Jorge Laurel
Friday Wrap Up

Friday Wrap Up: 25 October 2024

Jorge Laurel · ·2 min read ·Issue #49


It’s been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.


Cybersecurity Breaches and Threats

  • ⚠️ Internet Archive (Archive.org) suffers its second breach this month, exposing support tickets via unrotated Zendesk credentials. (Published on 10/21/2024, Hack Read). Read More

  • 🔧 VMware patches another remote code execution flaw exploited during a Chinese hacking contest in June 2024. (Published on 10/21/2024, SecurityWeek). Read More

  • 🛑 Cybercriminals use anti-bot services to bypass Chrome’s “Red Page” phishing warnings, increasing risks for users. (Published on 10/21/2024, Dark Reading). Read More

  • 🔓 Proof-of-concept exploit code for a Windows NTLM relay attack is publicly available, enabling attackers to take over domains. (Published on 10/22/2024, BleepingComputer). Read More

  • 🦠 Bumblebee and Latrodectus malware return in new phishing campaigns after earlier setbacks from law enforcement. (Published on 10/22/2024, The Hacker News). Read More

  • 📱 Google warns of a zero-day flaw in Samsung processors exploited in the wild for arbitrary code execution. (Published on 10/22/2024, SecurityWeek). Read More

  • 🚨 Fortinet discloses a critical FortiManager flaw exploited in zero-day attacks to steal sensitive configuration data. (Published on 10/23/2024, BleepingComputer). Read More

  • 🎮 Lazarus Group exploits a Chrome zero-day in a campaign targeting cryptocurrency investors using AI-generated content. (Published on 10/23/2024, Dark Reading). Read More

  • 🏦 New variants of Grandoreiro banking malware emerge with enhanced evasion techniques, continuing to attack users globally. (Published on 10/23/2024, The Hacker News). Read More

  • 🔒 The Internet Archive continues to face cyberattacks, hampering its recovery from recent breaches. (Published on 10/24/2024, InformationWeek). Read More

Emerging Techniques and Trends

  • 🤖 AI chatbots can now be tricked into generating restricted content using a new jailbreak technique called the “Deceptive Delight” cocktail. (Published on 10/24/2024, Dark Reading). Read More

  • ⚡ Third-party vendors account for 45% of breaches in the U.S. energy sector, highlighting critical supply chain vulnerabilities. (Published on 10/24/2024, Malware.News). Read More

  • 🛡️ Amazon seizes domains used by Russian APT29 in targeted attacks against government and military organizations. (Published on 10/25/2024, BleepingComputer). Read More

  • 💻 Researchers discover a command injection flaw in Wi-Fi Alliance’s Test Suite, enabling attackers to execute code with elevated privileges. (Published on 10/25/2024, The Hacker News). Read More

  • 🔨 The Linux Kernel Project removes 11 Russian developers over U.S. sanctions, potentially impacting project development. (Published on 10/25/2024, Hack Read). Read More


Stay informed and secure in the tech and cybersecurity world. Have a great weekend, and remember to patch and protect your systems!