A clean feed (and weekly digest) of noteworthy cybersecurity facts

The CyberFacts Feed

I’ve started to systematically keep an archive of my readings since early 2021. I enjoy staying up to date with what happens in this world and keep track of what others are doing, and I make an effort to get to the source to eliminate the noise and room for inaccuracies as much as possible. So I decided to start sharing the live RSS feed of what I read. As soon as I find something interesting, I skim through it, publish it here, and randomly trigger automated posts on my LinkedIn feed and Twitter @CyberFactsIT.

CyberFacts Weekly

CyberFacts Weekly is a digest of the CyberFacts Feed, spiced up with some highlights, notes, thoughts, links. There are already many good cyber-security newsletters (e.g., tl;dr sec) or news analysis (e.g., by Daniel Miessler), so by no means I’m trying to compete with them. I’m doing this mostly for myself, so that I can keep an online archive of my favorite or noteworthy readings.

If you’d prefer, you can also subscribe to CyberFacts Weekly via RSS.

Want to check out the past issues first? Browse the archive!

🔓 [CyberFacts Weekly - Issue 0x03] Twice the Content, New Workflow

Two SGX SDK vulns patched / Twitch leak not surprising / Abusing GitHub Actions / YouTube MP4 parsing vuln patched / Thingiverse leak (36GB) / 2.4 Tbps DDoS hit Azure customer / Proton bug bounty / Ransomware payments up 40% YoY / Trump's website defaced / Candy maker hit by ransomware / Abusing garage door openers / ATM PIN guessing

🔓 [CyberFacts Weekly - Issue 0x02] The Week of Massive Leaks

Twitch leak (128GB) / Telegraph DB exposed (10TB) / Full iOS 15 decompiled source code / FB/IG/WA disappeared from the Internet / New ESP-persistent UEFI bootkit found / LeakIX 2.0 vs. exposed services / Pandora Papers is the new Panama Papers / SMS-routing service compromised for years / Phrack #70 is out / Apache CVE-2021-41773 patched / pilot to secure OSS / Ransomware gang arrested in Ukraine

🔓 [CyberFacts Weekly - Issue 0x01] A Packed Week

Malware targeting gamers / VSCode extension with command injection / OWASP turns 20 / Chrome fixes an RCE / AirTags can carry XSS payload / PoC exploit for VMware CVE-2021-22005 / More Apple bug bounty drama / Android bankers / Bitcoin ATMs vulnerable to tampering / New SolarWinds details / When ransomware hits hospitals / Bug in ApplePay Express Mode with VISA / Threat actors posing as Amnesty

🔓 [CyberFacts Weekly - Issue 0x00] First Out

AlphaBay's founder is back / Donation sites abuse for card testing / Apple Tracking Transparency lets trackers track / AI can introduce vulnerabilities in code / Valid PEs that evade integrity checks / High-res satellite imagery as a service / BulletProofLink PAAS operation / How UAE spy program recruited an NSA hacker