Cyber Mornings Daily

Alice & Bob
  • 0.0 (0)
  • NOTICIAS TECNOLÓGICAS
  • CADA DÍA

Cyber Mornings Daily is your go-to daily podcast for the latest cybersecurity news, trends, and insights, delivered by AI. Each episode delivers a concise and informative breakdown of the most pressing cyber threats, vulnerabilities, and breaches.

  1. September 19th, 2025

    19/09/2025

    September 19th, 2025

    Cyber Mornings Daily brings you the latest cybersecurity news, starting with the UK arrests of 'Scattered Spider' teenagers linked to the Transport for London hack and US healthcare attacks, with one suspect facing charges for over 120 global network breaches. We also examine ShinyHunters' claim of 1.5 billion Salesforce records stolen through compromised Salesloft Drift OAuth tokens, along with FBI warnings about associated threat actors and Google's confirmation of a fraudulent law enforcement account. Today's show also covers the ransomware breach at VC giant Insight Partners, which compromised thousands after a sophisticated social engineering attack, and reviews alarming trends like the doubling of password cracking incidents.

    33 min
  2. September 4th, 2025

    04/09/2025

    September 4th, 2025

    For today's Cyber Mornings Daily, we're tracking major headlines in digital privacy and online security. French regulators have fined Google $379 million and Chinese e-commerce giant Shein $175 million for violating cookie consent laws, specifically for setting advertising cookies on users' browsers without securing their consent and encouraging choices that favored personalized advertisements. Google also faces a $425 million judgment in the U.S., as a jury found the company violated users' privacy by collecting their data even after they opted out of Web & App Activity tracking. Child data privacy is a significant focus as well, with Disney agreeing to a $10 million settlement with the U.S. Federal Trade Commission (FTC) over allegations that it collected personal data from children watching YouTube videos without parental notification or consent, violating the U.S. Children's Online Privacy Protection Rule (COPPA). The FTC is also taking action against Apitor Technology, a China-based robot toy maker, for allegedly permitting a third-party to collect children's geolocation data without their knowledge and parental consent via its Android app. In a new and evolving threat, actors are exploiting X's built-in AI assistant, Grok, to bypass link posting restrictions. This technique, dubbed "Grokking," involves hiding malicious links in video ad metadata and then prompting Grok to reply with the clickable link, thereby boosting its credibility and reach to millions of impressions. Lastly, in a major law enforcement success, the Alliance for Creativity and Entertainment (ACE) and Egyptian authorities have successfully disrupted Streameast, which was identified as the world's largest illegal live sports streaming network, leading to the arrest of two individuals allegedly associated with the operation and the redirection of many of its domains.

    30 min
  3. September 3rd, 2025

    03/09/2025

    September 3rd, 2025

    On today's Cyber Mornings Daily, we discuss Cloudflare's recent mitigation of a record-setting volumetric distributed denial-of-service (DDoS) attack that peaked at 11.5 terabits per second (Tbps), lasting about 35 seconds and primarily originating from Google Cloud. This incident highlights a significant increase in hyper-volumetric DDoS attacks, which rose from 700 in Q1 2025 to 6,500 in Q2 2025, often launched by botnets like RapperBot. We then cover a major privacy development as Disney agrees to pay $10 million to settle claims from the U.S. Federal Trade Commission (FTC). The claims state that Disney illegally collected children's personal data on YouTube by failing to correctly label "kid-directed" videos as "Made for Kids" (MFK), thereby violating the Children's Online Privacy Protection Rule (COPPA). The settlement also mandates Disney to notify parents before collecting children's data and implement a new program to ensure correct video designation. Finally, we examine a substantial cybercrime attempt where hackers tried to steal $130 million from Sinqia S.A., Evertec's Brazilian subsidiary. The breach occurred on August 29, 2025, when hackers gained unauthorized access to Sinqia’s environment on Brazil's Pix payment system using stolen IT vendor credentials. While some funds have been recovered, the investigation is ongoing, and Sinqia's access to Pix has been temporarily revoked by the Central Bank of Brazil.

    37 min
  4. September 2nd, 2025

    02/09/2025

    September 2nd, 2025

    Welcome to Cyber Mornings Daily! This week, we're covering a range of critical cybersecurity incidents and updates. Jaguar Land Rover recently announced that a cyberattack "severely disrupted" its production and retail operations, forcing the company to proactively shut down certain systems as a mitigation effort. While the automaker stated there is no evidence of customer data theft at this stage, dealers faced issues registering new cars and supplying parts. The incident, which occurred over a weekend, has no public timeline for resolution or details on the attack type. In proactive security news, Microsoft is set to enforce multi-factor authentication (MFA) for all Azure resource management actions starting in October 2025, as part of its Secure Future Initiative (SFI). This move, which applies to users performing create, update, or delete operations via Azure CLI, PowerShell, SDKs, and APIs, aims to protect against unauthorized access, with Microsoft noting that 99.99% of MFA-enabled accounts resist hacking attempts. Finally, the fallout continues from a major data breach at AI chatbot maker Salesloft, involving the mass-theft of authentication tokens from its Drift application. Google's Threat Intelligence Group (GTIG) warned that attackers, tracked as UNC6395, stole valid authentication tokens for hundreds of integrated corporate services, including Slack, Google Workspace, Amazon S3, and Microsoft Azure, and siphoned large amounts of data while searching for sensitive credentials. Google has strongly advised organizations using Salesloft Drift with third-party integrations to consider their data compromised and immediately invalidate all affected tokens, highlighting the concern of "authorization sprawl" where legitimate access tokens are abused by attackers. Salesloft has engaged Mandiant to investigate the breach's root cause.

    23 min
  5. July 15th, 2025

    15/07/2025

    July 15th, 2025

    Recent cybersecurity reports highlight significant vulnerabilities and a proactive defense strategy. One notable incident involved McDonald's McHire job chatbot platform, which exposed chat transcripts and personal data from over 64 million job applications due to a combination of an Insecure Direct Object Reference (IDOR) vulnerability and the use of weak default credentials, "123456" for both login and password, on a test franchise's admin panel. This allowed researchers to access details like names, email addresses, phone numbers, and home addresses, with the issue being reported and subsequently fixed by Paradox.ai, the platform provider. Separately, a Google Gemini flaw enables attackers to create phishing scams by embedding invisible prompt injections within emails; when Gemini summarizes these emails, it obeys the hidden directives, potentially presenting fake security alerts to users without needing attachments or direct links. To counter such evolving threats and strengthen national cybersecurity, the UK's National Cyber Security Centre (NCSC) has launched a new Vulnerability Research Initiative (VRI), aiming to improve the UK's ability to identify and understand software and hardware vulnerabilities through structured collaboration with external cybersecurity experts, including those in emerging areas like AI-powered vulnerability discovery.

    12 min
  6. July 7th, 2025

    07/07/2025

    July 7th, 2025

    The sources provided discuss two primary topics: recent cybersecurity incidents and advancements in artificial intelligence. One significant cybersecurity event is the ongoing outage at IT giant Ingram Micro, which was caused by a SafePay ransomware attack that led to the shutdown of internal systems. It is believed that the threat actors initially breached Ingram Micro through its GlobalProtect VPN platform, impacting systems such as the Xvantage and Impulse platforms, though other internal services like Microsoft 365, Teams, and SharePoint continued to operate. The SafePay ransomware operation, which emerged in November 2024 and has accumulated over 220 victims, is known for breaching corporate networks via VPN gateways using compromised credentials or password spray attacks. Another major cybersecurity incident reported is a hacker's threat to leak 106GB of data allegedly stolen from Spanish telecommunications company Telefónica. The hacker, known as "Rey" and a member of the Hellcat Ransomware group, claims the breach occurred due to a Jira misconfiguration, and the purportedly leaked data includes internal communications, purchase orders, internal logs, customer records, and employee data. On the artificial intelligence front, the sources cover OpenAI's plans for GPT-5, which is expected to unify breakthroughs from different models. OpenAI aims for GPT-5 to combine the reasoning capabilities found in its "o" series and the multi-modality of its GPT-series, intending to make existing models significantly better and reduce the need for model switching.

    15 min
  7. June 11th, 2025

    11/06/2025

    June 11th, 2025

    A significant vulnerability found in Google that allowed researchers to brute-force recovery phone numbers for Google accounts, creating a substantial risk for targeted phishing and SIM-swapping incidents. Another key topic is Microsoft Outlook's planned security enhancement to block additional risky attachment types, such as .library-ms and .search-ms files, starting in July 2025, which aims to counter their past use in malware and phishing schemes. Lastly, the sources describe the 'EchoLeak' attack, identified as the first zero-click AI vulnerability affecting Microsoft 365 Copilot, which enabled the exfiltration of sensitive data from a user's context without any interaction, highlighting a new category of large language model scope violations.

    24 min
  8. June 9th, 2025

    09/06/2025

    June 9th, 2025

    United Natural Foods (UNFI), a large grocery wholesale distributor, experienced an attack that forced them to take certain systems offline, disrupting customer orders. Kettering Health, a healthcare network, confirmed a breach by the Interlock ransomware group, which stole data, including sensitive patient and personnel information. The Interlock group is noted as a newer ransomware operation that frequently targets healthcare organizations. Additionally, Optima Tax Relief, a tax resolution firm, was hit by the Chaos ransomware gang, leading to the theft and leaking of corporate and customer data containing sensitive personal information. These incidents highlight the ongoing threat of cyberattacks, including those involving ransomware and data exfiltration, impacting various sectors.

    15 min
Ver todo (79)

Acerca de

Cyber Mornings Daily is your go-to daily podcast for the latest cybersecurity news, trends, and insights, delivered by AI. Each episode delivers a concise and informative breakdown of the most pressing cyber threats, vulnerabilities, and breaches.

Información

  • Creador
    Alice & Bob
  • Años de actividad
    2024 - 2025
  • Episodios
    79
  • Clasificación
    Apto
  • Copyright
    © @jonathansinger | All rights reserved.
  • Mostrar sitio web
    Cyber Mornings Daily