🎸 DHA BOOK CLUB — "Infosec Rockstar" by Ted Demopoulos 📅 Fri Mar 13 | 7-8 PM | Hybrid

You know that person in infosec who always lands the best gigs, gets invited to speak, and seems to have doors open for them everywhere? That's not luck — that's what this book is about.

"Infosec Rockstar" covers the skills nobody teaches you in certs or boot camps — self-direction, business sense, influence, and how to stand out in a sea of smart people. Come hang, talk shop, and figure out how to crank your career up to 11.

All skill levels welcome. You don't need to have read the book to join. 🤘

https://www.meetup.com/dallas-hackers-association/events/313335799/

📦 That WinRAR "Free Trial" You Never Paid For? Hackers Are Exploiting It Right Now 🚨
A WinRAR vulnerability patched last July (CVE-2025-8088) is still being actively exploited by Russian APTs, Chinese threat actors, and cybercrime gangs six months later. The path traversal flaw lets attackers slip malicious files into your system when you extract seemingly innocent archives. If you're still using WinRAR, update immediately or switch to 7-Zip.

Sources:
- https://www.bleepingcomputer.com/news/security/winrar-path-traversal-flaw-still-exploited-by-numerous-hackers/
- https://cloud.google.com/blog/topics/threat-intelligence/exploiting-critical-winrar-vulnerability
- https://nvd.nist.gov/vuln/detail/CVE-2025-8088
- https://www.helpnetsecurity.com/2026/01/28/winrar-vulnerability-exploited-cve-2025-8088/

---

🔓 Critical OpenSSL Flaw Could Let Hackers Take Over Your Computer Via Email 💀

CVE-2025-15467 is a critical 9.8 CVSS remote code execution vulnerability in OpenSSL's CMS and S/MIME message processing. OpenSSL powers encrypted communications across the entire internet, and this flaw allows unauthenticated attackers to execute arbitrary code remotely without any credentials. A working proof-of-concept already exists in the wild, meaning both defenders and attackers have access to it.

Sources:
- https://nvd.nist.gov/vuln/detail/CVE-2025-15467
https://www.infosecurity-magazine.com/news/12-openssl-flaws/
- https://openssl-library.org/news/vulnerabilities/
- https://twitter.com/IntCyberDigest/status/2016288593547833778

---

🤦 SolarWinds Ships Critical Vulnerabilities In Their Own Software (Yes, THAT SolarWinds) 🤡

SolarWinds, the company that became the poster child for supply chain attacks after their 2020 breach, just disclosed four critical vulnerabilities in their Web Help Desk product. The flaws include unauthenticated remote code execution and authentication bypass that can be chained together to completely compromise systems without logging in. Five years after congressional hearings and intense security scrutiny, they still shipped this mess.

Sources:
- https://www.bleepingcomputer.com/news/security/solarwinds-warns-of-critical-web-help-desk-rce-auth-bypass-flaws/
- https://www.helpnetsecurity.com/2026/01/29/solarwinds-web-help-desk-rce-vulnerabilities/
- https://www.rapid7.com/blog/post/etr-multiple-critical-solarwinds-web-help-desk-vulnerabilities-cve-2025-40551-40552-40553-40554/
- https://nvd.nist.gov/vuln/detail/CVE-2025-40552
- https://nvd.nist.gov/vuln/detail/CVE-2025-40553
- https://nvd.nist.gov/vuln/detail/CVE-2025-40554
- https://nvd.nist.gov/vuln/detail/CVE-2025-40551

🇬🇧 UK Lords Vote to Ban VPNs for Kids 🇬🇧

The UK House of Lords voted 207 to 159 to ban VPNs for anyone under 18, claiming it will prevent children from bypassing age verification on social media and adult content. The amendment would require VPN providers to implement age verification, likely through government IDs or facial scans. Privacy advocates are calling it surveillance infrastructure disguised as child protection, and the measure now heads to the House of Commons.

- https://hansard.parliament.uk/lords/2026-01-21/debates/FDF32A4B-6004-4C08-8995-EB06C45C0B65/Children%E2%80%99SWellbeingAndSchoolsBill
- https://www.tomsguide.com/computing/vpns/uk-lords-vote-to-ban-vpns-for-children-as-pressure-on-the-privacy-tools-increases
- https://www.techradar.com/vpn/vpn-privacy-security/uk-government-targets-vpns-in-new-online-safety-consultation-as-lords-vote-for-ban
- https://www.techradar.com/vpn/vpn-privacy-security/banning-vpns-for-kids-is-the-dumbest-possible-fix-windscribe-ceo

🔐 Fortinet Firewall Vulnerability Still Under Active Attack 🔐

Fortinet has confirmed that attackers are actively exploiting a critical authentication bypass vulnerability in their firewalls. Organizations using affected Fortinet devices are urged to patch immediately as this security flaw is being leveraged in real-world attacks. This represents a significant threat to network security across enterprises worldwide.

- https://www.fortinet.com/blog/psirt-blogs/analysis-of-sso-abuse-on-fortios
- https://www.bleepingcomputer.com/news/security/fortinet-confirms-critical-forticloud-auth-bypass-not-fully-patched/
- https://www.theregister.com/2026/01/23/fortinet_fortigate_patch/
- https://thehackernews.com/2026/01/fortinet-confirms-active-forticloud-sso.html

👟 Nike Data Breach: WorldLeaks Ransomware Claims Massive Theft 👟

Nike is investigating a major cybersecurity incident after the ransomware group WorldLeaks claimed to have stolen 1.4 terabytes of internal company data, including design and manufacturing files. The hackers issued a 48-hour ultimatum and have now published samples of 188,347 stolen files after the deadline passed. WorldLeaks is a rebrand of Hunters International and focuses on pure data extortion rather than traditional ransomware encryption.

- https://www.cyberdaily.au/security/13131-exclusive-athletics-giant-nike-actively-investigating-data-breach-claims
- https://www.complex.com/sneakers/a/victor-deng/nike-potential-data-breach-january-2026
- https://www.theregister.com/2026/01/26/data_thieves_claim_nike_data_haul
- https://www.ransomware.live/id/TmlrZSwgSW5jLkB3b3JsZGxlYWtz
- https://sosransomware.com/en/ransomware-groups/worldleaks-between-pure-extortion-and-traditional-ransomware-whats-the-difference/

300TB Spotify Lawsuit, Okta Vishing Attack & 28M SoundCloud Breach

🎵⚖️ Spotify Pulled Off a SECRET LAWSUIT to Stop Pirates Who Stole 300TB of Music 🎵⚖️

Shadow library Anna's Archive, which scraped nearly 300 terabytes of Spotify's music catalog in December 2025, lost its primary .org domain after Spotify and major record labels filed a sealed lawsuit and secured a court order before the site even knew it was being sued. A federal judge granted a preliminary injunction on January 16, 2026, ordering domain registries and internet infrastructure providers worldwide to block access to the site, though Anna's Archive continues operating through alternative domains outside U.S. jurisdiction.

Cited Sources:

- https://arstechnica.com/tech-policy/2026/01/annas-archive-said-spotify-scrape-didnt-cause-domain-suspension-it-was-wrong/
- https://annas-archive.li/blog/backing-up-spotify.html
- https://arstechnica.com/tech-policy/2026/01/annas-archive-loses-org-domain-says-suspension-likely-unrelated-to-spotify-piracy/
- https://torrentfreak.com/unsealed-spotify-lawsuit-triggered-annas-archive-domain-name-suspensions/
- https://www.musicbusinessworldwide.com/record-labels-spotify-sue-pirate-group-annas-archive-over-scraping-and-brazen-theft-of-86m-tracks/
- https://www.digitalmusicnews.com/2026/01/06/annas-archive-loses-org-address/
- https://en.wikipedia.org/wiki/Anna's_Archive

📞💻 Hackers Can NOW Control Your Browser in REAL TIME During Phone Calls 📞💻

Okta has issued a security warning about sophisticated custom phishing kits specifically designed for voice-based social engineering (vishing) attacks that allow threat actors to manipulate victims' browsers in real-time during phone calls. These adversary-in-the-middle platforms are being sold as-a-service and are actively used to steal Okta SSO credentials, which grant access to enterprise platforms including Microsoft 365, Google Workspace, Salesforce, and hundreds of other business-critical applications.

Cited Sources:

- https://www.bleepingcomputer.com/news/security/okta-sso-accounts-targeted-in-vishing-based-data-theft-attacks/
- https://www.okta.com/blog/threat-intelligence/phishing-kits-adapt-to-the-script-of-callers
- https://www.okta.com/blog/threat-intelligence/help-desks-targeted-in-social-engineering-targeting-hr-applications/
- https://www.bleepingcomputer.com/news/security/okta-sso-accounts-targeted-in-vishing-based-data-theft-attacks/

🎧😱 28 MILLION SoundCloud Users Just Got Their Data STOLEN by Hacker Gang 🎧😱

Music streaming platform SoundCloud confirmed a security breach affecting approximately 20% of its user base—roughly 28 million accounts—after threat actors accessed an internal dashboard and stole email addresses and public profile information. The notorious ShinyHunters extortion gang is reportedly behind the attack and is pressuring SoundCloud for ransom, while the platform has faced multiple denial-of-service attacks and temporary VPN access disruptions following the incident.

Cited Sources

- https://hackread.com/soundcloud-cyberattack-data-breach/
- https://www.scworld.com/brief/soundcloud-suffers-data-breach-user-information-accessed
- https://cybernews.com/security/soundcloud-data-breach-affects-fifth-of-users/
- https://www.malwarebytes.com/blog/news/2025/12/soundcloud-pornhub-and-700credit-all-reported-data-breaches-but-the-similarities-end-there
- https://www.malwarebytes.com/blog/news/2025/12/soundcloud-pornhub-and-700credit-all-reported-data-breaches-but-the-similarities-end-there
- https://hackread.com/shinyhunters-leak-soundcloud-crunchbase-betterment-data/
- https://www.linkedin.com/feed/update/urn:li:activity:7420398716076908544/

🤖 NVIDIA & Meta Caught Pirating 500TB to Train AI Models 🏴‍☠️

Billion-dollar tech companies got caught red-handed downloading hundreds of terabytes of pirated books to train their AI. NVIDIA literally asked a piracy site for 500TB of stolen content, got WARNED it was illegal, and said "send it anyway." Meanwhile Zuckerberg's playing dumb even though internal messages show he approved it…classic corporate villain energy.

Sources:

- https://torrentfreak.com/nvidia-contacted-annas-archive-to-secure-access-to-millions-of-pirated-books
- https://www.heise.de/en/news/Nvidia-Court-documents-reveal-correspondence-regarding-pirated-dataset-11148122.html
- https://dataconomy.com/2026/01/20/claim-nvidia-green-lit-pirated-book-downloads-for-ai-training/
- https://en.wikipedia.org/wiki/Anna's_Archive
- https://torrentfreak.com/meta-torrented-over-81-tb-of-data-through-annas-archive-despite-few-seeders-250206/
- https://www.tweaktown.com/news/103101/meta-accused-of-downloading-torrents-81-7tb-pirated-books-to-train-its-llama-ai-models/index.html
- https://www.plagiarismtoday.com/2026/01/21/3-count-nvidia-in-cahoots/

#AI #TechNews #NVIDIA #CorporateScandal #ArtificialIntelligence

💰 ATM Hackers Caught by Fingerprints Face 30 Years in Prison 🚔

Five guys thought they were master hackers stealing cash from ATMs across three states using malware. Plot twist: they got caught because they literally left their fingerprints ALL OVER the machines while being filmed on camera. Now they're facing 30 years in prison and deportation. Good riddance!

Sources:

- https://www.justice.gov/usao-mdga/pr/multi-state-atm-jackpotting-ring-busted-middle-district-georgia
- https://thehackernews.com/2025/12/us-doj-charges-54-in-atm-jackpotting.html
- https://thehackernews.com/2023/03/new-fixs-atm-malware-targeting-mexican.html
- https://www.state.gov/designation-of-international-cartels/
- https://www.state.gov/releases/2025/07/sanctioning-key-members-of-foreign-terrorist-organization-tren-de-aragua/
- https://thehackernews.com/2014/03/hacking-atm-machines-for-cash-with-just.html
- https://cloud.google.com/blog/topics/threat-intelligence/new-ploutus-variant

#CyberCrime #TrueCrime #HackersCaught #CrimeFail #CyberSecurity

😂 Ransomware Group Leaves Password in Code, Gets Owned 💀
The "scary" INC ransomware gang got absolutely destroyed by their own sloppiness. They renamed their hacking tool "winupdate.exe" (real creative) and LEFT THE PASSWORDS IN THEIR CODE, letting investigators recover all the stolen data without paying a single ransom. Imagine being that bad at crime.

Sources:

- https://www.bleepingcomputer.com/news/security/inc-ransomware-opsec-fail-allowed-data-recovery-for-12-us-orgs/
- https://cybercentaurs.com/blog/infiltration-into-the-inc-ransomware-groups-infrastructure/
- [https://cybercentaurs.com/blog/when-ransomware-makes-a-mistake-inside-inc-ransomwares-backup-infrastructure/](https://cybercentaurs.com/blog/when-ransomware-makes-a-mistake-inside-inc-ransomwares-backup-infrastructure/?utm_source=chatgpt.com)
- https://www.youtube.com/watch?v=uQQxduIIqAA

#Ransomware #HackerFail #CyberSecurity #InstantKarma #TechNews

📺 Iran State TV Hacked to Broadcast Protest Message 🇮🇷
- https://abcnews.go.com/International/wireStory/hackers-target-iran-state-tvs-satellite-transmission-broadcast-129340123
- https://www.reuters.com/business/media-telecom/iran-consider-lifting-internet-ban-state-tv-hacked-2026-01-19/
- https://www.pbs.org/newshour/world/hackers-disrupt-iranian-state-tv-to-broadcast-video-of-exiled-crown-prince
- https://therecord.media/iran-state-television-reported-hack-opposition
- https://www.iranintl.com/en/202601184190
- https://www.timesofisrael.com/liveblog_entry/report-irans-state-tv-hacked-broadcasts-calls-for-protests-by-exiled-crown-prince
- https://www.jpost.com/middle-east/iran-news/article-883776
- https://www.youtube.com/watch?v=ap2Kl13e4JQ
- https://www.cybersecurityintelligence.com/blog/hackers-disrupt-iranian-state-tv--9039.html
- https://www.instagram.com/reel/DTsmM2VD8nh

🕵️‍♂️ Black Basta Ransomware Leader Identified by Authorities 🔓
- https://cyberpolice.gov.ua/news/naczpolicziya-vykryla-chleniv-mizhnarodnogo-xakerskogo-ugrupovannya-ta-identyfikuvala-jogo-organizatora-6407/
- https://the420.in/oleg-nefedov-black-basta-ransomware-interpol-germany-investigation/
- https://www.intel471.com/blog/black-basta-exposed-a-look-at-a-cybercrime-data-leak
- https://app.daily.dev/posts/black-basta-ransomware-leader-added-to-eu-most-wanted-and-interpol-red-notice-b7fq5b2lz
- https://thehackernews.com/2026/01/black-basta-ransomware-hacker-leader.html
- https://www.bankinfosecurity.com/ransomware-most-wanted-cops-seek-head-black-basta-a-30554

🚨 ESA Breached Twice in 2 Weeks: Space Mission Data Stolen 🚀
- https://cisoseries.com/cybersecurity-news-esa-confirms-new-data-heist-ni8mare-lets-hackers-hijack-n8n-servers-taiwan-blames-cyber-army-for-intrusion-attempts/
- https://www.theregister.com/2026/01/07/european_space_agency_breach_criminal_probe/
- https://www.space.com/space-exploration/esa-email-credentials-on-dark-web
- https://www.securityweek.com/european-space-agency-confirms-breach-after-hacker-offers-to-sell-data
- https://www.linkedin.com/pulse/esa-confirms-new-data-heist-ni8mare-lets-hackers-hijack-n8n-mfczc
- https://www.cpomagazine.com/cyber-security/european-space-agency-confirms-data-breach-after-hackers-auction-stolen-information
- https://www.paubox.com/blog/european-space-agency-confirms-data-breach-after-hacker-claims-200gb-of-stolen-data
- https://www.bitdefender.com/en-us/blog/hotforsecurity/european-space-agency-data-breach-classified-documents
- https://spacenews.com/esa-confirms-data-breach
- https://securityaffairs.com/186370/security/esa-disclosed-a-data-breach-hackers-breached-external-servers.html

🎮 **Apex Legends Security Breach: Hackers Hijack Player Characters During Live Professional Matches** 🎮

💀 **BreachForums Hacked: 324,000 Cybercriminal Accounts Exposed in Massive Data Leak** 💀

🍎 **Apple Partners with Google: Gemini AI to Power Siri in Multi-Year Deal** 🤖

🚨📱 *T-Mobile Data Breach Exposes Millions of Customers* 📱🚨

🏦🚔 *Feds Seize Database Used to Hijack Bank Accounts* 🚔🏦

🧬💻 *University of Hawaii Paid Ransom After Cancer Data Breach* 💻🧬