stores (M&S and Co-op).


🔥Top News:

→ Patch Tuesday: Microsoft Office RCEs

→ PerfektBlue Bluetooth Vulnerabilities Expose Millions of Vehicles to Remote Code Execution

→ An Iranian-backed ransomware-as-a-service (RaaS) named Pay2Key has resurfaced in the wake of the Israel-Iran-U.S. conflict last month

→ Fortinet's critical SQL injection flaw affecting FortiWeb

→ Wing FTP Server vulnerability actively exploited


🫢 New Critical/High CVEs:
→ CVE-2016-10033 (#PHPMailer #PublicExploit)
→ CVE-2019-9621 (#Zimbra #PublicExploit)
→ CVE-2019-5418 (#ActionView #PublicExploit)
→ CVE-2025-5777 (#NetScaler #KnownExploited)
→ CVE-2014-3931 (#MRLG #KnownExploited)


As always, share new CVEs and your thoughts in comments. 👇

Stay secure 😑

___

Enjoy this? 🔄 Repost it to your network and follow @securediary for more.

Join me on LinkedIn.

#Cybersecurity #InfoSec #ThreatIntel

How to Improve my Cybersecurity Blog.

I asked for your feedback and response was incredible.
A huge thank you to everyone who shared their thoughts! The quality and quantity of the feedback was humbling. I truly appreciate it.

What you like

✅ Consistency & Quality
The predictable #CyberMonday posts, sharp insights, and quality visuals all a hit.

✅ Clarity & Accessibility
You appreciate that the content is easy to understand, even for beginners, and provides a clear message.

✅ Value
Getting relevant news summaries without having to search the internet is something you find valuable.

Now to the exciting part: the improvements. I've gathered all your suggestions into a few key themes.

Here are the top recommendations

1️⃣ Real-World Stories & Case Studies
This was the most requested topic. You want to hear about real cases (mine or others), the biggest hacks and failures. The focus would be on how problems were actually solved, not just what happened.
(Inspired by Oleksandr, Vasyl, Anton, @leleka_marabou)

2️⃣ Career Growth & A Day in the Life
Many of you, especially those looking to enter or switch to cybersecurity, want to know what the job is really like. This could include my present struggles, career paths, and how I look for new opportunities and certifications.
(Inspired by Anna Ovsepian, @OleksTpk, @rdbstrd)

3️⃣ Deep Dives & Niche Research:
A call for more technical content, including reviews of promising tools, deep dives into infosec research, and analysis of bug bounty reports.
(Inspired by Dawid Czarnecki, @TuPa_Ded, @rdbstrd)

4️⃣ More Fun
Injecting more personality, some funny stories or jokes related to the field.
(Inspired by Abel, Anna Ovsepian, @rdbstrd)

As I promissed I've choosen a winner for most valuable comment. The winner is @rdbstrd!

Please send me a DM, and we'll sort out how to send you a book! 🙂

Thank you again to everyone who contributed, including Oleksandr Zaliubovskyi, Vladyslav Panchenko, Dawid Czarnecki, Vasyl Kuzyk, Pavlo Somko, Abel Hailu, Anton Kalakutskyi, Anna Ovsepian, Anastasia Mieshkova, @letsencryptssl, @TuPa_Ded, @OleksTpk, @leleka_marabou, and @rdbstrd.

Let's build a better blog together.

As always, stay secure😑.

___

Enjoy this? 🔄 Repost it to your network and follow @securediary for more.

Join me on LinkedIn.

#Cybersecurity #InfoSec #CyberSec

#CyberMonday Microsoft let engineers in China touch US DoD data.

Last week, a ProPublica investigation revealed that Microsoft subcontractors in China helped maintain US Defense Department systems-with little oversight from US staff.

Sensitive data. Minimal control = Maximum risk.

🔥Top News:

→ Salt Typhoon (China-backed APT) quietly compromised the US Army National Guard for nearly a year.

→ Massistant, a new surveillance tool in China – can silently extract SMS, GPS, and images from confiscated phones.

→ Ivanti Zero-Days Exploited

→ CERT-UA Discovers LAMEHUG Malware Linked to APT28, Using LLM for Phishing Campaign


🫢 New Critical CVEs:
→ CVE-2025-53770 (#SharePoint #KnownExploited)
→ CVE-2025-25257 (#FortiWeb #KnownExploited)
→ CVE-2025-47812 (#WingFTP #PublicExploit)

Share new CVEs and your thoughts in comments. 👇

Stay secure 😑

___

Enjoy this? 🔄 Repost it to your network and follow @securediary for more.

Join me on LinkedIn.

#Cybersecurity #InfoSec #ThreatIntel

Cybersecurity in Development - Online Webinar.

I am joining PM Coffee Time with Mykola Kalakutskyi and Kateryna Mandryka for their 40th anniversary session on July 30th. We'll talk about cybersecurity in development-and why you must keep security at the center of every project.

Here's what you can expect 👇

→ How secure development process protects your project
→ Why every person in organization (not just security teams) is responsible for strong cyber defense
→ Practical steps to make security part of your SDLC
→ How can cybersecurity be an enabler for your business

Good security is not something you add at the end. You build it in from day one.

The session is open to everyone - new PMs, senior leaders, and anyone who cares about quality and resilience.

📅 July 30th

🔗 Free to join: https://lnkd.in/dgSWvhrQ

___

Enjoy this? 🔄 Repost it to your network and follow @securediary for more.

Join me on LinkedIn.

#Cybersecurity #InfoSec #ProjectManagement

#CyberMonday SharePoint at risk even after updates.

Attackers are using ToolShell to target unpatched SharePoint servers on-premises.

They install web shell backdoors and steal Machine Keys. That means even after you patch, attackers can stick around, move deeper, and deploy ransomware.

Read more on CVE-2025-53770.

Rapid-response checklist:

→ Isolate vulnerable servers from your network
→ Apply all available SharePoint updates
→ Rotate Machine Keys
→ Ensure anti-malware scanning is enabled
→ Reset all credentials that touched those servers
→ Scan for indicators of compromise


🔥Top News:

→ CrushFTP Critical Flaw Exploited (CVE-2025-54309)

→ UK Plans Ransomware Payment Ban and Reporting Requirements

→ Cyber Espionage Campaign Hits Russian Aerospace Sector Using EAGLET Backdoor


🫢 New Critical/High CVEs:
→ CVE-2025-2775/2776 (#SysAid #XXE)
→ CVE-2025-6558 (#Chrome #SandboxEscape)


What grabbed your attention this week? Share in comments.

Stay safe 😑

___

Enjoy this? 🔄 Repost it to your network and follow @securediary for more.

Join me on LinkedIn.

#Cybersecurity #InfoSec #ThreatIntel

#CyberMonday AI-generated npm malware drained 1,500+ Solana wallets.

The kodane/patch-manager package looked normal. It promised "advanced license validation" for Node.js apps.

Hidden in its code: an "enhanced crypto wallet drainer."
Created by AI.
Spread through the npm registry.
Over 1,500 people downloaded it. Their Solana wallets emptied.

Sad truth:
AI makes it easier to create and hide these threats.


🔥Top News:

→ The Russian nation-state threat actor known as Secret Blizzard orchestrated a new cyber espionage campaign targeting foreign embassies located in Moscow by means of an adversary-in-the-middle (AitM).

→ Fake OAuth apps mimicked Adobe & SharePoint to hijack Microsoft 365 accounts.

→ Apple Updates Everything. A total of 89 different vulnerabilities patched.


🫢 New Critical/High CVEs:
→ CVE-2025-20337/20281 (#CiscoISE)
→ CVE-2025-6558 (#PaperCut)

Less news to report, is the vacation season influencing things?

Stay vigilant 😑

___

Enjoy this? 🔄 Repost it to your network and follow @securediary for more.

Join me on LinkedIn.

#Cybersecurity #InfoSec #ThreatIntel

ChatGPT Private Chats Exposed on Google in Privacy Breach

Thousands of private ChatGPT conversations ended up searchable on Google. All because of a misconfigured sharing feature that let search engines crawl unique chat links.

What happened?

→ OpenAI let users share chats with unique URLs.
→ The robots.txt file didn't block Google from crawling them.
→ Many users had no idea their "private" links were public.

OpenAI acted. Disabled the tool, started removing links from search.

I've checked myself and wasn't able to found anything on Google.

However, other search engines (DuckDuckGo, Bing), seem to still have trace of it. Internet doesn't forget. Web archives may hold many of those chats. For people affected, the damage is real and lasting.

Do your own research 🥸

Never assume privacy and security is guaranteed.

Stay secure 😑

___

Enjoy this? 🔄 Repost it to your network and follow @securediary for more.

Join me on LinkedIn.

#Cybersecurity #InfoSec #DataBreach

#CyberMonday CyberArk and HashiCorp Critical Flaws

Last week, researchers found over a dozen new vulnerabilities in CyberArk and HashiCorp vaults. These flaws let attackers take control of enterprise vaults - no credentials needed.

Patch now


🔥Top News:

→ Microsoft released an advisory for a high-severity Exchange Server flaw (CVE-2025-53786). This bug lets attackers gain elevated privileges in hybrid cloud setups.

→ Adobe patched two critical bugs in Experience Manager Forms. Public exploits available.

→ CERT-UA warns of the UAC-0099 threat actor using new malware (MATCHBOIL, MATCHWOK, DRAGSTARE) against Ukraine's infrastructure.


📌 Exploitability spike +50%:
→ CVE-2022-40799 (#DLink)
→ CVE-2025-53770 (#SharePoint)

As always, share new CVEs and your thoughts in comments. 👇

Stay secure 😑

___

Enjoy this? 🔄 Repost it to your network and follow @securediary for more.

Join me on LinkedIn.

#Cybersecurity #InfoSec #ThreatIntel

Hey guys,

I have been quite busy lately.
I am no longer able to post frequently, so I will, for now, stop posting #CyberMondays.

I know, that is sad. But hey, life happens, and you have to cope with it.

I will, however, post things I find interesting and cybersecurity updates from time to time.

Stay tuned 😑

Quick personal note before we dive in.

I owe you an apology — I’ve been quiet for 5 and a half months.
I needed that time to focus on personal matters and reset.

I’m back now with more energy. I won’t promise miracles, but I’ll genuinely try to be more active and consistent.
And of course, I knew I had to come back with Cyber Monday — because this is what many of you look forward to the most.
If this post resonates, I’d really appreciate your comments and shares.
— Yours, @stansecure 😑

#CyberMonday headline: Chinese APTs hijacked Notepad++ updates for six months

While we obsess over secure coding, attackers are hijacking the supply chain.

The Incident: Following a new disclosure, it’s confirmed that Notepad++’s hosting infrastructure was compromised by a likely state-sponsored group (attributed to China) from June to December 2025.

TLDR: This wasn’t a vulnerability in the Notepad++ code itself. The attackers compromised the shared hosting provider and selectively intercepted traffic to getDownloadUrl.php. Targeted users — and only targeted users — were silently redirected to malicious servers serving infected update manifests.

Why important: This mirrors the recent eScan Antivirus and Open VSX supply chain attacks. The attackers don’t need to break the software's lock if they own the server that delivers it. Notepad++ finally 🤦‍♂️ enforced XML signing in v8.9.2, but for 6 months, the "trust" was broken.

🔥Top News:

→ Browser attacks: New research shows AI browsers can be hijacked via prompt injection, turning your helpful assistant into an insider threat that exfiltrates data.

→ Ukraine Alert (CERT-UA): APT28 (UAC-0001) is actively targeting UA and EU entities with a malicious doc (Consultation_Topics_Ukraine(Final).doc) exploiting CVE-2026-21509. If you see this file, isolate immediately.

→ Supply Chain hits Open VSX: A legitimate developer account was compromised to push the "GlassWorm" malware via the Open VSX registry.

It feels good to be back.
I’m curious, what was the biggest security shift you noticed in the last 5 months while I was gone? Let me know in the comments.

Stay vigilant 😑

P.S. Look for the CVE alert in the first comment 👇
___

Enjoy this? 🔄 Repost it to your network and follow @securediary for more.

Join me on LinkedIn.

#CyberSecurity #Infosec #NotepadPlusPlus

Russian APT28 Exploit Zero-Day Hours After Microsoft Discloses Office Vulnerability.

Ukraine’s cyber defenders warned that Russian hackers weaponized a Microsoft Office zero-day within 24 hours of public disclosure.

The Russia-linked state-sponsored group APT28 exploited CVE-2026-21509 to deliver malicious documents targeting Ukrainian government agencies and European Union institutions.

Ukraine’s Computer Emergency Response Team observed exploitation attempts beginning on January 27 -- just one day after Microsoft disclosed the vulnerability on January 26.

Microsoft acknowledged active exploitation at disclosure, but attribution details were initially withheld. The speed and customization of APT28’s follow-on attacks highlight how narrow the defensive window has become.

Act now, see action advice in the comment section.


🔥Top News:

→ Asian State-Backed Group TGR-STA-1030 Breaches 70 Government, Infrastructure Entities.

→ CISA Orders Federal Agencies to Remove Unsupported Hardware and Software to Reduce Risk.

→ Microsoft Moves to Retire TLS 1.0, 1.1 in Azure Blob Storage.

→ OpenClaw (a.k.a. Moltbot), a cascade of LLMs, poses a significant risk to your data if not properly managed or restricted.

→ German Agencies Warn of Signal Phishing Targeting Politicians, Military, Journalists.

Links to sources and CVEs alert in comments.👇
As always, share your thoughts, ideas, and new CVEs in comments.

Stay secure 😑

___

Enjoy this? 🔄 Repost it to your network and follow @securediary for more.

Join me on LinkedIn.

#Cybersecurity #InfoSec #ThreatIntel

AI-powered pentesting tools are evolving fast — but most struggle with validation and false-positive control.

I came across a platform that addresses this with proof-of-execution scoring and per-scan isolation.

NeuroSploit v3 is an open-source attempt to make AI pentest look more like the work of a human team, not a noisy scanner.

The core idea is simple.

Instead of just "guessing" based on an LLM prompt, it spins up isolated Kali Linux containers and uses negative controls and proof-of-execution checks to validate findings before they ever reach the report.

NeuroSploit focuses on three main areas:

1) Coverage and context
→ 100 vulnerability types in 10 categories
→ 3 streams in parallel: recon, junior tester, tool runner
→ Built-in integration with tools you already know (nmap, nuclei, sqlmap, ffuf, etc.)

2) Isolation and control
→ Every scan runs inside its own Kali Linux Docker container
→ Per-scan tools install, hard CPU/RAM limits, auto cleanup
→ Container pool with TTL and orphan cleanup for stable operations

3) Validation and proof-of-execution
→ Negative controls: send benign “safe” requests to cut false signals
→ 25+ proof methods per vuln type (XSS context, SSRF markers, DB error patterns, etc.)
→ Confidence scoring 0–100 with a final “validation judge” that approves or rejects a finding

On top of that, it can talk to several LLM providers (Claude, GPT, Gemini, local LLMs) and adapt mid-scan when endpoints die, WAF blocks, or returns start to show diminishing value.

Is it perfect? No.
Is it closer to how I want AI to work in offensive security? For me, yes.

Would you find it useful if I tried NeuroSploit v3 and shared my honest take on it?

Stay secure 😑
___

Enjoy this? 🔄 Repost it to your network and follow @securediary for more.

Join me on LinkedIn.

#Cybersecurity #InfoSec #ThreatIntel

Security teams are entering a new phase.

AI is finding vulnerabilities faster.
Attackers are exploiting faster.
And traditional patch cycles are starting to look slow by comparison.

🔥 This week's Top News:

→ Microsoft patch six actively exploited zero-days (CVE-2026-21510 through -21525)

→ Google fix Chrome zero-day CVE-2026-2441 under active attack

→ Research showing Claude Opus 4.6 identified 500+ memory corruption vulnerabilities in open-source projects

→ Threat actors are already targeting infrastructure around the Milano Cortina 2026 Winter Games

What matters now isn’t just scanning, but building a robust response architecture.

When a new exploited vulnerability emerges, I always look for three core areas:

1️⃣ Exposure mapping
Do we know which systems are externally reachable or user-triggerable?
Can we prioritize based on potential impact, rather than relying solely on CVSS?

2️⃣ Remediation verification
Can we confirm remediation on the systems that matter most — not just report rollout percentage?

3️⃣ Mitigation
If patching is delayed, are compensating controls in place (isolation, policy tightening, monitoring)?

The velocity of security has changed.
The question isn’t whether AI will reshape vulnerability management.
It already is.

AI is already a tool for both attackers and defenders. Those who adapt quickly will come on top.

A question to you:
How are you adjusting your patching or AppSec workflows to account for faster discovery cycles?
Do you use AI?

Look for CVE Alert in the first comment. 👇

Stay secure 😑
___

Enjoy this? 🔄 Repost it to your network and follow @securediary for more.

Join me on LinkedIn.

#CyberSecurity #Infosec #ThreatIntel

If your AI can write code… it should help secure it, too.

Anthropic just rolled out Claudе Code Security, a new feature designed to scan codebases for flaws and suggest patches.

AI is already great at parsing logs and highlighting anomalies. But stepping into the auditor's shoes to patch code? That requires deep context.

The true test isn't if Claude can find a flaw; it's whether it understands the messy reality of a production environment without hallucinating a "fix" that breaks the build.

Here's how to use Claude Code Security safely:

1️⃣ Extra pair of eyes
→ Run AI scans on every merge and pull request
→ Let it flag risky patterns

2️⃣ Human in control
→ Security engineer or senior Dev reviews each AI fix
→ No auto-merge from AI output

3️⃣ Tie into threat intel
→ Watch CISA Known Exploited Vulns
→ Confirm your codebase isn't using specific vulnerable functions of the CVEs

I extensively use AI for day-to-day work. For example, for threat intel summary, customer email draft, or compliance audit prep. It’s a fantastic junior analyst. But it is always an assistant, not the one signing off on the decisions.

Do you trust AI to patch your production code or not? 🤔

For the #CyberMonday News and CVE alert, see the first comment. 👇

@securediary

Four years of full-scale war. 1,461 days of resilience.

When I served as a SOC Division Chief in the Armed Forces, we prepared for hybrid threats. But the reality of the last four years rewired everything I know about defense.

Living and working in Kyiv, I’ve seen the concept of "Business Continuity" transform from a compliance checkbox into a survival instinct. We don’t just test backups for auditors anymore. We build systems that must survive when the power grid is hit, when the data center runs on diesel, and when the team is coding from shelters.

The biggest lesson for the global cybersecurity community?
Fragility is a choice.

We learned that secure architecture isn't about building unbreachable walls. It's about how fast you can stand back up when the walls shake.

To my fellow Ukrainians: We stand. We build. We defend.
To the global community: Don't wait for a crisis to test if your BCP actually works.

The photo date Feb 25th, the second day of full-scale war. My wife and I are relocating to Tuskavets.

Thank you, Creatio and Katherine Kostereva, for making it possible.

Is your resilience tested? 🤔

Ours is tested, every day.

AI is coming everywhere, and Cybersecurity is not an exception.

Kyiv International Cyber Resilience Forum was a blast. I have not yet seen so many cyber people in one place. This is one of the biggest Cybersecurity events in Ukraine to date.

The amount and intensity of the networking was unbelievable. Since I came to the forum at 11:00 a.m. I could not attend any of the panels or stages for the whole 2-2.5 hours, purely because of the number of people I knew and wanted to talk to.

The discussions just kept going, and I loved it.

The networking was clearly the main feature of the event. The people from Ukraine's Gov Cyberdefence, Startups, European Gov representatives, and Global startups.

The event was a "Cybersecurity Networking Academy Award" winner.

👇 What were the key topics for me?

1. AI is coming everywhere, and Cybersecurity is not an exception.

Hackers and Red teams using AI to find bugs, Defenders and Cybersecurity vendors using AI to defend. If you or your company are not using AI to find bugs or defend against them, you will become outdated and replaced very soon.

2. Cybersecurity community is growing day by day.

The demand for cybersecurity professionals is at all times high; companies that haven't done cyber before, such as SHERIFF, are now entering the market to defend not only security but also cybersecurity, as this is an inseparable element of privacy and safety nowadays. The wars start with cyber reconnaissance. The power grids, hospitals, schools, and business got attacked in the cybersecurity field. It's easier to apply, and it is not a head-on conflict as in physical space; it is abused a lot.

3. People are the weakest link in your cybersecurity chain (as it always been).

Global companies and governments got hacked because someone installed some suspicious Chrome spyware that stole the password to a corporate or gov account. People click on phishing links, not even knowing what they are or that there are emails, links, and attachments that should never be opened. Educate, educate, and then repeat. Regular cybersecurity speaking corners and mini-courses are a must nowadays. It’s not just about your company’s privacy and security; it’s about your personal privacy and security, too.

4. Ukraine is outpacing Europe in cyberspace.

Cybersecurity companies and professionals from Ukraine are growing fast, and government agencies are strong and cyber-resilient. Ukraine is already outpacing Europe in the Cyberspace, and is catching up to the United States very quickly. The professionals from Ukraine are in demand, and the companies are ready to pay top dollar for their experience.

Have you been to the event? What stood out to you? 😑

@securediary