X-Industry

OpenSNP, a large open-source repository for user-uploaded genetic data, will shut down and delete all of its data at the end of April, co-founder Bastian Greshake Tzovaras has confirmed.  In a blog post, openSNP’s Greshake Tzovaras attributed the decision to shut down the site due to concerns of data privacy following the financial collapse of 23andMe and the rise in authoritarian governments around the world.

Founded in 2011 by Tzovaras, along with Philipp Bayer and Helge Rausch, openSNP became

A new report out today from Cisco Talos, a cybersecurity company part of Cisco Systems Inc., found that in 2024, cybercriminals didn’t need zero-days or custom malware to wreak havoc: They just logged in. Identity-based attacks, misused legitimate tools, and years-old vulnerabilities drove the majority of security incidents last year.

The findings come from the Talos 2024 Year in Review report, based on telemetry from more than 46 million devices across 193 countries and regions, analyzing more

In the ever-evolving landscape of cybersecurity threats, a new and menacing player has emerged: ransomware-as-a-service (RaaS). Among the many RaaS platforms causing havoc, Kryptina stands out for its advanced capabilities and widespread impact. The article below describes the intricate details of Kryptina RaaS, examining its mechanisms, effects, and the measures needed to combat this digital menace. Hello, Lady Kryptina, a devious female vampire.

Understanding Ransomware-as-a-Service. Ransomwa

In the law enforcement world, many times arrested criminals will be used (or ‘flipped’) to continue finding other criminal activity.  This is similar in the cyber security world.  Black Hats, Gray Hats and White Hats.    

A key member of Elon Musk's US DOGE Service team once assisted a cybercrime gang involved in data theft and cyberstalking an FBI agent, according to digital records reviewed by Reuters.  Edward Coristine, a 19-year-old hacker, is one of the most visible figures in the DOGE init

Russian authorities have arrested three individuals suspected of developing the Mamont malware, a recently identified banking trojan targeting Android devices.  The suspects, whose identities remain undisclosed, were apprehended in the Saratov region. A video released by the Russian Ministry of Internal Affairs (MVD) shows the arrested individuals in handcuffs, being escorted by police officers.

According to the MVD, the trio is linked to over 300 cybercrime incidents. Authorities also seized co

A new report from VicOne, a leading automotive cybersecurity firm, warns of escalating threats in the global auto industry. Despite recent progress in law enforcement efforts, the Shifting Gears: VicOne 2025 Automotive Cybersecurity Report highlights growing vulnerabilities in vehicles, electric charging networks, and artificial intelligence systems.

Cyberattacks between 2022 and 2024 caused tens of billions of dollars in damages. Automotive vulnerabilities reached record highs in 2024, with ove

Recently, over 100 websites belonging to car dealerships were found to serve malicious "ClickFix" code due to a supply chain attack that affected a third-party domain. According to security researcher Randy McEoin, the threat actor infected LES Automotive, a privately held streaming service provider based in Tolland, CT, that primarily focuses on the automotive industry. All websites using LES Automotive's services shared a ClickFix webpage with their visitors. [1]

See: https://redskyalliance.or

A server-side request forgery vulnerability in OpenAI's chatbot infrastructure can allow attackers to direct users to malicious URLs, leading to a range of threat activity.  Attackers are actively exploiting a flaw in ChatGPT that allows them to redirect users to malicious URLs from within the artificial intelligence (AI) chatbot application, with more than 10,000 exploit attempts in a week coming from a single malicious IP address.

Researchers from Veriti discovered the vulnerability in OpenAI’

Known for the sophistication of its operations, the ransomware gang Medusa has been responsible for known attacks on over 300 organizations in the critical infrastructure sectors, including medical, education, legal, insurance, manufacturing, and technology operations. Once hit by a Medusa ransomware attack, victims are told to pay a ransom to decrypt their files to prevent them from being released onto the Internet.

See: https://redskyalliance.org/redshorts2023/medusa-ransomware-gang-picks-up-

One of the world’s largest genetic testing companies, 23andME, just filed for bankruptcy over the weekend.  Now millions of DNA samples and private information could end up in the hands of another company.  Genetic testing companies allow customers to send in a saliva sample and learn about ancestry as well as potential health issues.  “I think there are benefits here and there but I think if someone’s collecting a lot of your DNA and storing that data it’s like who else has access,” said one De

A surge in browser-based phishing attacks has been recorded over the past year, with 752,000 incidents identified between 2023 and 2024, marking a 140% increase Year over Year (YoY). The rise of artificial intelligence (AI)- driven phishing techniques and the exploitation of enterprise browsers have contributed to this trend. According to a new report by Menlo Security, cybercriminals are increasingly focusing on browsers as their primary attack vector, leveraging sophisticated evasion technique

Exec. Summary – The research paper below addresses detecting false data attacks (FDAs) in power systems. While improving the operation of the power system, integrating multi-layered cyber-physical networks poses substantial security risks. In particular, the FDAs can fool the Chi-square detector-based detection mechanism by manipulating the communication layer data. For this reason, researchers focus on proposing a novel spatial–temporal features-based detection framework against false data atta

Doomsday movies and TV shows have continuously been a staple in American entertainment. These fictionalized end-of-the-world scenarios range from the spread of mysterious diseases to catastrophic weather events and even aliens and zombies taking over.  But in recent years, a new threat has arisen in apocalyptic content: cyber-attacks.

In 2023, the Netflix film "Leave the World Behind," based on the novel of the same name, shares the story of two families stuck in a Long Island home trying to nav

Have you heard of the British mathematician, Andrew Wiles?  You could say he was into numbers.  In 1637 Pierre de Fermat developed a theorem that stated that there can be no integer greater than 2 that satisfied the equation an+bn=cn.  Fermat died before he wrote down the proof.  For over 350 years, not one mathematician could provide the proof.  However, in 1995, after a seven-year effort, Andrew Wiles published the proof using algebraic geometry and number theory.  Who cares, right.  Keep read

A bipartisan group of five US Members of Congress and Senators has called for full transparency in the ongoing legal battle between Apple and the UK government over law enforcement access to encrypted data. In a 13 March 2025 letter, the group requested the Investigatory Powers Tribunal (IPT), part of the UK’s Home Office, to “remove the cloak of secrecy related to notices given to American technology companies by the UK.” Specifically, the five US legislators referred to a reported technical ca

Cisco Talos observed threat actors abusing Cascading Style Sheets (CSS) to evade detection and track user behavior, raising security and privacy concerns, including potential fingerprinting. Cascading Style Sheets (CSS) is a style sheet language used to control the appearance and layout of web pages. It defines styles for HTML elements, including colors, fonts, spacing, and positioning. CSS helps separate content from design, allowing developers to create visually appealing and responsive websit

In Star Trek: The Next Generation episode “The Drumhead,” a Starfleet officer’s suspected espionage sparks an overzealous investigation that turns into a witch hunt, driven by paranoia.  Captain Picard’s warning about the dangers of overreaction, “With the first link, the chain is forged…,” underscores the importance of caution when assigning blame. This is highly relevant to the hacking of Ranveer Allahbadia’s YouTube channel, where suspicions point to Chinese hackers.  Although China has a his

In 2020, cybersecurity company Mandiant’s computer system was compromised by an intruder exploiting an innocuous crack: routine software updates pushed out by another company, SolarWinds.  Mandiant was one of nearly 18,000 organizations to receive the compromised software.

The attack, a supply-chain hack by a Russian intelligence agency, demonstrates the trade-off between system coordination and vulnerability to attack, according to science and technology scholar Rebecca Slayton.[1]   “Standards

The websites of over 100 car dealerships were found serving malicious ClickFix code after a third-party domain was compromised in a supply chain attack.  As part of the compromise, a threat actor infected LES Automotive, a shared video service unique to dealerships, so that websites using the service would serve a ClickFix webpage to their visitors.

A ClickFix attack relies on malicious code on a webpage to display a prompt to the user, asking them to fix an error or perform a reCAPTCHA challeng

The Dark Storm hacktivist group claims to be behind DDoS attacks causing multiple X worldwide outages on Monday, leading the company to enable DDoS protections from Cloudflare. While X owner Elon Musk did not specifically state that DDoS attacks were behind the outages, he did confirm that it was caused by a "massive cyberattack." "There was (still is) a massive cyberattack against X," Musk posted on X. "We get attacked every day, but this was done with a lot of resources. Either a large, coordi