ThreatVectr — cybersecurity news: breaches, vulnerabilities, ransomware and AI security

Security Consultant Who Secretly Fed Intel to BlackCat Ransomware Gang Gets Nearly Six Years
Angelo Martino was hired to help ransomware victims negotiate their way out. Instead, he sold their secrets to the criminals holding them hostage.

Free Android VPNs Are Leaking Your Traffic, Study of 281 Apps Finds
Researchers tested the most popular free VPN apps on Google Play. Many fail at the one job they promise: keeping your internet activity private.

Cybercrime Crew Leaves Its Own Server Wide Open, Exposing 1.4 Million Website Target List
A misconfigured server ran unprotected for three weeks, handing researchers a rare look inside a mass WordPress hacking operation now tracked as WP-SHELLSTORM.

Lumen Technologies Found It Had 1.1 Million Assets, Not 17,000
A new Axonius survey shows most companies still can't see what they own. Lumen's cleanup shows why that matters.

Unpatched Flaw in Alibaba's XQUIC Lets Anyone Crash HTTP/3 Servers With 260 Bytes
A researcher at FoxIO disclosed the bug on 8 July. There is no fix, no login required, and no malformed packets involved.

Criminals Are Calling Your Staff and Stealing Microsoft 365 Logins in Real Time
A hacking group is phoning employees, sending them to fake Microsoft login pages, and quietly locking themselves into corporate accounts before anyone notices. Okta has the details.

'Ill Bloom' Wallet Flaw Drains $3.1 Million as Weak Recovery Phrases Give Thieves the Keys
Security firm Coinspect says attackers are already sweeping wallets whose recovery words were generated with predictable randomness.