InfoSecBulletin Cybersecurity for mankind
Last year, a joint investigation revealed that a Florida-based data broker, Datastream Group, was selling highly sensitive location data that tracked United States (US) military and intelligence personnel overseas. However, at the time, the origin of that data remained unknown.
Now, a letter sent to US senator Ron Wyden’s office that was obtained by an international collective of media outlets—including WIRED and 404 Media—reveals that Eskimi, a little-known Lithuanian adtech company, was the ultimate source of that data.
CVE-2025-2492
ASUS warns of critical auth bypass flaw in routers
16,000+ Fortinet devices compromised with symlink backdoor, Mostly in Asia
Patch now! Critical Erlang/OTP SSH Vuln Allows UCE
CISA warns of increasing risk tied to Oracle legacy Cloud leak
CVE-2025-20236
Cisco Patches Unauthenticated RCE Flaw in Webex App
Apple released emergency security updates for 2 zero-day vulns
Oracle Released Patched for 378 flaws for April 2025
CVE-2025-24054
Hackers Exploiting NTLM Spoofing Windows Vuln the in Wild
Bengaluru firm got ransomware attack, Hacker demanded $70,000
MITRE warns: U.S. Govt. Funding for MITRE’s CVE Ends Today
Eskimi’s role highlights the opaque and interconnected nature of the location data industry: A Lithuanian company provided data on US military personnel in Germany to a databroker in Florida, which could then theoretically sell that data to essentially anyone.
To read the full article click here.
Source: 404media.co, Wired
Microsoft 2025 February Patch Tuesday fixes 2 zero-days, 55 flaws
