Newsletters

Security researcher Tobia Righi has pulled off what appears to be the first successful passkey phishing attack.

The phishing vector existed solely in mobile browsers and has now since been patched. Security updates have rolled out for all major browsers, such as Chrome/Edge (October 2024), Firefox (February 2025), and Safari (January 2025)—see CVE-2024-9956.

Righi's attack revealed that passkeys are not perfect, but his research also showed that passkeys are far superior to the old credential pair and classic multi-factor authentication solutions.

The US Department of Justice has unsealed charges against twelve Chinese nationals linked to two cyber-espionage groups.

The DOJ DC office indicted Yin Kecheng and Zhou Shuai, two members of the APT27 group, also known as Emissary Panda, Lucky Mouse, and Silk Typhoon.

Officials say the two worked as contractors and conducted hacking operations on behalf of China's Ministry of Public Security (MPS) and Ministry of State Security (MSS) since at least 2011.

Starlink is being used to keep forced labour scam compounds in Myanmar online after their internet access was cut by Thai authorities, according to a report in Wired. 

We'd love Starlink's parent company SpaceX to do something about this, but we're not holding our breath.

In Southeast Asia hundreds of thousands of people are forced by organised criminal gangs to carry out so-called "pig butchering" scams. These modern slavery compounds cause immense human suffering and generate billions of dollars of annual revenue. 

A team of academics has found a way to remotely turn any Bluetooth-capable device into an AirTag tracker.

The technique is named nRootTag and abuses how Apple's FindMy network indexes AirTags and searches for tracked or lost devices.

In normal circumstances, when a user pairs an AirTag to their account, Apple takes the AirTag's Bluetooth signal and generates a cryptographic private-public key pair. When the user wants to find the AirTag's location, the FindMy network queries for the public key associated with that Bluetooth signal and then notifies the owner of its location.

The Trump administration has sent memos to CISA and US Cyber Command instructing cybersecurity staff to stop treating Russian hackers as a threat and halt operations targeting Russia.

Both orders were issued around two weeks ago but were only first reported publicly on Friday.

In the first order, Defense Secretary Pete Hegseth ordered Cyber Command to shut down any operations targeting Russia.

Israeli hacking tools maker Cellebrite has banned the Serbian government from using its products, citing misuse of its technology.

The company's decision comes after an Amnesty International report last December accused Serbian law enforcement of using Cellebrite tools to unlock phones and install spyware on the devices of anti-government dissidents and journalists.

Amnesty says this usually happened while victims were being interrogated by police. Their phones were taken away and then returned to them with spyware installed.

The Financial Times has reported that Peter Navarro, one of President Trump's closest advisors, is pushing for the US to remove Canada from the Five Eyes intelligence alliance.

Trump has said he wants to make Canada the 51st American state amid a tariff dispute. Per the FT:

Navarro did not respond to Financial Times requests for comment, but denied pushing the idea after the article was published. Per The Hill: 

Signal Foundation president Meredith Whittaker says the secure messaging app will leave Sweden if the government there passes a new surveillance bill.

The Swedish government is scheduled to discuss a bill next month that would force communication providers to allow police and security services access to message content.

Whittaker told Swedish national public television SVT that adding such a backdoor would undermine its entire network and users across the world, not just in Sweden.

North Korean hackers have stolen over $1.5 billion worth of crypto assets from Bybit, the world's second-largest cryptocurrency exchange.

The incident represents the largest crypto-heist in history (and the largest heist of any kind as well) and is almost 2.5 times larger than the previous leader—the theft of $625 million from the Ronin Network in April 2022.

The hack took place on Friday, February 21, and is considered one of the most complex crypto-heists ever pulled.

Internal strife and conflicts appear to have led to the implosion of another successful Ransomware-as-a-Service platform—this time, BlackBasta, one of last year's most active ransomware groups.

Everything came crashing down last week when one of the BlackBasta members leaked the group's internal Matrix chat logs on the dark web.

The leaker said they shared the data after one of the BlackBasta affiliates launched brute-force attacks targeting Russian banks—a move the leaker didn't agree with because they feared it would trigger an aggressive response from Russian authorities.