InfoSecBulletin Cybersecurity for mankind
Last year, a joint investigation revealed that a Florida-based data broker, Datastream Group, was selling highly sensitive location data that tracked United States (US) military and intelligence personnel overseas. However, at the time, the origin of that data remained unknown.
Now, a letter sent to US senator Ron Wyden’s office that was obtained by an international collective of media outlets—including WIRED and 404 Media—reveals that Eskimi, a little-known Lithuanian adtech company, was the ultimate source of that data.
Micropatches released for Windows zero-day leaking NTLM hashes
VMware Patches Authentication Bypass Flaw in Windows Tool
IngressNightmare
Over 40% of cloud environments are vulnerable to RCE
(CVE-2025-29927)
Urgently Patch Your Next.js for Authorization Bypass
Oracle refutes breach after hacker claims 6 million data theft
Russian zero-day seller to offer up to $4 million for Telegram exploits
Cybercriminals Exploit Checkpoint’s Driver in a BYOVD Attack
IBM and Veeam Release Patches in AIX System and Backup
WhatsApp patched zero-click flaw exploited in spyware attacks
CVE-2025-24472
CISA Warns of Fortinet FortiOS Auth Bypass Vuln Exploited in Wild
Eskimi’s role highlights the opaque and interconnected nature of the location data industry: A Lithuanian company provided data on US military personnel in Germany to a databroker in Florida, which could then theoretically sell that data to essentially anyone.
To read the full article click here.
Source: 404media.co, Wired
Microsoft 2025 February Patch Tuesday fixes 2 zero-days, 55 flaws
