<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>FWU Archive on Jorge Laurel</title><link>https://jorgelaurel.com/archive/fwu/</link><description>Recent content in FWU Archive on Jorge Laurel</description><generator>Hugo</generator><language>en-us</language><lastBuildDate>Fri, 03 Apr 2026 00:00:00 +0000</lastBuildDate><atom:link href="https://jorgelaurel.com/archive/fwu/index.xml" rel="self" type="application/rss+xml"/><item><title>Friday Wrap Up: 3 April 2026</title><link>https://jorgelaurel.com/archive/fwu/fwu-119/</link><pubDate>Fri, 03 Apr 2026 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-119/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/fwu/fcf96d25ef594efb.png" alt=""&gt;&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;This week in cybersecurity was a masterclass in how fast things can go sideways. 🔐&lt;/p&gt;
&lt;p&gt;Ransomware operators are now completing full attacks in under an hour. AI platforms you use every day shipped critical vulnerabilities. A supply chain attack hit a JavaScript library with 100M+ weekly downloads. And someone accidentally leaked 512,000 lines of AI source code — which attackers immediately weaponized into a malware campaign on GitHub.&lt;/p&gt;
&lt;p&gt;If your patch queue looks overwhelming right now, you’re not alone. Chrome, Cisco, F5, Fortinet, and more all dropped critical fixes this week — many already under active exploitation before patches shipped.&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 27 March 2026</title><link>https://jorgelaurel.com/archive/fwu/fwu-118/</link><pubDate>Fri, 27 Mar 2026 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-118/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/fwu/fcf96d25ef594efb.png" alt=""&gt;&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;This week: a pro-Iranian group hacked the FBI Director&amp;rsquo;s personal email. North Korean hackers got hired for remote IT jobs. TeamPCP backdoored yet another PyPI package. And an iPhone exploit kit has evolved directly from the zero-click campaign that hit Russian targets back in 2023.&lt;br&gt;
&lt;br&gt;
In the &amp;ldquo;things we didn&amp;rsquo;t need&amp;rdquo; column: GlassWorm now uses the Solana blockchain to route its malware payloads, a new infostealer bypasses Chrome&amp;rsquo;s Application-Bound Encryption, and a QR code phishing campaign somehow slipped past SPF, DKIM, AND DMARC at scale — 1.6 million emails delivered, no alarm raised.&lt;br&gt;
&lt;br&gt;
It&amp;rsquo;s a lot. Click through for 34 stories across 6 categories, and maybe patch your NetScaler while you&amp;rsquo;re at it.&lt;br&gt;
&lt;br&gt;
#FWU #fridaywrapup #SupplyChainSecurity #NationStateHackers #PatchNow #Malware #DataBreach #Ransomware&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 20 March 2026</title><link>https://jorgelaurel.com/archive/fwu/fwu-117/</link><pubDate>Fri, 20 Mar 2026 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-117/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/fwu/fcf96d25ef594efb.png" alt=""&gt;&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;It’s Friday, which means the threat actors didn’t take the week off — and neither did we. 🛡️&lt;/p&gt;
&lt;p&gt;This week’s Friday Wrap Up covers ransomware gangs weaponizing zero-days, nation-state actors wiping devices at scale, supply-chain attacks hitting developer toolchains, AI platforms becoming the new attack surface, and a botnet that clearly skipped leg day because it never stops running. Whether you’re patching, detecting, or just trying to make it to 5pm, there’s something in this week’s roundup that probably affects your org.&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 13 March 2026</title><link>https://jorgelaurel.com/archive/fwu/fwu-116/</link><pubDate>Fri, 13 Mar 2026 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-116/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/fwu/fcf96d25ef594efb.png" alt=""&gt;&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;Happy Friday the 13th! 🔪 In the spirit of the day, threat actors did NOT hold back this week.&lt;/p&gt;
&lt;p&gt;We’ve got Chrome extensions that turned evil after changing hands, an AI agent that decided to mine crypto on its own (nobody asked, buddy 🤖⛏️), a medtech giant hit by Iranian hackers claiming to have wiped 200,000 devices, and a 1 petabyte data theft claim that made storage admins everywhere break into a cold sweat.&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 6 March 2026</title><link>https://jorgelaurel.com/archive/fwu/fwu-115/</link><pubDate>Fri, 06 Mar 2026 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-115/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/fwu/fcf96d25ef594efb.png" alt=""&gt;&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;Happy Friday, security professionals! 🔐&lt;/p&gt;
&lt;p&gt;This week in cybersecurity served up everything from drone strikes on cloud data centers (yes, physical ones) to hackers tapping FBI wiretap systems, AI assistants getting hijacked, and your car’s tire sensors moonlighting as surveillance tools.&lt;/p&gt;
&lt;p&gt;Nation-state actors from China, North Korea, and Iran were all running active campaigns. Critical vulnerabilities hit Android, Cisco firewalls, and iOS — while global law enforcement struck back, dismantling Tycoon 2FA, seizing LeakBase, and arresting a $46M crypto thief in Saint Martin (the vacation vibes did not help).&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 27 February 2026</title><link>https://jorgelaurel.com/archive/fwu/fwu-114/</link><pubDate>Fri, 27 Feb 2026 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-114/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/fwu/fcf96d25ef594efb.png" alt=""&gt;&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;Another Friday, another reason to question whether your apps, APIs, and Zoom calls are working for you — or someone else. 🛡️&lt;/p&gt;
&lt;p&gt;This week’s Friday Wrap Up covers ransomware hitting chip makers and medical device companies, China-linked spies repurposing Google Sheets as a command center (productivity hack of the year, unfortunately), North Korea expanding into healthcare ransomware, and a fake Zoom meeting that installs surveillance software before you finish your first sip of coffee.&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 20 February 2026</title><link>https://jorgelaurel.com/archive/fwu/fwu-113/</link><pubDate>Fri, 20 Feb 2026 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-113/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/fwu/fcf96d25ef594efb.png" alt=""&gt;&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;Another week, another reminder that the internet is basically a haunted house and someone keeps adding new rooms. 🏚️&lt;/p&gt;
&lt;p&gt;This week’s Friday Wrap Up covers data breaches hitting your wallet and your wardrobe, Android malware clever enough to use Google’s own AI against you, Chrome zero-days being actively exploited, fake AI tools fooling a quarter million users, and OAuth phishing attacks that let hackers waltz through MFA like they own the place.&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 13 February 2026</title><link>https://jorgelaurel.com/archive/fwu/fwu-112/</link><pubDate>Fri, 13 Feb 2026 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-112/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/fwu/fcf96d25ef594efb.png" alt=""&gt;&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;Another week, another collection of reasons why your security team hasn’t slept properly since 2019. This week’s FWU brings you everything from ransomware gangs cosplaying as employee monitoring software to North Korean job applicants who are definitely not who they claim to be on LinkedIn (looking at you, “Senior DevOps Engineer”).&lt;/p&gt;
&lt;p&gt;We’ve got cloud infrastructure being turned into crime bots, Olympic ice dancers accidentally committing AI plagiarism, and the eternal question: “Is that zero-day actively exploited?” (Spoiler: yes, probably within 24 hours of the PoC dropping).&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 6 February 2026</title><link>https://jorgelaurel.com/archive/fwu/fwu-111/</link><pubDate>Fri, 06 Feb 2026 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-111/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/fwu/fcf96d25ef594efb.png" alt=""&gt;&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;Another week, another supply chain nightmare. 🎢&lt;/p&gt;
&lt;p&gt;This week’s cybersecurity roundup features everything from compromised software updates (yes, even Notepad++) to record-breaking DDoS attacks that would make your infrastructure cry. We’ve got nation-state actors playing Olympics spoiler, fintech firms losing millions of records, and AI agents getting their own social network (because apparently they need friends too).&lt;/p&gt;
&lt;p&gt;Whether you’re defending against WinRAR exploits or wondering if your antivirus just became your biggest threat, this week had something for everyone.&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 9 January 2026</title><link>https://jorgelaurel.com/archive/fwu/fwu-110/</link><pubDate>Fri, 09 Jan 2026 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-110/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/fwu/fcf96d25ef594efb.png" alt=""&gt;&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;Another week, another wave of vulnerabilities keeping us on our toes!&lt;/p&gt;
&lt;p&gt;From nation-state hackers conducting global credential harvesting campaigns to fake AI Chrome extensions stealing nearly a million users’ data, this week proved cybersecurity professionals earn every bit of their coffee budget. Critical n8n vulnerabilities reached CVSS scores that made even hardened defenders nervous, while Chinese Salt Typhoon intrusions keep expanding in scope. Meanwhile, Disney learned that YouTube privacy violations cost $10M—turns out COPPA compliance isn’t optional.&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 19 December 2025</title><link>https://jorgelaurel.com/archive/fwu/fwu-109/</link><pubDate>Fri, 19 Dec 2025 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-109/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/fwu/fcf96d25ef594efb.png" alt=""&gt;&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;The Friday Wrap Up is taking a holiday break 🎄&lt;/p&gt;
&lt;p&gt;After 50 weeks of doom-scrolling through CVEs, data breaches, and supply chain incidents, the FWU is officially logging off until 2026.&lt;/p&gt;
&lt;p&gt;Yes, 2026. The FWU will be back with more threat intelligence, more zero-days, and probably another ransomware group with a questionable naming convention.&lt;/p&gt;
&lt;p&gt;What to expect during the FWU break:&lt;/p&gt;
&lt;p&gt;• Threat actors will continue working (they don’t believe in work-life balance)&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 12 December 2025</title><link>https://jorgelaurel.com/archive/fwu/fwu-108/</link><pubDate>Fri, 12 Dec 2025 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-108/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/fwu/fcf96d25ef594efb.png" alt=""&gt;&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;Another week, another avalanche of zero-days, ransomware victims, and creative attack techniques that make you wonder if threat actors ever sleep (spoiler: they don’t).&lt;/p&gt;
&lt;p&gt;From Chrome getting exploited in the wild to malware hiding in VS Code extensions—because apparently, even our dev tools need therapy now—this week had it all. We’ve got nation-state shenanigans, AI security guardrails, and someone at Accenture allegedly fudging DoD compliance (yikes).&lt;/p&gt;
&lt;p&gt;Click through for the full breakdown before your CISO asks if you’ve seen the latest Chrome patch.&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 5 December 2025</title><link>https://jorgelaurel.com/archive/fwu/fwu-107/</link><pubDate>Fri, 05 Dec 2025 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-107/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/fwu/fcf96d25ef594efb.png" alt=""&gt;&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;Another week, another reminder that cybercriminals are getting creative while defenders scramble to keep up! From malware disguising itself as helpful browser extensions to hackers learning poetry (yes, really) to break AI systems, this week had it all.&lt;/p&gt;
&lt;p&gt;We’re talking massive DDoS attacks breaking records, nation-states playing the long game with backdoors, and even an Aussie getting jail time for fake airport Wi-Fi. Plus, the eternal struggle continues: zero trust is still more “aspirational framework” than “accomplished mission” for most organizations.&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 28 November 2025</title><link>https://jorgelaurel.com/archive/fwu/fwu-106/</link><pubDate>Fri, 28 Nov 2025 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-106/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/fwu/fcf96d25ef594efb.png" alt=""&gt;&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;This week’s cybersecurity landscape? Let’s just say the supply chain attacks are getting creative, the credential leaks are getting embarrassing, and emergency alert systems proved they’re not immune to ransomware.&lt;/p&gt;
&lt;p&gt;From worms named after sci-fi sandworms to threat groups with identity crises, we’ve got breaches affecting everything from real estate finance to your favorite analytics platforms.&lt;/p&gt;
&lt;p&gt;Oh, and reminder: those “helpful” code formatting websites? They’ve been collecting your credentials like Pokémon cards. Click through for the full roundup of this week’s digital chaos.&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 21 November 2025</title><link>https://jorgelaurel.com/archive/fwu/fwu-105/</link><pubDate>Fri, 21 Nov 2025 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-105/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/fwu/fcf96d25ef594efb.png" alt=""&gt;&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;Another week, another reminder that cybersecurity never sleeps—and neither do the threat actors! 😅&lt;/p&gt;
&lt;p&gt;From record-breaking DDoS attacks and zero-day exploits to nation-state espionage campaigns and AI-powered fraud, this week’s &lt;strong&gt;#FWU&lt;/strong&gt; covers the full spectrum of cyber chaos. We’re talking about breaches at major platforms, government policy debates, and even Cloudflare accidentally breaking the internet with a file that got too big (relatable, honestly).&lt;/p&gt;
&lt;p&gt;Whether you’re worried about your smart toaster joining a botnet or just want to stay informed on the latest threats, check out this week’s curated cybersecurity intel.&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 14 November 2025</title><link>https://jorgelaurel.com/archive/fwu/fwu-104/</link><pubDate>Fri, 14 Nov 2025 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-104/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/fwu/fcf96d25ef594efb.png" alt=""&gt;&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;Another wild week in cybersecurity! From PhaaS platforms targeting M365 to ransomware groups naming victims, Russian IABs pleading guilty, and a chipmaker publishing 60+ vuln patches—it’s been eventful.&lt;/p&gt;
&lt;p&gt;We’ve got nation-state espionage campaigns, supply chain nightmares, fake travel sites stealing payment data, and even Android photo frames shipping with malware. Plus, the passwordless dream keeps hitting reality checks while Microsoft rushes fixes for Windows 10 stragglers.&lt;/p&gt;
&lt;p&gt;Check out this week’s Friday Wrap Up for the full breakdown!&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 7 November 2025</title><link>https://jorgelaurel.com/archive/fwu/fwu-103/</link><pubDate>Fri, 07 Nov 2025 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-103/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/fwu/fcf96d25ef594efb.png" alt=""&gt;&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;Another wild week in cybersecurity where insider threats meet nation-state attacks, AI-powered malware rewrites itself hourly, and even our security pros are allegedly moonlighting with ransomware gangs. 🤦‍♂️&lt;/p&gt;
&lt;p&gt;From YouTube ghost networks spreading infostealers through fake videos to logic bombs hiding in code packages set to detonate in 2027 (mark your calendars!), the threat landscape keeps getting more creative—and concerning 😳 .&lt;/p&gt;
&lt;p&gt;The Congressional Budget Office got breached, Samsung phones were compromised via malicious images, and ChatGPT vulnerabilities could leak your AI conversations. Meanwhile, the cybercrime equivalent of a corporate merger just happened with three major gangs joining forces 💸 .&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 31 October 2025</title><link>https://jorgelaurel.com/archive/fwu/fwu-102/</link><pubDate>Fri, 31 Oct 2025 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-102/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/fwu/fcf96d25ef594efb.png" alt=""&gt;&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;Happy Halloween! 🎃&lt;/p&gt;
&lt;p&gt;This week’s cyber threats are scarier than any haunted house. We’ve got banking trojans that disguise themselves as humans, nation-state ghosts haunting European diplomats, and AI tools conjuring up security nightmares that would make Frankenstein nervous.&lt;/p&gt;
&lt;p&gt;Ransomware ghouls are back with new tricks, supply chain vampires are draining developer credentials, and Microsoft’s DNS went dark like a haunted mansion.&lt;/p&gt;
&lt;p&gt;Whether you’re more afraid of deepfakes, zero-days, or your cloud services vanishing into thin air, this week’s wrap-up has something to give every security professional the chills.&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 24 October 2025</title><link>https://jorgelaurel.com/archive/fwu/fwu-101/</link><pubDate>Fri, 24 Oct 2025 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-101/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/fwu/fcf96d25ef594efb.png" alt=""&gt;&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;Another week, another reminder that cybersecurity never takes a coffee break! ☕&lt;/p&gt;
&lt;p&gt;From botnet malware targeting your router to smart beds that won’t lie flat during cloud outages (yes, really), this week had everything. We’re talking billion-dollar breaches, quantum leaps, AI agents surfing the web, and Microsoft patches that caused more problems than they solved. Plus, ransomware victims learning the hard way that paying up doesn’t guarantee getting your data back.&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 17 October 2025</title><link>https://jorgelaurel.com/archive/fwu/fwu-100/</link><pubDate>Fri, 17 Oct 2025 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-100/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/fwu/fcf96d25ef594efb.png" alt=""&gt;&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;Another wild week in cybersecurity! From nation-state actors breaching major tech companies to botnets going global, hackers weren’t taking any days off.&lt;/p&gt;
&lt;p&gt;We’ve got everything from AI guardrails getting schooled by basic prompt injection to a vulnerability so severe Microsoft had to break out their highest-ever severity score. Oh, and YouTube decided to take a little nap this week too.&lt;/p&gt;
&lt;p&gt;Cybersecurity stories covering everything from malware hiding in GitHub images to North Korean job scams that would make your HR department cry. Check out the full roundup to see what kept security teams caffeinated this week.&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 10 October 2025</title><link>https://jorgelaurel.com/archive/fwu/fwu-099/</link><pubDate>Fri, 10 Oct 2025 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-099/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/fwu/fcf96d25ef594efb.png" alt=""&gt;&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;Another week, another ransomware alliance, and somehow your mouse might be eavesdropping on you now. 🖱️👂&lt;/p&gt;
&lt;p&gt;From fake Discord alerts stealing vault credentials to North Korean hackers pocketing $2B in crypto, this week proves that cybercriminals are nothing if not creative (and disturbingly well-funded). Meanwhile, the FBI took down BreachForums and Google’s AI is learning to patch code before attackers can exploit it.&lt;/p&gt;
&lt;p&gt;The cybersecurity world never sleeps, and honestly, neither should your security team after reading this. Click through for the full rundown of breaches, malware, and the latest “why-is-that-even-possible” attack vectors.&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 03 October 2025</title><link>https://jorgelaurel.com/archive/fwu/fwu-098/</link><pubDate>Fri, 03 Oct 2025 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-098/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/fwu/fcf96d25ef594efb.png" alt=""&gt;&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;Another week, another parade of cyber shenanigans that make you wonder if the internet needs a timeout. From ransomware gangs sliding into BBC reporters’ DMs with job offers (seriously), to AI tools making phishing easier than ordering takeout, it’s been quite the ride.&lt;/p&gt;
&lt;p&gt;We’ve got everything from government shutdowns creating security gaps you could drive a truck through, to hackers apologizing for posting kids’ photos (because even cybercriminals have PR nightmares). Plus, Meta wants to monetize your AI chats, because why not add targeted ads to your robot conversations?&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 26 September 2025</title><link>https://jorgelaurel.com/archive/fwu/fwu-097/</link><pubDate>Fri, 26 Sep 2025 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-097/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/fwu/fcf96d25ef594efb.png" alt=""&gt;&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;Another week, another batch of creative ways cybercriminals are keeping us security folks caffeinated! ☕&lt;/p&gt;
&lt;p&gt;From airports getting grounded by ransomware to AI agents accidentally becoming the world’s most helpful data thieves, this week’s threat landscape had more plot twists than a Netflix series. We saw record-breaking DDoS attacks that made previous “massive” attacks look like gentle nudges, supply chain compromises that spread faster than office gossip, and enough zero-days to make patch Tuesday feel like patch decade.&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 19 September 2025</title><link>https://jorgelaurel.com/archive/fwu/fwu-096/</link><pubDate>Fri, 19 Sep 2025 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-096/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/fwu/fcf96d25ef594efb.png" alt=""&gt;&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;Another week, another collection of cyber chaos! From luxury fashion brands getting their digital wardrobes raided to AI tools that apparently graduated from &amp;ldquo;Hacking 101&amp;rdquo; with honors, the threat landscape continues its creative evolution.&lt;/p&gt;
&lt;p&gt;This week&amp;rsquo;s highlights include some particularly audacious impersonation schemes (fake FBI portals, anyone?), memory attacks that work faster than your morning coffee kicks in, and evidence that retirement announcements from cybercriminals should be taken with the same grain of salt as your uncle&amp;rsquo;s fishing stories.&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 12 September 2025</title><link>https://jorgelaurel.com/archive/fwu/fwu-095/</link><pubDate>Fri, 12 Sep 2025 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-095/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/fwu/fcf96d25ef594efb.png" alt=""&gt;&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;&lt;strong&gt;💥 This week in cyber was one for the history books.&lt;/strong&gt;&lt;/p&gt;
&lt;p&gt;📦 The world’s largest supply chain attack hit npm, with billions of downloads tainted.&lt;br&gt;
⚡ Nation-state espionage escalated as China-linked groups ramped up campaigns tied to trade negotiations.&lt;br&gt;
💻 Ransomware evolved yet again, with &lt;strong&gt;HybridPetya&lt;/strong&gt; breaking UEFI Secure Boot and Akira exploiting SonicWall appliances.&lt;br&gt;
📱 Meanwhile, Samsung scrambled to patch a WhatsApp-linked zero-day, and Apple unveiled a five-year project to shut down spyware developers.&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 05 September 2025</title><link>https://jorgelaurel.com/archive/fwu/fwu-094/</link><pubDate>Fri, 05 Sep 2025 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-094/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/fwu/fcf96d25ef594efb.png" alt=""&gt;&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;From record-breaking DDoS attacks and SVG-based phishing to zero-day exploits and AI-powered trade secret drama — this week’s threat landscape had something for everyone (except peace of mind).&lt;/p&gt;
&lt;p&gt;🔍 Russian APTs were intercepted mid-hack, North Korea’s ScarCruft went academic, and Google had to patch 120 Android flaws (yes, 120 — not a typo).&lt;/p&gt;
&lt;p&gt;🏭 Meanwhile, Bridgestone and Jaguar Land Rover hit the cyber brakes, Salesloft Drift’s supply-chain chaos keeps expanding, and a misconfigured server spilled 378GB of Navy Federal data like a coffee cup on a Monday keyboard.&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 29 August 2025</title><link>https://jorgelaurel.com/archive/fwu/fwu-093/</link><pubDate>Fri, 29 Aug 2025 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-093/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/fwu/fcf96d25ef594efb.png" alt=""&gt;&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;Salesforce attacks rippled into insurers and healthcare, AI-powered ransomware went live, Nevada shut down state offices, and hackers weaponized AI in the first supply chain breach.&lt;/p&gt;
&lt;p&gt;Meanwhile, $47M in scam crypto was seized, fake ID markets were dismantled, and Linux blew out 34 candles 🎂.&lt;/p&gt;
&lt;p&gt;🔍 From data theft to AI threats, the line between “attack” and “experiment” is vanishing fast.&lt;/p&gt;
&lt;p&gt;⚡ &lt;em&gt;Recaps + sources in this week’s Friday Wrap Up&lt;/em&gt; — because in cyber, “too long; didn’t read” can turn into “too late; data’s ripped.”&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 22 August 2025</title><link>https://jorgelaurel.com/archive/fwu/fwu-092/</link><pubDate>Fri, 22 Aug 2025 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-092/</guid><description>&lt;hr&gt;
&lt;p&gt;It&amp;rsquo;s been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;&lt;strong&gt;🚨 Major Cyberattacks &amp;amp; Data Breaches&lt;/strong&gt; This week saw breaches across industries — from HR platforms to healthcare — showing how attackers continue to exploit trusted systems.&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;
&lt;p&gt;👔 Workday discloses data breach linked to Salesforce attacks (Published on 8/18/2025, BleepingComputer). &lt;a href="https://www.bleepingcomputer.com/news/security/hr-giant-workday-discloses-data-breach-amid-salesforce-attacks/"&gt;Read More&lt;/a&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;p&gt;🍔 Hacker finds flaws in McDonald’s staff &amp;amp; partner hubs, exposing APIs and sensitive documents (Published on 8/20/2025, Dark Reading). &lt;a href="https://www.darkreading.com/cybersecurity-operations/hacker-finds-flaws-mcdonalds-staff-partner-hubs"&gt;Read More&lt;/a&gt;&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 15 Aug 2025</title><link>https://jorgelaurel.com/archive/fwu/fwu-091/</link><pubDate>Fri, 15 Aug 2025 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-091/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/fwu/fcf96d25ef594efb.png" alt=""&gt;&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;🚨 Friday Wrap Up highlights this week&lt;/p&gt;
&lt;p&gt;From cars remotely unlocked to state-backed hacks — attackers didn’t take a summer break.&lt;/p&gt;
&lt;p&gt;🚗 Car dealership portal flaw let anyone unlock vehicles remotely.&lt;/p&gt;
&lt;p&gt;🏛 Russian hackers breached U.S. federal court filing system.&lt;/p&gt;
&lt;p&gt;🛠 Microsoft patched Kerberos zero-day; Cisco fixed CVSS 10 flaw.&lt;/p&gt;
&lt;p&gt;🕵️ Crypto24 ransomware using custom EDR evasion tools.&lt;/p&gt;
&lt;p&gt;📻 TETRA radio encryption flaws exposed law enforcement comms.&lt;/p&gt;
&lt;p&gt;💾 Hackers leaked 9GB from alleged North Korean hacker’s PC.&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 8 Aug 2025</title><link>https://jorgelaurel.com/archive/fwu/fwu-090/</link><pubDate>Fri, 08 Aug 2025 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-090/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/fwu/fcf96d25ef594efb.png" alt=""&gt;&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;🚨 Zero-days, crypto-stealing extensions, and AI-weaponized attacks—it&amp;rsquo;s been a week full of cybersecurity “achievements.” Also: Perplexity&amp;rsquo;s scraping scandal, scammy snail mail, and AI that might be a little too curious. Full roundup below!&lt;/p&gt;
&lt;hr&gt;
&lt;h3 id="malware--vulnerabilities"&gt;&lt;strong&gt;Malware &amp;amp; Vulnerabilities&lt;/strong&gt;&lt;/h3&gt;
&lt;p&gt;From zero-days in security appliances to flaws in Exchange, Axis, and IP cameras—this week was a buffet of critical bugs waiting to be exploited.&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;
&lt;p&gt;🛡️ SonicWall probing potential zero-day in SSL VPN after 20+ targeted attacks (Published on 8/4/2025, The Hacker News). &lt;a href="https://thehackernews.com/2025/08/sonicwall-investigating-potential-ssl.html"&gt;Read More&lt;/a&gt;&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 01 August 2025</title><link>https://jorgelaurel.com/archive/fwu/fwu-089/</link><pubDate>Fri, 01 Aug 2025 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-089/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/fwu/fcf96d25ef594efb.png" alt=""&gt;&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;🔐 From AI-fueled deepfake threats to prompt injection vulnerabilities in cutting-edge tools, the cybersecurity battlefield keeps getting messier.&lt;/p&gt;
&lt;p&gt;Ransomware crews, phishing scams, and espionage actors all made headlines this week.&lt;/p&gt;
&lt;p&gt;Click through for a concise digest of what’s hot (and hacked) in cyber. 💥&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;&lt;strong&gt;Malware &amp;amp; Vulnerabilities&lt;/strong&gt;&lt;/p&gt;
&lt;p&gt;From AI-generated threats to prompt injection and phishing tricks, attackers are exploiting everything from popular dev tools to critical infrastructure.&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;
&lt;p&gt;🧪 AI-generated malicious npm package drained Solana wallets from over 1,500 users before takedown (Published on 8/1/2025, The Hacker News). &lt;a href="https://thehackernews.com/2025/08/ai-generated-malicious-npm-package.html"&gt;Read More&lt;/a&gt;&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 25 July 2025</title><link>https://jorgelaurel.com/archive/fwu/fwu-088/</link><pubDate>Fri, 25 Jul 2025 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-088/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/fwu/fcf96d25ef594efb.png" alt=""&gt;&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;This week, it’s cyber whack-a-mole: one forum admin down, another mirror site up. Meanwhile, malware gets cuddly (hi, pandas 🐼), and brands like Microsoft remain prime phishing bait.&lt;/p&gt;
&lt;p&gt;A dash of espionage, a pinch of legal drama, and a travel scam twist—because hackers need vacations too.&lt;/p&gt;
&lt;p&gt;👇 Dive in for the full roundup before your inbox gets spoofed.&lt;/p&gt;
&lt;hr&gt;
&lt;h3 id="major-cyberattacks--incidents"&gt;&lt;strong&gt;Major Cyberattacks &amp;amp; Incidents&lt;/strong&gt;&lt;/h3&gt;
&lt;p&gt;Breaches, takedowns, and court battles highlight the ever-evolving cyber threat landscape.&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 18 July 2025</title><link>https://jorgelaurel.com/archive/fwu/fwu-087/</link><pubDate>Fri, 18 Jul 2025 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-087/</guid><description>&lt;hr&gt;
&lt;p&gt;It&amp;rsquo;s been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;&lt;strong&gt;Cybersecurity Tools &amp;amp; Techniques&lt;/strong&gt; New developments in tools and frameworks are shaping both offense and defense in the cybersecurity landscape.&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;
&lt;p&gt;🛠️ TREVORspray is a fast, stealthy credential spray toolkit for Azure, Okta, and OWA login portals. (Published on 7/14/2025, Darknet). &lt;a href="https://www.darknet.org.uk/2025/07/trevorspray-credential-spray-toolkit-for-azure-okta-owa-more/"&gt;Read More&lt;/a&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;p&gt;🛡️ MITRE introduces AADAPT framework to defend financial systems and crypto assets. (Published on 7/15/2025, Dark Reading). &lt;a href="https://www.darkreading.com/vulnerabilities-threats/mitre-aadapt-framework-financial-systems"&gt;Read More&lt;/a&gt;&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 11 July 2025</title><link>https://jorgelaurel.com/archive/fwu/fwu-086/</link><pubDate>Fri, 11 Jul 2025 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-086/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/fwu/fcf96d25ef594efb.png" alt=""&gt;&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;Another busy week in cybersecurity and tech.&lt;/p&gt;
&lt;p&gt;🛡️ Ransomware groups are shutting down while pivoting to data extortion, as millions of records continue leaking from major brands.&lt;/p&gt;
&lt;p&gt;🕸️ Malicious Chrome extensions, SEO poisoning attacks disguised as AI tools, and critical zero-days highlight persistent threats across the supply chain and user environments.&lt;/p&gt;
&lt;p&gt;🤖 As organizations rush to adopt agentic AI, understanding dark market dynamics, patching critical vulnerabilities, and ensuring cyber-insurance coverage remain vital for resilience.&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 4 July 2025</title><link>https://jorgelaurel.com/archive/fwu/fwu-085/</link><pubDate>Fri, 04 Jul 2025 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-085/</guid><description>&lt;hr&gt;
&lt;p&gt;It&amp;rsquo;s been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.&lt;/p&gt;
&lt;hr&gt;
&lt;h3 id="-security--cyber-threats"&gt;🚨 Security &amp;amp; Cyber Threats&lt;/h3&gt;
&lt;ul&gt;
&lt;li&gt;
&lt;p&gt;🇨🇦 Hikvision Canada shut down over national security concerns. (Published on 6/30/2025, BleepingComputer). &lt;a href="https://www.bleepingcomputer.com/news/security/hikvision-canada-ordered-to-cease-operations-over-security-risks/"&gt;Read More&lt;/a&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;p&gt;🛡️ U.S. warns of rising Iranian cyberattacks on critical infrastructure. (Published on 6/30/2025, The Hacker News). &lt;a href="https://thehackernews.com/2025/06/us-agencies-warn-of-rising-iranian.html"&gt;Read More&lt;/a&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;p&gt;💧 Hackers opened a Norwegian dam valve for hours using a weak password. (Published on 6/30/2025, Hackread). &lt;a href="https://hackread.com/norwegian-dam-valve-forced-open-hours-in-cyberattack/"&gt;Read More&lt;/a&gt;&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 27 June 2025</title><link>https://jorgelaurel.com/archive/fwu/fwu-084/</link><pubDate>Fri, 27 Jun 2025 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-084/</guid><description>&lt;hr&gt;
&lt;p&gt;It&amp;rsquo;s been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.&lt;/p&gt;
&lt;hr&gt;
&lt;h3 id="-cyber-threats--state-linked-activity"&gt;🛡️ Cyber Threats &amp;amp; State-Linked Activity&lt;/h3&gt;
&lt;ul&gt;
&lt;li&gt;
&lt;p&gt;🕵️ Salt Typhoon hacks a Canadian telecom using Cisco flaws, confirming China-linked espionage. (Published on 6/23/2025, BleepingComputer). &lt;a href="https://www.bleepingcomputer.com/news/security/canada-says-salt-typhoon-hacked-telecom-firm-via-cisco-flaw/"&gt;Read More&lt;/a&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;p&gt;🚨 Salt Typhoon exploits router flaws to spy on global telecoms, FBI and Canada warn. (Published on 6/23/2025, Hackread). &lt;a href="https://hackread.com/salt-typhoon-targets-telecoms-router-flaws-fbi-canada/"&gt;Read More&lt;/a&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;p&gt;🐺 Chinese group Silver Fox uses fake websites to spread Sainbox RAT and hidden rootkit. (Published on 6/27/2025, The Hacker News). &lt;a href="https://thehackernews.com/2025/06/chinese-group-silver-fox-uses-fake.html"&gt;Read More&lt;/a&gt;&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 20 June 2025</title><link>https://jorgelaurel.com/archive/fwu/fwu-083/</link><pubDate>Fri, 20 Jun 2025 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-083/</guid><description>&lt;hr&gt;
&lt;p&gt;It&amp;rsquo;s been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.&lt;/p&gt;
&lt;hr&gt;
&lt;h3 id="ransomware--backup-threats"&gt;Ransomware &amp;amp; Backup Threats&lt;/h3&gt;
&lt;ul&gt;
&lt;li&gt;
&lt;p&gt;💀 New Anubis ransomware encrypts and permanently wipes files—recovery impossible even after payment. (Published on 6/16/2025, The Hacker News). &lt;a href="https://thehackernews.com/2025/06/anubis-ransomware-encrypts-and-wipes.html"&gt;Read More&lt;/a&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;p&gt;🔄 Ransomware gangs now target backup infrastructures first to cripple recovery options. (Published on 6/17/2025, The Hacker News). &lt;a href="https://thehackernews.com/2025/06/how-to-protect-your-backups-from-ransomware-attacks.html"&gt;Read More&lt;/a&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;p&gt;💾 Chain IQ and UBS data stolen in a ransomware attack claiming millions of files exfiltrated. (Published on 6/19/2025, SecurityWeek). &lt;a href="https://www.securityweek.com/chain-iq-ubs-data-stolen-in-ransomware-attack/"&gt;Read More&lt;/a&gt;&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 13 June 2025</title><link>https://jorgelaurel.com/archive/fwu/fwu-082/</link><pubDate>Fri, 13 Jun 2025 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-082/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/fwu/fcf96d25ef594efb.png" alt=""&gt;&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;This week’s Friday Wrap-Up brings a dense mix of cyber drama and tech evolution: from state-sponsored exploits and zero-click spyware to novel threats using smartwatches.&lt;/p&gt;
&lt;p&gt;Big tech players like Meta and Google are making AI splashes, while law enforcement cracks down on massive malware networks. Catch the highlights, breaches, patches, and pivots in one place—because your inbox deserves clarity. Click through for the full update!&lt;/p&gt;
&lt;hr&gt;
&lt;h3 id="cyber-espionage--nation-state-activity"&gt;&lt;strong&gt;Cyber Espionage &amp;amp; Nation-State Activity&lt;/strong&gt;&lt;/h3&gt;
&lt;ul&gt;
&lt;li&gt;
&lt;p&gt;🚫 OpenAI bans ChatGPT accounts tied to nation-state actors using AI for espionage and fraud (Published on 6/9/2025, Dark Reading). &lt;a href="https://www.darkreading.com/threat-intelligence/openai-bans-chatgpt-accounts-nation-state-threat-actors"&gt;Read More&lt;/a&gt;&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 6 June 2025</title><link>https://jorgelaurel.com/archive/fwu/fwu-081/</link><pubDate>Fri, 06 Jun 2025 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-081/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/fwu/fcf96d25ef594efb.png" alt=""&gt;&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;Ever feel like your network is safer when it’s unplugged and buried in a lead box? Same.&lt;/p&gt;
&lt;p&gt;This week in the Friday Wrap Up: ransomware operators got unmasked, GPU bugs need urgent hugs (a.k.a. patches), and fake CAPTCHAs are convincing users to hack themselves. From hospital breaches to solar device hijacks, the digital drama never disappoints.&lt;/p&gt;
&lt;p&gt;If you like your cyber news fresh, punchy, and slightly panic-inducing (with a side of professionalism), check out this week’s Friday Wrap-Up. You bring the coffee, we’ll bring the chaos.&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 30 May 2025</title><link>https://jorgelaurel.com/archive/fwu/fwu-080/</link><pubDate>Fri, 30 May 2025 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-080/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/fwu/fcf96d25ef594efb.png" alt=""&gt;&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;This week’s cyber headlines are packed with breaches, bots, BitM attacks, and even a courtroom confession. Dive into the Friday Wrap-Up to stay ahead—and maybe even stay safe. 🧠🛡️&lt;/p&gt;
&lt;hr&gt;
&lt;h3 id="cybersecurity-threats--malware-attacks"&gt;&lt;strong&gt;Cybersecurity Threats &amp;amp; Malware Attacks&lt;/strong&gt;&lt;/h3&gt;
&lt;p&gt;This week brought an array of fresh threats and major disclosures:&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;
&lt;p&gt;⚠️ Over 70 malicious npm and VS Code packages steal user data and crypto via Discord endpoints. (Published on 5/26/2025, The Hacker News). &lt;strong&gt;&lt;a href="https://thehackernews.com/2025/05/over-70-malicious-npm-and-vs-code.html"&gt;Read More&lt;/a&gt;&lt;/strong&gt;&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 23 May 2025</title><link>https://jorgelaurel.com/archive/fwu/fwu-079/</link><pubDate>Fri, 23 May 2025 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-079/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/fwu/fcf96d25ef594efb.png" alt=""&gt;&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;🎉 Back from vacation and fully recharged—sunburned but secure! ☀️🔐 Missed a week, but fear not: your favorite Friday Wrap Up is back and packed tighter than a phishing kit on a USB stick.&lt;/p&gt;
&lt;p&gt;This week’s headlines are a buffet of cyber-chaos: ransomware gangs get sneakier, Chrome plays password nanny, and someone gave 40,000 iOS apps a little too much freedom. Also, Microsoft’s playing sheriff, Signal&amp;rsquo;s playing defense, and a student hacker’s playing guilty.&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 9 May 2025</title><link>https://jorgelaurel.com/archive/fwu/fwu-078/</link><pubDate>Fri, 09 May 2025 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-078/</guid><description>&lt;hr&gt;
&lt;p&gt;It&amp;rsquo;s been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;&lt;strong&gt;🔐 Cyber Threats &amp;amp; Malware Surge&lt;/strong&gt;&lt;/p&gt;
&lt;p&gt;Cybercriminals continue to evolve tactics—from exploiting zero-days to using supply-chain attacks and AI developer tools. Here’s what’s making headlines:&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;
&lt;p&gt;🛑 Signal clone used by Trump official ceases operations after reported hack. (Published on 5/5/2025, Ars Technica). &lt;a href="https://arstechnica.com/security/2025/05/signal-clone-used-by-trump-official-stops-operations-after-report-it-was-hacked/"&gt;Read More&lt;/a&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;p&gt;🚨 New ransomware attack uses &amp;ldquo;Bring Your Own Installer&amp;rdquo; to bypass EDR protections. (Published on 5/5/2025, BleepingComputer). &lt;a href="https://www.bleepingcomputer.com/news/security/new-bring-your-own-installer-edr-bypass-used-in-ransomware-attack/"&gt;Read More&lt;/a&gt;&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 2 May 2025</title><link>https://jorgelaurel.com/archive/fwu/fwu-077/</link><pubDate>Fri, 02 May 2025 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-077/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/fwu/fcf96d25ef594efb.png" alt=""&gt;&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;From phishing rings to AI-written code, it&amp;rsquo;s been another week in cybersecurity where the only constant is everything’s on fire 🔥.&lt;/p&gt;
&lt;p&gt;This week’s Friday Wrap Up features:&lt;/p&gt;
&lt;p&gt;- Cybercriminals getting busted (some, not all—let&amp;rsquo;s not get crazy),&lt;/p&gt;
&lt;p&gt;- Zero-days popping like popcorn 🍿,&lt;/p&gt;
&lt;p&gt;- Space hacking (yes, literally),&lt;/p&gt;
&lt;p&gt;- AI quietly taking over dev jobs,&lt;/p&gt;
&lt;p&gt;- And government agencies asking, &amp;ldquo;Secure by Design—was that just a phase?&amp;rdquo;&lt;/p&gt;
&lt;p&gt;If your cloud is leaking secrets, your CMS is under siege, or you&amp;rsquo;re wondering how ransomware gangs pivot after a breakup&amp;hellip; we’ve got you covered.&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 25 April 2025</title><link>https://jorgelaurel.com/archive/fwu/fwu-076/</link><pubDate>Fri, 25 Apr 2025 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-076/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/fwu/fcf96d25ef594efb.png" alt=""&gt;&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;🎉 This Week in Cyber: From AI Phishing to ATM Hacking – We’ve Seen It All&lt;/p&gt;
&lt;p&gt;If you thought cybercriminals might slow down in April… plot twist! 😅&lt;/p&gt;
&lt;p&gt;This week’s headlines brought:&lt;/p&gt;
&lt;p&gt;- AI-powered phishing toolkits that scale scams faster than startups scale servers 🤖💸&lt;/p&gt;
&lt;p&gt;- Ransomware attacks hitting hospitals, cities, and schools — because clearly nothing is sacred anymore 🏥🏛️&lt;/p&gt;
&lt;p&gt;- Spoofed emails that even Google thought were legit 🫣&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 18 April 2025</title><link>https://jorgelaurel.com/archive/fwu/fwu-075/</link><pubDate>Fri, 18 Apr 2025 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-075/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/fwu/fcf96d25ef594efb.png" alt=""&gt;&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;From rogue restarts in Windows Server 2025 to ransomware giving dialysis clinics a real headache, this week was anything but quiet.&lt;/p&gt;
&lt;p&gt;State-backed hackers were busy playing malware bingo, Fortinet and Cisco had some uninvited guests, and 4chan may have just been out-trolled by a rival forum (yes, really).&lt;/p&gt;
&lt;p&gt;Meanwhile, AI continues its sneaky takeover—half of your coworkers are probably using unapproved tools, and Google’s swatting down billions of bad ads like it’s a high-stakes arcade game.&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 11 April 2025</title><link>https://jorgelaurel.com/archive/fwu/fwu-074/</link><pubDate>Fri, 11 Apr 2025 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-074/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/fwu/fcf96d25ef594efb.png" alt=""&gt;&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;🚨 This week in cybersecurity: breakfast got breached, NASCAR took a pit stop for ransomware, and a new AI hacking assistant named Xanthorox hit the dark web like it’s applying for a job at Anonymous HQ.&lt;/p&gt;
&lt;p&gt;Meanwhile, “Lovable” AI turns out to be &lt;em&gt;a little too&lt;/em&gt; lovable to cybercriminals, WhatsApp had a Windows-flavored vulnerability, and someone really should check on those 4 million Chrome users installing sketchy extensions with “Featured” badges.&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 4 April 2025</title><link>https://jorgelaurel.com/archive/fwu/fwu-073/</link><pubDate>Fri, 04 Apr 2025 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-073/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/fwu/fcf96d25ef594efb.png" alt=""&gt;&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;It’s been a busy week in cybersecurity — the kind that makes your firewall sweat and your SOC team rethink their life choices.&lt;/p&gt;
&lt;p&gt;From phishing-as-a-service platforms like Lucid going global with their spammy ambitions, to malware dressing up in stealth mode and pretending it’s just “advanced persistence,” attackers are working overtime.&lt;/p&gt;
&lt;p&gt;Meanwhile, vulnerabilities in everything from solar tech to AI platforms remind us that no codebase is safe from bugs (especially the kind that moonlight as backdoors).&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 28 March 2025</title><link>https://jorgelaurel.com/archive/fwu/fwu-072/</link><pubDate>Fri, 28 Mar 2025 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-072/</guid><description>&lt;hr&gt;
&lt;p&gt;It&amp;rsquo;s been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;&lt;strong&gt;🛡️ Cyberattack Campaigns &amp;amp; Threat Actor Activity&lt;/strong&gt;&lt;/p&gt;
&lt;p&gt;A surge in advanced persistent threats and ransomware highlights the evolving cybercrime landscape.&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;
&lt;p&gt;🐜 Chinese Weaver Ant hackers infiltrated a telecom network for over 4 years using compromised Zyxel routers. (Published on 3/24/2025, BleepingComputer). &lt;a href="https://www.bleepingcomputer.com/news/security/chinese-weaver-ant-hackers-spied-on-telco-network-for-4-years/"&gt;Read More&lt;/a&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;p&gt;🧬 Medusa ransomware disables EDR tools using stolen certificates for stealthy system takeovers. (Published on 3/25/2025, Hackread). &lt;a href="https://hackread.com/medusa-ransomware-anti-malware-tools-stolen-certificates/"&gt;Read More&lt;/a&gt;&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 21 March 2025</title><link>https://jorgelaurel.com/archive/fwu/fwu-071/</link><pubDate>Fri, 21 Mar 2025 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-071/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/fwu/fcf96d25ef594efb.png" alt=""&gt;&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;It&amp;rsquo;s been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;&lt;strong&gt;🔐 Major Data Breaches and Privacy Concerns&lt;/strong&gt;&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;
&lt;p&gt;🏦 Western Alliance Bank confirms data breach linked to the Cleo file transfer tool, impacting 22,000 customers. (Published on 3/18/2025, SecurityWeek). &lt;a href="https://www.securityweek.com/western-alliance-bank-discloses-data-breach-linked-to-cleo-hack/"&gt;Read More&lt;/a&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;p&gt;🧬 California Cryobank warns of a data breach affecting sensitive personal information of clients. (Published on 3/18/2025, BleepingComputer). &lt;a href="https://www.bleepingcomputer.com/news/security/sperm-donation-giant-california-cryobank-warns-of-a-data-breach/"&gt;Read More&lt;/a&gt;&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 14 March 2025</title><link>https://jorgelaurel.com/archive/fwu/fwu-070/</link><pubDate>Fri, 14 Mar 2025 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-070/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/fwu/fcf96d25ef594efb.png" alt=""&gt;&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;It&amp;rsquo;s been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.&lt;/p&gt;
&lt;hr&gt;
&lt;h3 id="cybersecurity-threats--incidents-"&gt;&lt;strong&gt;Cybersecurity Threats &amp;amp; Incidents&lt;/strong&gt; 🔥&lt;/h3&gt;
&lt;ul&gt;
&lt;li&gt;
&lt;p&gt;🚨 &lt;strong&gt;Americans lost a record $12.5 billion to fraud in 2024&lt;/strong&gt;, marking a 25% increase from the previous year. (Published on 3/10/2025, BleepingComputer). &lt;a href="https://www.bleepingcomputer.com/news/security/us-govt-says-americans-lost-record-125-billion-to-fraud-in-2024/"&gt;Read More&lt;/a&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;p&gt;🏴‍☠️ A &lt;strong&gt;former employee was found guilty of a revenge kill-switch scheme&lt;/strong&gt;, locking out users if their account was disabled. (Published on 3/10/2025, Dark Reading). &lt;a href="https://www.darkreading.com/cyberattacks-data-breaches/ex-employee-guilty-revenge-kill-switch-scheme"&gt;Read More&lt;/a&gt;&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 7 March 2025</title><link>https://jorgelaurel.com/archive/fwu/fwu-069/</link><pubDate>Fri, 07 Mar 2025 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-069/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/fwu/fcf96d25ef594efb.png" alt=""&gt;&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;It&amp;rsquo;s been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.&lt;/p&gt;
&lt;hr&gt;
&lt;h2 id="-cybersecurity-incidents--threats"&gt;🔥 Cybersecurity Incidents &amp;amp; Threats&lt;/h2&gt;
&lt;ul&gt;
&lt;li&gt;
&lt;p&gt;🔑 &lt;strong&gt;Rubrik rotates authentication keys after log server breach&lt;/strong&gt; – A breach in Rubrik’s log server led to the rotation of potentially leaked authentication keys. (Published on 3/3/2025, Bleeping Computer). &lt;a href="https://www.bleepingcomputer.com/news/security/rubrik-rotates-authentication-keys-after-log-server-breach/"&gt;Read More&lt;/a&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;p&gt;🎭 &lt;strong&gt;North Korean fake IT workers pose as blockchain developers&lt;/strong&gt; – Fraudulent personas on GitHub are helping North Korean operatives secure blockchain development jobs in the U.S. and Japan. (Published on 3/5/2025, SecurityWeek). &lt;a href="https://www.securityweek.com/north-korean-fake-it-workers-pose-as-blockchain-developers-on-github/"&gt;Read More&lt;/a&gt;&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 28 February 2025</title><link>https://jorgelaurel.com/archive/fwu/fwu-068/</link><pubDate>Fri, 28 Feb 2025 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-068/</guid><description>&lt;hr&gt;
&lt;p&gt;It&amp;rsquo;s been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.&lt;/p&gt;
&lt;hr&gt;
&lt;h3 id="-cybersecurity-threats--attacks"&gt;🚨 Cybersecurity Threats &amp;amp; Attacks&lt;/h3&gt;
&lt;ul&gt;
&lt;li&gt;
&lt;p&gt;🎭 Hackers exploit Google Docs and Steam to spread ACRStealer, a new infostealer malware targeting users via trusted platforms. (Published on 2/24/2025, Hackread). &lt;a href="https://hackread.com/hackers-google-docs-steam-drop-acrstealer-infostealer/"&gt;Read More&lt;/a&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;p&gt;🔍 OpenAI bans ChatGPT accounts linked to Chinese threat actors who allegedly used the AI model for espionage tool development. (Published on 2/24/2025, SecurityWeek). &lt;a href="https://www.securityweek.com/openai-bans-chatgpt-accounts-used-by-chinese-group-for-spy-tools/"&gt;Read More&lt;/a&gt;&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 21 February 2025</title><link>https://jorgelaurel.com/archive/fwu/fwu-067/</link><pubDate>Fri, 21 Feb 2025 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-067/</guid><description>&lt;hr&gt;
&lt;p&gt;It&amp;rsquo;s been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.&lt;/p&gt;
&lt;hr&gt;
&lt;h3 id="-cybersecurity-threats--exploits"&gt;🛡️ Cybersecurity Threats &amp;amp; Exploits&lt;/h3&gt;
&lt;p&gt;Cyberattacks are evolving, with new malware, vulnerabilities, and nation-state threats emerging. Stay informed and vigilant!&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;
&lt;p&gt;🛑 &lt;strong&gt;Microsoft detects a new XCSSET macOS malware variant&lt;/strong&gt; targeting sensitive user data, including crypto wallets and Notes app content. (Published on 2/17/2025, BleepingComputer). &lt;a href="https://www.bleepingcomputer.com/news/security/microsoft-spots-xcsset-macos-malware-variant-used-for-crypto-theft/"&gt;Read More&lt;/a&gt;&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 14 February 2025</title><link>https://jorgelaurel.com/archive/fwu/fwu-066/</link><pubDate>Fri, 14 Feb 2025 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-066/</guid><description>&lt;hr&gt;
&lt;p&gt;It&amp;rsquo;s been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;💘 &lt;strong&gt;Roses are red, violets are blue, cyber threats don’t care… and they’re coming for you!&lt;/strong&gt; 💘&lt;/p&gt;
&lt;p&gt;This Valentine’s Day, while some are finding love, others are finding &lt;strong&gt;zero-days, ransomware, and nation-state hackers&lt;/strong&gt;. Here’s a &lt;strong&gt;cybersecurity love stories&lt;/strong&gt; you don’t want to be part of:&lt;/p&gt;
&lt;h3 id="latest-cybersecurity-threats-and-vulnerabilities"&gt;🔥 Latest Cybersecurity Threats and Vulnerabilities&lt;/h3&gt;
&lt;p&gt;From zero-days to AI exploits, attackers are finding new ways to break into systems. Stay updated on the latest security risks.&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 7 February 2025</title><link>https://jorgelaurel.com/archive/fwu/fwu-065/</link><pubDate>Fri, 07 Feb 2025 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-065/</guid><description>&lt;hr&gt;
&lt;p&gt;It&amp;rsquo;s been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.&lt;/p&gt;
&lt;hr&gt;
&lt;h3 id="-cybersecurity-news--threats"&gt;🔥 Cybersecurity News &amp;amp; Threats&lt;/h3&gt;
&lt;p&gt;From AI impersonation to major vulnerabilities, here are some stories that shaped cybersecurity this week.&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;
&lt;p&gt;🎭 DeepSeek AI tools are being impersonated on PyPI by infostealer malware targeting developers. (Published on 2/3/2025, BleepingComputer). &lt;a href="https://www.bleepingcomputer.com/news/security/deepseek-ai-tools-impersonated-by-infostealer-malware-on-pypi/"&gt;Read More&lt;/a&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;p&gt;🏦 The Coyote banking trojan expands its reach, now targeting 1,030 sites and 73 financial institutions. (Published on 2/3/2025, The Hacker News). &lt;a href="https://thehackernews.com/2025/02/coyote-malware-expands-reach-now.html"&gt;Read More&lt;/a&gt;&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 31 January 2025</title><link>https://jorgelaurel.com/archive/fwu/fwu-064/</link><pubDate>Fri, 31 Jan 2025 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-064/</guid><description>&lt;hr&gt;
&lt;p&gt;It&amp;rsquo;s been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.&lt;/p&gt;
&lt;hr&gt;
&lt;h3 id="-cybersecurity-news--emerging-threats"&gt;🔥 Cybersecurity News &amp;amp; Emerging Threats&lt;/h3&gt;
&lt;p&gt;From zero-day exploits to ransomware attacks, here’s what’s making waves in cybersecurity this week.&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;
&lt;p&gt;🍏 Apple patches the first actively exploited zero-day of 2025, targeting iPhone users. (Published on 1/27/2025, BleepingComputer). &lt;a href="https://www.bleepingcomputer.com/news/security/apple-fixes-this-years-first-actively-exploited-zero-day-bug/"&gt;Read More&lt;/a&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;p&gt;🚨 DeepSeek AI halts new user registrations after a large-scale cyberattack disrupts operations. (Published on 1/27/2025, Hackread). &lt;a href="https://hackread.com/deepseek-large-scale-cyberattack-halts-user-registrations/"&gt;Read More&lt;/a&gt;&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 30 January 2025</title><link>https://jorgelaurel.com/archive/fwu/fwu-063/</link><pubDate>Thu, 30 Jan 2025 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-063/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/fwu/fcf96d25ef594efb.png" alt=""&gt;&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;Another week, another avalanche of cyber chaos! From dating apps getting breached (swipe left on that security posture) to 1.5 million devs accidentally installing code-stealing VS Code extensions, it’s been a wild ride.&lt;/p&gt;
&lt;p&gt;This week’s highlights: ShinyHunters went on a shopping spree, North Korean hackers are forming splinter groups like a K-pop band, and apparently 175,000 AI servers are just&amp;hellip; out there&amp;hellip; exposed. Also, half your employees are using shadow AI tools, and your C-suite is leading the charge.&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 24 January 2025</title><link>https://jorgelaurel.com/archive/fwu/fwu-062/</link><pubDate>Fri, 24 Jan 2025 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-062/</guid><description>&lt;hr&gt;
&lt;p&gt;It&amp;rsquo;s been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.&lt;/p&gt;
&lt;hr&gt;
&lt;h3 id="-cybersecurity-breaches--attacks"&gt;🚨 Cybersecurity Breaches &amp;amp; Attacks&lt;/h3&gt;
&lt;ul&gt;
&lt;li&gt;
&lt;p&gt;🛠️ &lt;strong&gt;HPE investigates breach&lt;/strong&gt; as a hacker claims to have stolen sensitive documents from its developer environments. (Published on 1/20/2025, BleepingComputer). &lt;a href="https://www.bleepingcomputer.com/news/security/hewlett-packard-enterprise-investigates-new-breach-claims/"&gt;Read More&lt;/a&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;p&gt;🔓 &lt;strong&gt;PowerSchool data breach&lt;/strong&gt; exposes students’ and educators’ personal information in a December 2024 cyberattack. (Published on 1/21/2025, SecurityWeek). &lt;a href="https://www.securityweek.com/students-educators-impacted-by-powerschool-data-breach/"&gt;Read More&lt;/a&gt;&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 23 January 2025</title><link>https://jorgelaurel.com/archive/fwu/fwu-061/</link><pubDate>Thu, 23 Jan 2025 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-061/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/fwu/fcf96d25ef594efb.png" alt=""&gt;&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;Another week, another mountain of security incidents to digest. From Fortinet’s double-feature vulnerability showcase to AI systems getting tricked into leaking your calendar (thanks, Gemini!), the headlines remind us that “fully patched” is more of a suggestion than a guarantee.&lt;/p&gt;
&lt;p&gt;Highlights? Tesla got pwned for half a million dollars, Microsoft blamed a “coding error” for Outlook crashes (aren’t they all?), and Curl is officially done with AI-generated bug bounty spam. Somewhere, a developer shed a single tear.&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 17 January 2025</title><link>https://jorgelaurel.com/archive/fwu/fwu-060/</link><pubDate>Fri, 17 Jan 2025 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-060/</guid><description>&lt;hr&gt;
&lt;p&gt;It&amp;rsquo;s been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.&lt;/p&gt;
&lt;hr&gt;
&lt;h3 id="-cybersecurity-threats--vulnerabilities"&gt;🔐 Cybersecurity Threats &amp;amp; Vulnerabilities&lt;/h3&gt;
&lt;p&gt;The latest cybersecurity developments highlight ongoing threats and vulnerabilities across various sectors.&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;
&lt;p&gt;🚨 A Microsoft MFA outage is preventing users from accessing Microsoft 365 apps. (Published on 1/13/2025, BleepingComputer). &lt;a href="https://www.bleepingcomputer.com/news/microsoft/microsoft-mfa-outage-blocking-access-to-microsoft-365-apps/"&gt;Read More&lt;/a&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;p&gt;🛑 Over 4,000 web backdoors were hijacked by registering expired domains, exposing compromised systems to further risks. (Published on 1/12/2025, The Hacker News). &lt;a href="https://thehackernews.com/2025/01/expired-domains-allowed-control-over.html"&gt;Read More&lt;/a&gt;&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 16 January 2025</title><link>https://jorgelaurel.com/archive/fwu/fwu-059/</link><pubDate>Thu, 16 Jan 2025 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-059/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/fwu/fcf96d25ef594efb.png" alt=""&gt;&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;🎢 This week’s cybersecurity rollercoaster: where Wi-Fi crashes with one packet, Chrome extensions cosplay as your HR portal, and ZIP files contain more layers than a lasagna made by someone with commitment issues.&lt;/p&gt;
&lt;p&gt;The big picture? Attackers are getting sophisticated (looking at you, Predator spyware that learns from failure), infrastructure is falling over (RIP Verizon, enjoy your $20), and apparently two missing characters almost took down AWS. Two. Characters.&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 10 January 2025</title><link>https://jorgelaurel.com/archive/fwu/fwu-058/</link><pubDate>Fri, 10 Jan 2025 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-058/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/fwu/fcf96d25ef594efb.png" alt=""&gt;&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;It&amp;rsquo;s been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.&lt;/p&gt;
&lt;hr&gt;
&lt;h3 id="cybersecurity-threats-and-attacks"&gt;&lt;strong&gt;Cybersecurity Threats and Attacks&lt;/strong&gt;&lt;/h3&gt;
&lt;p&gt;These stories highlight the latest cybersecurity threats, including malware, nation-state hacks, and unconventional attack methods.&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;
&lt;p&gt;🛡️ FireScam malware disguises itself as &amp;ldquo;Telegram Premium&amp;rdquo; to steal data and maintain remote control of Android devices. Stay vigilant! (Published on 1/6/2025, The Hacker News). &lt;a href="https://thehackernews.com/2025/01/firescam-android-malware-poses-as.html"&gt;Read More&lt;/a&gt;&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 3 January 2025</title><link>https://jorgelaurel.com/archive/fwu/fwu-057/</link><pubDate>Fri, 03 Jan 2025 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-057/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/fwu/fcf96d25ef594efb.png" alt=""&gt;&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;It&amp;rsquo;s been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.&lt;/p&gt;
&lt;hr&gt;
&lt;h3 id="cybersecurity-breaches-and-incidents"&gt;Cybersecurity Breaches and Incidents&lt;/h3&gt;
&lt;p&gt;🔒 &lt;strong&gt;Chinese state-sponsored hackers breached the U.S. Treasury Department&lt;/strong&gt; via a remote support platform. (Published on 12/30/2024, BleepingComputer). &lt;a href="https://www.bleepingcomputer.com/news/security/us-treasury-department-breached-through-remote-support-platform/"&gt;Read More&lt;/a&gt;&lt;/p&gt;
&lt;p&gt;🚘 &lt;strong&gt;Volkswagen, Audi, and Skoda EV owners affected by a major data breach&lt;/strong&gt; tracking over 800,000 vehicles. (Published on 12/30/2024, Hackread). &lt;a href="https://hackread.com/exposed-cloud-server-tracks-volkswagen-audi-skoda-evs/"&gt;Read More&lt;/a&gt;&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 27 December 2024</title><link>https://jorgelaurel.com/archive/fwu/fwu-056/</link><pubDate>Fri, 27 Dec 2024 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-056/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/fwu/fcf96d25ef594efb.png" alt=""&gt;&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;It&amp;rsquo;s been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.&lt;/p&gt;
&lt;hr&gt;
&lt;h4 id="threat-actors-and-malware"&gt;&lt;strong&gt;Threat Actors and Malware&lt;/strong&gt;&lt;/h4&gt;
&lt;ul&gt;
&lt;li&gt;
&lt;p&gt;🎯 Lazarus Group targets the nuclear industry using CookiePlus malware. Critical threat intelligence updates shared by Kaspersky. (Published on 12/23/2024, Hackread). &lt;a href="https://hackread.com/lazarus-group-nuclear-industry-cookieplus-malware/"&gt;Read More&lt;/a&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;p&gt;🐱 Iran’s Charming Kitten deploys BellaCPP, a C++ variant of the BellaCiao malware, increasing its attack sophistication. (Published on 12/25/2024, The Hacker News). &lt;a href="https://thehackernews.com/2024/12/irans-charming-kitten-deploys-bellacpp.html"&gt;Read More&lt;/a&gt;&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 20 December 2024</title><link>https://jorgelaurel.com/archive/fwu/fwu-055/</link><pubDate>Fri, 20 Dec 2024 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-055/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/fwu/fcf96d25ef594efb.png" alt=""&gt;&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;It&amp;rsquo;s been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.&lt;/p&gt;
&lt;hr&gt;
&lt;h3 id="cybersecurity-threats-and-attacks"&gt;Cybersecurity Threats and Attacks&lt;/h3&gt;
&lt;p&gt;Staying informed about the latest cybersecurity threats and data breaches is essential for businesses and individuals alike.&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;
&lt;p&gt;🛑 Malicious ads spread Lumma Stealer via fake CAPTCHA pages, tricking users into running PowerShell commands. (Published on 12/16/2024, BleepingComputer). &lt;a href="https://www.bleepingcomputer.com/news/security/malicious-ads-push-lumma-infostealer-via-fake-captcha-pages/"&gt;Read More&lt;/a&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;p&gt;🐘 Glutton malware exploits popular PHP frameworks like Laravel and ThinkPHP, targeting multiple countries. (Published on 12/16/2024, The Hacker News). &lt;a href="https://thehackernews.com/2024/12/new-glutton-malware-exploits-popular.html"&gt;Read More&lt;/a&gt;&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 13 December 2024</title><link>https://jorgelaurel.com/archive/fwu/fwu-054/</link><pubDate>Fri, 13 Dec 2024 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-054/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/fwu/fcf96d25ef594efb.png" alt=""&gt;&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;It&amp;rsquo;s been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.&lt;/p&gt;
&lt;hr&gt;
&lt;h3 id="category-critical-infrastructure-and-software-risks"&gt;Category: &lt;strong&gt;Critical Infrastructure and Software Risks&lt;/strong&gt;&lt;/h3&gt;
&lt;ul&gt;
&lt;li&gt;
&lt;p&gt;⚠️ 90% of software in U.S. critical infrastructure contains code developed in China, posing systemic risks. (Published on 12/9/2024, Dark Reading). &lt;a href="https://www.darkreading.com/"&gt;Read More&lt;/a&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;p&gt;🛠️ Forrester panel explores software supply chain vulnerabilities and global IT security challenges. (Published on 12/10/2024, InformationWeek). &lt;a href="https://www.informationweek.com/"&gt;Read More&lt;/a&gt;&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 29 November 2024</title><link>https://jorgelaurel.com/archive/fwu/fwu-053/</link><pubDate>Fri, 29 Nov 2024 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-053/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/fwu/fcf96d25ef594efb.png" alt=""&gt;&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;It&amp;rsquo;s been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.&lt;/p&gt;
&lt;hr&gt;
&lt;h3 id="cybersecurity-threats-and-exploits"&gt;Cybersecurity Threats and Exploits&lt;/h3&gt;
&lt;p&gt;Key updates on critical vulnerabilities and sophisticated hacking campaigns targeting diverse platforms worldwide.&lt;/p&gt;
&lt;p&gt;🔓 mySCADA patches critical vulnerabilities in myPRO systems, which allowed remote unauthenticated system takeovers. (Published on 11/25/2024, SecurityWeek). &lt;a href="https://www.securityweek.com/vulnerabilities-expose-myscada-mypro-systems-to-remote-hacking/"&gt;Read More&lt;/a&gt;&lt;/p&gt;
&lt;p&gt;🛡 Malware leveraging BYOVD techniques uses Avast’s anti-rootkit driver to disable antivirus protections. (Published on 11/25/2024, The Hacker News). &lt;a href="https://thehackernews.com/2024/11/researchers-uncover-malware-using-byovd.html"&gt;Read More&lt;/a&gt;&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 22 November 2024</title><link>https://jorgelaurel.com/archive/fwu/fwu-052/</link><pubDate>Fri, 22 Nov 2024 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-052/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/fwu/fcf96d25ef594efb.png" alt=""&gt;&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;It&amp;rsquo;s been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.&lt;/p&gt;
&lt;hr&gt;
&lt;h3 id="cybersecurity-threats-and-exploits"&gt;Cybersecurity Threats and Exploits&lt;/h3&gt;
&lt;p&gt;Newly discovered vulnerabilities and sophisticated hacking campaigns reveal the ongoing evolution of cyber threats across platforms and technologies.&lt;/p&gt;
&lt;p&gt;🔓 Chinese hackers exploit a Fortinet VPN zero-day vulnerability using the DeepData toolkit to steal credentials. (Published on 11/18/2024, BleepingComputer). &lt;a href="https://www.bleepingcomputer.com/news/security/chinese-hackers-exploit-fortinet-vpn-zero-day-to-steal-credentials/"&gt;Read More&lt;/a&gt;&lt;/p&gt;
&lt;p&gt;🎯 Fake discount sites mimic legitimate brands to exploit Black Friday shopping activity and steal customer information. (Published on 11/18/2024, The Hacker News). &lt;a href="https://thehackernews.com/2024/11/fake-discount-sites-exploit-black.html"&gt;Read More&lt;/a&gt;&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 15 November 2024</title><link>https://jorgelaurel.com/archive/fwu/fwu-051/</link><pubDate>Fri, 15 Nov 2024 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-051/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/fwu/fcf96d25ef594efb.png" alt=""&gt;&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;It&amp;rsquo;s been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.&lt;/p&gt;
&lt;hr&gt;
&lt;h3 id="cybersecurity-threats-and-exploits"&gt;Cybersecurity Threats and Exploits&lt;/h3&gt;
&lt;p&gt;Emerging cyber threats and vulnerabilities that highlight the evolving tactics of attackers targeting various platforms and industries.&lt;/p&gt;
&lt;p&gt;🛠 Revamped Remcos RAT targets Microsoft Windows users, exploiting known RCE vulnerabilities in Microsoft Office and WordPad. (Published on 11/11/2024, Dark Reading). &lt;a href="https://www.darkreading.com/application-security/revamped-remcos-rat-microsoft-windows-users"&gt;Read More&lt;/a&gt;&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 8 November 2024</title><link>https://jorgelaurel.com/archive/fwu/fwu-050/</link><pubDate>Fri, 08 Nov 2024 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-050/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/fwu/fcf96d25ef594efb.png" alt=""&gt;&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;It&amp;rsquo;s been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.&lt;/p&gt;
&lt;hr&gt;
&lt;h3 id="cybersecurity-threats-and-exploits"&gt;Cybersecurity Threats and Exploits&lt;/h3&gt;
&lt;p&gt;A roundup of recent cybersecurity incidents and newly discovered vulnerabilities impacting various platforms and users worldwide.&lt;/p&gt;
&lt;p&gt;🚨 DocuSign’s Envelopes API is being exploited to send fake invoices, mimicking brands like Norton and PayPal. (Published on 11/4/2024, BleepingComputer). &lt;a href="https://www.bleepingcomputer.com/news/security/docusigns-envelopes-api-abused-to-send-realistic-fake-invoices/"&gt;Read More&lt;/a&gt;&lt;/p&gt;
&lt;p&gt;🔍 Google’s AI tool, Big Sleep, uncovers a zero-day vulnerability in the SQLite database engine, marking a first in AI-assisted vulnerability discovery. (Published on 11/4/2024, The Hacker News). &lt;a href="https://thehackernews.com/2024/11/googles-ai-tool-big-sleep-finds-zero.html"&gt;Read More&lt;/a&gt;&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 25 October 2024</title><link>https://jorgelaurel.com/archive/fwu/fwu-049/</link><pubDate>Fri, 25 Oct 2024 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-049/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/fwu/fcf96d25ef594efb.png" alt=""&gt;&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;It&amp;rsquo;s been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.&lt;/p&gt;
&lt;hr&gt;
&lt;h3 id="cybersecurity-breaches-and-threats"&gt;&lt;strong&gt;Cybersecurity Breaches and Threats&lt;/strong&gt;&lt;/h3&gt;
&lt;ul&gt;
&lt;li&gt;
&lt;p&gt;⚠️ Internet Archive (Archive.org) suffers its second breach this month, exposing support tickets via unrotated Zendesk credentials. (Published on 10/21/2024, Hack Read). &lt;a href="https://hackread.com/internet-archive-archive-org-hacked-for-second-time/"&gt;Read More&lt;/a&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;p&gt;🔧 VMware patches another remote code execution flaw exploited during a Chinese hacking contest in June 2024. (Published on 10/21/2024, SecurityWeek). &lt;a href="https://www.securityweek.com/vmware-struggles-to-fix-flaw-exploited-at-chinese-hacking-contest/"&gt;Read More&lt;/a&gt;&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 18 October 2024</title><link>https://jorgelaurel.com/archive/fwu/fwu-048/</link><pubDate>Fri, 18 Oct 2024 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-048/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/fwu/fcf96d25ef594efb.png" alt=""&gt;&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;It&amp;rsquo;s been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.&lt;/p&gt;
&lt;hr&gt;
&lt;h2 id="cybersecurity-updates"&gt;Cybersecurity Updates&lt;/h2&gt;
&lt;ul&gt;
&lt;li&gt;
&lt;p&gt;🔐 Supply chain attacks exploit entry points in open-source ecosystems like Python and npm, posing a widespread risk. (Published on 10/14/2024, The Hacker News). &lt;a href="https://thehackernews.com/2024/10/supply-chain-attacks-exploit-entry.html"&gt;Read More&lt;/a&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;p&gt;🖥️ Iranian cyberspies are exploiting a recent Windows kernel vulnerability, targeting Gulf region organizations. (Published on 10/14/2024, SecurityWeek). &lt;a href="https://www.securityweek.com/iranian-cyberspies-exploiting-recent-windows-kernel-vulnerability/"&gt;Read More&lt;/a&gt;&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 11 October 2024</title><link>https://jorgelaurel.com/archive/fwu/fwu-047/</link><pubDate>Fri, 11 Oct 2024 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-047/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/fwu/fcf96d25ef594efb.png" alt=""&gt;&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;It&amp;rsquo;s been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.&lt;/p&gt;
&lt;hr&gt;
&lt;h3 id="cybersecurity-breaches"&gt;Cybersecurity Breaches&lt;/h3&gt;
&lt;p&gt;🚨 ADT discloses a second breach within two months, with attackers gaining access using stolen credentials to exfiltrate employee account data. (Published on 10/7/2024, BleepingComputer). &lt;a href="https://www.bleepingcomputer.com/news/security/adt-discloses-second-breach-in-2-months-hacked-via-stolen-credentials/"&gt;Read More&lt;/a&gt;&lt;/p&gt;
&lt;p&gt;🚨 LEGO’s website was hacked by cryptocurrency scammers promoting a fake Lego token that could be purchased with Ethereum. (Published on 10/7/2024, BleepingComputer). &lt;a href="https://www.bleepingcomputer.com/news/security/legos-website-hacked-to-push-cryptocurrency-scam/"&gt;Read More&lt;/a&gt;&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 4 October 2024 (Audio Version)</title><link>https://jorgelaurel.com/archive/fwu/fwu-046/</link><pubDate>Fri, 04 Oct 2024 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-046/</guid><description>&lt;p&gt;Two AI hosts start up a lively “deep dive” discussion based on the content of the 4 October Friday Wrap Up. They summarize the stories, make connections between topics, and banter back and forth.&lt;/p&gt;
&lt;p&gt;This audio file was created using Google’s NotebookLM, a tool to turn your documents into engaging audio discussions.&lt;/p&gt;
&lt;p&gt;It’s important to remember that this &lt;em&gt;&lt;strong&gt;AI generated discussion&lt;/strong&gt;&lt;/em&gt; is not a comprehensive or objective view of the content of the Friday Wrap Up, but simply a reflection of the news stories that the Friday Wrap Up contains.&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 27 September 2024 (Audio Version)</title><link>https://jorgelaurel.com/archive/fwu/fwu-045/</link><pubDate>Fri, 27 Sep 2024 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-045/</guid><description>&lt;p&gt;Don’t feel like reading the 27 September version of the Friday Wrap Up? Maybe you want to listen to it read to you in the form of a conversation between two AI hosts?&lt;/p&gt;
&lt;p&gt;Well, thanks to Google and AI, here you go. Two AI hosts start up a lively “deep dive” discussion based on the content of the Friday Wrap Up. They summarize the stories, make connections between topics, and banter back and forth.&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 20 Sept 2024</title><link>https://jorgelaurel.com/archive/fwu/fwu-044/</link><pubDate>Fri, 20 Sep 2024 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-044/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/fwu/fcf96d25ef594efb.png" alt=""&gt;&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;It&amp;rsquo;s been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.&lt;/p&gt;
&lt;hr&gt;
&lt;h3 id="vulnerability-fixes-and-threat-patches"&gt;Vulnerability Fixes and Threat Patches&lt;/h3&gt;
&lt;p&gt;🔒 D-Link patches critical flaws in WiFi 6 routers, addressing vulnerabilities that allowed attackers to exploit hardcoded credentials and execute arbitrary code. (Published on 9/16/2024, BleepingComputer). &lt;a href="https://www.bleepingcomputer.com/news/security/d-link-fixes-critical-rce-hardcoded-password-flaws-in-wifi-6-routers/"&gt;Read More&lt;/a&gt;&lt;/p&gt;
&lt;p&gt;🔑 Apple addresses major security flaws in iOS 18, warning that attackers could use Siri to access sensitive user data or control nearby devices. (Published on 9/16/2024, SecurityWeek). &lt;a href="https://www.securityweek.com/apple-patches-major-security-flaws-with-ios-18-refresh/"&gt;Read More&lt;/a&gt;&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 13 September 2024</title><link>https://jorgelaurel.com/archive/fwu/fwu-043/</link><pubDate>Fri, 13 Sep 2024 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-043/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/fwu/c58afca7b6e9f5e6.png" alt=""&gt;&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;It&amp;rsquo;s been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.&lt;/p&gt;
&lt;hr&gt;
&lt;h3 id="cybersecurity-incidents-"&gt;Cybersecurity Incidents 🛡️&lt;/h3&gt;
&lt;p&gt;🚨 Highline Public Schools shuts down following a cyberattack, causing school closures and activity cancellations. (Published on 9/9/2024, BleepingComputer). &lt;a href="https://www.bleepingcomputer.com/news/security/highline-public-schools-closes-schools-following-cyberattack/"&gt;Read More&lt;/a&gt;&lt;/p&gt;
&lt;p&gt;🚨 Avis Car Rental data breach affects 300,000 customers, exposing personal information in August 2024. (Published on 9/9/2024, SecurityWeek). &lt;a href="https://www.securityweek.com/300000-impacted-by-data-breach-at-car-rental-firm-avis/"&gt;Read More&lt;/a&gt;&lt;/p&gt;
&lt;p&gt;🚨 Fortinet confirms a data breach after a hacker claims to have stolen 440GB of files from their Microsoft SharePoint server. (Published on 9/12/2024, BleepingComputer). &lt;a href="https://www.bleepingcomputer.com/news/security/fortinet-confirms-data-breach-after-hacker-claims-to-steal-440gb-of-files/"&gt;Read More&lt;/a&gt;&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 6 September 2024</title><link>https://jorgelaurel.com/archive/fwu/fwu-042/</link><pubDate>Fri, 06 Sep 2024 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-042/</guid><description>&lt;hr&gt;
&lt;p&gt;It&amp;rsquo;s been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.&lt;/p&gt;
&lt;hr&gt;
&lt;h3 id="data-breaches--security-failures"&gt;Data Breaches &amp;amp; Security Failures&lt;/h3&gt;
&lt;p&gt;🔓 &lt;strong&gt;Verkada&lt;/strong&gt; will pay $2.95M after security lapses allowed hackers to access live feeds from 150,000 cameras. (Published on 9/2/2024, BleepingComputer). &lt;a href="https://www.bleepingcomputer.com/news/security/verkada-to-pay-295m-for-security-failures-leading-to-breaches/"&gt;Read More&lt;/a&gt;&lt;/p&gt;
&lt;p&gt;🔐 &lt;strong&gt;CBIZ&lt;/strong&gt; disclosed a data breach involving unauthorized access to client information stored in specific databases. (Published on 9/2/2024, BleepingComputer). &lt;a href="https://www.bleepingcomputer.com/news/security/business-services-giant-cbiz-discloses-customer-data-breach/"&gt;Read More&lt;/a&gt;&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 30 August 2024</title><link>https://jorgelaurel.com/archive/fwu/fwu-041/</link><pubDate>Fri, 30 Aug 2024 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-041/</guid><description>&lt;hr&gt;
&lt;p&gt;It&amp;rsquo;s been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.&lt;/p&gt;
&lt;hr&gt;
&lt;h2 id="cybersecurity-incidents-and-alerts"&gt;Cybersecurity Incidents and Alerts:&lt;/h2&gt;
&lt;p&gt;🚨 &lt;strong&gt;Seattle-Tacoma Airport cyberattack&lt;/strong&gt; disrupts IT systems, causing flight delays and reservation check-in issues. (Published on 8/26/2024, BleepingComputer). &lt;a href="https://www.bleepingcomputer.com/news/security/seattle-tacoma-airport-it-systems-down-due-to-a-cyberattack/"&gt;Read More&lt;/a&gt;&lt;/p&gt;
&lt;p&gt;👥 &lt;strong&gt;750M fake Microsoft accounts created&lt;/strong&gt; as cybercriminals exploit Greasy Opal to bypass security measures. (Published on 8/26/2024, Dark Reading). &lt;a href="https://www.darkreading.com/cyberattacks-data-breaches/cybercriminals-tap-greasy-opal-to-create-750m-fake-microsoft-accounts"&gt;Read More&lt;/a&gt;&lt;/p&gt;
&lt;p&gt;🔒 &lt;strong&gt;Patelco Credit Union data breach&lt;/strong&gt; impacts 726,000 customers due to a ransomware attack. (Published on 8/26/2024, BleepingComputer). &lt;a href="https://www.bleepingcomputer.com/news/security/patelco-notifies-726-000-customers-of-ransomware-data-breach/"&gt;Read More&lt;/a&gt;&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 23 Aug 2024</title><link>https://jorgelaurel.com/archive/fwu/fwu-040/</link><pubDate>Fri, 23 Aug 2024 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-040/</guid><description>&lt;hr&gt;
&lt;p&gt;It&amp;rsquo;s been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.&lt;/p&gt;
&lt;hr&gt;
&lt;h3 id="cybersecurity-breaches-and-vulnerabilities"&gt;Cybersecurity Breaches and Vulnerabilities&lt;/h3&gt;
&lt;p&gt;🔒 FlightAware alerts users to reset passwords following a data security incident that may have exposed personal information. (Published on 8/19/2024, Bleeping Computer). &lt;a href="https://www.bleepingcomputer.com/news/security/flightaware-configuration-error-leaked-user-data-for-years/"&gt;Read More&lt;/a&gt;&lt;/p&gt;
&lt;p&gt;📱 Google Pixel phones found with a Verizon app that serves as a potential backdoor for attackers. (Published on 8/19/2024, Dark Reading). &lt;a href="https://www.darkreading.com/remote-workforce/every-google-pixel-phone-has-a-verizon-app-backdoor"&gt;Read More&lt;/a&gt;&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 22 August 2024</title><link>https://jorgelaurel.com/archive/fwu/fwu-039/</link><pubDate>Thu, 22 Aug 2024 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-039/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/fwu/fcf96d25ef594efb.png" alt=""&gt;&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;Cars weren’t the only things being unlocked — patient records, HR data, and even McDonald’s portals were on the menu.&lt;/p&gt;
&lt;p&gt;Meanwhile, governments went after ransomware wallets, AI browsers went shopping on their own, and TikTok replaced moderators with algorithms.&lt;/p&gt;
&lt;p&gt;🔍 From zero-days to fake Europol rewards, this week proves one thing: cyber never sleeps (but maybe TikTok’s moderators finally will).&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;&lt;strong&gt;🚨 Major Cyberattacks &amp;amp; Data Breaches&lt;/strong&gt; This week saw breaches across industries — from HR platforms to healthcare — showing how attackers continue to exploit trusted systems.&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 16 Aug 2024</title><link>https://jorgelaurel.com/archive/fwu/fwu-038/</link><pubDate>Fri, 16 Aug 2024 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-038/</guid><description>&lt;hr&gt;
&lt;p&gt;&lt;strong&gt;It&amp;rsquo;s been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.&lt;/strong&gt;&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;🚨 The FBI has successfully disrupted the Dispossessor ransomware operation, seizing servers after a global investigation. (Published on 8/12/2024, BleepingComputer). &lt;a href="https://www.bleepingcomputer.com/news/security/fbi-disrupts-the-dispossessor-ransomware-operation-seizes-servers/"&gt;Read More&lt;/a&gt;&lt;/p&gt;
&lt;p&gt;🤝 CrowdStrike addresses concerns at Black Hat and DEF CON, engaging directly with cybersecurity professionals. (Published on 8/12/2024, Dark Reading). &lt;a href="https://www.darkreading.com/cybersecurity-operations/crowdstrike-tries-patch-things-up-cybersecurity-industry"&gt;Read More&lt;/a&gt;&lt;/p&gt;
&lt;p&gt;⚠️ Multiple vulnerabilities found in Google’s Quick Share, potentially allowing remote code execution on Windows systems. (Published on 8/12/2024, SecurityWeek). &lt;a href="https://www.securityweek.com/several-vulnerabilities-found-in-googles-quick-share-data-transfer-utility/"&gt;Read More&lt;/a&gt;&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 9 August 2024</title><link>https://jorgelaurel.com/archive/fwu/fwu-037/</link><pubDate>Fri, 09 Aug 2024 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-037/</guid><description>&lt;hr&gt;
&lt;h3 id="its-been-a-busy-week-in-cybersecurity-and-time-for-a-friday-wrap-up-here-are-some-of-the-interesting-stories-from-this-past-week"&gt;It&amp;rsquo;s been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.&lt;/h3&gt;
&lt;hr&gt;
&lt;p&gt;🚨 The Hunters International ransomware group is using the new SharpRhino malware to target IT workers and breach corporate networks. (Published on 8/5/2024, BleepingComputer). &lt;a href="https://www.bleepingcomputer.com/news/security/hunters-international-ransomware-gang-targets-it-workers-with-new-sharprhino-malware/"&gt;Read More&lt;/a&gt;&lt;/p&gt;
&lt;p&gt;🔍 One in five enterprise IT admins report state-sponsored attacks aiming to infiltrate their supply chains. (Published on 8/5/2024, Malware Analysis). &lt;a href="https://malware.news/t/1-in-5-companies-say-state-sponsored-attacks-try-to-penetrate-supply-chain/84883"&gt;Read More&lt;/a&gt;&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 2 August 2024</title><link>https://jorgelaurel.com/archive/fwu/fwu-036/</link><pubDate>Fri, 02 Aug 2024 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-036/</guid><description>&lt;hr&gt;
&lt;p&gt;It&amp;rsquo;s been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;🔒 Microsoft reports ransomware gangs exploiting VMware ESXi authentication bypass vulnerability. Stay alert! (Published on 7/29/2024, BleepingComputer). &lt;a href="https://www.bleepingcomputer.com/news/microsoft/microsoft-ransomware-gangs-exploit-vmware-esxi-auth-bypass-in-attacks/"&gt;Read More&lt;/a&gt;&lt;/p&gt;
&lt;p&gt;⚠️ Stargazer Goblin creates 3,000 fake GitHub accounts to spread malware, earning $100,000 in illicit profits. (Published on 7/29/2024, The Hacker News). &lt;a href="https://thehackernews.com/2024/07/stargazer-goblin-creates-3000-fake.html"&gt;Read More&lt;/a&gt;&lt;/p&gt;
&lt;p&gt;🛡️ A critical security flaw in Acronis Cyber Infrastructure exploited in the wild; now patched. (Published on 7/29/2024, The Hacker News). &lt;a href="https://thehackernews.com/2024/07/critical-flaw-in-acronis-cyber.html"&gt;Read More&lt;/a&gt;&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 19 July 2024</title><link>https://jorgelaurel.com/archive/fwu/fwu-035/</link><pubDate>Fri, 19 Jul 2024 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-035/</guid><description>&lt;hr&gt;
&lt;p&gt;It&amp;rsquo;s been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;🚨 Cybercriminals use Facebook ads to spread info-stealing malware via fake Windows themes. Stay alert! (Published on 7/15/2024, BleepingComputer). &lt;a href="https://www.bleepingcomputer.com/news/security/facebook-ads-for-windows-themes-push-sys01-info-stealing-malware/"&gt;Read More&lt;/a&gt;&lt;/p&gt;
&lt;p&gt;🚫 Kaspersky Lab announces the shutdown of its U.S. operations starting July 20. (Published on 7/15/2024, BleepingComputer). &lt;a href="https://www.bleepingcomputer.com/news/security/kaspersky-is-shutting-down-its-business-in-the-united-states/"&gt;Read More&lt;/a&gt;&lt;/p&gt;
&lt;p&gt;🛡️ Rite Aid suffers a data breach affecting older customer purchases, becoming RansomHub&amp;rsquo;s latest victim. (Published on 7/15/2024, Dark Reading). &lt;a href="https://www.darkreading.com/cyberattacks-data-breaches/rite-aid-ransomhub-victim-data-breach"&gt;Read More&lt;/a&gt;&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 18 July 2024</title><link>https://jorgelaurel.com/archive/fwu/fwu-034/</link><pubDate>Thu, 18 Jul 2024 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-034/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/fwu/fcf96d25ef594efb.png" alt=""&gt;&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;Another wild week in cybersecurity! From hackers giving Elmo a social media crisis and ransomware taking a shot at Russian vodka, to DDoS attacks making 2024 look like a warm-up act—there’s plenty to keep security pros and IT teams busy (and probably a little stressed).&lt;/p&gt;
&lt;p&gt;We’ve got everything:&lt;br&gt;
• &lt;strong&gt;Stealthy new hacking tools&lt;/strong&gt; targeting Azure, Okta, and more&lt;br&gt;
• &lt;strong&gt;Major malware campaigns&lt;/strong&gt; sneaking through npm and even Microsoft Teams&lt;br&gt;
• &lt;strong&gt;Supply chain risks&lt;/strong&gt; with firmware bugs and Linux cryptominers that just won’t quit&lt;br&gt;
• &lt;strong&gt;Ransomware&lt;/strong&gt; hitting both companies &lt;em&gt;and&lt;/em&gt; their liquor cabinets&lt;br&gt;
• &lt;strong&gt;Long-standing vulnerabilities&lt;/strong&gt; (turns out, some train hacks just need a couple of decades to get noticed)&lt;br&gt;
• &lt;strong&gt;Cloudflare blocking a tidal wave of DDoS&lt;/strong&gt;—and accidentally blocking itself, but hey, no hackers there&lt;br&gt;
• And for good measure, a dose of AI panic&amp;hellip;with experts saying we can keep our robot uprising memes on standby (for now)&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 12 July 2024</title><link>https://jorgelaurel.com/archive/fwu/fwu-033/</link><pubDate>Fri, 12 Jul 2024 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-033/</guid><description>&lt;hr&gt;
&lt;p&gt;&lt;strong&gt;It&amp;rsquo;s been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.&lt;/strong&gt;&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;🚨 A remote code execution bug in Ghostscript is being actively exploited on Linux systems. Stay alert! (Published on 7/8/2024, BleepingComputer). &lt;a href="https://www.bleepingcomputer.com/news/security/rce-bug-in-widely-used-ghostscript-library-now-exploited-in-attacks/"&gt;Read More&lt;/a&gt;&lt;/p&gt;
&lt;p&gt;💻 Emerging RaaS operation &amp;lsquo;Eldorado&amp;rsquo; targets both Windows and Linux systems with encryption locker variants. (Published on 7/8/2024, The Hacker News). &lt;a href="https://thehackernews.com/2024/07/new-ransomware-as-service-eldorado.html"&gt;Read More&lt;/a&gt;&lt;/p&gt;
&lt;p&gt;🔍 The &amp;lsquo;CloudSorcerer&amp;rsquo; APT leverages cloud services in a sophisticated cyber-espionage campaign. (Published on 7/8/2024, Dark Reading). &lt;a href="https://www.darkreading.com/cloud-security/cloudsorceror-public-cloud-cyberespionage-campaign"&gt;Read More&lt;/a&gt;&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 5 July 2024</title><link>https://jorgelaurel.com/archive/fwu/fwu-032/</link><pubDate>Fri, 05 Jul 2024 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-032/</guid><description>&lt;hr&gt;
&lt;p&gt;&lt;strong&gt;It&amp;rsquo;s been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.&lt;/strong&gt;&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;🚨 An Australian man charged for conducting an ‘evil twin’ WiFi attack on domestic flights, stealing credentials. (Published on 7/1/2024, BleepingComputer). &lt;a href="https://www.bleepingcomputer.com/news/security/australian-charged-for-evil-twin-wifi-attack-on-plane/"&gt;Read More&lt;/a&gt;&lt;/p&gt;
&lt;p&gt;🔒 HubSpot is actively blocking attempts to hack customer accounts amidst ongoing cyberattacks. (Published on 7/1/2024, SecurityWeek). &lt;a href="https://www.securityweek.com/hubspot-warns-of-ongoing-cyberattacks-targeting-customer-accounts/"&gt;Read More&lt;/a&gt;&lt;/p&gt;
&lt;p&gt;🛡️ Landmark Admin discloses a data breach compromising personal and medical information from May. (Published on 7/1/2024, SecurityWeek). &lt;a href="https://www.securityweek.com/landmark-admin-discloses-data-breach-impacting-personal-medical-information/"&gt;Read More&lt;/a&gt;&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 4 July 2024</title><link>https://jorgelaurel.com/archive/fwu/fwu-031/</link><pubDate>Thu, 04 Jul 2024 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-031/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/fwu/fcf96d25ef594efb.png" alt=""&gt;&lt;/p&gt;
&lt;hr&gt;
&lt;h2 id="-happy-4th-of-july-"&gt;🎇 Happy 4th of July! 🇺🇸&lt;/h2&gt;
&lt;p&gt;While you’re watching fireworks, the cybersecurity world isn’t taking a holiday. From Iranian cyber threats and a Norwegian dam hack to Google’s $314M data verdict, Chrome zero-days, and Microsoft layoffs despite record profits, it’s a busy Independence Week in tech.&lt;/p&gt;
&lt;p&gt;Stay sharp, stay patched, and don’t let your systems party too hard without monitoring. 🚀&lt;/p&gt;
&lt;p&gt;Catch all these stories and more in our Friday Wrap-Up below to stay informed without burning out.&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 28 June 2024</title><link>https://jorgelaurel.com/archive/fwu/fwu-030/</link><pubDate>Fri, 28 Jun 2024 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-030/</guid><description>&lt;hr&gt;
&lt;p&gt;&lt;strong&gt;It&amp;rsquo;s been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.&lt;/strong&gt;&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;🚀 Google is testing &amp;ldquo;Digital Credential API&amp;rdquo; for Chrome on Android to enhance secure ID verification via mobile wallets. (Published on 6/24/2024, IoT and Edge). &lt;a href="https://www.bleepingcomputer.com/news/google/chrome-for-android-tests-feature-that-securely-verifies-your-id-with-sites/"&gt;Read More&lt;/a&gt;&lt;/p&gt;
&lt;p&gt;⚠️ The &amp;lsquo;GrimResource&amp;rsquo; attack exploits MSC files and an unpatched Windows XSS flaw for network breaches. Stay alert! (Published on 6/24/2024, BleepingComputer). &lt;a href="https://www.bleepingcomputer.com/news/security/new-grimresource-attack-uses-msc-files-and-windows-xss-flaw-to-breach-networks/"&gt;Read More&lt;/a&gt;&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 27 June 2024</title><link>https://jorgelaurel.com/archive/fwu/fwu-029/</link><pubDate>Thu, 27 Jun 2024 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-029/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/fwu/fcf96d25ef594efb.png" alt=""&gt;&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;Another week, another buffet of breaches, botnets, and bureaucratic advisories! 🍽️&lt;/p&gt;
&lt;p&gt;The FBI unmasked IntelBroker using email trails, crypto wallets, and YouTube activity, reminding us that your “anonymous” OPSEC is only as good as your weakest Like button 👍.&lt;/p&gt;
&lt;p&gt;If you’re feeling overwhelmed, you’re not alone. The pace of attacks continues to remind us that no matter how strong your defenses, there’s always a misconfigured Docker API somewhere ready to turn into a crypto-mining hotspot. 🐈‍⬛💻&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 21 June 2024</title><link>https://jorgelaurel.com/archive/fwu/fwu-028/</link><pubDate>Fri, 21 Jun 2024 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-028/</guid><description>&lt;hr&gt;
&lt;p&gt;It&amp;rsquo;s been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;🚨 Hackers use F5 BIG-IP malware to stealthily steal data for years. Stay alert! (Published on 6/17/2024, BleepingComputer). &lt;a href="https://www.bleepingcomputer.com/news/security/hackers-use-f5-big-ip-malware-to-stealthily-steal-data-for-years/"&gt;Read More&lt;/a&gt;&lt;/p&gt;
&lt;p&gt;⚖️ Empire Market owners charged for enabling $430M in dark web transactions. Legal repercussions ahead! (Published on 6/17/2024, BleepingComputer). &lt;a href="https://www.bleepingcomputer.com/news/legal/empire-market-owners-charged-for-enabling-430m-in-dark-web-transactions/"&gt;Read More&lt;/a&gt;&lt;/p&gt;
&lt;p&gt;🔧 ASUS patches critical authentication bypass flaw in multiple router models. Update your devices! (Published on 6/17/2024, The Hacker News). &lt;a href="https://thehackernews.com/2024/06/asus-patches-critical-authentication.html"&gt;Read More&lt;/a&gt;&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 20 June 2024</title><link>https://jorgelaurel.com/archive/fwu/fwu-027/</link><pubDate>Thu, 20 Jun 2024 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-027/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/fwu/fcf96d25ef594efb.png" alt=""&gt;&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;This week’s cyber headlines reveal a multifaceted onslaught: ransomware that wipes backups before you can recover, AI tooling and Linux distros under active exploit, and social-engineering campaigns ranging from deepfake Zoom scams to MFA bypass ruses. Malware hides in images and sandboxed apps, while defenses scramble to shore up industrial controls and repel a 7.3 Tbps DDoS wave.&lt;/p&gt;
&lt;p&gt;Even “new” credential leaks turn out to be dust from old breaches. Stay sharp and dive into the links below for the full stories!&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 14 June 2024</title><link>https://jorgelaurel.com/archive/fwu/fwu-026/</link><pubDate>Fri, 14 Jun 2024 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-026/</guid><description>&lt;hr&gt;
&lt;p&gt;It&amp;rsquo;s been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;🚨 Exploit for critical Veeam auth bypass flaw CVE-2024-29849 available. Admins urged to patch now. (Published on 6/10/2024, BleepingComputer). &lt;a href="https://www.bleepingcomputer.com/news/security/exploit-for-critical-veeam-auth-bypass-available-patch-now/"&gt;Read More&lt;/a&gt;&lt;/p&gt;
&lt;p&gt;📱 Apple&amp;rsquo;s AI promise: &amp;ldquo;Your data is never stored or accessible to Apple.&amp;rdquo; Server code is publicly reviewable for verification. (Published on 6/10/2024, Ars Technica). &lt;a href="https://arstechnica.com/ai/2024/06/apples-ai-promise-your-data-is-never-stored-or-made-accessible-by-apple/"&gt;Read More&lt;/a&gt;&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 7 June 2024</title><link>https://jorgelaurel.com/archive/fwu/fwu-025/</link><pubDate>Fri, 07 Jun 2024 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-025/</guid><description>&lt;hr&gt;
&lt;p&gt;It&amp;rsquo;s been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;🚨 A massive trove of 361 million stolen accounts has been added to Have I Been Pwned. Check if your accounts are compromised! (Published on 6/3/2024, BleepingComputer). &lt;a href="https://www.bleepingcomputer.com/news/security/361-million-stolen-accounts-leaked-on-telegram-added-to-hibp/"&gt;Read More&lt;/a&gt;&lt;/p&gt;
&lt;p&gt;🔒 Security researchers discovered a high-severity vulnerability in Azure Service Tags, but Microsoft disagrees. (Published on 6/3/2024, BleepingComputer). &lt;a href="https://www.bleepingcomputer.com/news/microsoft/azure-service-tags-tagged-as-security-risk-microsoft-disagrees/"&gt;Read More&lt;/a&gt;&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 31 May 2024</title><link>https://jorgelaurel.com/archive/fwu/fwu-024/</link><pubDate>Fri, 31 May 2024 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-024/</guid><description>&lt;hr&gt;
&lt;p&gt;It&amp;rsquo;s been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;🚀 TP-Link fixes a critical RCE bug in its popular C5400X gaming router. Stay updated! (Published on 5/27/2024, BleepingComputer). &lt;a href="https://www.bleepingcomputer.com/news/security/tp-link-fixes-critical-rce-bug-in-popular-c5400x-gaming-router/"&gt;Read More&lt;/a&gt;&lt;/p&gt;
&lt;p&gt;🔒 Hackers are targeting Check Point VPNs in a campaign to breach enterprise networks. Stay secure! (Published on 5/27/2024, BleepingComputer). &lt;a href="https://www.bleepingcomputer.com/news/security/hackers-target-check-point-vpns-to-breach-enterprise-networks/"&gt;Read More&lt;/a&gt;&lt;/p&gt;
&lt;p&gt;💳 A Moroccan cybercrime group is stealing up to $100K daily through sophisticated gift card fraud. Be cautious! (Published on 5/27/2024, The Hacker News). &lt;a href="https://thehackernews.com/2024/05/moroccan-cybercrime-group-steals-up-to.html"&gt;Read More&lt;/a&gt;&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 24 May 2024</title><link>https://jorgelaurel.com/archive/fwu/fwu-023/</link><pubDate>Fri, 24 May 2024 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-023/</guid><description>&lt;hr&gt;
&lt;p&gt;It&amp;rsquo;s been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;🚨 Microsoft introduces &amp;lsquo;Recall&amp;rsquo; for Windows 11, an AI feature that records your activities for easy search. (Published on 5/20/2024, BleepingComputer). &lt;a href="https://www.bleepingcomputer.com/news/microsoft/windows-11-recall-ai-feature-will-record-everything-you-do-on-your-pc/"&gt;Read More&lt;/a&gt;&lt;/p&gt;
&lt;p&gt;🛡️ The latest BiBi Wiper malware version now deletes the disk partition table, complicating data recovery. (Published on 5/20/2024, BleepingComputer). &lt;a href="https://www.bleepingcomputer.com/news/security/new-bibi-wiper-version-also-destroys-the-disk-partition-table/"&gt;Read More&lt;/a&gt;&lt;/p&gt;
&lt;p&gt;🔒 American Radio Relay League (ARRL) suffers a cyberattack, causing disruptions and potential data breach. (Published on 5/20/2024, SecurityWeek). &lt;a href="https://www.securityweek.com/american-radio-relay-league-hit-by-cyberattack/"&gt;Read More&lt;/a&gt;&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 17 May 2024</title><link>https://jorgelaurel.com/archive/fwu/fwu-022/</link><pubDate>Fri, 17 May 2024 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-022/</guid><description>&lt;hr&gt;
&lt;p&gt;It&amp;rsquo;s been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;🔍 DNS tunneling is increasingly exploited by hackers to track phishing victims and scan networks for weaknesses (Published on 5/13/2024, BleepingComputer). &lt;a href="https://www.bleepingcomputer.com/news/security/hackers-use-dns-tunneling-for-network-scanning-tracking-victims/"&gt;Read More&lt;/a&gt;&lt;/p&gt;
&lt;p&gt;📦 A deceptive PyPi package targets Macs using Sliver pen-testing, mimicking the &amp;lsquo;requests&amp;rsquo; library (Published on 5/13/2024, BleepingComputer). &lt;a href="https://www.bleepingcomputer.com/news/security/pypi-package-backdoors-macs-using-the-sliver-pen-testing-suite/"&gt;Read More&lt;/a&gt;&lt;/p&gt;
&lt;p&gt;📞 Black Basta ransomware innovates with a new vishing strategy after impacting 500 victims (Published on 5/13/2024, Dark Reading). &lt;a href="https://www.darkreading.com/cyberattacks-data-breaches/500-victims-later-black-basta-reinvents-novel-vishing-strategy"&gt;Read More&lt;/a&gt;&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 16 May 2024</title><link>https://jorgelaurel.com/archive/fwu/fwu-021/</link><pubDate>Thu, 16 May 2024 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-021/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/fwu/fcf96d25ef594efb.png" alt=""&gt;&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/fwu/aa1a10a765b2b44c.png" alt=""&gt;&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;Stay informed and secure in the tech and cybersecurity world. Have a great weekend, and remember to patch and protect your systems!&lt;/p&gt;</description></item><item><title>Saturday Wrap Up: 11 May 2024</title><link>https://jorgelaurel.com/archive/fwu/fwu-020/</link><pubDate>Sat, 11 May 2024 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-020/</guid><description>&lt;hr&gt;
&lt;p&gt;This week&amp;rsquo;s Friday Wrap Up is going to be &lt;strong&gt;Saturday&lt;/strong&gt; Wrap Up. I spent the week at RSA and arrived back on the east coast yesterday evening and decided to relax after the coast to coast flight. If you were at RSA all week, you know what I&amp;rsquo;m talking about!&lt;/p&gt;
&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/fwu/44553eb2e3034052.png" alt=""&gt;&lt;/p&gt;
&lt;p&gt;A real working Enigma that was on display at the NSA booth in the South Hall. Thank you to National Cryptologic Museum for having it on display and having a museum curator on hand to give a history of the Enigma to anyone that asked.&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 9 May 2024</title><link>https://jorgelaurel.com/archive/fwu/fwu-019/</link><pubDate>Thu, 09 May 2024 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-019/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/fwu/fcf96d25ef594efb.png" alt=""&gt;&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;Another week, another thrilling episode of &lt;em&gt;As The Cyber World Burns&lt;/em&gt; 🔥&lt;/p&gt;
&lt;p&gt;From ransomware groups getting hacked (yes, really) to backdoored npm packages, fake installers, Pegasus penalties, and one too many Mirai botnets—I’ve highlighted the news story. Even a Signal clone used by a politician decided to just&amp;hellip; stop existing.&lt;/p&gt;
&lt;p&gt;If you’re into CIO existential crises, DDoS takedowns, or wondering what “Bring Your Own Installer” could possibly mean (spoiler: nothing good), I’ve highlighted it in this week’s &lt;strong&gt;Friday Wrap Up&lt;/strong&gt;. Because in cybersecurity, the only constant is, well&amp;hellip; incident response.&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 03 May 2024</title><link>https://jorgelaurel.com/archive/fwu/fwu-018/</link><pubDate>Fri, 03 May 2024 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-018/</guid><description>&lt;hr&gt;
&lt;p&gt;It&amp;rsquo;s been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;🔐 Google thwarted 2.28 million malicious app attempts on Play Store in 2023, enhancing user security (Published on 4/29/2024, The Hacker News). &lt;a href="https://thehackernews.com/2024/04/google-prevented-228-million-malicious.html"&gt;Read More&lt;/a&gt;&lt;/p&gt;
&lt;p&gt;🌐 &amp;lsquo;Muddling Meerkat&amp;rsquo; linked to China, manipulates DNS to scan global internet networks (Published on 4/29/2024, The Hacker News). &lt;a href="https://thehackernews.com/2024/04/china-linked-muddling-meerkat-hijacks.html"&gt;Read More&lt;/a&gt;&lt;/p&gt;
&lt;p&gt;🏥 Kaiser Permanente reveals data breach affecting 13.4 million, exposing personal details (Published on 4/29/2024, SecurityWeek). &lt;a href="https://www.securityweek.com/kaiser-permanente-discloses-data-breach-impacting-13-4-million-patients/"&gt;Read More&lt;/a&gt;&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 26 April 2024</title><link>https://jorgelaurel.com/archive/fwu/fwu-017/</link><pubDate>Fri, 26 Apr 2024 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-017/</guid><description>&lt;hr&gt;
&lt;p&gt;&lt;strong&gt;It&amp;rsquo;s been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.&lt;/strong&gt;&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;🌐 MITRE, renowned for its cybersecurity frameworks, was compromised using MITRE techniques and Ivanti bugs (Published on 4/22/2024, Dark Reading). &lt;a href="https://www.darkreading.com/endpoint-security/mitre-attacked-infosecs-most-trusted-name-falls-to-ivanti-bugs"&gt;Read More&lt;/a&gt;&lt;/p&gt;
&lt;p&gt;🖨️ Russia&amp;rsquo;s APT28 targeted Windows Print Spooler to introduce &amp;lsquo;GooseEgg&amp;rsquo; malware, unknown until now (Published on 4/22/2024, The Hacker News). &lt;a href="https://thehackernews.com/2024/04/russias-apt28-exploited-windows-print.html"&gt;Read More&lt;/a&gt;&lt;/p&gt;
&lt;p&gt;🕵️♂️ ToddyCat hackers exploit advanced tools to steal data from governments on an industrial scale (Published on 4/22/2024, The Hacker News). &lt;a href="https://thehackernews.com/2024/04/russian-hacker-group-toddycat-uses.html"&gt;Read More&lt;/a&gt;&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 19 April 2024</title><link>https://jorgelaurel.com/archive/fwu/fwu-016/</link><pubDate>Fri, 19 Apr 2024 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-016/</guid><description>&lt;hr&gt;
&lt;p&gt;It&amp;rsquo;s been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;🔐 Roku steps up security with mandatory 2FA after a credential-stuffing incident, assuring no financial data was compromised. (Published on 4/15/2024, Dark Reading). &lt;a href="https://www.darkreading.com/cyberattacks-data-breaches/roku-mandates-2fa-for-customers-after-credential-stuffing-compromise"&gt;Read More&lt;/a&gt;&lt;/p&gt;
&lt;p&gt;🔒 Palo Alto Networks releases hotfixes for a zero-day exploit targeting PAN-OS firewalls since March 26. (Published on 4/15/2024, BleepingComputer). &lt;a href="https://www.bleepingcomputer.com/news/security/palo-alto-networks-fixes-zero-day-exploited-to-backdoor-firewalls/"&gt;Read More&lt;/a&gt;&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 12 April 2024</title><link>https://jorgelaurel.com/archive/fwu/fwu-015/</link><pubDate>Fri, 12 Apr 2024 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-015/</guid><description>&lt;hr&gt;
&lt;p&gt;It&amp;rsquo;s been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;🚨 Greylock McKinnon Associates reports a major data breach, exposing over 340,000 Social Security numbers. Stay vigilant! (Published on 4/8/2024, TechCrunch). &lt;a href="https://techcrunch.com/2024/04/08/hackers-stole-340000-social-security-numbers-from-government-consulting-firm/"&gt;Read More&lt;/a&gt;&lt;/p&gt;
&lt;p&gt;🔓 D-Link NAS devices with critical vulnerabilities won&amp;rsquo;t receive patches, putting 92,000 devices at risk. (Published on 4/8/2024, Ars Technica). &lt;a href="https://arstechnica.com/security/2024/04/hackers-actively-exploit-critical-remote-takeover-vulnerabilities-in-d-link-devices/"&gt;Read More&lt;/a&gt;&lt;/p&gt;
&lt;p&gt;💸 Nearly 2,000 WordPress sites have been compromised to trick visitors with fake NFT pop-ups and crypto drainers. Be cautious! (Published on 4/8/2024, BleepingComputer). &lt;a href="https://www.bleepingcomputer.com/news/security/hackers-deploy-crypto-drainers-on-thousands-of-wordpress-sites/"&gt;Read More&lt;/a&gt;&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 5 April 2024</title><link>https://jorgelaurel.com/archive/fwu/fwu-014/</link><pubDate>Fri, 05 Apr 2024 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-014/</guid><description>&lt;hr&gt;
&lt;p&gt;It&amp;rsquo;s been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;🛒 &lt;strong&gt;Shopping Platform PandaBuy Data Leak Impacts 1.3 Million Users&lt;/strong&gt; - Over 1.3 million PandaBuy users&amp;rsquo; data leaked. (4/1/2024, BleepingComputer) &lt;a href="https://www.bleepingcomputer.com/news/security/shopping-platform-pandabuy-data-leak-impacts-13-million-users/"&gt;Read more&lt;/a&gt;&lt;/p&gt;
&lt;p&gt;📱 &lt;strong&gt;AT&amp;amp;T Confirms 73M Customers Affected in Data Leak&lt;/strong&gt; - AT&amp;amp;T admits data on 73M customers leaked on Dark Web. (4/1/2024, Dark Reading) &lt;a href="https://www.darkreading.com/remote-workforce/att-confirms-73m-customers-affected-data-leak"&gt;Read more&lt;/a&gt;&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 29 March 2024</title><link>https://jorgelaurel.com/archive/fwu/fwu-013/</link><pubDate>Fri, 29 Mar 2024 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-013/</guid><description>&lt;hr&gt;
&lt;p&gt;It&amp;rsquo;s been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;🔑 &lt;strong&gt;New MFA-Bypassing Phishing Kit Targets Microsoft 365, Gmail&lt;/strong&gt; - Cybercriminals exploit &amp;lsquo;Tycoon 2FA&amp;rsquo; to bypass 2FA on major email platforms. (3/25/2024, BleepingComputer) &lt;a href="https://www.bleepingcomputer.com/news/security/new-mfa-bypassing-phishing-kit-targets-microsoft-365-gmail-accounts/"&gt;Read more&lt;/a&gt;&lt;/p&gt;
&lt;p&gt;🍏 &lt;strong&gt;iOS 17.4.1 and macOS 14.4.1 Update for Security Fixes&lt;/strong&gt; - Apple rolls out crucial security updates without much detail. (3/25/2024, 9to5 Mac) &lt;a href="https://9to5mac.com/2024/03/25/ios-17-4-1-these-2-security-fixes/"&gt;Read more&lt;/a&gt;&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 28 March 2024</title><link>https://jorgelaurel.com/archive/fwu/fwu-012/</link><pubDate>Thu, 28 Mar 2024 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-012/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/fwu/fcf96d25ef594efb.png" alt=""&gt;&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;Another week, another batch of cyber drama that makes you question every login form you&amp;rsquo;ve ever seen.&lt;/p&gt;
&lt;p&gt;Chinese threat actors camped out in a telco network for four years like it was their personal Airbnb, while a critical Next.js vulnerability quietly said, “Authorization? Never heard of her.”&lt;/p&gt;
&lt;p&gt;Meanwhile, ransomware crews are out here disabling anti-malware tools with stolen certs—because apparently, &lt;em&gt;revoked&lt;/em&gt; doesn&amp;rsquo;t mean &lt;em&gt;useless&lt;/em&gt;. And Kubernetes? Let’s just say 40% of clusters are living dangerously, thanks to the aptly named “IngressNightmare.”&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 22 March 2024</title><link>https://jorgelaurel.com/archive/fwu/fwu-011/</link><pubDate>Fri, 22 Mar 2024 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-011/</guid><description>&lt;hr&gt;
&lt;p&gt;It&amp;rsquo;s been a busy week in cybersecurity and time for a Saturday aka Friday Wrap Up. Here are some of the interesting stories from this past week.&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;🔐 Microsoft steps up security, deprecating 1024-bit RSA keys in Windows TLS. A significant move! (3/18/2024, BleepingComputer) &lt;a href="https://www.bleepingcomputer.com/news/microsoft/microsoft-announces-deprecation-of-1024-bit-rsa-keys-in-windows/"&gt;Read more&lt;/a&gt;&lt;/p&gt;
&lt;p&gt;🌏 Chinese &amp;lsquo;Earth Krahang&amp;rsquo; hackers breach 70 orgs in a global campaign. (3/18/2024, BleepingComputer) &lt;a href="https://www.bleepingcomputer.com/news/security/chinese-earth-krahang-hackers-breach-70-orgs-in-23-countries/"&gt;Read more&lt;/a&gt;&lt;/p&gt;
&lt;p&gt;💻 Malware distributed via fake Google Sites using HTML smuggling technique. Beware! (3/18/2024, The Hacker News) &lt;a href="https://thehackernews.com/2024/03/hackers-using-sneaky-html-smuggling-to.html"&gt;Read more&lt;/a&gt;&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 15 March 2024</title><link>https://jorgelaurel.com/archive/fwu/fwu-010/</link><pubDate>Fri, 15 Mar 2024 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-010/</guid><description>&lt;hr&gt;
&lt;p&gt;It&amp;rsquo;s been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;🛡️ &amp;ldquo;Knowledge base for Microsoft SCCM attack techniques exposed&amp;rdquo; - 3/11/2024, BleepingComputer &lt;a href="https://www.bleepingcomputer.com/news/security/researchers-expose-microsoft-sccm-misconfigs-usable-in-cyberattacks/"&gt;Read more&lt;/a&gt;&lt;/p&gt;
&lt;p&gt;🚨 &amp;ldquo;CISA offline after Ivanti breach, details scarce&amp;rdquo; - 3/11/2024, Dark Reading &lt;a href="https://www.darkreading.com/cyberattacks-data-breaches/ivanti-breach-cisa-systems-offline"&gt;Read more&lt;/a&gt;&lt;/p&gt;
&lt;p&gt;⌨️ &amp;ldquo;Typosquatting attacks continue to thrive&amp;rdquo; - 3/11/2024, Dark Reading &lt;a href="https://www.darkreading.com/threat-intelligence/typosquatting-wave-shows-no-signs-of-abating"&gt;Read more&lt;/a&gt;&lt;/p&gt;
&lt;p&gt;📸 &amp;ldquo;Midjourney bans Stability AI for image-scraping&amp;rdquo; - 3/11/2024, Ars Technica &lt;a href="https://arstechnica.com/information-technology/2024/03/in-ironic-twist-midjourney-bans-rival-ai-firm-employees-for-scraping-its-image-data/"&gt;Read more&lt;/a&gt;&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 8 March 2024</title><link>https://jorgelaurel.com/archive/fwu/fwu-009/</link><pubDate>Fri, 08 Mar 2024 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-009/</guid><description>&lt;hr&gt;
&lt;p&gt;It&amp;rsquo;s been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;💳 American Express warns of a third-party breach exposing credit cards. (3/4/2024, BleepingComputer) &lt;a href="https://www.bleepingcomputer.com/news/security/american-express-credit-cards-exposed-in-vendor-data-breach/"&gt;Read more&lt;/a&gt;&lt;/p&gt;
&lt;p&gt;🎣 Hackers use phishing to steal Windows NTLM hashes. (3/4/2024, BleepingComputer) &lt;a href="https://www.bleepingcomputer.com/news/security/hackers-steal-windows-ntlm-authentication-hashes-in-phishing-attacks/"&gt;Read more&lt;/a&gt;&lt;/p&gt;
&lt;p&gt;🔒 GitHub battles millions of malicious repos. (3/4/2024, Dark Reading) &lt;a href="https://www.darkreading.com/application-security/millions-of-malicious-repositories-flood-github"&gt;Read more&lt;/a&gt;&lt;/p&gt;
&lt;p&gt;🛑 Meta faces massive outage across top social apps. (3/5/2024, TechCrunch) &lt;a href="https://techcrunch.com/2024/03/05/facebook-instagram-and-threads-are-all-down-in-massive-meta-outage-on-super-tuesday/"&gt;Read more&lt;/a&gt;&lt;/p&gt;</description></item><item><title>Friday Wrap Up for 1 March 2024</title><link>https://jorgelaurel.com/archive/fwu/fwu-008/</link><pubDate>Fri, 01 Mar 2024 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-008/</guid><description>&lt;hr&gt;
&lt;p&gt;It&amp;rsquo;s been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.&lt;/p&gt;
&lt;p&gt;🚨 LockBitSupp talks to law enforcement post-ransomware takedown. (2/25/2024, The Hacker News, &lt;a href="https://thehackernews.com/2024/02/authorities-claim-lockbit-admin.html"&gt;https://thehackernews.com/2024/02/authorities-claim-lockbit-admin.html&lt;/a&gt;)&lt;/p&gt;
&lt;p&gt;👶 Florida&amp;rsquo;s new bill against youth on social media. 2/25/2024, NY Times, &lt;a href="https://www.nytimes.com/2024/02/23/business/florida-social-media-youths.html"&gt;https://www.nytimes.com/2024/02/23/business/florida-social-media-youths.html&lt;/a&gt;&lt;/p&gt;
&lt;p&gt;💸 Apple&amp;rsquo;s Vision Pro cost breakdown sparks returns. 2/25/2024, 9to5mac, &lt;a href="https://9to5mac.com/2024/02/25/heres-how-much-it-costs-apple-to-make-the-3500-vision-pro/"&gt;https://9to5mac.com/2024/02/25/heres-how-much-it-costs-apple-to-make-the-3500-vision-pro/&lt;/a&gt;&lt;/p&gt;
&lt;p&gt;🌍 Five Eyes detail Russian cyberespionage in clouds. 2/26/2024, CyberScoop, &lt;a href="https://cyberscoop.com/five-eyes-nations-warn-of-evolving-russian-cyberespionage-practices-targeting-cloud-environments/"&gt;https://cyberscoop.com/five-eyes-nations-warn-of-evolving-russian-cyberespionage-practices-targeting-cloud-environments/&lt;/a&gt;&lt;/p&gt;
&lt;p&gt;📧 Massive email spam from SubdoMailing campaign. 2/26/2024, BleepingComputer, &lt;a href="https://www.bleepingcomputer.com/news/security/subdomailing-campaign-spams-5-million-emails-daily-via-8k-hijacked-domains/"&gt;https://www.bleepingcomputer.com/news/security/subdomailing-campaign-spams-5-million-emails-daily-via-8k-hijacked-domains/&lt;/a&gt;&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 28 February 2024</title><link>https://jorgelaurel.com/archive/fwu/fwu-007/</link><pubDate>Wed, 28 Feb 2024 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-007/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/fwu/fcf96d25ef594efb.png" alt=""&gt;&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;It&amp;rsquo;s been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.&lt;/p&gt;
&lt;hr&gt;
&lt;h3 id="-cybersecurity-threats--attacks"&gt;🚨 Cybersecurity Threats &amp;amp; Attacks&lt;/h3&gt;
&lt;ul&gt;
&lt;li&gt;
&lt;p&gt;🎭 Hackers exploit Google Docs and Steam to spread ACRStealer, a new infostealer malware targeting users via trusted platforms. (Published on 2/24/2025, Hackread). &lt;a href="https://hackread.com/hackers-google-docs-steam-drop-acrstealer-infostealer/"&gt;Read More&lt;/a&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;p&gt;🔍 OpenAI bans ChatGPT accounts linked to Chinese threat actors who allegedly used the AI model for espionage tool development. (Published on 2/24/2025, SecurityWeek). &lt;a href="https://www.securityweek.com/openai-bans-chatgpt-accounts-used-by-chinese-group-for-spy-tools/"&gt;Read More&lt;/a&gt;&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 21 February 2024</title><link>https://jorgelaurel.com/archive/fwu/fwu-006/</link><pubDate>Wed, 21 Feb 2024 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-006/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/fwu/fcf96d25ef594efb.png" alt=""&gt;&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;It&amp;rsquo;s been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.&lt;/p&gt;
&lt;hr&gt;
&lt;h3 id="-cybersecurity-threats--exploits"&gt;🛡️ &lt;strong&gt;Cybersecurity Threats &amp;amp; Exploits&lt;/strong&gt;&lt;/h3&gt;
&lt;p&gt;Cyberattacks are evolving, with new malware, vulnerabilities, and nation-state threats emerging. Stay informed and vigilant!&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;
&lt;p&gt;🛑 &lt;strong&gt;Microsoft detects a new XCSSET macOS malware variant&lt;/strong&gt; targeting sensitive user data, including crypto wallets and Notes app content. (Published on 2/17/2025, BleepingComputer). &lt;a href="https://www.bleepingcomputer.com/news/security/microsoft-spots-xcsset-macos-malware-variant-used-for-crypto-theft/"&gt;Read More&lt;/a&gt;&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 14 February 2024</title><link>https://jorgelaurel.com/archive/fwu/fwu-005/</link><pubDate>Wed, 14 Feb 2024 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-005/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/fwu/fcf96d25ef594efb.png" alt=""&gt;&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;💘 &lt;strong&gt;Roses are red, violets are blue, cyber threats don’t care… and they’re coming for you!&lt;/strong&gt; 💘&lt;/p&gt;
&lt;p&gt;This Valentine’s Day, while some are finding love, others are finding &lt;strong&gt;zero-days, ransomware, and nation-state hackers&lt;/strong&gt;. Here’s a &lt;strong&gt;cybersecurity love stories&lt;/strong&gt; you don’t want to be part of:&lt;/p&gt;
&lt;h3 id="-latest-cybersecurity-threats-and-vulnerabilities"&gt;🔥 Latest Cybersecurity Threats and Vulnerabilities&lt;/h3&gt;
&lt;p&gt;From zero-days to AI exploits, attackers are finding new ways to break into systems. Stay updated on the latest security risks.&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 7 February 2024</title><link>https://jorgelaurel.com/archive/fwu/fwu-004/</link><pubDate>Wed, 07 Feb 2024 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-004/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/fwu/fcf96d25ef594efb.png" alt=""&gt;&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;It&amp;rsquo;s been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.&lt;/p&gt;
&lt;hr&gt;
&lt;h3 id="-cybersecurity-news--threats"&gt;🔥 &lt;strong&gt;Cybersecurity News &amp;amp; Threats&lt;/strong&gt;&lt;/h3&gt;
&lt;p&gt;From AI impersonation to major vulnerabilities, here’s what’s shaping cybersecurity this week.&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;
&lt;p&gt;🎭 DeepSeek AI tools are being impersonated on PyPI by infostealer malware targeting developers. (Published on 2/3/2025, BleepingComputer). &lt;a href="https://www.bleepingcomputer.com/news/security/deepseek-ai-tools-impersonated-by-infostealer-malware-on-pypi/"&gt;Read More&lt;/a&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;p&gt;🏦 The Coyote banking trojan expands its reach, now targeting 1,030 sites and 73 financial institutions. (Published on 2/3/2025, The Hacker News). &lt;a href="https://thehackernews.com/2025/02/coyote-malware-expands-reach-now.html"&gt;Read More&lt;/a&gt;&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 31 January 2024</title><link>https://jorgelaurel.com/archive/fwu/fwu-003/</link><pubDate>Wed, 31 Jan 2024 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-003/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/fwu/fcf96d25ef594efb.png" alt=""&gt;&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;It&amp;rsquo;s been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.&lt;/p&gt;
&lt;hr&gt;
&lt;h3 id="-cybersecurity-news--emerging-threats"&gt;🔥 &lt;strong&gt;Cybersecurity News &amp;amp; Emerging Threats&lt;/strong&gt;&lt;/h3&gt;
&lt;p&gt;From zero-day exploits to ransomware attacks, here’s what’s making waves in cybersecurity this week.&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;
&lt;p&gt;🍏 Apple patches the first actively exploited zero-day of 2025, targeting iPhone users. (Published on 1/27/2025, BleepingComputer). &lt;a href="https://www.bleepingcomputer.com/news/security/apple-fixes-this-years-first-actively-exploited-zero-day-bug/"&gt;Read More&lt;/a&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;p&gt;🚨 DeepSeek AI halts new user registrations after a large-scale cyberattack disrupts operations. (Published on 1/27/2025, Hackread). &lt;a href="https://hackread.com/deepseek-large-scale-cyberattack-halts-user-registrations/"&gt;Read More&lt;/a&gt;&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 24 January 2024</title><link>https://jorgelaurel.com/archive/fwu/fwu-002/</link><pubDate>Wed, 24 Jan 2024 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-002/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/fwu/fcf96d25ef594efb.png" alt=""&gt;&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;It&amp;rsquo;s been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.&lt;/p&gt;
&lt;hr&gt;
&lt;h3 id="-cybersecurity-breaches--attacks"&gt;🚨 Cybersecurity Breaches &amp;amp; Attacks&lt;/h3&gt;
&lt;ul&gt;
&lt;li&gt;
&lt;p&gt;🛠️ &lt;strong&gt;HPE investigates breach&lt;/strong&gt; as a hacker claims to have stolen sensitive documents from its developer environments. (Published on 1/20/2025, BleepingComputer). &lt;a href="https://www.bleepingcomputer.com/news/security/hewlett-packard-enterprise-investigates-new-breach-claims/"&gt;Read More&lt;/a&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;p&gt;🔓 &lt;strong&gt;PowerSchool data breach&lt;/strong&gt; exposes students’ and educators’ personal information in a December 2024 cyberattack. (Published on 1/21/2025, SecurityWeek). &lt;a href="https://www.securityweek.com/students-educators-impacted-by-powerschool-data-breach/"&gt;Read More&lt;/a&gt;&lt;/p&gt;</description></item><item><title>Friday Wrap Up: 17 January 2024</title><link>https://jorgelaurel.com/archive/fwu/fwu-001/</link><pubDate>Wed, 17 Jan 2024 00:00:00 +0000</pubDate><guid>https://jorgelaurel.com/archive/fwu/fwu-001/</guid><description>&lt;p&gt;&lt;img src="https://jorgelaurel.com/images/fwu/fcf96d25ef594efb.png" alt=""&gt;&lt;/p&gt;
&lt;hr&gt;
&lt;p&gt;It&amp;rsquo;s been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.&lt;/p&gt;
&lt;hr&gt;
&lt;h2 id="-cybersecurity-threats--vulnerabilities"&gt;🔐 &lt;strong&gt;Cybersecurity Threats &amp;amp; Vulnerabilities&lt;/strong&gt;&lt;/h2&gt;
&lt;p&gt;The latest cybersecurity developments highlight ongoing threats and vulnerabilities across various sectors.&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;
&lt;p&gt;🚨 A Microsoft MFA outage is preventing users from accessing Microsoft 365 apps. (Published on 1/13/2025, BleepingComputer). &lt;a href="https://www.bleepingcomputer.com/news/microsoft/microsoft-mfa-outage-blocking-access-to-microsoft-365-apps/"&gt;Read More&lt;/a&gt;&lt;/p&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;p&gt;🛑 Over 4,000 web backdoors were hijacked by registering expired domains, exposing compromised systems to further risks. (Published on 1/12/2025, The Hacker News). &lt;a href="https://thehackernews.com/2025/01/expired-domains-allowed-control-over.html"&gt;Read More&lt;/a&gt;&lt;/p&gt;</description></item></channel></rss>