Leaky Weekly

React2Shell (CVE-2025-55182), 41% of Infostealer Victims Infected by Video Game Files

On this episode of Leaky Weekly, host and security researcher Nick Ascoli discusses findings from Flare Research including: * React2Shell (CVE-2025-55182) vulnerability and threat actor chatter * Findings from analysis of 50,000 stealer log infections He also mentions instructions for a giveaway for CTF players who would like another shot at unlocking a shirt from a past challenge… Here are the resources on the stories: * React2Shell Detailed Report (Lachlan Davis) http://react2shell.com [http://react2shell.com] * React2Shell (CVE-2025-55182): A Critical RCE in React Server Components (Flare): https://flare.io/learn/resources/blog/react2shell-cve-2025-55182/?utm_source=Social&utm_medium=Flare+Podcast&utm_campaign=Leaky+Weekly&utm_content=E18 [https://flare.io/learn/resources/blog/react2shell-cve-2025-55182/?utm_source=Social&utm_medium=Flare+Podcast&utm_campaign=Leaky+Weekly&utm_content=E18] * How Gamers Became Cybercrime’s Favorite Target: Analysis of 50,000 Infostealer Infections (Flare): https://flare.io/learn/resources/cybercrime-favorite-target-gamers/?utm_source=Social&utm_medium=Flare+Podcast&utm_campaign=Leaky+Weekly&utm_content=E18 [https://flare.io/learn/resources/cybercrime-favorite-target-gamers/?utm_source=Social&utm_medium=Flare+Podcast&utm_campaign=Leaky+Weekly&utm_content=E18] Brought to you by Flare, Threat Exposure Management solution and industry-leading dataset on cybercrime that integrates into your security program in 30 minutes. Check out what’s on the dark web (and more) about your organization: https://try.flare.io/free-trial/?utm_source=Social&utm_medium=Flare+Podcast&utm_campaign=Leaky+Weekly&utm_content=E18 [https://try.flare.io/free-trial/?utm_source=Social&utm_medium=Flare+Podcast&utm_campaign=Leaky+Weekly&utm_content=E18] Check out Flare Academy: https://flare.io/flare-academy/?utm_source=Social&utm_medium=Flare+Podcast&utm_campaign=Leaky+Weekly&utm_content=E18 [https://flare.io/flare-academy/?utm_source=Social&utm_medium=Flare+Podcast&utm_campaign=Leaky+Weekly&utm_content=E18] * Our free training series led by experts on critical topics such as threat intelligence, operational security, and advanced investigation techniques (earn CPE credits towards cybersecurity certifications) * Our Discord community is a space to learn from and with cybersecurity professionals (including Nick!) and students, check out previous training resources, and keep up with upcoming training

Attack on Identity: Dissecting Microsoft’s 2025 Digital Defense Report

On this episode of Leaky Weekly, host and security researcher Nick Ascoli and Flare’s Identity Security Expert Mike Iaconianni dig into their responses and questions to the Microsoft 2025 Digital Defense Report. Here are the resources on the stories: * Microsoft Digital Defense Report 2025 https://www.microsoft.com/en-us/corporate-responsibility/cybersecurity/microsoft-digital-defense-report-2025/ [https://www.microsoft.com/en-us/corporate-responsibility/cybersecurity/microsoft-digital-defense-report-2025/] * Screenshot.jpg (When They Got Hacked) by John Hammond https://www.youtube.com/watch?v=4h-bCHVFOs4 [https://www.youtube.com/watch?v=4h-bCHVFOs4] Brought to you by Flare, Threat Exposure Management solution and industry-leading dataset on cybercrime that integrates into your security program in 30 minutes. Check out what’s on the dark web (and more) about your organization [https://try.flare.io/free-trial/?utm_source=Social&utm_medium=Flare+Podcast&utm_campaign=Leaky+Weekly&utm_content=E16]. Check out Flare Academy [https://flare.io/flare-academy/?utm_source=Social&utm_medium=Flare+Podcast&utm_campaign=Leaky+Weekly&utm_content=E16]: * Our free training series led by experts on critical topics such as threat intelligence, operational security, and advanced investigation techniques (earn CPE credits towards cybersecurity certifications) * Our Discord community is a space to learn from and with cybersecurity professionals (including Nick!) and students, check out previous training resources, and keep up with upcoming training

NPM Supply Chain Attack, Fake Europol Bounty, and Operation Secure

On this episode of Leaky Weekly, host and security researcher Nick Ascoli covers the NPM supply chain attack, fake Europol bounty, and Operation Secure. Here are the resources on the stories: * Largest NPM attack in crypto history stole less than $50: SEAL (Cointelgraph) [https://cointelegraph.com/news/large-scale-npm-attack-compromised-less-50-dollars] * Breakdown: Widespread npm Supply Chain Attack Puts Billions of Weekly Downloads at Risk (Palo Alto Networks) [https://www.paloaltonetworks.com/blog/cloud-security/npm-supply-chain-attack/] * The largest supply-chain attack ever… (Fireship, The Code Report) [https://www.youtube.com/watch?v=QVqIx-Y8s-s] * 2 Billion npm Downloads at Risk From Crypto Malware: A Wake-Up Call for Open-Source Supply Chain Security (OPSWAT) [https://www.opswat.com/blog/2-billion-npm-downloads-at-risk-from-crypto-malware-a-wake-up-call-for-open-source-supply-chain-security] * Self-Replicating Worm Hits 180+ npm Packages to Steal Credentials in Latest Supply Chain Attack (The Hacker News) [https://thehackernews.com/2025/09/40-npm-packages-compromised-in-supply.html] * Europol confirms $50,000 Qilin ransomware reward is fake (BleepingComputer) [https://www.bleepingcomputer.com/news/security/europol-confirms-that-qilin-ransomware-reward-is-fake/] * 20,000 malicious IPs and domains taken down in INTERPOL infostealer crackdown (INTERPOL) [https://www.interpol.int/en/News-and-Events/News/2025/20-000-malicious-IPs-and-domains-taken-down-in-INTERPOL-infostealer-crackdown] * Operation Secure: Trend Micro's Threat Intelligence Fuels INTERPOL's Infostealer Infrastructure Takedown  (Trend Micro) [https://www.trendmicro.com/en_us/research/25/f/interpol-operation-secure.html] Brought to you by Flare, Threat Exposure Management solution and industry-leading dataset on cybercrime that integrates into your security program in 30 minutes. Check out what’s on the dark web (and more) about your organization [https://try.flare.io/free-trial/?utm_source=Social&utm_medium=Flare+Podcast&utm_campaign=Leaky+Weekly&utm_content=E14]. Check out Flare Academy [https://flare.io/flare-academy/?utm_source=Social&utm_medium=Flare+Podcast&utm_campaign=Leaky+Weekly&utm_content=E14]: * Our free training series led by experts on critical topics such as threat intelligence, operational security, and advanced investigation techniques (earn CPE credits towards cybersecurity certifications) * Our Discord community is a space to learn from and with cybersecurity professionals (including Nick!) and students, check out previous training resources, and keep up with upcoming training

Spilling the Tea on the Tea App and TeaOnHer, and Salesforce Tenant Breaches

On this episode of Leaky Weekly, host and security researcher Nick Ascoli spills the tea on data leaks from Tea and TeaOnHer, as well as attacks on Salesforce tenants. Here are the resources on the stories: * The Cost of a Call: From Voice Phishing to Data Extortion (Google Threat Intelligence Group) [https://cloud.google.com/blog/topics/threat-intelligence/voice-phishing-data-extortion] * ShinyHunters behind Salesforce data theft attacks at Qantas, Allianz Life, and LVMH (BleepingComputer) [https://www.bleepingcomputer.com/news/security/shinyhunters-behind-salesforce-data-theft-attacks-at-qantas-allianz-life-and-lvmh/] * Hackers steal images from women's dating safety app that vets men (BBC) [https://www.bbc.com/news/articles/c7vl57n74pqo] * Tea app leak worsens with second database exposing user chats (BleepingComputer) [https://www.bleepingcomputer.com/news/security/tea-app-leak-worsens-with-second-database-exposing-user-chats/] * TeaOnHer, a rival Tea app for men, is leaking users’ personal data and driver’s licenses (TechCrunch) [https://techcrunch.com/2025/08/06/a-rival-tea-app-for-men-is-leaking-its-users-personal-data-and-drivers-licenses/] Brought to you by Flare, Threat Exposure Management solution and industry-leading dataset on cybercrime that integrates into your security program in 30 minutes. Check out what’s on the dark web (and more) about your organization [https://try.flare.io/free-trial/?utm_source=Social&utm_medium=RSS&utm_campaign=Leaky+Weekly&utm_content=E13]. Flare now offers Flare Academy training, which is our (free!) training series led by experts that cover critical topics such as threat intelligence, operational security, and advanced investigation techniques. You can also earn CPE credits toward your cybersecurity certifications. Sign up for your next training here [https://flare.io/flare-academy/]. Join the Flare Academy Community Discord [https://try.flare.io/flare-community/?utm_campaign=Leaky%20Weekly&utm_source=podcast&utm_medium=social] to keep up with upcoming training, check out previous training resources, chat with cybersecurity professionals (including Nick!), and more.

Use a Stealer Log, Go to Prison (Part 2): PowerSchool and Snowflake Tenant Breach Arrests

On this episode of Leaky Weekly, host and security researcher Nick Ascoli gets into stealer logs and arrests in the last few weeks of the threat actors who targeted PowerSchool and Snowflake tenants. This is part 2 of a 2 part series, Use a Stealer Log, Go to Prison. Missed part 1? Check it out here on Apple Podcasts [https://podcasts.apple.com/us/podcast/use-a-stealer-log-go-to-prison-part-1-intelbroker/id1773371926?i=1000721838443] or Spotify [https://open.spotify.com/episode/5phQeQy455kI1OMjWQD5wp?si=2R37FO2SSEeGrOiGthiDug]. Here are the resources on the stories: * Cybersecurity Incident Notice (PowerSchool) [https://www.powerschool.com/security/sis-incident/] * Matthew Lane Plea Deal (Thomson Reuters) [https://fingfx.thomsonreuters.com/gfx/legaldocs/egpblxqnnpq/05202025lane_plea.pdf] * United States v. Matthew D. Lane (U.S. Department of Justice) [https://www.justice.gov/d9/2025-05/us_v._matthew_lane_-_information.pdf] * Update on New PowerSchool Data Breach and Ongoing Protection Measures (Union Intermediate School, Sampson County Schools) [https://www.sampson.k12.nc.us/o/uis/article/2200002] * A hacker's ransom: Inside the cyberattack that compromised NC student and teacher records (WRAL) [https://www.wral.com/story/a-hacker-s-ransom-inside-the-cyberattack-that-compromised-nc-student-and-teacher-records/21989281/] * Leaky Weekly: PowerSchool Hack; Takedowns & Arrests & Leaks, Oh My!; and ITRC Breach Report (Flare) [https://www.youtube.com/watch?v=YjejzMa0AH4&list=PLUERIuQVl_9PAUwdsrt9t1r2WDbn41taH] * Hacker in Snowflake Extortions May Be a U.S. Soldier (Krebs on Security) [https://krebsonsecurity.com/2024/11/hacker-in-snowflake-extortions-may-be-a-u-s-soldier/] * United States v. Moucka (CourtListener) [https://www.courtlistener.com/docket/69362701/1/united-states-v-moucka/] * Former U.S. Soldier Pleads Guilty to Hacking and Extortion Scheme Involving Telecommunications Companies (U.S. Department of Justice) [https://www.justice.gov/opa/pr/former-us-soldier-pleads-guilty-hacking-and-extortion-scheme-involving-telecommunications] * Leaky Weekly: Arrests, RedLine & META Infrastructure Takedown, and MOVEit Leaks (Flare) [https://www.youtube.com/watch?v=-RrziD4BNys] Brought to you by Flare, the world's easiest to use and most comprehensive cybercrime database that integrates into your security program in 30 minutes. Check out what’s on the dark web (and more) about your organization [https://try.flare.io/free-trial/?utm_source=Social&utm_medium=RSS&utm_campaign=Leaky+Weekly&utm_content=E12]. Flare now offers Flare Academy training, which is our (free!) training series led by experts that cover critical cybersecurity topics. Check out Flare Academy [https://flare.io/flare-academy/] to keep up with upcoming trainings, check out previous training resources, chat with cybersecurity professionals (including Nick!) in the Flare Academy Community Discord, and more.