This week's security review is centered around hackers — the good ones and the bad ones. If you're not familiar, the good hackers are the security researchers who investigate how we [the general Internet users] can stay safe online. Conversely, the bad hackers are those who devise mischievous ways to make the life of Internet users miserable, e.g., wasting users' time, stealing data and money, e.t.c.
APT37 hackers use new malware to breach air-gapped networks
When you read the word "air-gapped networks", you should automatically think that such networks exist in critical infrastructures where security is of great importance. Also, they should be "safe" from outside intrusion. Well, that's not always true, and this article is proof that threat actors still find ways to steal data from air-gapped networks.
From the article:
The infection chain begins when the victim opens a malicious Windows shortcut file (LNK), which deploys a PowerShell script that extracts payloads embedded in the LNK file. To divert attention, the script also launches a decoy document.
The PowerShell script loads the first malware component, called RESTLEAF, an implant that communicates with APT37's command-and-control (C2) infrastructure using Zoho WorkDrive.
Hackers Weaponize Claude Code in Mexican Government Cyberattack
When you read the article, you'll realize it's funny how the hackers got Claude to comply.
Here is what happened and what the hackers stole:
The attacker bypassed the AI’s guardrails by convincing it that all actions were authorized, guided the assistant throughout the compromise, and leveraged OpenAI’s model to analyze data and accelerate the attack execution.
Advertisement. Scroll to continue reading.
Within a month, Gambit says, the hacker exfiltrated over 150GB of data, including civil registry files, tax records, and voter data. Roughly 195 million identities have been exposed in the breach
LLMs can unmask pseudonymous users at scale with surprising accuracy
I strongly believe that this might be tedious work before. Now, LLMs can make it much easier.
From the article:
The findings have the potential to upend pseudonymity, an imperfect but often sufficient privacy measure used by many people to post queries and participate in sometimes sensitive public discussions while making it hard for others to positively identify the speakers.
The ability to cheaply and quickly identify the people behind such obscured accounts opens them up to doxxing, stalking, and the assembly of detailed marketing profiles that track where speakers live, what they do for a living, and other personal information.
Quantum Decryption of RSA Is Much Closer Than Expected
Currently, I have limited knowledge of cryptography. But I know one thing for sure: RSA is one of the most used encryption that we have today. So, if it's close to being broken, you should know about it.
From the article:
A new algorithm, the JVG algorithm, completely upends existing time projections. The Advanced Quantum Technologies Institute (AQTI) announced March 2, 2026, “The JVG algorithm requires thousand-fold less quantum computer resources, such as qubits and quantum gates. Research extrapolations suggest it will require less than 5,000 qubits to break encryption methods used in RSA and ECC.”
A suite of government hacking tools targeting iPhones is now being used by cybercriminals
When you think: This is safe to develop since we are the only ones that will be using it for "legal" purposes. Then boom! It's in the wrong hands!
Here is what's going on:
Google said the hacking tools are powerful, as they can bypass an iPhone’s defenses simply through visiting a malicious website containing the exploit code — such as being sent a malicious link — in what is known as a “watering hole” attack.
According to Google, the Coruna kit can hack into an iPhone five separate ways by relying on and chaining together 23 separate vulnerabilities in its digital arsenal. Affected devices range from iPhone models running iOS 13 up to 17.2.1, which was released in December 2023.
Wikipedia hit by self-propagating JavaScript worm that vandalized pages
This is Wikipedia; the online encyclopedia. Why would someone do this? This shows that the bad guys don't care about your reputation or your usefulness to others. If they intend to wreck you, they will surely try and it's up to you to defend yourself.
From the article:
The malicious script was stored at User:Ololoshka562/test.js [Archive], first uploaded in March 2024 and allegedly associated with scripts used in previous attacks on wiki projects.
Based on edit histories reviewed by BleepingComputer, the script is believed to have been executed for the first time by a Wikimedia employee account earlier today while testing user-script functionality.
It is not currently known whether the script was executed intentionally, accidentally loaded during testing, or triggered by a compromised account.
Credits
Cover photo by Debby Hudson on Unsplash.
That's it for this week, and I'll see you next time.
Top comments (0)