TechNadu
@technadu.com
Cybersecurity, VPNs, & digital privacy, decoded. Smart takes, real insights, and expert reviews to keep you safe online.
👉 Subscribe to our newsletter → technadu.com/newsletter
👉 Subscribe to our newsletter → technadu.com/newsletter
NordVPN’s Threat Protection Pro ranks 3rd in AV-Comparatives’ 2025 Anti-Phishing test, 90% detection, 0 false positives, and the only VPN with this certification.
Solid performance across 1,000 phishing URLs tested throughout the year.
#Cybersecurity #NordVPN #AVComparatives #Phishing
Solid performance across 1,000 phishing URLs tested throughout the year.
#Cybersecurity #NordVPN #AVComparatives #Phishing
November 28, 2025 at 4:54 PM
NordVPN’s Threat Protection Pro ranks 3rd in AV-Comparatives’ 2025 Anti-Phishing test, 90% detection, 0 false positives, and the only VPN with this certification.
Solid performance across 1,000 phishing URLs tested throughout the year.
#Cybersecurity #NordVPN #AVComparatives #Phishing
Solid performance across 1,000 phishing URLs tested throughout the year.
#Cybersecurity #NordVPN #AVComparatives #Phishing
OpenAI says limited API-user analytics data was exposed after Mixpanel suffered a smishing-related breach.
No OpenAI systems were compromised, and no API keys, chats, or passwords were accessed.
Exposed data: names, emails, OS/browser info, and user IDs.
#cybersecurity #infosec #securitynews
No OpenAI systems were compromised, and no API keys, chats, or passwords were accessed.
Exposed data: names, emails, OS/browser info, and user IDs.
#cybersecurity #infosec #securitynews
November 28, 2025 at 3:38 PM
OpenAI says limited API-user analytics data was exposed after Mixpanel suffered a smishing-related breach.
No OpenAI systems were compromised, and no API keys, chats, or passwords were accessed.
Exposed data: names, emails, OS/browser info, and user IDs.
#cybersecurity #infosec #securitynews
No OpenAI systems were compromised, and no API keys, chats, or passwords were accessed.
Exposed data: names, emails, OS/browser info, and user IDs.
#cybersecurity #infosec #securitynews
Tomiris APT (Storm-0473) is targeting diplomatic and government-focused entities using a mix of phishing archives, multi-language reverse shells, & Telegram/Discord-based C2 channels.
Includes Havoc + AdaptixC2 in post-exploitation.
Full report in pinned comment.
#APT #Tomiris #ThreatIntel #infosec
Includes Havoc + AdaptixC2 in post-exploitation.
Full report in pinned comment.
#APT #Tomiris #ThreatIntel #infosec
November 28, 2025 at 2:43 PM
Tomiris APT (Storm-0473) is targeting diplomatic and government-focused entities using a mix of phishing archives, multi-language reverse shells, & Telegram/Discord-based C2 channels.
Includes Havoc + AdaptixC2 in post-exploitation.
Full report in pinned comment.
#APT #Tomiris #ThreatIntel #infosec
Includes Havoc + AdaptixC2 in post-exploitation.
Full report in pinned comment.
#APT #Tomiris #ThreatIntel #infosec
Qilin ransomware claims attack on the City of Santa Paula, disrupting email and internal servers.
• Nov 12 outage
• Double-extortion model suspected
• Recent victims: Sugar Land, Shamir Medical Center, MedImpact
• New TTPs: abusing leaked VPN credentials
#ransomware #infosec #cybersecurity
• Nov 12 outage
• Double-extortion model suspected
• Recent victims: Sugar Land, Shamir Medical Center, MedImpact
• New TTPs: abusing leaked VPN credentials
#ransomware #infosec #cybersecurity
November 28, 2025 at 1:27 PM
Qilin ransomware claims attack on the City of Santa Paula, disrupting email and internal servers.
• Nov 12 outage
• Double-extortion model suspected
• Recent victims: Sugar Land, Shamir Medical Center, MedImpact
• New TTPs: abusing leaked VPN credentials
#ransomware #infosec #cybersecurity
• Nov 12 outage
• Double-extortion model suspected
• Recent victims: Sugar Land, Shamir Medical Center, MedImpact
• New TTPs: abusing leaked VPN credentials
#ransomware #infosec #cybersecurity
Scattered Lapsus$ Hunters is impersonating Zendesk in a new phishing campaign.
• 40+ fake domains
• Cloned SSO pages stealing credentials
• Malicious tickets → RAT deployment
• Similar patterns to earlier Salesforce campaigns
#cybersecurity #phishing #zendesk #ThreatActors #infosec
• 40+ fake domains
• Cloned SSO pages stealing credentials
• Malicious tickets → RAT deployment
• Similar patterns to earlier Salesforce campaigns
#cybersecurity #phishing #zendesk #ThreatActors #infosec
November 28, 2025 at 12:40 PM
Scattered Lapsus$ Hunters is impersonating Zendesk in a new phishing campaign.
• 40+ fake domains
• Cloned SSO pages stealing credentials
• Malicious tickets → RAT deployment
• Similar patterns to earlier Salesforce campaigns
#cybersecurity #phishing #zendesk #ThreatActors #infosec
• 40+ fake domains
• Cloned SSO pages stealing credentials
• Malicious tickets → RAT deployment
• Similar patterns to earlier Salesforce campaigns
#cybersecurity #phishing #zendesk #ThreatActors #infosec
EU is considering a social media ban for under-16s after a strong parliamentary vote backing unified age-assurance rules. Australia’s 2025 under-16 ban is shaping the discussion, but privacy concerns around ID-based verification remain high.
#Cybersecurity #InfoSec #EU #DigitalPrivacy #OnlineSafety
#Cybersecurity #InfoSec #EU #DigitalPrivacy #OnlineSafety
November 28, 2025 at 12:04 PM
EU is considering a social media ban for under-16s after a strong parliamentary vote backing unified age-assurance rules. Australia’s 2025 under-16 ban is shaping the discussion, but privacy concerns around ID-based verification remain high.
#Cybersecurity #InfoSec #EU #DigitalPrivacy #OnlineSafety
#Cybersecurity #InfoSec #EU #DigitalPrivacy #OnlineSafety
Synthetic identities + deepfake video are reshaping impersonation attacks.
Michael Engle, CSO at 1Kosmos, told us: “Attackers don’t just steal credentials anymore, they manufacture entire identities.”
#CyberSecurity #IdentitySecurity #AIAttacks #Deepfake #1Kosmos
Michael Engle, CSO at 1Kosmos, told us: “Attackers don’t just steal credentials anymore, they manufacture entire identities.”
#CyberSecurity #IdentitySecurity #AIAttacks #Deepfake #1Kosmos
November 28, 2025 at 11:07 AM
Synthetic identities + deepfake video are reshaping impersonation attacks.
Michael Engle, CSO at 1Kosmos, told us: “Attackers don’t just steal credentials anymore, they manufacture entire identities.”
#CyberSecurity #IdentitySecurity #AIAttacks #Deepfake #1Kosmos
Michael Engle, CSO at 1Kosmos, told us: “Attackers don’t just steal credentials anymore, they manufacture entire identities.”
#CyberSecurity #IdentitySecurity #AIAttacks #Deepfake #1Kosmos
Missouri will begin enforcing mandatory online age verification on Nov 30, 2025. Sites with 33%+ harmful content must verify users are 18+ through digital IDs, government IDs, or other approved data. Privacy experts warn of surveillance and identity-exposure risks.
#Cybersecurity #OnlineSafety
#Cybersecurity #OnlineSafety
November 28, 2025 at 10:37 AM
Missouri will begin enforcing mandatory online age verification on Nov 30, 2025. Sites with 33%+ harmful content must verify users are 18+ through digital IDs, government IDs, or other approved data. Privacy experts warn of surveillance and identity-exposure risks.
#Cybersecurity #OnlineSafety
#Cybersecurity #OnlineSafety
NVIDIA has issued a critical update for DGX Spark after discovering 14 firmware vulnerabilities affecting core system components.
CVE-2025-33187 (9.3) poses the highest risk, enabling code execution and potential SoC access.
#cybersecurity #NVIDIA #DGXSpark #AIsecurity #CVE #infosec #securitynews
CVE-2025-33187 (9.3) poses the highest risk, enabling code execution and potential SoC access.
#cybersecurity #NVIDIA #DGXSpark #AIsecurity #CVE #infosec #securitynews
November 28, 2025 at 8:49 AM
NVIDIA has issued a critical update for DGX Spark after discovering 14 firmware vulnerabilities affecting core system components.
CVE-2025-33187 (9.3) poses the highest risk, enabling code execution and potential SoC access.
#cybersecurity #NVIDIA #DGXSpark #AIsecurity #CVE #infosec #securitynews
CVE-2025-33187 (9.3) poses the highest risk, enabling code execution and potential SoC access.
#cybersecurity #NVIDIA #DGXSpark #AIsecurity #CVE #infosec #securitynews
A Microsoft Teams guest-access gap is letting attackers bypass Defender for Office 365 by pulling users into low-security external tenants. Safe Links and Safe Attachments don’t apply there, making phishing far easier.
#cybersecurity #MicrosoftTeams #infosec #cloudsecurity #securitynews
#cybersecurity #MicrosoftTeams #infosec #cloudsecurity #securitynews
November 28, 2025 at 7:45 AM
A Microsoft Teams guest-access gap is letting attackers bypass Defender for Office 365 by pulling users into low-security external tenants. Safe Links and Safe Attachments don’t apply there, making phishing far easier.
#cybersecurity #MicrosoftTeams #infosec #cloudsecurity #securitynews
#cybersecurity #MicrosoftTeams #infosec #cloudsecurity #securitynews
Congress has called Anthropic’s CEO to testify on the first known AI-orchestrated cyberattack, reportedly linked to Chinese state actors.
Lawmakers want insight into:
• AI-driven cyber-espionage
• Cloud security gaps
• Quantum-enabled attack models
#Cybersecurity #AIsecurity #CloudSecurity
Lawmakers want insight into:
• AI-driven cyber-espionage
• Cloud security gaps
• Quantum-enabled attack models
#Cybersecurity #AIsecurity #CloudSecurity
November 28, 2025 at 6:11 AM
Congress has called Anthropic’s CEO to testify on the first known AI-orchestrated cyberattack, reportedly linked to Chinese state actors.
Lawmakers want insight into:
• AI-driven cyber-espionage
• Cloud security gaps
• Quantum-enabled attack models
#Cybersecurity #AIsecurity #CloudSecurity
Lawmakers want insight into:
• AI-driven cyber-espionage
• Cloud security gaps
• Quantum-enabled attack models
#Cybersecurity #AIsecurity #CloudSecurity
A new Mirai variant - ShadowV2 - is exploiting IoT vulnerabilities to expand a DDoS-focused botnet. Targets include D-Link, TP-Link, DD-WRT, and more.
#CyberSecurity #IoTSecurity #ThreatIntel #BotnetActivity #TechNadu
#CyberSecurity #IoTSecurity #ThreatIntel #BotnetActivity #TechNadu
November 27, 2025 at 5:56 PM
A new Mirai variant - ShadowV2 - is exploiting IoT vulnerabilities to expand a DDoS-focused botnet. Targets include D-Link, TP-Link, DD-WRT, and more.
#CyberSecurity #IoTSecurity #ThreatIntel #BotnetActivity #TechNadu
#CyberSecurity #IoTSecurity #ThreatIntel #BotnetActivity #TechNadu
A researcher uncovered a flaw in Tyler Technologies’ jury systems that exposed sensitive juror data across several U.S. states. The issue involved sequential juror IDs with no rate limiting, enabling brute-force access.
#Cybersecurity #InfoSec #ThreatIntel #SecurityUpdate #TechNews #TechNadu
#Cybersecurity #InfoSec #ThreatIntel #SecurityUpdate #TechNews #TechNadu
November 27, 2025 at 5:11 PM
A researcher uncovered a flaw in Tyler Technologies’ jury systems that exposed sensitive juror data across several U.S. states. The issue involved sequential juror IDs with no rate limiting, enabling brute-force access.
#Cybersecurity #InfoSec #ThreatIntel #SecurityUpdate #TechNews #TechNadu
#Cybersecurity #InfoSec #ThreatIntel #SecurityUpdate #TechNews #TechNadu
TunnelBear has completed its 8th independent Cure53 security audit, covering full white-box access across apps, backend systems, and encryption layers. All 13 findings were fixed, and the 2025 audit is already done.
Follow @TechNadu for more cybersecurity insights.
#CyberSecurity #VPN #Privacy
Follow @TechNadu for more cybersecurity insights.
#CyberSecurity #VPN #Privacy
November 27, 2025 at 4:14 PM
TunnelBear has completed its 8th independent Cure53 security audit, covering full white-box access across apps, backend systems, and encryption layers. All 13 findings were fixed, and the 2025 audit is already done.
Follow @TechNadu for more cybersecurity insights.
#CyberSecurity #VPN #Privacy
Follow @TechNadu for more cybersecurity insights.
#CyberSecurity #VPN #Privacy
OpenAI says a Mixpanel system breach exposed limited API-user data, including names, emails, and coarse location. No chats, API keys, or payment details were affected.
Security researchers noted that using non-anonymized data in analytics isn’t usually best practice.
#CyberSecurity #OpenAI
Security researchers noted that using non-anonymized data in analytics isn’t usually best practice.
#CyberSecurity #OpenAI
November 27, 2025 at 2:18 PM
OpenAI says a Mixpanel system breach exposed limited API-user data, including names, emails, and coarse location. No chats, API keys, or payment details were affected.
Security researchers noted that using non-anonymized data in analytics isn’t usually best practice.
#CyberSecurity #OpenAI
Security researchers noted that using non-anonymized data in analytics isn’t usually best practice.
#CyberSecurity #OpenAI
Multiple London councils - RBKC, Westminster, and Hammersmith & Fulham, have been hit by a coordinated cyberattack.
• NCA & NCSC investigating
• Possible personal data exposure
• Phone lines & systems disrupted
• Remote-working measures activated
A developing story with wide public-sector impact.
• NCA & NCSC investigating
• Possible personal data exposure
• Phone lines & systems disrupted
• Remote-working measures activated
A developing story with wide public-sector impact.
November 27, 2025 at 1:41 PM
Multiple London councils - RBKC, Westminster, and Hammersmith & Fulham, have been hit by a coordinated cyberattack.
• NCA & NCSC investigating
• Possible personal data exposure
• Phone lines & systems disrupted
• Remote-working measures activated
A developing story with wide public-sector impact.
• NCA & NCSC investigating
• Possible personal data exposure
• Phone lines & systems disrupted
• Remote-working measures activated
A developing story with wide public-sector impact.
Windscribe rolls out support for those working under censorship pressures.
• Free 1-yr Pro accounts for verified journalists & NGOs
• AmneziaWG added - a stealth WireGuard fork to bypass blocks
• Stronger protection tools for high-risk users
A notable development for press freedom and privacy.
• Free 1-yr Pro accounts for verified journalists & NGOs
• AmneziaWG added - a stealth WireGuard fork to bypass blocks
• Stronger protection tools for high-risk users
A notable development for press freedom and privacy.
November 27, 2025 at 12:42 PM
Windscribe rolls out support for those working under censorship pressures.
• Free 1-yr Pro accounts for verified journalists & NGOs
• AmneziaWG added - a stealth WireGuard fork to bypass blocks
• Stronger protection tools for high-risk users
A notable development for press freedom and privacy.
• Free 1-yr Pro accounts for verified journalists & NGOs
• AmneziaWG added - a stealth WireGuard fork to bypass blocks
• Stronger protection tools for high-risk users
A notable development for press freedom and privacy.
EU Council updates Chat Control proposal - no mandatory scanning, but new surveillance pathways still possible.
Voluntary scanning, age verification, AI detection systems, and EU-wide blocking create long-term privacy concerns.
#ChatControl #EU #CyberSecurity #Encryption #Privacy
Voluntary scanning, age verification, AI detection systems, and EU-wide blocking create long-term privacy concerns.
#ChatControl #EU #CyberSecurity #Encryption #Privacy
November 27, 2025 at 11:42 AM
EU Council updates Chat Control proposal - no mandatory scanning, but new surveillance pathways still possible.
Voluntary scanning, age verification, AI detection systems, and EU-wide blocking create long-term privacy concerns.
#ChatControl #EU #CyberSecurity #Encryption #Privacy
Voluntary scanning, age verification, AI detection systems, and EU-wide blocking create long-term privacy concerns.
#ChatControl #EU #CyberSecurity #Encryption #Privacy
FCC warns broadcasters after attackers hijack Barix STL devices to broadcast unauthorized content.
Weak passwords + exposed equipment enabled fake EAS tones and inappropriate audio streams. FCC urges immediate security updates.
Follow for more cybersecurity coverage.
#CyberSecurity #FCC #Barix #EAS
Weak passwords + exposed equipment enabled fake EAS tones and inappropriate audio streams. FCC urges immediate security updates.
Follow for more cybersecurity coverage.
#CyberSecurity #FCC #Barix #EAS
November 27, 2025 at 10:23 AM
FCC warns broadcasters after attackers hijack Barix STL devices to broadcast unauthorized content.
Weak passwords + exposed equipment enabled fake EAS tones and inappropriate audio streams. FCC urges immediate security updates.
Follow for more cybersecurity coverage.
#CyberSecurity #FCC #Barix #EAS
Weak passwords + exposed equipment enabled fake EAS tones and inappropriate audio streams. FCC urges immediate security updates.
Follow for more cybersecurity coverage.
#CyberSecurity #FCC #Barix #EAS
US CodeRED emergency alert system taken offline after INC Ransom breach.
Attackers claim 1.15 TB of data exfiltrated before encryption. Crisis24 is rebuilding the platform from earlier backups; municipalities are urging residents to reset reused passwords.
#CyberSecurity #Ransomware #CodeRED #INC
Attackers claim 1.15 TB of data exfiltrated before encryption. Crisis24 is rebuilding the platform from earlier backups; municipalities are urging residents to reset reused passwords.
#CyberSecurity #Ransomware #CodeRED #INC
November 27, 2025 at 9:18 AM
US CodeRED emergency alert system taken offline after INC Ransom breach.
Attackers claim 1.15 TB of data exfiltrated before encryption. Crisis24 is rebuilding the platform from earlier backups; municipalities are urging residents to reset reused passwords.
#CyberSecurity #Ransomware #CodeRED #INC
Attackers claim 1.15 TB of data exfiltrated before encryption. Crisis24 is rebuilding the platform from earlier backups; municipalities are urging residents to reset reused passwords.
#CyberSecurity #Ransomware #CodeRED #INC
A breach at a South Korean MSP has led to 28 victims in the “Korean Leaks” ransomware campaign, with Qilin ransomware responsible for over 1M stolen files. Researchers note evolving messaging and possible overlap with other threat actors.
#CyberSecurity #Qilin #Ransomware #InfoSec #TechNews
#CyberSecurity #Qilin #Ransomware #InfoSec #TechNews
November 27, 2025 at 8:32 AM
A breach at a South Korean MSP has led to 28 victims in the “Korean Leaks” ransomware campaign, with Qilin ransomware responsible for over 1M stolen files. Researchers note evolving messaging and possible overlap with other threat actors.
#CyberSecurity #Qilin #Ransomware #InfoSec #TechNews
#CyberSecurity #Qilin #Ransomware #InfoSec #TechNews
Kensington & Chelsea and Westminster City Council are responding to a cybersecurity issue affecting shared IT systems. Hammersmith & Fulham is taking precautionary measures, and the NCSC is supporting the investigation.
#CyberSecurity #IncidentResponse #DigitalResilience #TechNadu #InfoSec
#CyberSecurity #IncidentResponse #DigitalResilience #TechNadu #InfoSec
November 27, 2025 at 7:36 AM
Kensington & Chelsea and Westminster City Council are responding to a cybersecurity issue affecting shared IT systems. Hammersmith & Fulham is taking precautionary measures, and the NCSC is supporting the investigation.
#CyberSecurity #IncidentResponse #DigitalResilience #TechNadu #InfoSec
#CyberSecurity #IncidentResponse #DigitalResilience #TechNadu #InfoSec
The DOJ alleges that an NSA contractor misused his work computer for harmful online activity involving minors, detected through monitoring systems. His employment ended after his arrest, and he remains innocent until proven guilty.
#CyberSecurity #InsiderRisk #DigitalSafety #InfoSec #TechNadu
#CyberSecurity #InsiderRisk #DigitalSafety #InfoSec #TechNadu
November 27, 2025 at 7:02 AM
The DOJ alleges that an NSA contractor misused his work computer for harmful online activity involving minors, detected through monitoring systems. His employment ended after his arrest, and he remains innocent until proven guilty.
#CyberSecurity #InsiderRisk #DigitalSafety #InfoSec #TechNadu
#CyberSecurity #InsiderRisk #DigitalSafety #InfoSec #TechNadu
Dartmouth College has disclosed a data breach tied to the Clop extortion group, who claim to have taken data from the school’s Oracle EBS servers through a zero-day.
At least 1,494 people were directly impacted, with investigations ongoing.
#CyberSecurity #DataBreach #Clop #OracleEBS #ThreatIntel
At least 1,494 people were directly impacted, with investigations ongoing.
#CyberSecurity #DataBreach #Clop #OracleEBS #ThreatIntel
November 26, 2025 at 5:45 PM
Dartmouth College has disclosed a data breach tied to the Clop extortion group, who claim to have taken data from the school’s Oracle EBS servers through a zero-day.
At least 1,494 people were directly impacted, with investigations ongoing.
#CyberSecurity #DataBreach #Clop #OracleEBS #ThreatIntel
At least 1,494 people were directly impacted, with investigations ongoing.
#CyberSecurity #DataBreach #Clop #OracleEBS #ThreatIntel
Code-beautifier tools were found leaking 80k+ JSON pastes containing credentials, keys, tokens, and PII through a public “Recent Links” feature. Automated scanners even hit expired uploads...
#CyberSecurity #AppSec #DataExposure #Infosec #CloudSecurity #TechNadu #ThreatIntel
#CyberSecurity #AppSec #DataExposure #Infosec #CloudSecurity #TechNadu #ThreatIntel
November 26, 2025 at 5:07 PM
Code-beautifier tools were found leaking 80k+ JSON pastes containing credentials, keys, tokens, and PII through a public “Recent Links” feature. Automated scanners even hit expired uploads...
#CyberSecurity #AppSec #DataExposure #Infosec #CloudSecurity #TechNadu #ThreatIntel
#CyberSecurity #AppSec #DataExposure #Infosec #CloudSecurity #TechNadu #ThreatIntel