- HX Weekly by Hexagon Center
- Posts
- “Even Troy Hunt gets phished”
“Even Troy Hunt gets phished”
“Security researchers they’re just like us. HaveIBeenPwned founder Troy Hunt published a blog post detailing how a “sneaky phish” managed to export his Mailchimp account. Hunt received a legitimate-looking email purportedly from Mailchimp, advising that his sending privileges were restricted and offering a button to review his account. Hunt entered credentials and a one-time password, almost immediately receiving a genuine email from Mailchimp that his subscriber list was exported.“
Daniel Masterson, Ai Courtrie Buson & Bard Gee
March 28, 2025
for the week March 23, 2025, 65th edition
☝️ TOP STORY
 This week’s Top Story is an excerpt from CISO Series. | “The list included about 16,000 emails to Hunt’s blog, including those unsubscribed, which Hunt didn’t realize Mailchimp still kept. Hunt said the only red flag he should have caught was 1Password not auto-filling his credentials because he was on a different domain. He also attributed the attack’s success to fatigue from jet lag.” |
🤷♀️ What now?: Doesn’t matter who you are, you’re vulnerable. Be careful of complacency.
This is an advertisement.
LOOK OUT ◉_◉ : Malware distributed via fake DeepSeek ads on Google
This is an advertisement.
📰 Headline Highlights
Infostealers fueled cyberattacks and snagged 2.1B credentials last year
Oracle denies breach after hacker claims theft of 6 million data records
Attorney General Bonta Urgently Issues Consumer Alert for 23andMe Customers
New Ransomware Group Claims Attack on US Telecom Firm WideOpenWest
150,000 Sites Compromised by JavaScript Injection Promoting Chinese Gambling Platforms
More Solar System Vulnerabilities Expose Power Grids to Hacking
GorillaBot Attacks Windows Devices With 300,000+ Attack Commands Across 100+ Countries
GOOD READ: NCSC taps influencers to make 2FA go viral
This is an advertisement.
World Backup Day is next week on March 31st.
We created 2 “Must Read” sections for 2 “how-to” articles that we think is helpful.
An indent in Headline Highlights is related to the story above it. It’s a new thing we are doing and we find it helpful to convey the message we want to send.
If you have any questions, just reply to this email. We’re always happy to chat!
Lately, we’ve been bombarded with prominent cybersecurity news, but we’re also facing attacks on our own. So, remember to set long passwords, enable multi-factor authentication, and stay vigilant.
Above all, remember, Hexagon Center is here for you
This is an advertisement.
HOUSEKEEPING
Glossary/Legend:
Troy Adam Hunt - is an Australian web security consultant known for public education and outreach on security topics. He created and operates Have I Been Pwned?, a data breach search website that allows users to see if their personal information has been compromised.
Have I Been Pwned (HIBP) - is a website that aggregates data from breaches and allows users to check if their email addresses or passwords have been compromised in known data breaches.
Phishing - a cybercrime that involves tricking people into giving away sensitive information.
Cyberattack - A malicious attempt to gain unauthorized access to a computer system, network, or device. The goal of a cyberattack is to disrupt or damage the target, or to steal data, intellectual property, or money.
Malware (short for malicious software) - refers to any intrusive software developed by cybercriminals (often called hackers) to steal data and damage or destroy computers and computer systems.
Ransomware - A type of malware that locks or encrypts a victim's files and demands a ransom payment to unlock and decrypt them. Ransomware can infect a variety of devices, including computers, smartphones, printers, and more.
Password manager - a software application that allows users to securely store, generate, and manage their online login credentials (passwords and usernames) across different websites and applications, typically requiring only one "master password" to access all stored information, promoting strong password hygiene by creating unique passwords for each site and automatically filling them in when needed.
This is an advertisement
Spread cybersecurity culture
Do you have any suggestions on how we can further share this newsletter? Tell your friends and family about us by sharing with them the Hexagon Center official website:
View archives at hxweekly.beehiiv.com
Even though we aim to provide you the most current and critical information to keep you safe, threat actors work 24/7 and this newsletter publishes only once a week. Even though we are available via a hotline, it is crucial that you stay up to date via other sources as well to be informed on how you may be at risk.
You may reply to this newsletter or email us at
[email protected]
Send us any questions or things you want to talk about. Please share some fun facts with us. We welcome feedback and suggestions.
Hexagon Center is formed as a nonprofit corporation in California for public benefit,
and is tax-exempt under section 501(c)(3) of the Internal Revenue Code.
DISCLAIMER
Cybersecurity is an ever-changing field, and threats may evolve. While Hexagon Center strives to provide accurate and timely information, we cannot guarantee absolute security. Users are responsible for implementing their security measures and staying informed about the latest cybersecurity developments. Hexagon Center is not responsible for any cyber or scam attacks by our readers. HX Weekly tips are advice are not official positions of Hexagon Center nor is Hexagon Center responsible for its content.
Content of this newsletter is not an official representation of Hexagon Center.
Reply