banner
samilaiho.com
Sami Laiho
@samilaiho.com
1.6K followers 170 following 2.2K posts
Keynote-speaker, Chief Research Officer, Microsoft MVP since 2011 More info: https://samilaiho.com/
samilaiho.com
Posts Media Videos Starter Packs
samilaiho.com
Sami Laiho @samilaiho.com · 13h
github.com/JGoyd/iOS-At...
GitHub - JGoyd/iOS-Attack-Chain-CVE-2025-31200-CVE-2025-31201: CVE-2025-31200 is a zero-day, zero-click RCE in iOS CoreAudio’s AudioConverterService, triggered by a malicious audio file via iMessage/S...
CVE-2025-31200 is a zero-day, zero-click RCE in iOS CoreAudio’s AudioConverterService, triggered by a malicious audio file via iMessage/SMS. Exploitation bypassed Blastdoor, enabled kernel escalati...
github.com
samilaiho.com
Sami Laiho @samilaiho.com · 13h
Hospital Insider Breach Lasted 10 Years, Led to FBI Inquiry
www.databreachtoday.com/hospital-ins...
Hospital Insider Breach Lasted 10 Years, Led to FBI Inquiry
Harris Health is contacting 5,000 patients about a breach involving a former employee who improperly accessed electronic health records for over a decade. The Texas
www.databreachtoday.com
samilaiho.com
Sami Laiho @samilaiho.com · 13h
Clop raid on Oracle E-Business Suite started months ago, researchers warn
www.theregister.com/2025/10/07/c...
Clop raid on Oracle EBS started months ago, say researchers
: Strap in, admins. Exploits began in August and now the code is out there
www.theregister.com
samilaiho.com
Sami Laiho @samilaiho.com · 13h
North Korean hackers stole over $2 billion in crypto this year
www.bleepingcomputer.com/news/cryptoc...
North Korean hackers stole over $2 billion in crypto this year
North Korean hackers have stolen an estimated $2 billion worth of cryptocurrency assets in 2025, marking the largest annual total on record.
www.bleepingcomputer.com
1
samilaiho.com
Sami Laiho @samilaiho.com · 22h
cybernews.com/security/ste...
Major gaming platforms hit by disruptions: unprecedented DDoS suspected
Steam, Riot, and other major platforms are experiencing widespread service disruptions, likely due to massive DDoS attacks linked to the Aisuru botnet.
cybernews.com
samilaiho.com
Sami Laiho @samilaiho.com · 1d
krebsonsecurity.com/2025/10/shin...
ShinyHunters Wage Broad Corporate Extortion Spree
A cybercriminal group that used voice phishing attacks to siphon more than a billion records from Salesforce customers earlier this year has launched a website that threatens to publish data stolen fr...
krebsonsecurity.com
2 2
samilaiho.com
Sami Laiho @samilaiho.com · 1d
CISA Adds Known Exploited Vulnerabilities to Catalog
URL: www.cisa.gov/news-events/...
Classification: Critical, Solution: Not Defined, Exploit Maturity: Not Defined, CVSSv3.1: 9.8
CISA Adds Seven Known Exploited Vulnerabilities to Catalog | CISA
www.cisa.gov
samilaiho.com
Sami Laiho @samilaiho.com · 1d
Well, Well, Well. It’s Another Day. (Oracle E-Business Suite Pre-Auth RCE
Chain - CVE-2025-61882)
labs.watchtowr.com/well-well-we...
Well, Well, Well. It’s Another Day. (Oracle E-Business Suite Pre-Auth RCE Chain - CVE-2025-61882)
We bet you thought you’d be allowed to sit there, breathe, and savour the few moments of peace you’d earned after a painful week in cyber security. Obviously, you were horribly wrong, and you need to...
labs.watchtowr.com
1
samilaiho.com
Sami Laiho @samilaiho.com · 1d
Insecure Mobile VPNs: The Hidden Danger
zimperium.com/blog/insecur...
Insecure Mobile VPNs: The Hidden Danger
Many free mobile VPN apps are insecure, exposing user data and enterprise information to significant risk. Learn about the hidden dangers and vulnerabilities in these apps.
zimperium.com
1
samilaiho.com
Sami Laiho @samilaiho.com · 1d
Scattered Lapsus$ Hunters offering $10 in Bitcoin to 'endlessly harass' execs
www.theregister.com/2025/10/06/s...
Salesloft hackers outsourcing ransom negotiations for $10
: Crime group claims to have already doled out $1K to those in it 'for money and for the love of the game'
www.theregister.com
samilaiho.com
Sami Laiho @samilaiho.com · 1d
Jaguar Land Rover engines ready to roar again after weeks-long cyber stall
www.theregister.com/2025/10/06/j...
JLR to begin production restart following cyber shutdown
: No confirmed date but workers expected to return in the coming days
www.theregister.com
1
samilaiho.com
Sami Laiho @samilaiho.com · 1d
Suspected Chinese cyber spies targeted Serbian aviation agency
therecord.media/suspected-ch...
Suspected Chinese cyber spies targeted Serbian aviation agency
Hackers believed to be linked to China have targeted a Serbian government department overseeing aviation, as well as other European institutions, according to new research.
therecord.media
samilaiho.com
Sami Laiho @samilaiho.com · 2d
Researchers find — and help fix — a hidden biosecurity threat
news.microsoft.com/signal/artic...
Researchers find — and help fix — a hidden biosecurity threat | Microsoft Signal Blog | Microsoft
news.microsoft.com
1
samilaiho.com
Sami Laiho @samilaiho.com · 2d
It's Never Simple Until It Is (Dell UnityVSA Pre-Auth Command Injection
CVE-2025-36604)
labs.watchtowr.com/its-never-si...
It's Never Simple Until It Is (Dell UnityVSA Pre-Auth Command Injection CVE-2025-36604)
Welcome back, and what a week! We’re glad that happened for you and/or sorry that happened to you. It will get better and/or worse, and you will likely survive. Today, we’re walking down the garden p...
labs.watchtowr.com
samilaiho.com
Sami Laiho @samilaiho.com · 2d
Hacked Ford screens put anti-RTO slogan above CEO’s face
www.theregister.com/2025/10/04/f...
Hacked Ford screens display anti-RTO protest
: Carmaker confirms screen hijack, says probe underway
www.theregister.com
1 1
samilaiho.com
Sami Laiho @samilaiho.com · 2d
Hackers exploited Zimbra flaw as zero-day using iCalendar files
www.bleepingcomputer.com/news/securit...
Hackers exploited Zimbra flaw as zero-day using iCalendar files
Researchers monitoring for larger .ICS calendar attachments found that a flaw in Zimbra Collaboration Suite (ZCS) was used in zero-day attacks at the beginning of the year.
www.bleepingcomputer.com
samilaiho.com
Sami Laiho @samilaiho.com · 3d
Oracle E-Business Suite: Security Alert Advisory
URL: www.oracle.com/security-ale...
Classification: Critical, Solution: Official Fix, Exploit Maturity: High, CVSSv3.1: 9.8
www.oracle.com
1 1
samilaiho.com
Sami Laiho @samilaiho.com · 3d
Free video out :) Windows 11, 11 hacks, 60 minutes. Enjoy and spread the joy🙏

youtu.be/I-duOKOSGPU
11 Ways to Hack Windows 11
YouTube video by Sami Laiho
youtu.be
2 6
samilaiho.com
Sami Laiho @samilaiho.com · 3d
How to Detect Hidden Cameras: 8 Ways to Protect Your Privacy
www.pandasecurity.com/en/mediacent...
How to Detect Hidden Cameras: 8 Ways to Protect Your Privacy
Learn how to detect hidden cameras at home, hotels or Airbnbs so you can protect your privacy while traveling and feel more secure about your surroundings.
www.pandasecurity.com
1
samilaiho.com
Sami Laiho @samilaiho.com · 3d
ICE wants to build a 24/7 social media surveillance team
arstechnica.com/security/202...
ICE wants to build a 24/7 social media surveillance team
ICE plans to hire contractors to scan platforms to target people for deportation.
arstechnica.com
2
samilaiho.com
Sami Laiho @samilaiho.com · 3d
Self-Propagating Malware Spreading Via WhatsApp, Targets Brazilian Users
www.trendmicro.com/en_us/resear...
Self-Propagating Malware Spreading Via WhatsApp, Targets Brazilian Users
Trend™ Research has identified an active campaign spreading via WhatsApp through a ZIP file attachment. When executed, the malware establishes persistence and hijacks the compromised WhatsApp account ...
www.trendmicro.com
samilaiho.com
Sami Laiho @samilaiho.com · 3d
Government flying partially blind to threats after key cyber law expires
www.politico.com/news/2025/10...
Government flying partially blind to threats after key cyber law expires
The law offered legal protections for groups to share cyber threat intel with the federal government.
www.politico.com
1
samilaiho.com
Sami Laiho @samilaiho.com · 3d
Hackers steal identifiable Discord user data in third-party breach
www.bleepingcomputer.com/news/securit...
Discord discloses data breach after hackers steal support tickets
Hackers stole partial payment information and personally identifiable data, including names and government-issued IDs, from some Discord users after compromising a third-party customer service provide...
www.bleepingcomputer.com
1
samilaiho.com
Sami Laiho @samilaiho.com · 3d
Massive surge in scans targeting Palo Alto Networks login portals
www.bleepingcomputer.com/news/securit...
Massive surge in scans targeting Palo Alto Networks login portals
A spike in suspicious scans targeting Palo Alto Networks login portals indicates clear reconnaissance efforts from suspicious IP addresses, researchers warn.
www.bleepingcomputer.com
samilaiho.com
Sami Laiho @samilaiho.com · 4d
thehackernews.com/2025/10/cisa...
CISA Flags Meteobridge CVE-2025-4008 Flaw as Actively Exploited in the Wild
CISA adds actively exploited Meteobridge CVE-2025-4008 and four other critical flaws to KEV catalog.
thehackernews.com