Sign in

A writer for CyberHoot, a cybersecurity company that helps society become more aware and more secure.

WhatsApp, a Facebook-owned company, is a mobile application that allows users to send text messages, voice calls, and share documents with other WhatsApp users. You may wonder why the app sounds familiar, it’s likely due to the Jeff Bezos attack in 2018 where his phone was hacked and the attacker stole GBs worth of personal data. This led to incriminating photos being released publicly of Bezos with his mistress, a very public divorce, and a roast at the Oscars by Chris Rock, all because of a cyber-attack involving WhatsApp. …


In the spring and summer of 2021, hackers stealthily entered the United Nation’s (UN) proprietary project management software, Umoja, accessing the network and stealing critical data to be used in further attacks. “ The stolen data from the UN’s network could be used to target agencies within the UN, and already potentially has” according to Stéphane Dujarric, spokesperson for the UN Secretary-General and detailed in this report.

It’s not the UN’s first breach, in January 2020, the operators behind the notorious Emotet malware took aim at the UN through a phishing campaign with the intent of stealing credentials and deliver…


T-Mobile, a self-proclaimed leader in 5G, is a CyberHoot worst of the worst for cybersecurity breaches. While preparing this article on the latest 54 million subscriber breach, we found no less than 4 other breaches over the last seven years. In 2015, 15 million social security numbers and addresses of subscribers were stolen. In 2018, 2 million subscribers had personal information compromised. In 2019 they had exposed 1 million subscriber’s personal information. Lastly, in 2020, they had a breach that compromised 200,000 subscribers. Now we find out everything they ever collected was stolen. They clearly are not learning from their…


Recently, cryptocurrency exchanges, the place where you can buy and sell cryptocurrencies on the Internet, have been under active and successful attack. In one case, a Chinese cryptocurrency exchange called Poly Networks was robbed of about $600 million’s worth of cryptocurrencies. Luckily the hacker was ethical enough to give a most, if not all (eventually) back to Poly Networks after they promised to fix the flaw he exploited. A few weeks after the Poly Networks incident, a Japanese-based cryptocurrency platform, Liquid, got hit by hackers, who stole $100 million worth of their cryptocurrency. What’s going on?

What Happened?

Details are not public…


Microsoft’s Edge Vulnerability Research Team recently published details on a new feature in development called “Super Duper Secure Mode” (SDSM). SDSM is designed to improve security without notable performance losses. To do this, SDSM eliminates JavaScript‘s Just-In-Time (JIT) compilers, which were designed to boost page loading speeds, browser performance, but are notably exploitable by hackers.

How Does It Work?

When enabled, Edge’s SDSM will remove Just-In-Time Compilation (JIT) from the V8 processing pipeline, reducing the attack surface hackers use to hack into Edge users’ devices. According to Common Vulnerabilities and Exposure (CVE) reports accumulated since 2019, “around 45% of vulnerabilities found in the V8…


August 19th, 2021: CyberHoot has received notification of critical risks to our national cybersecurity. A critical vulnerability has been made public by CISA, known as “BadAlloc”. Details of the vulnerabilities found in multiple real-time operating systems (RTOS) and supporting libraries are available here. CyberHoot is issuing this advisory to provide early notice of the reported vulnerabilities in the hope of assisting our clients in identifying at-risk systems and upgrading/eliminating/remediating the risks quickly and effectively. Doing so will reduce your risk of these attacks. …


BazarCaller — Vishing Gang

BazarCaller is a new cybercrime gang that uses Vishing to trick its victims into handing over information or access to a device. Vishing is the malicious practice of making phone calls or leaving voice messages pretending to be from reputable companies in order to have individuals give out personal or financial information. Vishing is similar to phishing, but it’s conducted over the phone instead of email.

Vishing Attacks

In recent years, vishing has been combined with website hacks that display a virus warning from “Microsoft” (or other reputable company) asking you to call their support line to remove…


On the second Tuesday of each month since 2003, Microsoft has released security-related updates to Windows (desktop and server), Office, and related products. Updates and patches aren’t only released on that frequency, sometimes there are ‘Out-Of-Band (OOB)’ updates for actively exploitable vulnerabilities.

Where To Find Updates

Every security update issued by Microsoft is given with a summary published by the Microsoft Security Response Center (MSRC) at approximately the same time the updates are released. Oftentimes you will see the Common Vulnerability and Exposure (CVE) number associated with the security gap, which you can easily search for on Google to find more information.

CVE entries…


The U.S. Cybersecurity and Infrastructure Security Agency (CISA) teamed up with the Australian Cyber Security Centre (ACSC), the United Kingdom’s National Cyber Security Centre (NCSC), and the U.S. Federal Bureau of Investigation (FBI) to author a report detailing current top vulnerabilities exploitable by hackers. Each vulnerability has been meticulously documented in the Common Vulnerabilities and Exposures (CVEs) database; a top source of threat intelligence used by infosec professionals.

Report Findings

In 2020, a rapid shift to remote work caused by the pandemic turned into a bonanza for hackers. Systems brought home in haste lost access to patching infrastructure which prohibited direct Microsoft…


An anonymous Apple researcher found a security flaw in Macs and iPhones that hackers are actively exploiting. The vulnerability goes by CVE-2021–30807, with the researcher stating:

“An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.”

The Zero-Day vulnerability critical vulnerability exists in both Mac computes and iPhones which hackers are aware of exploiting.

The vulnerability was allegedly found in the IOMobileFrameBuffer kernel code, an element that helps applications set up and use your device or computer's display. …

Ty Mezquita — CyberHoot

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store