LEMON BLOG

A major data breach reportedly hit the social media platform X (formerly Twitter) over the weekend, potentially affecting up to 2.8 billion user accounts—making it one of the most significant leaks in social media history.

A newly disclosed zero-day vulnerability in Windows shortcut files (.lnk) has been exploited in-the-wild for several years by state-sponsored hacking groups. Identified as ZDI-CAN-25373, the flaw allows attackers to silently execute malicious commands using shortcut files—making it difficult to detect through traditional security tools.

Security researchers revealed that this vulnerability has been abused since at least 2017 by advanced persistent threat (APT) groups linked to 11 different countries. 

Cybersecurity teams today face an overwhelming task: sifting through endless alerts, potential phishing emails, and threats to sensitive data. For many, the daily grind involves evaluating mountains of suspicious messages or tracing the source of a data breach. Microsoft thinks it can help—and it's putting AI agents to work to do just that.  

Malaysia's cybersecurity defenses were put to the test recently when hackers launched a serious cyberattack on Malaysia Airports Holdings Berhad (MAHB), demanding a staggering US$10 million ransom. Prime Minister Datuk Seri Anwar Ibrahim revealed the incident during his keynote speech at the 218th Police Day celebration.

Let's say you forget the password to your old email account, and you sit there trying every combination you can think of—birthdays, pet names, your go-to "123456". That, in a nutshell, is how a brute-force attack works… just on a much, much bigger scale.