The Federal Trade Commission (FTC) has filed a high-profile lawsuit against Sendit, a social media companion app popular among teenagers, and its CEO. The case accuses the company of breaking three major U.S. laws designed to protect consumers and children online.

First, the FTC alleges that Sendit violated the Children’s Online Privacy Protection Act (COPPA) by knowingly collecting personal data—such as phone numbers, birthdates, photos, and usernames—from more than 100,000 children under 13 without parental consent.

Second, the lawsuit charges Sendit with deceptive practices under the FTC Act. According to investigators, the app allegedly generated fake anonymous messages—some provocative or sexual in nature—to trick users into engaging more with the app. In addition, Sendit is accused of falsely promising that its premium “Diamond Membership” would reveal the identities of message senders, when in reality, it did not deliver on those promises.

Finally, the FTC claims the company violated the Restore Online Shoppers’ Confidence Act (ROSCA) by misleading users about the nature of its paid services. Instead of a one-time payment, users who signed up for the Diamond Membership were automatically billed up to $9.99 per week without clear disclosure—an example of the “dark patterns” regulators are increasingly cracking down on.

This lawsuit not only represents a potential turning point for Sendit but also serves as a warning shot to the broader social media and app ecosystem. As regulators increase scrutiny of platforms that target young users, the case underscores the importance of transparency, parental protections, and ethical digital business practices.

#FTC #Sendit #COPPA #TeenSafety #DigitalPrivacy #DarkPatterns #SocialMedia #OnlineSafety #ConsumerProtection #DiamondMembership

Broadcom has released a critical security update addressing six vulnerabilities across VMware products, including four rated high-severity. At the center of the update is CVE-2025-41244, a local privilege escalation flaw affecting VMware Tools and Aria Operations. What makes this vulnerability particularly alarming is that it was actively exploited in the wild as a zero-day since mid-October 2024, nearly a full year before its public disclosure.

Security researchers at NVISO Labs attribute the exploitation to UNC5174, a China-linked threat actor with a track record of targeting enterprise systems. The flaw allows a malicious local user with non-admin access to escalate privileges to root on virtual machines, granting complete control of the environment. While the vulnerability requires some level of access, its ease of exploitation makes it a powerful tool for attackers once initial footholds are established.

Broadcom confirmed the zero-day exploitation and patched the issue in multiple VMware product families, including VMware Cloud Foundation, vSphere Foundation, Aria Operations, VMware Tools, and Telco Cloud platforms. Beyond CVE-2025-41244, the patch release also fixed additional flaws such as CVE-2025-41245 (information disclosure) and CVE-2025-41246 (improper authorization), highlighting a broader set of risks within the VMware ecosystem.

The fact that CVE-2025-41244 was being leveraged for nearly a year before public disclosure underscores both the sophistication of advanced threat actors and the challenges defenders face in detecting zero-day exploitation. This incident also raises key questions about UNC5174’s capabilities—whether the group is actively developing new zero-days or opportunistically exploiting flaws considered “trivial” once discovered.

In this episode, we analyze the technical mechanics of the vulnerability, explore how UNC5174 weaponized it, and outline the immediate mitigation steps organizations must take. For enterprises running VMware environments, patching these flaws is critical to preventing full system compromise.

#VMware #Broadcom #ZeroDay #CVE202541244 #UNC5174 #Cybersecurity #PrivilegeEscalation #CloudSecurity #VMwareTools #AriaOperations #ChinaLinkedThreatActor

In a historic case that has captured global attention, UK authorities have secured a conviction against Zhimin Qian (also known as Yadi Zhang), the Chinese national at the center of one of the largest financial crime investigations of the decade. Following a seven-year probe by the Metropolitan Police, investigators uncovered an elaborate fraud and laundering scheme that culminated in the seizure of 61,000 Bitcoin—valued at over £5.5 billion—the largest cryptocurrency seizure in history.

Between 2014 and 2017, Qian defrauded more than 128,000 victims in China through a fraudulent investment scheme. To obscure the origins of the stolen wealth, she converted the proceeds into Bitcoin and later attempted to launder the funds after relocating to the UK. Working with accomplices, including Jian Wen—who was separately convicted—Qian sought to channel the illicit Bitcoin into real-world assets, from luxury purchases to property investments.

What followed was one of the most complex and resource-intensive economic crime investigations ever conducted. The Met’s Economic Crime Command, in partnership with Chinese authorities, meticulously pieced together evidence that linked the seized Bitcoin to the fraud. Their success not only delivered a rare conviction in such a massive crypto-laundering case but also exposed the growing geopolitical challenges of asset recovery. With China and the UK now disputing the ownership of the seized billions, the case highlights both the triumphs and tensions of cross-border law enforcement in the digital era.

In this episode, we unpack the anatomy of Qian’s fraud network, the meticulous police work that cracked the case, and the strategic implications for the future of financial crime enforcement. This landmark prosecution is more than a victory for justice—it’s a blueprint for how law enforcement can adapt to the realities of globalized digital finance.

#CryptoFraud #Bitcoin #MoneyLaundering #ZhiminQian #YadiZhang #MetropolitanPolice #CryptoSeizure #FinancialCrime #Blockchain #InternationalLaw #EconomicCrime

Two newly disclosed critical vulnerabilities—CVE-2025-20333 and CVE-2025-20362—are wreaking havoc across the global cybersecurity landscape, with nearly 50,000 Cisco ASA and FTD appliances actively under threat. These flaws enable unauthenticated remote code execution and VPN access compromise, giving attackers an immediate foothold into critical infrastructure. Despite Cisco issuing warnings and patches, exploitation began weeks earlier, suggesting adversaries had advanced knowledge of the flaws.

The situation escalated so severely that the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive, ordering federal agencies to identify and patch affected devices within 24 hours—or disconnect them if end-of-life. Still, threat scans show over 48,800 devices remain unpatched, with the largest exposure in the United States.

Attackers are deploying sophisticated malware, including the Line Viper shellcode loader and the RayInitiator GRUB bootkit, designed for stealthy persistence and deep system compromise. Reconnaissance scans were observed weeks before public disclosure, underscoring the deliberate and coordinated nature of this campaign.

In this episode, we break down the global scope of exposure, the advanced tooling used by attackers, and the national-level response from agencies like CISA. We also explore the organizational risks of slow patch adoption, the catastrophic implications of firewall compromise, and the urgent defensive measures enterprises must take to protect their networks.

#Cisco #CVE202520333 #CVE202520362 #ASA #FTD #Firewall #Cybersecurity #CISA #CriticalVulnerabilities #LineViper #RayInitiator #RemoteCodeExecution #VPNCompromise

A new cybercrime toolkit called MatrixPDF is changing the phishing landscape by weaponizing one of the most trusted file formats: PDFs. Marketed on cybercrime forums as an “elite document builder” for phishing simulations and blackteaming, MatrixPDF enables attackers to transform ordinary PDFs into highly convincing phishing lures that bypass email security filters—including Gmail’s native protections.

Unlike traditional malware-packed attachments, MatrixPDF-generated PDFs contain no embedded malicious code, making them appear safe to automated scanners. Instead, attackers upload a legitimate document, overlay it with blurred content or fake “secure document” prompts, and insert clickable buttons or JavaScript triggers that redirect victims to credential-harvesting sites or malware downloads. Because the actual malicious activity only occurs after user interaction, the files sail through most security gateways undetected.

The toolkit is sold openly via subscription plans ($400/month or $1,500/year), making sophisticated phishing campaigns accessible to a wide range of threat actors. With marketing that disguises it as a “security training tool,” MatrixPDF exploits both human trust and technical blind spots to achieve maximum impact.

In this episode, we break down the capabilities of MatrixPDF, explore its operational mechanics, and explain why traditional defenses are failing against this new class of phishing toolkits. We also highlight strategies for defense, including AI-driven content analysis, PDF structure inspection, and sandbox-based URL detonation to protect inboxes from these advanced lures.

#Cybercrime #Phishing #MatrixPDF #EmailSecurity #PDFMalware #Cybersecurity #InfoSec #CredentialTheft #AIinSecurity

Asahi Group Holdings, Ltd.—the brewer behind some of the world’s most iconic beers, including Peroni and Grolsch—has been hit by a crippling cyberattack that froze its Japan-based operations. Ordering and shipping have been suspended, customer call centers and service desks are offline, and the company has been forced into damage control. While Asahi’s global operations remain unaffected, this incident highlights just how devastating digital breaches can be for even the most established brands.

The company has assured the public that, so far, there is no evidence of personal or customer data leakage, but investigations are ongoing. Details about the cause, the attackers, and a recovery timeline remain scarce, leaving both customers and industry partners waiting for answers. This episode explores how the cyberattack unfolded, what it reveals about the fragility of supply chains in the digital age, and how Asahi is managing the public narrative during a crisis that has stopped its domestic business in its tracks.

#Asahi #Cyberattack #Brewery #Japan #SupplyChain #DataSecurity #CrisisManagement #Ransomware #BeerIndustry #AsahiGroup

The Akira ransomware group has once again raised the stakes in cybercrime by exploiting a critical SonicWall vulnerability—CVE-2024-40766—to infiltrate corporate networks through SSL VPN accounts, even those secured with one-time password multi-factor authentication. Once inside, Akira’s affiliates execute one of the most dangerous tactics in modern ransomware: Living Off the Land. By hijacking legitimate, pre-installed IT tools like the Datto RMM platform and backup agents, the attackers blend in with routine administrative work, making their intrusions nearly invisible to traditional defenses.

What makes this campaign even more dangerous is Akira’s operational tempo. According to Arctic Wolf and Barracuda, dwell times are now measured in hours instead of days, giving defenders almost no time to respond. The group also automates authentication attempts and leverages Impacket SMB for rapid network discovery, suggesting a distributed affiliate structure capable of launching simultaneous, scalable attacks.

This episode unpacks how Akira turns trusted IT software into attack infrastructure, why the SonicWall flaw remains a critical access point despite being patched, and what early warning signs defenders should monitor—like unexpected VPN logins and anomalous SMB activity. With ransomware now capable of moving faster than incident response teams can react, Akira’s methods signal a dangerous new phase in cyber extortion.

#AkiraRansomware #SonicWall #CVE202440766 #Ransomware #VPN #LivingOffTheLand #Impacket #Datto #AffiliateModel #Cybersecurity

A new cybersecurity startup with an infamous name attached is making headlines. SafeHill—formerly known as Tacticly—has secured $2.6 million in pre-seed funding to accelerate the development of its continuous threat exposure management (CTEM) platform, SecureIQ. Designed to overcome the shortcomings of traditional, point-in-time penetration testing, SecureIQ blends AI-driven continuous asset discovery with human-validated penetration testing, ensuring security teams focus on real, exploitable risks rather than noise.

What makes SafeHill especially noteworthy is the presence of Hector Monsegur, once known to the world as “Sabu,” the leader of the hacktivist group LulzSec. Now reformed and serving as SafeHill’s Chief Research Officer, Monsegur brings an unmatched attacker’s perspective, helping to shape a platform that combines offensive realism with enterprise-grade defense.

The company plans to use the funding—led by Mucker Capital and Chingona Ventures—to expand its engineering team, scale its ethical hacking capabilities, and enhance SecureIQ’s real-time monitoring features. With a leadership team that blends commercial expertise with deep offensive security experience, SafeHill is positioning itself as a disruptive force in the cybersecurity market, aiming to deliver the impact of a dedicated team of ethical hackers at scale.

#SafeHill #SecureIQ #Cybersecurity #LulzSec #Sabu #HectorMonsegur #CTEM #PenetrationTesting #EthicalHacking #AI #CyberStartup

Jaguar Land Rover (JLR), one of the UK’s largest exporters and a key anchor of the nation’s automotive supply chain, has been brought to the brink by a devastating cyberattack. With production lines halted, digital operations crippled, and a data breach confirmed, the UK government stepped in with a massive £1.5 billion support package to stabilize JLR’s finances and protect the 120,000 jobs connected to its supply chain. But the intervention raises serious questions: Did the lack of cyberinsurance and outsourced IT security make JLR uniquely vulnerable? Did reliance on Tata Consultancy Services (TCS)—already linked to other Scattered Spider victims—create a systemic weak point? And most importantly, does a government-backed rescue risk creating a dangerous incentive for cybercriminals to double down on targeting UK companies? In this episode, we break down how JLR’s digital collapse triggered state-level intervention, why experts warn of a “moral hazard” for the future threat landscape, and what this means for corporate leaders, supply chain managers, and the broader UK economy.

#JaguarLandRover #Cyberattack #ScatteredSpider #SupplyChain #Cybersecurity #UKGovernment #Bailout #AutomotiveIndustry #DataBreach #Cyberinsurance

The Cybersecurity Information Sharing Act (CISA), first enacted in 2015, is facing a critical expiration deadline in September 2025. Without reauthorization, the law that shields companies from liability when sharing cyber threat data with the federal government and industry peers will vanish, leaving organizations exposed to lawsuits and reputational risks. This episode dives deep into the high-stakes debate surrounding CISA’s renewal, exploring how the law enables a “whole animal” view of cyber threats by combining fragmented intelligence from multiple companies. We’ll examine the political roadblocks in Congress, including competing legislative priorities like the debt ceiling and demands for civil liberties amendments, that threaten to delay or derail renewal. Experts warn that even if CISA is eventually renewed—possibly retroactively—the lapse could create a dangerous “period of limbo” where companies pull back from sharing critical threat intelligence. We’ll also assess the broader operational consequences: siloed defenses, weakened national resilience, and heightened burdens on CISOs and security teams. Finally, we discuss why some see this moment as an opportunity to modernize the framework for today’s expanded digital and AI-driven threat landscape.

#CISA #Cybersecurity #ThreatIntelligence #InformationSharing #Congress #NationalSecurity #RiskManagement #AI #CyberLaw

A new and more dangerous variant of the XCSSET macOS malware has been uncovered by Microsoft, revealing an expanded arsenal of capabilities aimed at financial theft and deeper system compromise. Originally known for spreading through malicious Xcode projects, XCSSET has steadily evolved into one of the most persistent malware families targeting Apple’s ecosystem.

The latest analysis highlights a refined four-stage infection chain that culminates in the deployment of a powerful AppleScript payload. This payload actively monitors the system clipboard for cryptocurrency wallet addresses and silently swaps them for attacker-controlled addresses—allowing hackers to hijack transactions in real time. Beyond crypto theft, the malware introduces a dedicated info-stealer module for the Firefox browser, adapted from the HackBrowserData project, which enables the theft of passwords, credit card details, browsing history, and cookies.

Even more concerning are the malware’s persistence and evasion tactics. It sets up LaunchDaemons to survive reboots, disables macOS security updates—including Rapid Security Response patches—and disguises itself as a fake System Settings app to blend in with normal user activity. These techniques allow it to remain undetected while siphoning off sensitive data and financial assets.

Microsoft’s discovery underscores the sophistication of XCSSET’s evolution and the need for vigilance in the macOS community. Working with Apple and GitHub, the company has helped take down repositories distributing the malware, but attacks are ongoing. This latest wave of XCSSET marks a shift toward direct financial exploitation, proving that macOS is far from immune to advanced cyber threats.

#XCSSET #macOS #Malware #MicrosoftSecurity #CryptoHijacking #Firefox #Xcode #Cybersecurity #ClipboardHijacking #InfoStealer #Persistence #ThreatIntel

Cybersecurity researchers at Nozomi Networks have uncovered nine high-severity vulnerabilities in several older models of Cognex industrial cameras, including the widely deployed In-Sight 2000, 7000, 8000, and 9000 series. These machine vision systems are vital for modern manufacturing—guiding robots, inspecting products, and ensuring quality control—but the flaws introduce significant risks ranging from hardcoded passwords and authentication bypasses to privilege escalation and denial-of-service attacks.

The most concerning detail is that Cognex will not be releasing patches for these vulnerabilities, labeling the affected cameras as “legacy” systems no longer supported for new applications. Yet, these cameras remain active in countless industrial environments worldwide, creating a dangerous gap between vendor policy and operational reality. Without patches, companies are forced to rely on defensive measures like strict network segmentation, limiting exposure, and securing remote access through VPNs.

While the vulnerabilities cannot be directly exploited over the internet, an attacker with access to the internal network could intercept credentials, escalate privileges, or disrupt operations—posing serious risks to production lines. The Cybersecurity and Infrastructure Security Agency (CISA) has echoed the call for immediate mitigations, stressing that organizations must adopt compensating controls now while planning long-term migrations to supported models.

This episode explores how legacy systems in critical manufacturing create enduring vulnerabilities, why vendor support policies can leave organizations exposed, and what steps asset owners must take to reduce the risk of operational disruption.

#Cognex #IndustrialCybersecurity #ICS #Vulnerabilities #Manufacturing #NozomiNetworks #CISA #LegacySystems #MachineVision #CriticalInfrastructure

Microsoft has taken the unprecedented step of cutting off services to an Israeli military unit after internal and external investigations revealed its cloud and AI products were being used for mass surveillance of Palestinians in Gaza and the West Bank. This dramatic reversal came only after sustained reporting by The Associated Press and The Guardian, which uncovered that Israel’s elite cyber intelligence branch, Unit 8200, had dramatically escalated its use of Microsoft Azure services for intelligence gathering and targeting operations.

The Associated Press first reported that Microsoft’s systems were being used to process and translate millions of communications for military purposes, sparking questions about how the company’s products were deployed in the conflict. Microsoft initially defended itself, claiming “no evidence” of misuse. But when The Guardian revealed direct ties between Unit 8200 leadership and CEO Satya Nadella, along with evidence that Microsoft cloud data centers in Europe were storing mass surveillance records, the company could no longer deny the reality.

Following a second, independent review, Microsoft confirmed violations of its terms of service and disabled access for the unnamed unit. However, critics say this is only a partial victory, as most of Microsoft’s contracts with the Israeli military remain untouched. For activists, the move is a rare but powerful example of how investigative journalism can force accountability from even the largest corporations, while for Israel’s defense establishment, it is seen as a symbolic gesture with little operational impact.

This episode examines how the press held Microsoft to account, how corporate technology fuels modern warfare, and why this decision is being hailed as both groundbreaking and insufficient at the same time.

#Microsoft #Unit8200 #Palestine #Gaza #Surveillance #CloudComputing #Azure #AI #TheGuardian #AssociatedPress #InvestigativeJournalism #CorporateAccountability #TechEthics #Israel #MiddleEast

Interpol has announced the results of a sweeping cybercrime operation across 14 African nations, leading to the arrest of 260 individuals behind romance scams and sextortion schemes. The crackdown, conducted in July and August, exposed the alarming scale of digital exploitation sweeping the continent. Victims—more than 1,400 in total—were deceived, blackmailed, and financially drained, with total losses nearing $2.8 million.

The operation highlighted country-specific cases: Ghanaian police arrested 68 suspects running fake shipping fee scams and blackmail rackets; Senegalese authorities detained 22 individuals posing as celebrities to defraud over 100 victims; and Ivory Coast police apprehended 24 suspects accused of using fake online identities to obtain intimate images for coercion. These arrests reveal a common criminal playbook—deception, emotional manipulation, and coercive sextortion—designed to trap victims in long-term cycles of exploitation.

Interpol stressed that digital crimes like romance scams are increasing sharply across Africa, fueled by borderless online platforms and weak national enforcement capabilities. The operation underscores both the emotional and financial devastation inflicted on victims and the critical role of international cooperation in fighting transnational cybercrime. This case demonstrates how intelligence sharing and coordinated action are indispensable tools against an escalating wave of digital fraud and blackmail schemes.

#Interpol #Cybercrime #Africa #RomanceScams #Sextortion #OnlineFraud #InterpolArrests #DigitalCrime #Cybersecurity #InternationalPolicing

Britain is facing a troubling wave of cyberattacks that has shaken some of its most high-profile organizations. Harrods, the world-renowned luxury retailer, confirmed that customer names and contact details were compromised after attackers infiltrated a third-party vendor’s system. While account passwords and payment data were spared, the breach highlights the risks of vendor supply chain security gaps. This latest breach follows a May security scare for Harrods and comes amid broader law enforcement activity, with four individuals arrested for cyberattacks against Harrods, Marks & Spencer, and the Co-op.

The disruption isn’t confined to retail. Jaguar Land Rover, one of Britain’s most iconic automakers, was forced to halt production after an attack crippled its systems. Even more disturbing was a ransomware attack on Kido, a London nursery chain, where sensitive photos and personal information of children were stolen and posted online. These incidents collectively expose the scale of cybersecurity threats facing the UK, cutting across sectors from luxury retail to automotive manufacturing and childcare services. With data breaches, ransomware, and operational shutdowns on the rise, the need for resilience and rapid response has never been more urgent.

#Cybersecurity #DataBreach #Harrods #UKRetail #JaguarLandRover #Ransomware #KidoNursery #Cyberattacks #Privacy #Infosec

What happens when a trusted gaming platform becomes a weapon for cybercriminals? That’s exactly what unfolded with BlockBlasters, a free-to-play platformer on Steam that turned from harmless fun into a malicious cryptocurrency-draining scheme.

For nearly two months, BlockBlasters appeared safe, even earning “Very Positive” reviews. But in late August, the developers pushed an update containing a cryptodrainer payload, which siphoned off crypto from unsuspecting players. The most shocking case involved RastalandTV, a Latvian gamer livestreaming a fundraiser for his cancer treatment, who lost $32,000 in crypto live on air. The community rallied in support, with donations from high-profile figures like Alex Becker helping to cover the loss.

Researchers estimate attackers stole between $150,000 and $157,000 from hundreds of Steam users. Investigators found malicious components including a dropper batch script to steal Steam login info and IP addresses, a Python backdoor, and the StealC information stealer. Evidence also suggests attackers targeted high-value crypto users identified on Twitter, blending platform abuse with precision social engineering.

The incident exposes a broader problem: Steam’s verification system is not enough to stop malicious updates. BlockBlasters joins a list of recent Steam-distributed malware cases, raising questions about Valve’s responsibility to protect users from supply chain attacks embedded in “trusted” games.

For players, the advice is urgent—uninstall BlockBlasters immediately, reset Steam credentials, and transfer crypto assets to secure wallets. For the industry, it’s a stark reminder that digital trust can be weaponized, and that gaming platforms are now part of the cybersecurity battlefield.

#Steam #BlockBlasters #cryptoscam #cryptodrainer #malware #gamingsecurity #RastalandTV #cryptocurrency #cybercrime #supplychainattack #StealC #infostealer #Valve

Phishing is no longer just an email problem. A new wave of non-email phishing attacks is targeting employees through social media, instant messaging apps, SMS, malicious search engine ads, and even collaboration tools like Slack and Teams. These campaigns are designed to bypass traditional defenses—leaving organizations exposed while attackers exploit overlooked channels of communication.

Unlike the inbox-focused phishing most security teams prepare for, these multi-channel attacks are far harder to detect and contain. Threat actors are using sophisticated tactics like compromised social media accounts, conditional payloads, and malvertising campaigns to deliver malicious links. Once an employee clicks, attackers can move laterally into core enterprise platforms, often leveraging Single Sign-On (SSO) to escalate a single compromised account into a full-scale breach.

This report reveals how non-email phishing is underreported and underestimated—in part because industry statistics rely heavily on data from email security vendors. The result? Security teams lack visibility into threats spreading across the apps and devices employees use every day.

Case studies include LinkedIn spear-phishing campaigns targeting executives and Google Search malvertising attacks traced to Scattered Spider, both showing how attackers use trusted platforms to build credibility and evade defenses. With rapid domain rotation and advanced obfuscation techniques, blocking malicious URLs has become a losing game of cat and mouse.

The takeaway is clear: the perimeter is no longer the inbox—it’s the user. To defend against this new era of phishing, organizations must expand detection and response strategies across all communication channels where modern work happens.

#phishing #cybersecurity #nonemailphishing #socialengineering #malvertising #SSO #identitysecurity #Slack #Teams #LinkedIn #WhatsApp #smishing #ScatteredSpider #Okta

Automotive giant Stellantis, the world’s fifth-largest automaker, has confirmed a data breach affecting its North American customers after attackers compromised a third-party service provider’s platform. While no financial data was exposed, the company acknowledged that customer contact details were stolen, prompting advisories to remain vigilant against phishing attempts.

According to BleepingComputer, the breach is part of a sweeping campaign by the notorious cyber-extortion group ShinyHunters, who claim to have stolen over 18 million Stellantis records and more than 1.5 billion Salesforce records across 760 companies worldwide. Their attack methods include exploiting stolen OAuth tokens from a Salesloft Drift integration, as well as voice phishing to capture credentials. High-profile targets have included Google, Cisco, Cloudflare, Palo Alto Networks, Adidas, Allianz Life, and Farmers Insurance.

The FBI has issued an alert warning that ShinyHunters is actively breaching Salesforce environments to steal customer data and extort victims. For Stellantis, the primary concern is not financial fraud but the risk of highly targeted phishing and social engineering attacks, made possible by the exposure of verified customer names and contact details.

Stellantis has activated its incident response protocols, notified authorities, and informed affected customers, but the scale of this campaign highlights the systemic risk posed by third-party platforms and the growing vulnerability of enterprise SaaS ecosystems. This episode unpacks how ShinyHunters pulled off the breach, what it means for Stellantis customers, and why Salesforce-linked compromises are becoming a global cybersecurity crisis.

#Stellantis #databreach #ShinyHunters #Salesforce #cybersecurity #FBIalert #OAuth #phishing #extortion #cybercrime #SOC #incidentresponse

Cybersecurity firm HoundBytes has officially launched WorkHorse, an automated security analyst designed to solve one of the biggest pain points in modern Security Operations Centers (SOCs): the Tier 1 bottleneck. Overwhelmed by a constant flood of raw alerts, Tier 1 analysts often suffer from burnout and slow triage times, putting organizations at risk. WorkHorse is built to replace these repetitive tasks with intelligent automation, eliminating alert fatigue and enabling analysts to focus on real threats.

Unlike traditional Security Orchestration, Automation, and Response (SOAR) platforms, WorkHorse integrates directly with existing Security Information and Event Management (SIEM) systems, requiring no new dashboards, no complex playbooks, and no steep learning curves. Its proprietary stateless, multi-graph machine learning algorithm analyzes more than 50 data points per alert, instantly transforming noise into fully contextualized cases for Tier 2 analysts. This ensures faster response, richer context, and a stronger overall security posture.

The product also offers transparent, predictable pricing: $3,500 per month for up to 10,000 alerts, with a scalable model for higher volumes. Developed out of HoundBytes’ own Managed Detection and Response practice, WorkHorse has been tested in real-world SOC conditions before being released as a commercial product.

With funding efforts underway to expand research, engineering, and global sales, HoundBytes is positioning WorkHorse as the next evolution of SOC automation—a frictionless alternative to SOAR platforms that promises to change the economics and effectiveness of cyber defense.

#cybersecurity #SOCautomation #WorkHorse #HoundBytes #SIEM #SOARalternative #alertfatigue #AIsecurity #Tier1automation #incidentresponse #cyberdefense #machinelearning

Toronto-based cybersecurity startup Mycroft has stepped out of stealth with a bold promise: to give startups and small-to-midsize businesses (SMBs) the kind of enterprise-grade security typically reserved for Fortune 500 companies. Acting as an AI-powered “Security and Compliance Officer,” Mycroft deploys autonomous AI agents that manage an organization’s entire security and IT stack. From cloud and application security to device management, automatic remediation, and compliance auditing, the platform automates the work of a full security team—something smaller companies usually can’t afford.

With $3.5 million in seed funding led by Luge Capital and participation from other investors, Mycroft is gearing up for rapid product development and expansion. The company has already attracted over 50 customers, proving that its model resonates in a market where resource-strapped startups face the same cyber risks as multinational enterprises.

CEO Mike Kim describes the vision clearly: security should be a superpower, not a burden. Mycroft’s mission is to democratize cybersecurity, ensuring every business—no matter its size—has access to robust, real-time protection from day one. This episode dives deep into how Mycroft is changing the cybersecurity landscape for startups and SMBs, the challenges it addresses, and why its early traction signals a broader shift in how smaller companies approach digital resilience.

#cybersecurity #AIsecurity #startupfunding #Mycroft #seedfunding #compliance #cloudsecurity #applicationsecurity #SMBsecurity #AIagents #TorontoTech