Feedback & Followups
- Greyware spyware from Pegatron continues to be abused: Graphite spyware used in Apple iOS zero-click attacks on journalists — www.bleepingcomputer.com/… (This all happened a few months ago, and the zero-day was patched back in February 2025)
- 🇬🇧 More bad news for beleaguered 23andMe: UK fines 23andMe for ‘profoundly damaging’ breach exposing genetics data — www.bleepingcomputer.com/…
- 🇬🇧 WhatsApp have filed to give evidence in support of Apple in their battle to save iCloud Advanced Encryption in the UK — www.bbc.com/…
- 🇺🇸 TikTok ban enforcement delayed another 90 days to September 17 — appleinsider.com/… (Still zero legal basis for this, Apple, Google, Oracle & Akami still taking a huge risk obeying)
❗ Action Alerts
- Microsoft June 2025 Patch Tuesday fixes exploited zero-day, 66 flaws — www.bleepingcomputer.com/…, isc.sans.edu/… & krebsonsecurity.com/…
- Hackers exploited Windows WebDav zero-day to drop malware — www.bleepingcomputer.com/… (Fixed by the updates)
- New Secure Boot flaw lets attackers install bootkit malware, patch now — www.bleepingcomputer.com/… (you just have to patch Windows to protect yourself)
Worthy Warnings
- Beware of Discord invite links, a flaw in their design is being used to spread malware — www.bleepingcomputer.com/… (The danger is to anyone clicking on a malicious invite link, not to owners or members of Discord communities)
-
⚠️ ASUS Users: ASUS Armoury Crate bug lets attackers get Windows admin privileges — www.bleepingcomputer.com/…
“Armoury Crate is the official system control software for Windows from ASUS, providing a centralized interface to control RGB lighting (Aura Sync), adjust fan curves, manage performance profiles and ASUS peripherals, as well as download drivers and firmware updates.”
- Hacker steals 1 million Cock.li user records in webmail data breach — www.bleepingcomputer.com/… (Privacy-focused free mail provider)
-
🇺🇸 ⚠️ Current & Former Customers: Old AT&T data leak repackaged to link SSNs, DOBs to 49M phone numbers — www.bleepingcomputer.com/…
- An interesting illustration of how newer breaches can enrich less broad earlier breaches
Notable News
- 🇺🇸 Example of a new trend in cybercrime attacks, cybercriminals seem to be switching focus from the healthcare to insurance industries in the US: Aflac discloses breach amidst Scattered Spider insurance attacks — www.bleepingcomputer.com/…
-
16 billion logins discovered across exposed datasets, but don’t panic — appleinsider.com/… & www.bleepingcomputer.com/…
- No websites have been breached, these are passwords stolen from users by malware
-
Excellent conclusion in the article:
“Basic internet and password hygiene can go a long way in thwarting criminals. And while some of this can take time to set up, once it’s all running, you should never have to think of a username or password again, even when there is a breach.”
- Meta are expanding their passkey support to their mobile apps (Android & iOS) — thehackernews.com/…
-
Linux Foundation unveils decentralized WordPress plugin manager — www.bleepingcomputer.com/… (Important for the community given the chaos being caused by Automatic’s on-going legal battles with WPEngine)
-
DuckDuckGo beefs up scam defense to block fake stores, crypto sites — www.bleepingcomputer.com/…
-
More technical debt being paid down by Microsoft to boost security:
- Microsoft 365 to block file access via legacy auth protocols by default — www.bleepingcomputer.com/… (Will break older 3rd-party apps and integrations that have not been upgraded to OAuth2)
- Microsoft to remove legacy drivers from Windows Update for security boost — www.bleepingcomputer.com/… (Slow phased plan, should avoid user issues)
Excellent Explainers
- Very well structured article: What to Do If Your Mac Was Hacked — www.intego.com/… (One to bookmark and hope you never need!)
Palate Cleansers
- From Allison
- Bart’s Let’s Talk Photography episode 141 entitled, “Alt Text, do it for You!”
- Bart walks you through his journey from knowing about Alt Text to dipping his toes in to fully embracing the writing of them as a way to improve his photography. I didn’t get the premise going in, but it makes perfect sense.
- From Bart:
- XKCD 3101: Good Science
- 🎧 How AI can make education better by training human teachers rather than replacing them: Revisionist History: How AI Assistants Can Transform Education — overcast.fm/…
- 🎦 A remastered version of Steve Jobs’ famous commencement address: Stay Hungry, Stay Foolish — stevejobsarchive.com/…
- XKCD 3101: Good Science
Legend
When the textual description of a link is part of the link, it is the title of the page being linked to, when the text describing a link is not part of the link, it is a description written by Bart.
| Emoji | Meaning |
|---|---|
| 🎧 | A link to audio content, probably a podcast. |
| ❗ | A call to action. |
| flag | The story is particularly relevant to people living in a specific country, or, the organisation the story is about is affiliated with the government of a specific country. |
| 📊 | A link to graphical content, probably a chart, graph, or diagram. |
| 🧯 | A story that has been over-hyped in the media, or, “no need to light your hair on fire” 🙂 |
| 💵 | A link to an article behind a paywall. |
| 📌 | A pinned story, i.e. one to keep an eye on that’s likely to develop into something significant in the future. |
| 🎩 | A tip of the hat to thank a member of the community for bringing the story to our attention. |
| 🎦 | A link to video content. |