Cybersecurity Daily: News & Threats
(00:00:00) ShinyHunters' Kodak Deadline, 24B Credential Dump & Vertex AI Patch (00:01:01) Kodak ShinyHunters June Deadline (00:01:58) 24 Billion Record Mega-Dump (00:02:44) ICAI Exam Portal Allegations (00:03:30) Key Watchpoints Going Forward Three high-stakes cybersecurity stories dominate today's briefing — and one of them is on a countdown clock. ShinyHunters has set a June 18 deadline for Kodak to make contact or face publication of 2.2 million customer records. Kodak has confirmed unauthorised access but characterises it as limited, while ShinyHunters has yet to release a proof sample. That ambiguity is deliberate. The group has followed through on publication threats before — most recently after 7-Eleven negotiations stalled — and with 64% of organisations now refusing ransom payment, Kodak's response will serve as a live benchmark for corporate extortion posture. Separately, researchers uncovered an exposed Elasticsearch cluster containing roughly 24 billion credentials aggregated from 36 sources. The alarming detail is composition: a substantial portion originates from fresh infostealer logs harvesting plaintext passwords and session tokens from active infections today — not just historical breach archives. The cluster has been taken offline, but the data's onward movement is likely already in progress. On the vulnerability side, Google patched a race-condition flaw in the Vertex AI SDK (version 1.148.0, released April 15) that allowed attackers to intercept ML models mid-upload via predictable staging bucket names. The exploit window was approximately 2.5 seconds — enough to swap in pickle- or joblib-serialised payloads and harvest cross-tenant OAuth tokens. This is the second predictable-bucket-name flaw patched in Vertex AI this year, suggesting a systemic design pattern rather than an isolated bug. Finally, unverified social media claims allege a threat actor obtained superadmin access to India's ICAI chartered accountancy exam portal hours before results were due. No technical evidence has been published. Track it — don't act on it yet. A YesWee production. This episode includes AI-generated content.
65 episodes
Comments
0Be the first to comment
Sign up now and become a member of the Cybersecurity Daily: News & Threats community!