#CyberMonday Microsoft let engineers in China touch US DoD data.
Last week, a ProPublica investigation revealed that Microsoft subcontractors in China helped maintain US Defense Department systems-with little oversight from US staff.
Sensitive data. Minimal control = Maximum risk.
🔥 Top News:
→ Salt Typhoon (China-backed APT) quietly compromised the US Army National Guard for nearly a year.
→ Massistant, a new surveillance tool in China – can silently extract SMS, GPS, and images from confiscated phones.
→ Ivanti Zero-Days Exploited
→ CERT-UA Discovers LAMEHUG Malware Linked to APT28, Using LLM for Phishing Campaign
🫢 New Critical CVEs:
→ CVE-2025-53770 (#SharePoint #KnownExploited)
→ CVE-2025-25257 (#FortiWeb #KnownExploited)
→ CVE-2025-47812 (#WingFTP #PublicExploit)
Share new CVEs and your thoughts in comments. 👇
Stay secure😑
___
Enjoy this? 🔄 Repost it to your network and follow @securediary for more.
Join me on LinkedIn.
#Cybersecurity #InfoSec #ThreatIntel
Last week, a ProPublica investigation revealed that Microsoft subcontractors in China helped maintain US Defense Department systems-with little oversight from US staff.
Sensitive data. Minimal control = Maximum risk.
→ Salt Typhoon (China-backed APT) quietly compromised the US Army National Guard for nearly a year.
→ Massistant, a new surveillance tool in China – can silently extract SMS, GPS, and images from confiscated phones.
→ Ivanti Zero-Days Exploited
→ CERT-UA Discovers LAMEHUG Malware Linked to APT28, Using LLM for Phishing Campaign
→ CVE-2025-53770 (#SharePoint #KnownExploited)
→ CVE-2025-25257 (#FortiWeb #KnownExploited)
→ CVE-2025-47812 (#WingFTP #PublicExploit)
Share new CVEs and your thoughts in comments. 👇
Stay secure
___
Enjoy this? 🔄 Repost it to your network and follow @securediary for more.
Join me on LinkedIn.
#Cybersecurity #InfoSec #ThreatIntel
Please open Telegram to view this post
VIEW IN TELEGRAM
👍6
Cybersecurity in Development - Online Webinar.
I am joining PM Coffee Time with Mykola Kalakutskyi and Kateryna Mandryka for their 40th anniversary session on July 30th. We'll talk about cybersecurity in development-and why you must keep security at the center of every project.
Here's what you can expect 👇
→ How secure development process protects your project
→ Why every person in organization (not just security teams) is responsible for strong cyber defense
→ Practical steps to make security part of your SDLC
→ How can cybersecurity be an enabler for your business
Good security is not something you add at the end. You build it in from day one.
The session is open to everyone - new PMs, senior leaders, and anyone who cares about quality and resilience.
📅 July 30th
🔗 Free to join: https://lnkd.in/dgSWvhrQ
___
Enjoy this? 🔄 Repost it to your network and follow @securediary for more.
Join me on LinkedIn.
#Cybersecurity #InfoSec #ProjectManagement
I am joining PM Coffee Time with Mykola Kalakutskyi and Kateryna Mandryka for their 40th anniversary session on July 30th. We'll talk about cybersecurity in development-and why you must keep security at the center of every project.
Here's what you can expect 👇
→ How secure development process protects your project
→ Why every person in organization (not just security teams) is responsible for strong cyber defense
→ Practical steps to make security part of your SDLC
→ How can cybersecurity be an enabler for your business
Good security is not something you add at the end. You build it in from day one.
The session is open to everyone - new PMs, senior leaders, and anyone who cares about quality and resilience.
🔗 Free to join: https://lnkd.in/dgSWvhrQ
___
Enjoy this? 🔄 Repost it to your network and follow @securediary for more.
Join me on LinkedIn.
#Cybersecurity #InfoSec #ProjectManagement
Please open Telegram to view this post
VIEW IN TELEGRAM
👍8🤯1
#CyberMonday SharePoint at risk even after updates.
Attackers are using ToolShell to target unpatched SharePoint servers on-premises.
They install web shell backdoors and steal Machine Keys. That means even after you patch, attackers can stick around, move deeper, and deploy ransomware.
Read more on CVE-2025-53770.
Rapid-response checklist:
→ Isolate vulnerable servers from your network
→ Apply all available SharePoint updates
→ Rotate Machine Keys
→ Ensure anti-malware scanning is enabled
→ Reset all credentials that touched those servers
→ Scan for indicators of compromise
🔥 Top News:
→ CrushFTP Critical Flaw Exploited (CVE-2025-54309)
→ UK Plans Ransomware Payment Ban and Reporting Requirements
→ Cyber Espionage Campaign Hits Russian Aerospace Sector Using EAGLET Backdoor
🫢 New Critical/High CVEs:
→ CVE-2025-2775/2776 (#SysAid #XXE)
→ CVE-2025-6558 (#Chrome #SandboxEscape)
What grabbed your attention this week? Share in comments.
Stay safe😑
___
Enjoy this? 🔄 Repost it to your network and follow @securediary for more.
Join me on LinkedIn.
#Cybersecurity #InfoSec #ThreatIntel
Attackers are using ToolShell to target unpatched SharePoint servers on-premises.
They install web shell backdoors and steal Machine Keys. That means even after you patch, attackers can stick around, move deeper, and deploy ransomware.
Read more on CVE-2025-53770.
Rapid-response checklist:
→ Isolate vulnerable servers from your network
→ Apply all available SharePoint updates
→ Rotate Machine Keys
→ Ensure anti-malware scanning is enabled
→ Reset all credentials that touched those servers
→ Scan for indicators of compromise
→ CrushFTP Critical Flaw Exploited (CVE-2025-54309)
→ UK Plans Ransomware Payment Ban and Reporting Requirements
→ Cyber Espionage Campaign Hits Russian Aerospace Sector Using EAGLET Backdoor
→ CVE-2025-2775/2776 (#SysAid #XXE)
→ CVE-2025-6558 (#Chrome #SandboxEscape)
What grabbed your attention this week? Share in comments.
Stay safe
___
Enjoy this? 🔄 Repost it to your network and follow @securediary for more.
Join me on LinkedIn.
#Cybersecurity #InfoSec #ThreatIntel
Please open Telegram to view this post
VIEW IN TELEGRAM
👍5🤔1
#CyberMonday AI-generated npm malware drained 1,500+ Solana wallets.
The kodane/patch-manager package looked normal. It promised "advanced license validation" for Node.js apps.
Hidden in its code: an "enhanced crypto wallet drainer."
Created by AI.
Spread through the npm registry.
Over 1,500 people downloaded it. Their Solana wallets emptied.
Sad truth:
AI makes it easier to create and hide these threats.
🔥 Top News:
→ The Russian nation-state threat actor known as Secret Blizzard orchestrated a new cyber espionage campaign targeting foreign embassies located in Moscow by means of an adversary-in-the-middle (AitM).
→ Fake OAuth apps mimicked Adobe & SharePoint to hijack Microsoft 365 accounts.
→ Apple Updates Everything. A total of 89 different vulnerabilities patched.
🫢 New Critical/High CVEs:
→ CVE-2025-20337/20281 (#CiscoISE)
→ CVE-2025-6558 (#PaperCut)
Less news to report, is the vacation season influencing things?
Stay vigilant😑
___
Enjoy this? 🔄 Repost it to your network and follow @securediary for more.
Join me on LinkedIn.
#Cybersecurity #InfoSec #ThreatIntel
The kodane/patch-manager package looked normal. It promised "advanced license validation" for Node.js apps.
Hidden in its code: an "enhanced crypto wallet drainer."
Created by AI.
Spread through the npm registry.
Over 1,500 people downloaded it. Their Solana wallets emptied.
Sad truth:
AI makes it easier to create and hide these threats.
→ The Russian nation-state threat actor known as Secret Blizzard orchestrated a new cyber espionage campaign targeting foreign embassies located in Moscow by means of an adversary-in-the-middle (AitM).
→ Fake OAuth apps mimicked Adobe & SharePoint to hijack Microsoft 365 accounts.
→ Apple Updates Everything. A total of 89 different vulnerabilities patched.
→ CVE-2025-20337/20281 (#CiscoISE)
→ CVE-2025-6558 (#PaperCut)
Less news to report, is the vacation season influencing things?
Stay vigilant
___
Enjoy this? 🔄 Repost it to your network and follow @securediary for more.
Join me on LinkedIn.
#Cybersecurity #InfoSec #ThreatIntel
Please open Telegram to view this post
VIEW IN TELEGRAM
👍9
ChatGPT Private Chats Exposed on Google in Privacy Breach
Thousands of private ChatGPT conversations ended up searchable on Google. All because of a misconfigured sharing feature that let search engines crawl unique chat links.
What happened?
→ OpenAI let users share chats with unique URLs.
→ The robots.txt file didn't block Google from crawling them.
→ Many users had no idea their "private" links were public.
OpenAI acted. Disabled the tool, started removing links from search.
I've checked myself and wasn't able to found anything on Google.
However, other search engines (DuckDuckGo, Bing), seem to still have trace of it. Internet doesn't forget. Web archives may hold many of those chats. For people affected, the damage is real and lasting.
Do your own research🥸
Never assume privacy and security is guaranteed.
Stay secure😑
___
Enjoy this? 🔄 Repost it to your network and follow @securediary for more.
Join me on LinkedIn.
#Cybersecurity #InfoSec #DataBreach
Thousands of private ChatGPT conversations ended up searchable on Google. All because of a misconfigured sharing feature that let search engines crawl unique chat links.
What happened?
→ OpenAI let users share chats with unique URLs.
→ The robots.txt file didn't block Google from crawling them.
→ Many users had no idea their "private" links were public.
OpenAI acted. Disabled the tool, started removing links from search.
I've checked myself and wasn't able to found anything on Google.
However, other search engines (DuckDuckGo, Bing), seem to still have trace of it. Internet doesn't forget. Web archives may hold many of those chats. For people affected, the damage is real and lasting.
Do your own research
Never assume privacy and security is guaranteed.
Stay secure
___
Enjoy this? 🔄 Repost it to your network and follow @securediary for more.
Join me on LinkedIn.
#Cybersecurity #InfoSec #DataBreach
Please open Telegram to view this post
VIEW IN TELEGRAM
👍14
#CyberMonday CyberArk and HashiCorp Critical Flaws
Last week, researchers found over a dozen new vulnerabilities in CyberArk and HashiCorp vaults. These flaws let attackers take control of enterprise vaults - no credentials needed.
Patch now
🔥 Top News:
→ Microsoft released an advisory for a high-severity Exchange Server flaw (CVE-2025-53786). This bug lets attackers gain elevated privileges in hybrid cloud setups.
→ Adobe patched two critical bugs in Experience Manager Forms. Public exploits available.
→ CERT-UA warns of the UAC-0099 threat actor using new malware (MATCHBOIL, MATCHWOK, DRAGSTARE) against Ukraine's infrastructure.
📌 Exploitability spike +50%:
→ CVE-2022-40799 (#DLink)
→ CVE-2025-53770 (#SharePoint)
As always, share new CVEs and your thoughts in comments. 👇
Stay secure😑
___
Enjoy this? 🔄 Repost it to your network and follow @securediary for more.
Join me on LinkedIn.
#Cybersecurity #InfoSec #ThreatIntel
Last week, researchers found over a dozen new vulnerabilities in CyberArk and HashiCorp vaults. These flaws let attackers take control of enterprise vaults - no credentials needed.
Patch now
→ Microsoft released an advisory for a high-severity Exchange Server flaw (CVE-2025-53786). This bug lets attackers gain elevated privileges in hybrid cloud setups.
→ Adobe patched two critical bugs in Experience Manager Forms. Public exploits available.
→ CERT-UA warns of the UAC-0099 threat actor using new malware (MATCHBOIL, MATCHWOK, DRAGSTARE) against Ukraine's infrastructure.
📌 Exploitability spike +50%:
→ CVE-2022-40799 (#DLink)
→ CVE-2025-53770 (#SharePoint)
As always, share new CVEs and your thoughts in comments. 👇
Stay secure
___
Enjoy this? 🔄 Repost it to your network and follow @securediary for more.
Join me on LinkedIn.
#Cybersecurity #InfoSec #ThreatIntel
Please open Telegram to view this post
VIEW IN TELEGRAM
👍8
Hey guys,
I have been quite busy lately.
I am no longer able to post frequently, so I will, for now, stop posting #CyberMondays.
I know, that is sad. But hey, life happens, and you have to cope with it.
I will, however, post things I find interesting and cybersecurity updates from time to time.
Stay tuned😑
I have been quite busy lately.
I am no longer able to post frequently, so I will, for now, stop posting #CyberMondays.
I know, that is sad. But hey, life happens, and you have to cope with it.
I will, however, post things I find interesting and cybersecurity updates from time to time.
Stay tuned
Please open Telegram to view this post
VIEW IN TELEGRAM
👍25😢4
Quick personal note before we dive in.
I owe you an apology — I’ve been quiet for 5 and a half months.
I needed that time to focus on personal matters and reset.
I’m back now with more energy. I won’t promise miracles, but I’ll genuinely try to be more active and consistent.
And of course, I knew I had to come back with Cyber Monday — because this is what many of you look forward to the most.
If this post resonates, I’d really appreciate your comments and shares.
— Yours, @stansecure😑
#CyberMonday headline: Chinese APTs hijacked Notepad++ updates for six months
While we obsess over secure coding, attackers are hijacking the supply chain.
The Incident: Following a new disclosure, it’s confirmed that Notepad++’s hosting infrastructure was compromised by a likely state-sponsored group (attributed to China) from June to December 2025.
TLDR: This wasn’t a vulnerability in the Notepad++ code itself. The attackers compromised the shared hosting provider and selectively intercepted traffic to getDownloadUrl.php. Targeted users — and only targeted users — were silently redirected to malicious servers serving infected update manifests.
Why important: This mirrors the recent eScan Antivirus and Open VSX supply chain attacks. The attackers don’t need to break the software's lock if they own the server that delivers it. Notepad++ finally 🤦♂️ enforced XML signing in v8.9.2, but for 6 months, the "trust" was broken.
🔥 Top News:
→ Browser attacks: New research shows AI browsers can be hijacked via prompt injection, turning your helpful assistant into an insider threat that exfiltrates data.
→ Ukraine Alert (CERT-UA): APT28 (UAC-0001) is actively targeting UA and EU entities with a malicious doc (Consultation_Topics_Ukraine(Final).doc) exploiting CVE-2026-21509. If you see this file, isolate immediately.
→ Supply Chain hits Open VSX: A legitimate developer account was compromised to push the "GlassWorm" malware via the Open VSX registry.
It feels good to be back.
I’m curious, what was the biggest security shift you noticed in the last 5 months while I was gone? Let me know in the comments.
Stay vigilant😑
P.S. Look for the CVE alert in the first comment 👇
___
Enjoy this? 🔄 Repost it to your network and follow @securediary for more.
Join me on LinkedIn.
#CyberSecurity #Infosec #NotepadPlusPlus
I owe you an apology — I’ve been quiet for 5 and a half months.
I needed that time to focus on personal matters and reset.
I’m back now with more energy. I won’t promise miracles, but I’ll genuinely try to be more active and consistent.
And of course, I knew I had to come back with Cyber Monday — because this is what many of you look forward to the most.
If this post resonates, I’d really appreciate your comments and shares.
— Yours, @stansecure
#CyberMonday headline: Chinese APTs hijacked Notepad++ updates for six months
While we obsess over secure coding, attackers are hijacking the supply chain.
The Incident: Following a new disclosure, it’s confirmed that Notepad++’s hosting infrastructure was compromised by a likely state-sponsored group (attributed to China) from June to December 2025.
TLDR: This wasn’t a vulnerability in the Notepad++ code itself. The attackers compromised the shared hosting provider and selectively intercepted traffic to getDownloadUrl.php. Targeted users — and only targeted users — were silently redirected to malicious servers serving infected update manifests.
Why important: This mirrors the recent eScan Antivirus and Open VSX supply chain attacks. The attackers don’t need to break the software's lock if they own the server that delivers it. Notepad++ finally 🤦♂️ enforced XML signing in v8.9.2, but for 6 months, the "trust" was broken.
→ Browser attacks: New research shows AI browsers can be hijacked via prompt injection, turning your helpful assistant into an insider threat that exfiltrates data.
→ Ukraine Alert (CERT-UA): APT28 (UAC-0001) is actively targeting UA and EU entities with a malicious doc (Consultation_Topics_Ukraine(Final).doc) exploiting CVE-2026-21509. If you see this file, isolate immediately.
→ Supply Chain hits Open VSX: A legitimate developer account was compromised to push the "GlassWorm" malware via the Open VSX registry.
It feels good to be back.
I’m curious, what was the biggest security shift you noticed in the last 5 months while I was gone? Let me know in the comments.
Stay vigilant
P.S. Look for the CVE alert in the first comment 👇
___
Enjoy this? 🔄 Repost it to your network and follow @securediary for more.
Join me on LinkedIn.
#CyberSecurity #Infosec #NotepadPlusPlus
Please open Telegram to view this post
VIEW IN TELEGRAM
👍16
In Ukraine, cyber defense is not theoretical. It’s forged in a war with aggressor.
That’s why I'm planning to attend Kyiv International Cyber Resilience Forum (Feb 19-20), not for trends, but for lessons forged in real conditions.
These events for me are:
• A chance to learn what works on the front lines
• Meet people who get the high-stakes environment (and the stress)
• Share how we level up our own cyber posture
I’m especially looking forward to insights from:
Vitaly Balashov -- shaping cloud security and Ukraine's national standards.
Serhii Khariuk -- building and testing defenses for EU and U.S. markets.
Forums like this matter because they compress years of learning into conversations.
Are you planning to attend? Let's meetup!
#CyberResilience #CyberSecurity #InfoSec
@securediary
That’s why I'm planning to attend Kyiv International Cyber Resilience Forum (Feb 19-20), not for trends, but for lessons forged in real conditions.
These events for me are:
• A chance to learn what works on the front lines
• Meet people who get the high-stakes environment (and the stress)
• Share how we level up our own cyber posture
I’m especially looking forward to insights from:
Vitaly Balashov -- shaping cloud security and Ukraine's national standards.
Serhii Khariuk -- building and testing defenses for EU and U.S. markets.
Forums like this matter because they compress years of learning into conversations.
Are you planning to attend? Let's meetup!
#CyberResilience #CyberSecurity #InfoSec
@securediary
👍10
This started like a normal developer interview.
A recruiter reached out to my colleague, Mykyta Kurochka, about a Node.js role at Cryptan Labs.
Honestly, at first, everything just felt totally normal.
The interview felt routine. Figma designs. Tech specs that matched the role. The kind of call most of us have.
But then, little things started to feel off...
The recruiter turned the camera off after a few minutes.
The project was supposedly brand new — only 2–3 weeks old.
Mykyta was asked to review their code and join a GitHub org.
The repository arrived as a ZIP archive.
None of these alone screams “scam.”
Together, they deserved a pause.
Before running anything, Mykyta checked <𝚙𝚊𝚌𝚔𝚊𝚐𝚎.𝚓𝚜𝚘𝚗>.
Some outdated dependencies — not the weirdest thing ever.
Still, he decided not to run the project until he understood what it actually did.👏
Frankly, many people would’ve skipped that step.
The repo itself was strange: very little real logic, but a massive structure.
That alone raised questions.
Then <𝚗𝚙𝚖 𝚒𝚗𝚜𝚝𝚊𝚕𝚕> finished…
and the app 𝘀𝘁𝗮𝗿𝘁𝗲𝗱 𝗿𝘂𝗻𝗻𝗶𝗻𝗴 𝗮𝘂𝘁𝗼𝗺𝗮𝘁𝗶𝗰𝗮𝗹𝗹𝘆.
The reason was concealed in a <𝚙𝚛𝚎𝚙𝚊𝚛𝚎> script that launched <𝚜𝚎𝚛𝚟𝚎𝚛/𝚜𝚎𝚛𝚟𝚎𝚛.𝚓𝚜> (𝘾2𝘾).
When Mykyta asked why anything was auto-executing, the response was:
“Just part of the process.”
He was pushed to run it again.
That’s where he stopped.
Instead of proceeding, he shut things down:
• Closed active ports
• Regenerated SSH keys
• Ran the code through security checks
• Reviewed what data could have been exposed
What turned up wasn’t minor.
There was code enabling remote execution.
Environment variables were being sent out.
At that point, it was clear this wasn’t sloppy engineering.
It looked intentional.
And it was hiding behind a “job interview.”
Mykyta’s decision to slow down likely prevented a real incident.
If there’s one takeaway here, it’s this:
interviews don’t deserve blind trust.
A few reminders worth repeating:
• Always check what scripts run during setup
• Never auto-launch unfamiliar code
• Be cautious with new GitHub org invites
• If something feels rushed or strange, pause, always
I’m sharing this because these tactics are becoming more common.
Have you seen anything similar during interviews or test tasks?
Sharing stories like this helps us stay safe.
___
Enjoy this? 🔄 Repost it to your network and follow @securediary for more.
Join me on LinkedIn.
#JobScams #CyberSecurity #InfoSec
A recruiter reached out to my colleague, Mykyta Kurochka, about a Node.js role at Cryptan Labs.
Honestly, at first, everything just felt totally normal.
The interview felt routine. Figma designs. Tech specs that matched the role. The kind of call most of us have.
But then, little things started to feel off...
The recruiter turned the camera off after a few minutes.
The project was supposedly brand new — only 2–3 weeks old.
Mykyta was asked to review their code and join a GitHub org.
The repository arrived as a ZIP archive.
None of these alone screams “scam.”
Together, they deserved a pause.
Before running anything, Mykyta checked <𝚙𝚊𝚌𝚔𝚊𝚐𝚎.𝚓𝚜𝚘𝚗>.
Some outdated dependencies — not the weirdest thing ever.
Still, he decided not to run the project until he understood what it actually did.👏
Frankly, many people would’ve skipped that step.
The repo itself was strange: very little real logic, but a massive structure.
That alone raised questions.
Then <𝚗𝚙𝚖 𝚒𝚗𝚜𝚝𝚊𝚕𝚕> finished…
and the app 𝘀𝘁𝗮𝗿𝘁𝗲𝗱 𝗿𝘂𝗻𝗻𝗶𝗻𝗴 𝗮𝘂𝘁𝗼𝗺𝗮𝘁𝗶𝗰𝗮𝗹𝗹𝘆.
The reason was concealed in a <𝚙𝚛𝚎𝚙𝚊𝚛𝚎> script that launched <𝚜𝚎𝚛𝚟𝚎𝚛/𝚜𝚎𝚛𝚟𝚎𝚛.𝚓𝚜> (𝘾2𝘾).
When Mykyta asked why anything was auto-executing, the response was:
“Just part of the process.”
He was pushed to run it again.
That’s where he stopped.
Instead of proceeding, he shut things down:
• Closed active ports
• Regenerated SSH keys
• Ran the code through security checks
• Reviewed what data could have been exposed
What turned up wasn’t minor.
There was code enabling remote execution.
Environment variables were being sent out.
At that point, it was clear this wasn’t sloppy engineering.
It looked intentional.
And it was hiding behind a “job interview.”
Mykyta’s decision to slow down likely prevented a real incident.
If there’s one takeaway here, it’s this:
interviews don’t deserve blind trust.
A few reminders worth repeating:
• Always check what scripts run during setup
• Never auto-launch unfamiliar code
• Be cautious with new GitHub org invites
• If something feels rushed or strange, pause, always
I’m sharing this because these tactics are becoming more common.
Have you seen anything similar during interviews or test tasks?
Sharing stories like this helps us stay safe.
___
Enjoy this? 🔄 Repost it to your network and follow @securediary for more.
Join me on LinkedIn.
#JobScams #CyberSecurity #InfoSec
1👍11🤔1
Russian APT28 Exploit Zero-Day Hours After Microsoft Discloses Office Vulnerability.
Ukraine’s cyber defenders warned that Russian hackers weaponized a Microsoft Office zero-day within 24 hours of public disclosure.
The Russia-linked state-sponsored group APT28 exploited CVE-2026-21509 to deliver malicious documents targeting Ukrainian government agencies and European Union institutions.
Ukraine’s Computer Emergency Response Team observed exploitation attempts beginning on January 27 -- just one day after Microsoft disclosed the vulnerability on January 26.
Microsoft acknowledged active exploitation at disclosure, but attribution details were initially withheld. The speed and customization of APT28’s follow-on attacks highlight how narrow the defensive window has become.
Act now, see action advice in the comment section.
🔥 Top News:
→ Asian State-Backed Group TGR-STA-1030 Breaches 70 Government, Infrastructure Entities.
→ CISA Orders Federal Agencies to Remove Unsupported Hardware and Software to Reduce Risk.
→ Microsoft Moves to Retire TLS 1.0, 1.1 in Azure Blob Storage.
→ OpenClaw (a.k.a. Moltbot), a cascade of LLMs, poses a significant risk to your data if not properly managed or restricted.
→ German Agencies Warn of Signal Phishing Targeting Politicians, Military, Journalists.
Links to sources and CVEs alert in comments.👇
As always, share your thoughts, ideas, and new CVEs in comments.
Stay secure😑
___
Enjoy this? 🔄 Repost it to your network and follow @securediary for more.
Join me on LinkedIn.
#Cybersecurity #InfoSec #ThreatIntel
Ukraine’s cyber defenders warned that Russian hackers weaponized a Microsoft Office zero-day within 24 hours of public disclosure.
The Russia-linked state-sponsored group APT28 exploited CVE-2026-21509 to deliver malicious documents targeting Ukrainian government agencies and European Union institutions.
Ukraine’s Computer Emergency Response Team observed exploitation attempts beginning on January 27 -- just one day after Microsoft disclosed the vulnerability on January 26.
Microsoft acknowledged active exploitation at disclosure, but attribution details were initially withheld. The speed and customization of APT28’s follow-on attacks highlight how narrow the defensive window has become.
Act now, see action advice in the comment section.
→ Asian State-Backed Group TGR-STA-1030 Breaches 70 Government, Infrastructure Entities.
→ CISA Orders Federal Agencies to Remove Unsupported Hardware and Software to Reduce Risk.
→ Microsoft Moves to Retire TLS 1.0, 1.1 in Azure Blob Storage.
→ OpenClaw (a.k.a. Moltbot), a cascade of LLMs, poses a significant risk to your data if not properly managed or restricted.
→ German Agencies Warn of Signal Phishing Targeting Politicians, Military, Journalists.
Links to sources and CVEs alert in comments.👇
As always, share your thoughts, ideas, and new CVEs in comments.
Stay secure
___
Enjoy this? 🔄 Repost it to your network and follow @securediary for more.
Join me on LinkedIn.
#Cybersecurity #InfoSec #ThreatIntel
Please open Telegram to view this post
VIEW IN TELEGRAM
👍11
AI-powered pentesting tools are evolving fast — but most struggle with validation and false-positive control.
I came across a platform that addresses this with proof-of-execution scoring and per-scan isolation.
NeuroSploit v3 is an open-source attempt to make AI pentest look more like the work of a human team, not a noisy scanner.
The core idea is simple.
Instead of just "guessing" based on an LLM prompt, it spins up isolated Kali Linux containers and uses negative controls and proof-of-execution checks to validate findings before they ever reach the report.
NeuroSploit focuses on three main areas:
1) Coverage and context
→ 100 vulnerability types in 10 categories
→ 3 streams in parallel: recon, junior tester, tool runner
→ Built-in integration with tools you already know (nmap, nuclei, sqlmap, ffuf, etc.)
2) Isolation and control
→ Every scan runs inside its own Kali Linux Docker container
→ Per-scan tools install, hard CPU/RAM limits, auto cleanup
→ Container pool with TTL and orphan cleanup for stable operations
3) Validation and proof-of-execution
→ Negative controls: send benign “safe” requests to cut false signals
→ 25+ proof methods per vuln type (XSS context, SSRF markers, DB error patterns, etc.)
→ Confidence scoring 0–100 with a final “validation judge” that approves or rejects a finding
On top of that, it can talk to several LLM providers (Claude, GPT, Gemini, local LLMs) and adapt mid-scan when endpoints die, WAF blocks, or returns start to show diminishing value.
Is it perfect? No.
Is it closer to how I want AI to work in offensive security? For me, yes.
Would you find it useful if I tried NeuroSploit v3 and shared my honest take on it?
Stay secure😑
___
Enjoy this? 🔄 Repost it to your network and follow @securediary for more.
Join me on LinkedIn.
#Cybersecurity #InfoSec #ThreatIntel
I came across a platform that addresses this with proof-of-execution scoring and per-scan isolation.
NeuroSploit v3 is an open-source attempt to make AI pentest look more like the work of a human team, not a noisy scanner.
The core idea is simple.
Instead of just "guessing" based on an LLM prompt, it spins up isolated Kali Linux containers and uses negative controls and proof-of-execution checks to validate findings before they ever reach the report.
NeuroSploit focuses on three main areas:
1) Coverage and context
→ 100 vulnerability types in 10 categories
→ 3 streams in parallel: recon, junior tester, tool runner
→ Built-in integration with tools you already know (nmap, nuclei, sqlmap, ffuf, etc.)
2) Isolation and control
→ Every scan runs inside its own Kali Linux Docker container
→ Per-scan tools install, hard CPU/RAM limits, auto cleanup
→ Container pool with TTL and orphan cleanup for stable operations
3) Validation and proof-of-execution
→ Negative controls: send benign “safe” requests to cut false signals
→ 25+ proof methods per vuln type (XSS context, SSRF markers, DB error patterns, etc.)
→ Confidence scoring 0–100 with a final “validation judge” that approves or rejects a finding
On top of that, it can talk to several LLM providers (Claude, GPT, Gemini, local LLMs) and adapt mid-scan when endpoints die, WAF blocks, or returns start to show diminishing value.
Is it perfect? No.
Is it closer to how I want AI to work in offensive security? For me, yes.
Would you find it useful if I tried NeuroSploit v3 and shared my honest take on it?
Stay secure
___
Enjoy this? 🔄 Repost it to your network and follow @securediary for more.
Join me on LinkedIn.
#Cybersecurity #InfoSec #ThreatIntel
Please open Telegram to view this post
VIEW IN TELEGRAM
1👍8
Security teams are entering a new phase.
AI is finding vulnerabilities faster.
Attackers are exploiting faster.
And traditional patch cycles are starting to look slow by comparison.
🔥 This week's Top News:
→ Microsoft patch six actively exploited zero-days (CVE-2026-21510 through -21525)
→ Google fix Chrome zero-day CVE-2026-2441 under active attack
→ Research showing Claude Opus 4.6 identified 500+ memory corruption vulnerabilities in open-source projects
→ Threat actors are already targeting infrastructure around the Milano Cortina 2026 Winter Games
What matters now isn’t just scanning, but building a robust response architecture.
When a new exploited vulnerability emerges, I always look for three core areas:
1️⃣ Exposure mapping
Do we know which systems are externally reachable or user-triggerable?
Can we prioritize based on potential impact, rather than relying solely on CVSS?
2️⃣ Remediation verification
Can we confirm remediation on the systems that matter most — not just report rollout percentage?
3️⃣ Mitigation
If patching is delayed, are compensating controls in place (isolation, policy tightening, monitoring)?
The velocity of security has changed.
The question isn’t whether AI will reshape vulnerability management.
It already is.
AI is already a tool for both attackers and defenders. Those who adapt quickly will come on top.
A question to you:
How are you adjusting your patching or AppSec workflows to account for faster discovery cycles?
Do you use AI?
Look for CVE Alert in the first comment. 👇
Stay secure😑
___
Enjoy this? 🔄 Repost it to your network and follow @securediary for more.
Join me on LinkedIn.
#CyberSecurity #Infosec #ThreatIntel
AI is finding vulnerabilities faster.
Attackers are exploiting faster.
And traditional patch cycles are starting to look slow by comparison.
→ Microsoft patch six actively exploited zero-days (CVE-2026-21510 through -21525)
→ Google fix Chrome zero-day CVE-2026-2441 under active attack
→ Research showing Claude Opus 4.6 identified 500+ memory corruption vulnerabilities in open-source projects
→ Threat actors are already targeting infrastructure around the Milano Cortina 2026 Winter Games
What matters now isn’t just scanning, but building a robust response architecture.
When a new exploited vulnerability emerges, I always look for three core areas:
1️⃣ Exposure mapping
Do we know which systems are externally reachable or user-triggerable?
Can we prioritize based on potential impact, rather than relying solely on CVSS?
2️⃣ Remediation verification
Can we confirm remediation on the systems that matter most — not just report rollout percentage?
3️⃣ Mitigation
If patching is delayed, are compensating controls in place (isolation, policy tightening, monitoring)?
The velocity of security has changed.
The question isn’t whether AI will reshape vulnerability management.
It already is.
AI is already a tool for both attackers and defenders. Those who adapt quickly will come on top.
A question to you:
How are you adjusting your patching or AppSec workflows to account for faster discovery cycles?
Do you use AI?
Look for CVE Alert in the first comment. 👇
Stay secure
___
Enjoy this? 🔄 Repost it to your network and follow @securediary for more.
Join me on LinkedIn.
#CyberSecurity #Infosec #ThreatIntel
Please open Telegram to view this post
VIEW IN TELEGRAM
1👍12
AI vs Humans Cyber Defenders.
AI agents will be tested February 19–20 at the Kyiv International Cyber Resilience Forum, live cyber defense scenarios alongside experienced security teams.
I am participating in the forum, and I’m genuinely curious how this plays out.
I’ve spent 11+ years working in cybersecurity - both in military and business - and truth is, real incidents almost never play out in a predictable way.
They are messy. Incomplete. Time-constrained.
AI can process data fast.
Humans operate under pressure with context, intuition, and experience.
The interesting question isn’t “who is smarter.”
It’s about whether autonomous agents can operate reliably and in real-time, under the same constraints as human teams.
ARIMLABS is running a public vote on the outcome (details in the comments).
Who would you bet on - AI or humans? Why?
@securediary
AI agents will be tested February 19–20 at the Kyiv International Cyber Resilience Forum, live cyber defense scenarios alongside experienced security teams.
I am participating in the forum, and I’m genuinely curious how this plays out.
I’ve spent 11+ years working in cybersecurity - both in military and business - and truth is, real incidents almost never play out in a predictable way.
They are messy. Incomplete. Time-constrained.
AI can process data fast.
Humans operate under pressure with context, intuition, and experience.
The interesting question isn’t “who is smarter.”
It’s about whether autonomous agents can operate reliably and in real-time, under the same constraints as human teams.
ARIMLABS is running a public vote on the outcome (details in the comments).
Who would you bet on - AI or humans? Why?
@securediary
1👍14
If your AI can write code… it should help secure it, too.
Anthropic just rolled out Claudе Code Security, a new feature designed to scan codebases for flaws and suggest patches.
AI is already great at parsing logs and highlighting anomalies. But stepping into the auditor's shoes to patch code? That requires deep context.
The true test isn't if Claude can find a flaw; it's whether it understands the messy reality of a production environment without hallucinating a "fix" that breaks the build.
Here's how to use Claude Code Security safely:
1️⃣ Extra pair of eyes
→ Run AI scans on every merge and pull request
→ Let it flag risky patterns
2️⃣ Human in control
→ Security engineer or senior Dev reviews each AI fix
→ No auto-merge from AI output
3️⃣ Tie into threat intel
→ Watch CISA Known Exploited Vulns
→ Confirm your codebase isn't using specific vulnerable functions of the CVEs
I extensively use AI for day-to-day work. For example, for threat intel summary, customer email draft, or compliance audit prep. It’s a fantastic junior analyst. But it is always an assistant, not the one signing off on the decisions.
Do you trust AI to patch your production code or not?🤔
For the #CyberMonday News and CVE alert, see the first comment. 👇
@securediary
Anthropic just rolled out Claudе Code Security, a new feature designed to scan codebases for flaws and suggest patches.
AI is already great at parsing logs and highlighting anomalies. But stepping into the auditor's shoes to patch code? That requires deep context.
The true test isn't if Claude can find a flaw; it's whether it understands the messy reality of a production environment without hallucinating a "fix" that breaks the build.
Here's how to use Claude Code Security safely:
1️⃣ Extra pair of eyes
→ Run AI scans on every merge and pull request
→ Let it flag risky patterns
2️⃣ Human in control
→ Security engineer or senior Dev reviews each AI fix
→ No auto-merge from AI output
3️⃣ Tie into threat intel
→ Watch CISA Known Exploited Vulns
→ Confirm your codebase isn't using specific vulnerable functions of the CVEs
I extensively use AI for day-to-day work. For example, for threat intel summary, customer email draft, or compliance audit prep. It’s a fantastic junior analyst. But it is always an assistant, not the one signing off on the decisions.
Do you trust AI to patch your production code or not?
For the #CyberMonday News and CVE alert, see the first comment. 👇
@securediary
Please open Telegram to view this post
VIEW IN TELEGRAM
👍9
Four years of full-scale war. 1,461 days of resilience.
When I served as a SOC Division Chief in the Armed Forces, we prepared for hybrid threats. But the reality of the last four years rewired everything I know about defense.
Living and working in Kyiv, I’ve seen the concept of "Business Continuity" transform from a compliance checkbox into a survival instinct. We don’t just test backups for auditors anymore. We build systems that must survive when the power grid is hit, when the data center runs on diesel, and when the team is coding from shelters.
The biggest lesson for the global cybersecurity community?
Fragility is a choice.
We learned that secure architecture isn't about building unbreachable walls. It's about how fast you can stand back up when the walls shake.
To my fellow Ukrainians: We stand. We build. We defend.
To the global community: Don't wait for a crisis to test if your BCP actually works.
The photo date Feb 25th, the second day of full-scale war. My wife and I are relocating to Tuskavets.
Thank you, Creatio and Katherine Kostereva, for making it possible.
Is your resilience tested?🤔
Ours is tested, every day.
When I served as a SOC Division Chief in the Armed Forces, we prepared for hybrid threats. But the reality of the last four years rewired everything I know about defense.
Living and working in Kyiv, I’ve seen the concept of "Business Continuity" transform from a compliance checkbox into a survival instinct. We don’t just test backups for auditors anymore. We build systems that must survive when the power grid is hit, when the data center runs on diesel, and when the team is coding from shelters.
The biggest lesson for the global cybersecurity community?
Fragility is a choice.
We learned that secure architecture isn't about building unbreachable walls. It's about how fast you can stand back up when the walls shake.
To my fellow Ukrainians: We stand. We build. We defend.
To the global community: Don't wait for a crisis to test if your BCP actually works.
The photo date Feb 25th, the second day of full-scale war. My wife and I are relocating to Tuskavets.
Thank you, Creatio and Katherine Kostereva, for making it possible.
Is your resilience tested?
Ours is tested, every day.
Please open Telegram to view this post
VIEW IN TELEGRAM
👍15
AI is coming everywhere, and Cybersecurity is not an exception.
Kyiv International Cyber Resilience Forum was a blast. I have not yet seen so many cyber people in one place. This is one of the biggest Cybersecurity events in Ukraine to date.
The amount and intensity of the networking was unbelievable. Since I came to the forum at 11:00 a.m. I could not attend any of the panels or stages for the whole 2-2.5 hours, purely because of the number of people I knew and wanted to talk to.
The discussions just kept going, and I loved it.
The networking was clearly the main feature of the event. The people from Ukraine's Gov Cyberdefence, Startups, European Gov representatives, and Global startups.
The event was a "Cybersecurity Networking Academy Award" winner.
👇 What were the key topics for me?
1. AI is coming everywhere, and Cybersecurity is not an exception.
Hackers and Red teams using AI to find bugs, Defenders and Cybersecurity vendors using AI to defend. If you or your company are not using AI to find bugs or defend against them, you will become outdated and replaced very soon.
2. Cybersecurity community is growing day by day.
The demand for cybersecurity professionals is at all times high; companies that haven't done cyber before, such as SHERIFF, are now entering the market to defend not only security but also cybersecurity, as this is an inseparable element of privacy and safety nowadays. The wars start with cyber reconnaissance. The power grids, hospitals, schools, and business got attacked in the cybersecurity field. It's easier to apply, and it is not a head-on conflict as in physical space; it is abused a lot.
3. People are the weakest link in your cybersecurity chain (as it always been).
Global companies and governments got hacked because someone installed some suspicious Chrome spyware that stole the password to a corporate or gov account. People click on phishing links, not even knowing what they are or that there are emails, links, and attachments that should never be opened. Educate, educate, and then repeat. Regular cybersecurity speaking corners and mini-courses are a must nowadays. It’s not just about your company’s privacy and security; it’s about your personal privacy and security, too.
4. Ukraine is outpacing Europe in cyberspace.
Cybersecurity companies and professionals from Ukraine are growing fast, and government agencies are strong and cyber-resilient. Ukraine is already outpacing Europe in the Cyberspace, and is catching up to the United States very quickly. The professionals from Ukraine are in demand, and the companies are ready to pay top dollar for their experience.
Have you been to the event? What stood out to you?😑
@securediary
Kyiv International Cyber Resilience Forum was a blast. I have not yet seen so many cyber people in one place. This is one of the biggest Cybersecurity events in Ukraine to date.
The amount and intensity of the networking was unbelievable. Since I came to the forum at 11:00 a.m. I could not attend any of the panels or stages for the whole 2-2.5 hours, purely because of the number of people I knew and wanted to talk to.
The discussions just kept going, and I loved it.
The networking was clearly the main feature of the event. The people from Ukraine's Gov Cyberdefence, Startups, European Gov representatives, and Global startups.
The event was a "Cybersecurity Networking Academy Award" winner.
👇 What were the key topics for me?
1. AI is coming everywhere, and Cybersecurity is not an exception.
Hackers and Red teams using AI to find bugs, Defenders and Cybersecurity vendors using AI to defend. If you or your company are not using AI to find bugs or defend against them, you will become outdated and replaced very soon.
2. Cybersecurity community is growing day by day.
The demand for cybersecurity professionals is at all times high; companies that haven't done cyber before, such as SHERIFF, are now entering the market to defend not only security but also cybersecurity, as this is an inseparable element of privacy and safety nowadays. The wars start with cyber reconnaissance. The power grids, hospitals, schools, and business got attacked in the cybersecurity field. It's easier to apply, and it is not a head-on conflict as in physical space; it is abused a lot.
3. People are the weakest link in your cybersecurity chain (as it always been).
Global companies and governments got hacked because someone installed some suspicious Chrome spyware that stole the password to a corporate or gov account. People click on phishing links, not even knowing what they are or that there are emails, links, and attachments that should never be opened. Educate, educate, and then repeat. Regular cybersecurity speaking corners and mini-courses are a must nowadays. It’s not just about your company’s privacy and security; it’s about your personal privacy and security, too.
4. Ukraine is outpacing Europe in cyberspace.
Cybersecurity companies and professionals from Ukraine are growing fast, and government agencies are strong and cyber-resilient. Ukraine is already outpacing Europe in the Cyberspace, and is catching up to the United States very quickly. The professionals from Ukraine are in demand, and the companies are ready to pay top dollar for their experience.
Have you been to the event? What stood out to you?
@securediary
Please open Telegram to view this post
VIEW IN TELEGRAM
1👍12
Would you join a workshop like this?
Security Architecture in Practice: From Attacks to System Defense — How to Think like a Senior/Architect.
Security Architecture in Practice: From Attacks to System Defense — How to Think like a Senior/Architect.
Anonymous Poll
74%
23%
5%
5%
Your topic (in comments)
👍5
Pentagon just labeled one of the world's top AI vendors a "supply chain risk," what does that make your enterprise AI strategy?
Secretary of Defense Pete Hegseth just advised the United States Department of War to officially label Anthropic as a supply chain risk.
This is a huge wake-up call for everyone in the industry.
We’re moving past the days when “AI is cool” and heading straight into “AI is a major third-party risk.”
Right now, corporate developers are hardwiring third-party AI models into production environments without a second thought. The "SolarWinds of AI" won't look like a traditional network breach - it will look like a compromised model or coding assistant quietly stealing your ideas and hard work.
Ironically, a couple of days prior, severe RCE and API key theft flaws were patched in Claude Code.
The lines between vendor risk, AI risk, and traditional AppSec have blurred.
Analyze your AI risks diligently, or pay with your company’s reputation.
Are you using AI for your work? 🤔
For the #CyberMonday News and CVE alert, see the first comment. 👇
@securediary
Secretary of Defense Pete Hegseth just advised the United States Department of War to officially label Anthropic as a supply chain risk.
This is a huge wake-up call for everyone in the industry.
We’re moving past the days when “AI is cool” and heading straight into “AI is a major third-party risk.”
Right now, corporate developers are hardwiring third-party AI models into production environments without a second thought. The "SolarWinds of AI" won't look like a traditional network breach - it will look like a compromised model or coding assistant quietly stealing your ideas and hard work.
Ironically, a couple of days prior, severe RCE and API key theft flaws were patched in Claude Code.
The lines between vendor risk, AI risk, and traditional AppSec have blurred.
Analyze your AI risks diligently, or pay with your company’s reputation.
Are you using AI for your work? 🤔
For the #CyberMonday News and CVE alert, see the first comment. 👇
@securediary
👍5
TV Show: Burnt out and happy 🔥
Julia: Vlad, tell me how your day passes?
Vlad: Nothing special, I wake up at 5 am, then I work till 12 pm on the first full-time, then from 12 pm till 8 pm on the second full-time, and after 8 pm, that is it. I rest.
Julia: Oh, finally, after 8 pm, you have rest?
Vlad: No, I mean after 8 pm, I have a quick part-time job, a couple of tasks done, and $100 in your pocket.
Resonates with you? 🙂
@securediary
Julia: Vlad, tell me how your day passes?
Vlad: Nothing special, I wake up at 5 am, then I work till 12 pm on the first full-time, then from 12 pm till 8 pm on the second full-time, and after 8 pm, that is it. I rest.
Julia: Oh, finally, after 8 pm, you have rest?
Vlad: No, I mean after 8 pm, I have a quick part-time job, a couple of tasks done, and $100 in your pocket.
Resonates with you? 🙂
@securediary
Media is too big
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
👍3🤯3🤔1