Latest Cybersecurity Articles — AI-Scored and Summarized

Dashlane discloses coordinated brute-force attack on device enrollment APIs that downloaded fewer than 20 encrypted password vaults before automated lockout halted the campaign.

• Attackers brute-forced Dashlane's device enrollment API endpoints to generate valid six-digit OTP tokens, bypassing identity verification for fewer than 20 accounts
• Attack vector: automated high-volume requests to device registration API endpoints; 2FA users (authenticator app) were not susceptible to the OTP brute-force path
• Dashlane's automated security systems triggered account lockouts as intended, but not before valid tokens were generated and new devices registered on targeted accounts

FTC is considering modifying or setting aside its $150M 2022 privacy settlement with X (formerly Twitter) over deceptive use of user security data for targeted advertising.

ShinyHunters extortion group leaked 234GB of DentaQuest data exposing 2.6 million accounts including health insurance and government ID information.

• Leaked dataset (234GB) confirmed by HIBP to contain email addresses, full names, phone numbers, government-issued IDs, health insurance information, genders, and dates of birth for 2.6M accounts
• ShinyHunters listed DentaQuest on its data leak site following failed extortion negotiation before publicly releasing the full dataset
• HIBP validation found ~66% of exposed records were already present from prior incidents, indicating significant overlap with previously compromised identity pools

Russia seeks extremist designation for Belarusian Cyber Partisans and Silent Crow following their claimed Aeroflot cyberattack disrupting 100+ flights in July 2025.

• Belarusian Cyber Partisans and Silent Crow claimed destruction of Aeroflot IT infrastructure and exfiltration of flight records, internal call recordings, and employee monitoring data (July 2025)
• Silent Crow previously claimed breach of Rosreestr (Russia's state property registry); Belarusian Cyber Partisans targeted Belarusian railway network to disrupt Russian military logistics
• Both groups maintain operational Telegram channels; Belarusian Cyber Partisans also operate website and YouTube channel — public OSINT sources for threat tracking

Cisco Talos weekly newsletter from Cisco Live covering AI infrastructure security trends, KongTuke C2 threat hunting discovery, and five malware IOCs from telemetry.

• Five malware samples from Talos telemetry: Coinminer worm (VID001.exe), Procpatcher (sample.exe), KMS activator (AutoPico.exe), and dropper/miner variants — all with SHA256/MD5 hashes and detection…
• Cisco Talos Threat Hunting expanding hypothesis-driven program using AI-driven telemetry analysis; recent KongTuke C2 infrastructure discovered before formal detection signature existed
• Weekly headlines: HTTP/2 Bomb exploit affecting 880K+ NGINX/Apache/IIS sites, Red Hat NPM channel backdoored pushing credential-stealing worm, Kali365 phishing-as-a-service expanding to AWS/Okta