![[tl;dr sec] #293 - MCP Security, AWS Enumeration, North Korean Hacker's Files Leaked](https://image.cybernoz.com/wp-content/uploads/2025/08/tldr-sec-293-MCP-Security-AWS-Enumeration-North-Korean.png)
[tl;dr sec] #293 – MCP Security, AWS Enumeration, North Korean Hacker’s Files Leaked
Rage-fueled Rewrite Monday morning I discovered that some tl;dr sec automation I’d built in Zapier randomly stopped working, despite me not touching it for months.…
Author: Cybernoz
Florida man gets 10 years in prison in first Scattered Spider sentencing
A 20-year-old Florida man received a 10-year federal prison sentence Wednesday for his role in the notorious Scattered Spider cybercrime organization, marking the first conviction…
Microsoft asks customers for feedback on SSD failure issues
Microsoft is seeking further information from customers who reported failure and data corruption issues affecting their solid-state drives (SSDs) and hard disk drives (HDDs) after…
Threat Actors Abuse AI Website Creation App to Deliver Malware
Cybercriminals have discovered a new avenue for malicious activities by exploiting Lovable, an AI-powered website creation platform, to develop sophisticated phishing campaigns and malware delivery…
Kali Vagrant Rebuilt Released with Pre-Configured Command-Line VMs
Kali Linux has announced a major overhaul of its Vagrant virtual machine distribution system, transitioning from HashiCorp’s Packer to the DebOS build system for creating…
Subpostmaster federation accepted money from Fujitsu in run-up to High Court Post Office trial
Fujitsu sponsored an annual event held by the National Federation of Subpostmasters (NFSP) just months before a High Court trial examined claims that its system…
‘Rapper Bot’ hit the Pentagon in at least 3 cyberattacks
The powerful “Rapper Bot” Distributed Denial of Service-for-hire botnet impacted the Department of Defense Information Network (DODIN) in at least three attacks between April and…
Why Certified VMware Pros Are Driving the Future of IT
By Brenda Emerson, VMUG President IT isn’t getting any simpler. For many, the cloud’s gone hybrid, AI’s moved in permanently, and security threats seem to…
Internet Archive Abused for Hosting Stealthy JScript Loader Malware
Security researchers have uncovered a novel malware delivery chain in recent weeks that leverages the Internet Archive’s legitimate infrastructure to host obfuscated payloads. The attack…
FBI Warns Russian State Hackers Targeting Critical Infrastructure Networking Devices
The Federal Bureau of Investigation (FBI) has issued a stark warning to the public, private sector, and international partners regarding persistent cyber threats from actors…
UK equality watchdog: Met Police facial recognition unlawful
The Metropolitan Police’s use of live facial-recognition (LFR) technology is unlawful, according to UK equality watchdog, citing the need for deployments of the technology to…
New QUIC-LEAK Vulnerability Let Attackers Exhaust Server Memory and Trigger DoS Attack
A critical pre-handshake vulnerability in the LSQUIC QUIC implementation that allows remote attackers to crash servers through memory exhaustion attacks. The vulnerability, designated CVE-2025-54939 and…