Tunnel of Love, Kimsuky, Red Mike, Ivanti, Nvidia, C code, Postgre, Aaran Leyland, and More, on this edition of the Security Weekly News.
Security Weekly listeners save $100 on their RSAC Conference 2025 Full Conference Pass! RSA Conference will take place April 28 to May 1 in San Francisco and on demand. To register using our discount code, please visit securityweekly.com/rsac25 and use the code 5U5SECWEEKLY! We hope to see you there!
Doug White
- DPRK hackers dupe targets into typing PowerShell commands as admin
- China’s RedMike hackers taking aim at telcos via flaws in Cisco gear
- Ivanti fixes 4 critical flaws, including CVSS 9.9 in Connect Secure
- Critical Nvidia flaw could menace AI systems
- US govt wants developers to stop coding ‘unforgivable’ bugs
- Rapid7 Flags New PostgreSQL Zero-Day Connected to BeyondTrust Exploitation
- University of Surrey develops AI tool to tackle knife crime
- Warning: Tunnel of Love Leads to Scams
Aaran Leyland
- The Explosion of Hardware-Hacking Devices
By: Paul Asadoorian February 7, 2025
Resources & Further Reading
Arduino Maestro – A GPT tuned for Arduino development (one of the better ones that I’ve tried and works great, especially for debugging help).
M5Stick-Launcher – An application launcher for several different ESP32 platforms. Once this firmware is flashed on the device,e you can load firmware at boot time from an SD card or over the air.
https://github.com/witnessmenow/ESP32-Cheap-Yellow-Display – General information about the CYD, including where to buy, the different hardware variations, and flashing firmware.
https://github.com/hevnsnt/CYD_ESP32-AirTag-Scanner – The original firmware that was developed for the Shmoocon 2025 talk.
https://github.com/pasadoorian/CYD-BLE-Tools – This is my fork of the code above, several features were added. This is still in development and should be considered experimental. (Note: this code borrows heavily from https://github.com/bmorcelli/M5Stick-Launcher).
