Sergiu Gatlan
LightNews LightNews
banner
serghei.bsky.social
Sergiu Gatlan
@serghei.bsky.social
5.5K followers 870 following 82 posts
Cybersecurity/tech reporter @BleepingComputer / serghei.ro
Posts Replies Media Videos
serghei.bsky.social
Google has switched to a risk-based Android update process, with “high-risk” vulnerabilities patched on a monthly basis and the rest fixed on a quarterly schedule.

www.androidauthority.com/android-risk...
Screenshot with quote from article: "How Android's new risk-based update process works Instead of bundling all available security patches into the next ASB, Google now prioritizes shipping only "high-risk" vulnerabilities in its monthly releases. The majority of security fixes, meanwhile, will be shipped in quarterly ASBs. Google defines "high-risk" vulnerabilities as issues that are crucial to address immediately, such as those under active exploitation or that are part of a known exploit chain. This designation is based on real-world threat level and is distinct from a vulnerability's formal "critical" or "high" severity rating."
September 15, 2025 at 4:14 PM
serghei.bsky.social
Phishing email sent to NPM package maintainers:
Phishing email sent to NPM package maintainers: As part of our ongoing commitment to account security, we are requesting that all users update their Two-Factor Authentication (2FA) credentials. Our records indicate that it has been over 12 months since your last 2FA update. To maintain the security and integrity of your account, we kindly ask that you complete this update at your earliest convenience. Please note that accounts with outdated 2FA credentials will be temporarily locked starting September 10, 2025, to prevent unauthorized access.
September 8, 2025 at 5:12 PM
serghei.bsky.social
T-Shirt with "I need more AI!!! (said no one ever)" tagline.
May 8, 2025 at 2:13 PM
serghei.bsky.social
A coalition of CVE Board members launched a new CVE Foundation "to ensure the long-term viability, stability, and independence of the Common Vulnerabilities and Exposures (CVE) Program."

www.thecvefoundation.org
Press release from the CVE Foundation: CVE Foundation Launched to Secure the Future of the CVE Program [Bremerton, Washington] – The CVE Foundation has been formally established to ensure the long-term viability, stability, and independence of the Common Vulnerabilities and Exposures (CVE) Program, a critical pillar of the global cybersecurity infrastructure for 25 years. Since its inception, the CVE Program has operated as a U.S. government-funded initiative, with oversight and management provided under contract. While this structure has supported the program’s growth, it has also raised longstanding concerns among members of the CVE Board about the sustainability and neutrality of a globally relied-upon resource being tied to a single government sponsor. This concern has become urgent following an April 15, 2025 letter from MITRE notifying the CVE Board that the U.S. government does not intend to renew its contract for managing the program. While we had hoped this day would not come, we have been preparing for this possibility. In response, a coalition of longtime, active CVE Board members have spent the past year developing a strategy to transition CVE to a dedicated, non-profit foundation. The new CVE Foundation will focus solely on continuing the mission of delivering high-quality vulnerability identification and maintaining the integrity and availability of CVE data for defenders worldwide. “CVE, as a cornerstone of the global cybersecurity ecosystem, is too important to be vulnerable itself,” said Kent Landfield, an officer of the Foundation. “Cybersecurity professionals around the globe rely on CVE identifiers and data as part of their daily work—from security tools and advisories to threat intelligence and response. Without CVE, defenders are at a massive disadvantage against global cyber threats.” The formation of the CVE Foundation marks a major step toward eliminating a single point of failure in the vulnerability management ecosystem and ensuring…
April 16, 2025 at 8:12 AM
serghei.bsky.social
Trellix says leaked Black Basta chats reveal:

- potential connections to Russian authorities
- Black Basta has two offices in Moscow
- gang utilizes ChatGPT for malicious purposes
- Black Basta has also worked with other ransomware groups (e.g., Rhysida and Cactus)

www.trellix.com/blogs/resear...
Screenshot of text highlighting the following paragraph: "The analysis of leaked Black Basta chats revealed potential connections to Russian authorities, the group's use of AI, and collaborations with other ransomware and malware operations. The chats showed that Black Basta has two offices in Moscow, the gang utilizes ChatGPT for various malicious purposes, including generating deceptive messages and rewriting malware code. We found out that Black Basta has also worked with other ransomware groups, such as Rhysida and Cactus, and used loaders like Qakbot, Pikabot, DarkGate and IcedID."
March 19, 2025 at 6:52 PM
serghei.bsky.social
BleepingComputer's analysis of the messages shows they contain a wide range of information, including phishing templates and email addresses to send them to, cryptocurrency addresses, data drops, victims' credentials, and confirmation of tactics we previously reported on.
Screenshot of a Telegram post saying, "A place to discuss the most important news about Black Basta, one of the largest groups of health workers in Russia, which recently hacked domestic banks. With such matters, we can say that they crossed the border, so we are dedicated to revealing the truth and exploring the next steps of Black Basta. Here you can find information that you can trust, and read all the most important in one channel."
February 20, 2025 at 9:50 PM
serghei.bsky.social
Seizure banner added to all seized domains:
Operation Talent seizure banner saying, "This website, as well as the information on the customers and victims of the website, has been seized by international law enforcement partners..."
January 29, 2025 at 8:02 PM
serghei.bsky.social
The FBI also seized the domains used by MySellIX (mysellix.io), SellIX (sellix.io), and StarkRDP (starkrdp.io).
- MySellIX (mysellix.io) and SellIX (sellix.io), two platforms that allowed users to create their own online stores, which threat actors also used to sell stolen data, software keys, and compromised accounts, and - StarkRDP (starkrdp.io), a Windows RDP virtual hosting provider that some threat actors allegedly used for credential stuffing attacks.
January 29, 2025 at 6:14 PM
serghei.bsky.social
In total, BleepingComputer was told that the PowerSchool data breach impacted 62,488,628 students and 9,506,624 teachers.

The largest districts allegedly impacted by the PowerSchool breach are:
A table that lists the largest school districts impacted by the PowerSchool breach.
January 22, 2025 at 5:54 PM
serghei.bsky.social
"Customers of the three banks named in today’s lawsuit have lost more than $870 million over the network’s seven-year existence," "with some being told to contact the fraudsters directly to recover their money."
Screenshot of CFPB press release with the following text highlighted: "Customers of the three banks named in today’s lawsuit have lost more than $870 million over the network’s seven-year existence, with some being told to contact the fraudsters directly to recover their money."
December 20, 2024 at 2:42 PM
serghei.bsky.social
The suspects now face charges of wire fraud, wire fraud conspiracy, and aggravated identity theft.

If convicted, each faces up to 20 years in prison for conspiracy to commit wire fraud, five years for the conspiracy count, and two years for aggravated identity theft.
A list of the five charged suspects: - Ahmed Hossam Eldin Elbadawy, 23, a.k.a. “AD,” of College Station, Texas; - Noah Michael Urban, 20, a.k.a. "Sosa" and "Elijah," of Palm Coast, Florida; - Evans Onyeaka Osiebo, 20, of Dallas, Texas; - Joel Martin Evans, 25, a.k.a. "joeleoli," of Jacksonville, North Carolina; - Tyler Robert Buchanan, 22, of the United Kingdom.
November 20, 2024 at 7:56 PM
serghei.bsky.social
Heads-up for those who switched to Brave after the Google Chrome Privacy Sandbox bs went live.

If you want web push notifications to work, you'll have to enable "Use Google services for push messaging" in Settings > Privacy and security.
Brave's Settings > Privacy and security dialog with the "Use Google services for push messaging" option enabled.
September 15, 2023 at 10:22 PM
serghei.bsky.social
Microsoft rn: Just chill ppl... There are no cloud vulnerabilities, only happy little accidents.
Image of Bob Ross painting white clouds.
August 3, 2023 at 7:04 AM