Cyber Bites

* Viral AI Caricature Trend Poses Major Security Risks, Experts Warn
* North Korean Hackers Target Developers with Malware-Laced Coding Challenges
* Open Source Registries Face Critical Funding Shortfall as Security Threats Mount
* Microsoft Copilot Bug Bypasses Security Controls to Summarise Confidential Emails
* PromptSpy Android Malware Leverages Gemini AI to Achieve Device Persistence



This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com

* Apple Patches Critical Zero-Day Vulnerability Exploited in Targeted Attacks
* Australian Government Agencies Falling Short on Cyber Incident Reporting, Undermining National Security
* Service NSW Launches Pilot for New Digital Identity Verification System
* Fake 7-Zip Site Distributes Trojanised Installer Creating Residential Proxy Network
* Microsoft Patches Remote Code Execution Flaw in Windows 11 Notepad


This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com

* Apple Introducing Privacy Feature to Reduce Carrier Location Tracking on Select Devices
* Malicious Campaign Exploits OpenClaw AI Assistant to Distribute Password-Stealing Malware
* Iron Mountain Downplays Data Breach Claimed by Everest Extortion Gang
* Chinese State Hackers Hijacked Notepad++ Update Feature for Six Months
* Australian Real Estate Platforms Expose Millions of Lease Documents Through Insecure Links



This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com

* Nearly 800,000 Telnet Servers Exposed Globally as Critical Authentication Bypass Vulnerability Faces Active Exploitation
* JavaScript Package Managers Vulnerable to Supply Chain Attacks Despite npm’s Shai-Hulud Security Measures
* WhatsApp Launches Strict Account Settings to Shield High-Risk Users From Advanced Spyware Attacks
* Extortion Group WorldLeaks Claims 1.4 Terabyte Data Theft From Nike in Manufacturing-Focused Breach
* ShinyHunters Targets Approximately 100 Organisations in Okta Single Sign-On Credential Theft Campaign



This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com

Hey Everyone, for today’s Cyber Bites we’ll be covering stories about companies being compromised by their own security training tools, GitLab patching a two-factor authentication bypass, researchers saying that AI-powered browsers might be undoing years of web security progress, Zendesk support systems being turned into spam engines worldwide and a look at the popular passwords still being used in 2025.
* Fortune 500 Companies Compromised Through Vulnerable Security Testing Applications
* GitLab Releases Emergency Patches for Two-Factor Authentication Bypass and Denial-of-Service Vulnerabilities
* AI-Powered Browsers Reverse Decades of Web Security Advances, Researchers Warn
* Attackers Weaponise Zendesk Support Systems in Massive Global Spam Campaign
* Predictable Password Patterns Persist as Billions Continue Using Easily Cracked Credentials



This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com