New, from me:
In May 2025, the European Union levied financial sanctions on the owners of Stark Industries Solutions Ltd., a bulletproof hosting provider that materialized two weeks before Russia invaded Ukraine and quickly became a top source of Kremlin-linked cyberattacks and disinformation campaigns. But new findings show those sanctions have done little to stop Stark from simply rebranding and transferring their assets to other corporate entities controlled by its original hosting providers.
https://krebsonsecurity.com/2025/09/bulletproof-host-stark-industries-evades-eu-sanctions/
New, from me:
At least 18 popular JavaScript code packages that are collectively downloaded more than two billion times each week were briefly compromised with malicious software today, after a developer involved in maintaining the projects was phished. The attack appears to have been quickly contained and was narrowly focused on stealing cryptocurrency. But experts warn that a similar attack with a slightly more nefarious payload could quickly lead to a disruptive malware outbreak that is far more difficult to detect and restrain.
https://krebsonsecurity.com/2025/09/18-popular-code-packages-hacked-rigged-to-steal-crypto/
The story includes perspectives from @GossiTheDog@cyberplace.social who has been following this saga all day today w/ updates here.
https://infosec.exchange/@GossiTheDog@cyberplace.social/115169882087261187
New, by me: GOP Cries Censorship Over Spam Filters That Work
The chairman of the Federal Trade Commission (FTC) last week sent a letter to Google's CEO demanding to know why Gmail was blocking messages from Republican senders while allegedly failing to block similar missives supporting Democrats. The letter followed media reports accusing Gmail of disproportionately flagging messages from the GOP fundraising platform WinRed and sending them to the spam folder. But according to experts who track daily spam volumes worldwide, WinRed's messages are getting blocked more because its methods of blasting email are increasingly way more spammy than that of ActBlue, the fundraising platform for Democrats.
https://krebsonsecurity.com/2025/09/gop-cries-censorship-over-spam-filters-that-work/
...aaand that's about all a Subway sandwich is good for anyway
http://nytimes.com/2025/08/13/us/politics/federal-agent-trump-sandwich-dc.html
ICYMI, Aug. 12 was Microsoft Patch Tuesday. Microsoft fixed >100 flaws in Windows software (incl. 13 critical bugs). There are quite a few 9.0+ CVSS vulnerabilities this month, including some critical flaws for enterprises that need to be patched like yesterday.
https://krebsonsecurity.com/2025/08/microsoft-patch-tuesday-august-2025-edition/
Make America Guess Again?
"President Donald Trumpโs nominee to run the Bureau of Labor Statistics told Fox News Digital on Monday that the agency should suspend monthly jobs reports, a change that could leave businesses and policymakers at least temporarily without the data theyโve used for decades to gauge the state of the labor market and broader economy."
https://www.washingtonpost.com/business/2025/08/12/bls-antoni-suspend-jobs-report/
Apparently, being a DOGE douche, former Com denizen, and getting carjacked and beat up by two 15-year-olds qualifies one for consideration for the Presidential Medal of Freedom, the highest civilian honor. Who knew?
https://www.thedailybeast.com/white-house-may-give-big-balls-edward-coristine-presidential-medal-of-freedom-the-same-medal-as-rosa-parks/
This isn't going to stop with Washington, D.C. or Chicago. Also, taking >100 FBI agents off of whatever they are doing and assigning them as temporary beat cops in DC has to be the dumbest, most wasteful and demoralizing use of federal law enforcement I've seen in a while. The one thing you can be sure about is that the stated reason for these actions -- cracking down on crime -- is not in fact the goal. You know it's not, because that's what they said was the reason.
Chipmunks are cute and all...until they start leaving half your tomatoes half-eaten. There is a new enemy in the garden.
CISA has published a severe vulnerability notice regarding a Microsoft Exchange flaw that was disclosed at Black Hat in Las Vegas:
"CISA is aware of the newly disclosed high-severity vulnerability, CVE-2025-53786, that allows a cyber threat actor with administrative access to an on-premise Microsoft Exchange server to escalate privileges by exploiting vulnerable hybrid-joined configurations. This vulnerability, if not addressed, could impact the identity integrity of an organizationโs Exchange Online service."
"While Microsoft has stated there is no observed exploitation as of the time of this alertโs publication, CISA strongly urges organizations to implement Microsoftโs Exchange Server Hybrid Deployment Elevation of Privilege Vulnerability guidance outlined below, or risk leaving the organization vulnerable to a hybrid cloud and on-premises total domain compromise."
https://www.cisa.gov/news-events/alerts/2025/08/06/microsoft-releases-guidance-high-severity-vulnerability-cve-2025-53786-hybrid-exchange-deployments
NextGov writes:
"At Black Hat in Las Vegas, Nevada, Outsider Security researcher Dirk-jan Mollema presented a long-form demo exploiting the flaw, where he said he was able to modify user passwords, convert cloud users to hybrid users and impersonate hybrid users."
"Through the exploit, hackers could also modify executive permissions, known as service principals, where they could escalate network access privileges or establish persistent access between on-premises Exchange and Microsoft 365 by tampering with the identities and permissions set up on a network."
No patch, but CISA's alert includes some guidance on hardening and mitigations.
MS advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53786
BrianKrebs