TechNadu
@technadu.com
Cybersecurity, VPNs, & digital privacy, decoded. Smart takes, real insights, and expert reviews to keep you safe online.
👉 Subscribe to our newsletter → technadu.com/newsletter
👉 Subscribe to our newsletter → technadu.com/newsletter
Missouri will begin enforcing mandatory online age verification on Nov 30, 2025. Sites with 33%+ harmful content must verify users are 18+ through digital IDs, government IDs, or other approved data. Privacy experts warn of surveillance and identity-exposure risks.
#Cybersecurity #OnlineSafety
#Cybersecurity #OnlineSafety
November 28, 2025 at 10:37 AM
Missouri will begin enforcing mandatory online age verification on Nov 30, 2025. Sites with 33%+ harmful content must verify users are 18+ through digital IDs, government IDs, or other approved data. Privacy experts warn of surveillance and identity-exposure risks.
#Cybersecurity #OnlineSafety
#Cybersecurity #OnlineSafety
NVIDIA has issued a critical update for DGX Spark after discovering 14 firmware vulnerabilities affecting core system components.
CVE-2025-33187 (9.3) poses the highest risk, enabling code execution and potential SoC access.
#cybersecurity #NVIDIA #DGXSpark #AIsecurity #CVE #infosec #securitynews
CVE-2025-33187 (9.3) poses the highest risk, enabling code execution and potential SoC access.
#cybersecurity #NVIDIA #DGXSpark #AIsecurity #CVE #infosec #securitynews
November 28, 2025 at 8:49 AM
NVIDIA has issued a critical update for DGX Spark after discovering 14 firmware vulnerabilities affecting core system components.
CVE-2025-33187 (9.3) poses the highest risk, enabling code execution and potential SoC access.
#cybersecurity #NVIDIA #DGXSpark #AIsecurity #CVE #infosec #securitynews
CVE-2025-33187 (9.3) poses the highest risk, enabling code execution and potential SoC access.
#cybersecurity #NVIDIA #DGXSpark #AIsecurity #CVE #infosec #securitynews
A Microsoft Teams guest-access gap is letting attackers bypass Defender for Office 365 by pulling users into low-security external tenants. Safe Links and Safe Attachments don’t apply there, making phishing far easier.
#cybersecurity #MicrosoftTeams #infosec #cloudsecurity #securitynews
#cybersecurity #MicrosoftTeams #infosec #cloudsecurity #securitynews
November 28, 2025 at 7:45 AM
A Microsoft Teams guest-access gap is letting attackers bypass Defender for Office 365 by pulling users into low-security external tenants. Safe Links and Safe Attachments don’t apply there, making phishing far easier.
#cybersecurity #MicrosoftTeams #infosec #cloudsecurity #securitynews
#cybersecurity #MicrosoftTeams #infosec #cloudsecurity #securitynews
Congress has called Anthropic’s CEO to testify on the first known AI-orchestrated cyberattack, reportedly linked to Chinese state actors.
Lawmakers want insight into:
• AI-driven cyber-espionage
• Cloud security gaps
• Quantum-enabled attack models
#Cybersecurity #AIsecurity #CloudSecurity
Lawmakers want insight into:
• AI-driven cyber-espionage
• Cloud security gaps
• Quantum-enabled attack models
#Cybersecurity #AIsecurity #CloudSecurity
November 28, 2025 at 6:11 AM
Congress has called Anthropic’s CEO to testify on the first known AI-orchestrated cyberattack, reportedly linked to Chinese state actors.
Lawmakers want insight into:
• AI-driven cyber-espionage
• Cloud security gaps
• Quantum-enabled attack models
#Cybersecurity #AIsecurity #CloudSecurity
Lawmakers want insight into:
• AI-driven cyber-espionage
• Cloud security gaps
• Quantum-enabled attack models
#Cybersecurity #AIsecurity #CloudSecurity
A new Mirai variant - ShadowV2 - is exploiting IoT vulnerabilities to expand a DDoS-focused botnet. Targets include D-Link, TP-Link, DD-WRT, and more.
#CyberSecurity #IoTSecurity #ThreatIntel #BotnetActivity #TechNadu
#CyberSecurity #IoTSecurity #ThreatIntel #BotnetActivity #TechNadu
November 27, 2025 at 5:56 PM
A new Mirai variant - ShadowV2 - is exploiting IoT vulnerabilities to expand a DDoS-focused botnet. Targets include D-Link, TP-Link, DD-WRT, and more.
#CyberSecurity #IoTSecurity #ThreatIntel #BotnetActivity #TechNadu
#CyberSecurity #IoTSecurity #ThreatIntel #BotnetActivity #TechNadu
A researcher uncovered a flaw in Tyler Technologies’ jury systems that exposed sensitive juror data across several U.S. states. The issue involved sequential juror IDs with no rate limiting, enabling brute-force access.
#Cybersecurity #InfoSec #ThreatIntel #SecurityUpdate #TechNews #TechNadu
#Cybersecurity #InfoSec #ThreatIntel #SecurityUpdate #TechNews #TechNadu
November 27, 2025 at 5:11 PM
A researcher uncovered a flaw in Tyler Technologies’ jury systems that exposed sensitive juror data across several U.S. states. The issue involved sequential juror IDs with no rate limiting, enabling brute-force access.
#Cybersecurity #InfoSec #ThreatIntel #SecurityUpdate #TechNews #TechNadu
#Cybersecurity #InfoSec #ThreatIntel #SecurityUpdate #TechNews #TechNadu
TunnelBear has completed its 8th independent Cure53 security audit, covering full white-box access across apps, backend systems, and encryption layers. All 13 findings were fixed, and the 2025 audit is already done.
Follow @TechNadu for more cybersecurity insights.
#CyberSecurity #VPN #Privacy
Follow @TechNadu for more cybersecurity insights.
#CyberSecurity #VPN #Privacy
November 27, 2025 at 4:14 PM
TunnelBear has completed its 8th independent Cure53 security audit, covering full white-box access across apps, backend systems, and encryption layers. All 13 findings were fixed, and the 2025 audit is already done.
Follow @TechNadu for more cybersecurity insights.
#CyberSecurity #VPN #Privacy
Follow @TechNadu for more cybersecurity insights.
#CyberSecurity #VPN #Privacy
OpenAI says a Mixpanel system breach exposed limited API-user data, including names, emails, and coarse location. No chats, API keys, or payment details were affected.
Security researchers noted that using non-anonymized data in analytics isn’t usually best practice.
#CyberSecurity #OpenAI
Security researchers noted that using non-anonymized data in analytics isn’t usually best practice.
#CyberSecurity #OpenAI
November 27, 2025 at 2:18 PM
OpenAI says a Mixpanel system breach exposed limited API-user data, including names, emails, and coarse location. No chats, API keys, or payment details were affected.
Security researchers noted that using non-anonymized data in analytics isn’t usually best practice.
#CyberSecurity #OpenAI
Security researchers noted that using non-anonymized data in analytics isn’t usually best practice.
#CyberSecurity #OpenAI
Multiple London councils - RBKC, Westminster, and Hammersmith & Fulham, have been hit by a coordinated cyberattack.
• NCA & NCSC investigating
• Possible personal data exposure
• Phone lines & systems disrupted
• Remote-working measures activated
A developing story with wide public-sector impact.
• NCA & NCSC investigating
• Possible personal data exposure
• Phone lines & systems disrupted
• Remote-working measures activated
A developing story with wide public-sector impact.
November 27, 2025 at 1:41 PM
Multiple London councils - RBKC, Westminster, and Hammersmith & Fulham, have been hit by a coordinated cyberattack.
• NCA & NCSC investigating
• Possible personal data exposure
• Phone lines & systems disrupted
• Remote-working measures activated
A developing story with wide public-sector impact.
• NCA & NCSC investigating
• Possible personal data exposure
• Phone lines & systems disrupted
• Remote-working measures activated
A developing story with wide public-sector impact.
Windscribe rolls out support for those working under censorship pressures.
• Free 1-yr Pro accounts for verified journalists & NGOs
• AmneziaWG added - a stealth WireGuard fork to bypass blocks
• Stronger protection tools for high-risk users
A notable development for press freedom and privacy.
• Free 1-yr Pro accounts for verified journalists & NGOs
• AmneziaWG added - a stealth WireGuard fork to bypass blocks
• Stronger protection tools for high-risk users
A notable development for press freedom and privacy.
November 27, 2025 at 12:42 PM
Windscribe rolls out support for those working under censorship pressures.
• Free 1-yr Pro accounts for verified journalists & NGOs
• AmneziaWG added - a stealth WireGuard fork to bypass blocks
• Stronger protection tools for high-risk users
A notable development for press freedom and privacy.
• Free 1-yr Pro accounts for verified journalists & NGOs
• AmneziaWG added - a stealth WireGuard fork to bypass blocks
• Stronger protection tools for high-risk users
A notable development for press freedom and privacy.
EU Council updates Chat Control proposal - no mandatory scanning, but new surveillance pathways still possible.
Voluntary scanning, age verification, AI detection systems, and EU-wide blocking create long-term privacy concerns.
#ChatControl #EU #CyberSecurity #Encryption #Privacy
Voluntary scanning, age verification, AI detection systems, and EU-wide blocking create long-term privacy concerns.
#ChatControl #EU #CyberSecurity #Encryption #Privacy
November 27, 2025 at 11:42 AM
EU Council updates Chat Control proposal - no mandatory scanning, but new surveillance pathways still possible.
Voluntary scanning, age verification, AI detection systems, and EU-wide blocking create long-term privacy concerns.
#ChatControl #EU #CyberSecurity #Encryption #Privacy
Voluntary scanning, age verification, AI detection systems, and EU-wide blocking create long-term privacy concerns.
#ChatControl #EU #CyberSecurity #Encryption #Privacy
FCC warns broadcasters after attackers hijack Barix STL devices to broadcast unauthorized content.
Weak passwords + exposed equipment enabled fake EAS tones and inappropriate audio streams. FCC urges immediate security updates.
Follow for more cybersecurity coverage.
#CyberSecurity #FCC #Barix #EAS
Weak passwords + exposed equipment enabled fake EAS tones and inappropriate audio streams. FCC urges immediate security updates.
Follow for more cybersecurity coverage.
#CyberSecurity #FCC #Barix #EAS
November 27, 2025 at 10:23 AM
FCC warns broadcasters after attackers hijack Barix STL devices to broadcast unauthorized content.
Weak passwords + exposed equipment enabled fake EAS tones and inappropriate audio streams. FCC urges immediate security updates.
Follow for more cybersecurity coverage.
#CyberSecurity #FCC #Barix #EAS
Weak passwords + exposed equipment enabled fake EAS tones and inappropriate audio streams. FCC urges immediate security updates.
Follow for more cybersecurity coverage.
#CyberSecurity #FCC #Barix #EAS
US CodeRED emergency alert system taken offline after INC Ransom breach.
Attackers claim 1.15 TB of data exfiltrated before encryption. Crisis24 is rebuilding the platform from earlier backups; municipalities are urging residents to reset reused passwords.
#CyberSecurity #Ransomware #CodeRED #INC
Attackers claim 1.15 TB of data exfiltrated before encryption. Crisis24 is rebuilding the platform from earlier backups; municipalities are urging residents to reset reused passwords.
#CyberSecurity #Ransomware #CodeRED #INC
November 27, 2025 at 9:18 AM
US CodeRED emergency alert system taken offline after INC Ransom breach.
Attackers claim 1.15 TB of data exfiltrated before encryption. Crisis24 is rebuilding the platform from earlier backups; municipalities are urging residents to reset reused passwords.
#CyberSecurity #Ransomware #CodeRED #INC
Attackers claim 1.15 TB of data exfiltrated before encryption. Crisis24 is rebuilding the platform from earlier backups; municipalities are urging residents to reset reused passwords.
#CyberSecurity #Ransomware #CodeRED #INC
A breach at a South Korean MSP has led to 28 victims in the “Korean Leaks” ransomware campaign, with Qilin ransomware responsible for over 1M stolen files. Researchers note evolving messaging and possible overlap with other threat actors.
#CyberSecurity #Qilin #Ransomware #InfoSec #TechNews
#CyberSecurity #Qilin #Ransomware #InfoSec #TechNews
November 27, 2025 at 8:32 AM
A breach at a South Korean MSP has led to 28 victims in the “Korean Leaks” ransomware campaign, with Qilin ransomware responsible for over 1M stolen files. Researchers note evolving messaging and possible overlap with other threat actors.
#CyberSecurity #Qilin #Ransomware #InfoSec #TechNews
#CyberSecurity #Qilin #Ransomware #InfoSec #TechNews
Kensington & Chelsea and Westminster City Council are responding to a cybersecurity issue affecting shared IT systems. Hammersmith & Fulham is taking precautionary measures, and the NCSC is supporting the investigation.
#CyberSecurity #IncidentResponse #DigitalResilience #TechNadu #InfoSec
#CyberSecurity #IncidentResponse #DigitalResilience #TechNadu #InfoSec
November 27, 2025 at 7:36 AM
Kensington & Chelsea and Westminster City Council are responding to a cybersecurity issue affecting shared IT systems. Hammersmith & Fulham is taking precautionary measures, and the NCSC is supporting the investigation.
#CyberSecurity #IncidentResponse #DigitalResilience #TechNadu #InfoSec
#CyberSecurity #IncidentResponse #DigitalResilience #TechNadu #InfoSec
The DOJ alleges that an NSA contractor misused his work computer for harmful online activity involving minors, detected through monitoring systems. His employment ended after his arrest, and he remains innocent until proven guilty.
#CyberSecurity #InsiderRisk #DigitalSafety #InfoSec #TechNadu
#CyberSecurity #InsiderRisk #DigitalSafety #InfoSec #TechNadu
November 27, 2025 at 7:02 AM
The DOJ alleges that an NSA contractor misused his work computer for harmful online activity involving minors, detected through monitoring systems. His employment ended after his arrest, and he remains innocent until proven guilty.
#CyberSecurity #InsiderRisk #DigitalSafety #InfoSec #TechNadu
#CyberSecurity #InsiderRisk #DigitalSafety #InfoSec #TechNadu
Dartmouth College has disclosed a data breach tied to the Clop extortion group, who claim to have taken data from the school’s Oracle EBS servers through a zero-day.
At least 1,494 people were directly impacted, with investigations ongoing.
#CyberSecurity #DataBreach #Clop #OracleEBS #ThreatIntel
At least 1,494 people were directly impacted, with investigations ongoing.
#CyberSecurity #DataBreach #Clop #OracleEBS #ThreatIntel
November 26, 2025 at 5:45 PM
Dartmouth College has disclosed a data breach tied to the Clop extortion group, who claim to have taken data from the school’s Oracle EBS servers through a zero-day.
At least 1,494 people were directly impacted, with investigations ongoing.
#CyberSecurity #DataBreach #Clop #OracleEBS #ThreatIntel
At least 1,494 people were directly impacted, with investigations ongoing.
#CyberSecurity #DataBreach #Clop #OracleEBS #ThreatIntel
Code-beautifier tools were found leaking 80k+ JSON pastes containing credentials, keys, tokens, and PII through a public “Recent Links” feature. Automated scanners even hit expired uploads...
#CyberSecurity #AppSec #DataExposure #Infosec #CloudSecurity #TechNadu #ThreatIntel
#CyberSecurity #AppSec #DataExposure #Infosec #CloudSecurity #TechNadu #ThreatIntel
November 26, 2025 at 5:07 PM
Code-beautifier tools were found leaking 80k+ JSON pastes containing credentials, keys, tokens, and PII through a public “Recent Links” feature. Automated scanners even hit expired uploads...
#CyberSecurity #AppSec #DataExposure #Infosec #CloudSecurity #TechNadu #ThreatIntel
#CyberSecurity #AppSec #DataExposure #Infosec #CloudSecurity #TechNadu #ThreatIntel
A new study finds that aircraft cabin IoT exposes more information inside the network than in transit. Authorized devices can read full sensor details, revealing vendor IP or passenger patterns...
#CyberSecurity #IoTPrivacy #AviationTech #AircraftSystems #InfoSec #TechNadu
#CyberSecurity #IoTPrivacy #AviationTech #AircraftSystems #InfoSec #TechNadu
November 26, 2025 at 4:32 PM
A new study finds that aircraft cabin IoT exposes more information inside the network than in transit. Authorized devices can read full sensor details, revealing vendor IP or passenger patterns...
#CyberSecurity #IoTPrivacy #AviationTech #AircraftSystems #InfoSec #TechNadu
#CyberSecurity #IoTPrivacy #AviationTech #AircraftSystems #InfoSec #TechNadu
Microsoft closes the loophole where phishing meeting invites stayed on calendars even after the email was deleted.
Hard Delete now removes both, and domain-level blocking simplifies phishing cleanup.
#CyberSecurity #Microsoft365 #PhishingDefense #InfoSec
Hard Delete now removes both, and domain-level blocking simplifies phishing cleanup.
#CyberSecurity #Microsoft365 #PhishingDefense #InfoSec
November 26, 2025 at 3:47 PM
Microsoft closes the loophole where phishing meeting invites stayed on calendars even after the email was deleted.
Hard Delete now removes both, and domain-level blocking simplifies phishing cleanup.
#CyberSecurity #Microsoft365 #PhishingDefense #InfoSec
Hard Delete now removes both, and domain-level blocking simplifies phishing cleanup.
#CyberSecurity #Microsoft365 #PhishingDefense #InfoSec
AI agent ecosystems are expanding fast - but so are the blind spots.
We spoke with Britive CEO Artyom Poghosyan about:
• Agent-to-agent trust risks
• Insider misuse of autonomous agents
• How attackers hit the weakest plugin or service account
#Cybersecurity #AIsecurity #IdentitySecurity
We spoke with Britive CEO Artyom Poghosyan about:
• Agent-to-agent trust risks
• Insider misuse of autonomous agents
• How attackers hit the weakest plugin or service account
#Cybersecurity #AIsecurity #IdentitySecurity
November 26, 2025 at 2:48 PM
AI agent ecosystems are expanding fast - but so are the blind spots.
We spoke with Britive CEO Artyom Poghosyan about:
• Agent-to-agent trust risks
• Insider misuse of autonomous agents
• How attackers hit the weakest plugin or service account
#Cybersecurity #AIsecurity #IdentitySecurity
We spoke with Britive CEO Artyom Poghosyan about:
• Agent-to-agent trust risks
• Insider misuse of autonomous agents
• How attackers hit the weakest plugin or service account
#Cybersecurity #AIsecurity #IdentitySecurity
RomCom is now using SocGholish to deliver its Mythic Agent payload - a first-of-its-kind overlap between the two. Targets include U.S. organizations supporting Ukraine. Researchers link the activity to GRU Unit 29155.
#CyberSecurity #RomCom #SocGholish #ThreatIntel #InfoSec
#CyberSecurity #RomCom #SocGholish #ThreatIntel #InfoSec
November 26, 2025 at 1:41 PM
RomCom is now using SocGholish to deliver its Mythic Agent payload - a first-of-its-kind overlap between the two. Targets include U.S. organizations supporting Ukraine. Researchers link the activity to GRU Unit 29155.
#CyberSecurity #RomCom #SocGholish #ThreatIntel #InfoSec
#CyberSecurity #RomCom #SocGholish #ThreatIntel #InfoSec
WormGPT 4 - a malicious AI tool marketed for cybercrime - is now available for as little as $50. Unit 42 shows it can generate ransomware scripts, phishing messages, and malicious code without restrictions.
#CyberSecurity #AIThreats #WormGPT #InfoSec
#CyberSecurity #AIThreats #WormGPT #InfoSec
November 26, 2025 at 12:22 PM
WormGPT 4 - a malicious AI tool marketed for cybercrime - is now available for as little as $50. Unit 42 shows it can generate ransomware scripts, phishing messages, and malicious code without restrictions.
#CyberSecurity #AIThreats #WormGPT #InfoSec
#CyberSecurity #AIThreats #WormGPT #InfoSec
ASUS has issued a fix for a high-severity MyASUS privilege escalation flaw (CVE-2025-59373) that allowed SYSTEM-level access with minimal requirements. Updates are now rolling out through Windows Update.
#CyberSecurity #ASUS #InfoSec #WindowsSecurity
#CyberSecurity #ASUS #InfoSec #WindowsSecurity
November 26, 2025 at 11:48 AM
ASUS has issued a fix for a high-severity MyASUS privilege escalation flaw (CVE-2025-59373) that allowed SYSTEM-level access with minimal requirements. Updates are now rolling out through Windows Update.
#CyberSecurity #ASUS #InfoSec #WindowsSecurity
#CyberSecurity #ASUS #InfoSec #WindowsSecurity
Tor is rolling out a major encryption update: Counter Galois Onion (CGO).
• Replaces aging tor1 scheme
• Stronger defenses against tagging attacks
• 16-byte authenticator for better integrity
• Keys evolve per cell for improved forward secrecy
• Tag chaining prevents recovery of altered traffic...
• Replaces aging tor1 scheme
• Stronger defenses against tagging attacks
• 16-byte authenticator for better integrity
• Keys evolve per cell for improved forward secrecy
• Tag chaining prevents recovery of altered traffic...
November 26, 2025 at 11:10 AM
Tor is rolling out a major encryption update: Counter Galois Onion (CGO).
• Replaces aging tor1 scheme
• Stronger defenses against tagging attacks
• 16-byte authenticator for better integrity
• Keys evolve per cell for improved forward secrecy
• Tag chaining prevents recovery of altered traffic...
• Replaces aging tor1 scheme
• Stronger defenses against tagging attacks
• 16-byte authenticator for better integrity
• Keys evolve per cell for improved forward secrecy
• Tag chaining prevents recovery of altered traffic...