Gerrard Healthy Housing replaces a single-family home in a walkable Toronto neighbourhood with 10 rental housing units. Photo by Alexandra Berceneau Gerrard Healthy Housing, at Gerrard and Main in Toronto, delivers exactly the kind of “gentle density” that has been much discussed and desired in the city. The eight-unit walk-up rental building with two laneway houses replaces a single-family home, while carefully integrating with its walkable neighbourhood. But achieving this outcome was no easy matter. To streamline approvals, TMU professor Cheryl Atkinson, of Atkinson Architect, aimed to design with no variances. “Everything’s to the minimum in terms of distance between the attached four-plexes and the laneway units,” says Rolf Paloheimo, of P&R Development, who also acted as project manager. “We built to the maximum height within 100 millimetres.” Atkinson had designed a panellized, net-zero missing middle housing unit exhibited at DX’s EDIT festival as part of a TMU research project; Paloheimo was the client and developer behind the 1996 CMHC Riverdale Healthy House, a model sustainable development designed by Martin Liefhebber. For Gerrard Healthy Housing, they set out to create as close to Passive House as possible, specifying all-electric heat pumps and ERVs, using wood framing, and deploying blown-in-cellulose insulation to achieve a quiet and airtight R45-R65 envelope—although stopping short of installing triple-glazed windows. “We wanted to make it reproducible and affordable,” says Paloheimo. “Part of my argument for doing this scale of development is that if you stay in part 9 [of the building code], the construction is a lot lighter, the consultant load is lighter. You’re stuck with higher land costs, but costs are quite a bit lower to build,” he adds. The construction costs for the project tallied up to $300 per square foot, and the all-in cost for the project was $650 per square foot—about half the square-foot cost of condo construction. Atkinson’s sensitive design provides natural light on three sides of all but two units, ample cross-ventilation and closet space, and office nooks that overlook entry stairs—as well as façades detailed to fit in with the scale of neighbourhood. Details like bespoke mailboxes add polish to the composition. The financial success of the project depended largely on government incentives for housing: just before construction started, the province waived HST on rental developments, and the City exempted four-plexes from development charges.  Paloheimo’s project management of the endeavour ensured the project stayed on track. He kept a close eye on the prices tendered by the general contractor, and ended up finding some of the trades on his own—developing such a good rapport that he bought them cakes from a nearby patisserie at the end of the project. Both Atkinson and Paloheimo also befriended the neighbours, one of whom provided temporary power from her home when the hydro connection was delayed.  Can this kind of success be replicated at scale? Paloheimo is cautiously hopeful, and plans to continue with small-scale development projects in Toronto. But he acknowledges that it’s not an endeavour for the faint of heart. “You have a house that used to be just four walls and a roof,” he says. “And then we’re gradually adding complexity. If you’re doing sustainable housing, it’s got to have a certain R-value, a certain airtightness. So it creates headwinds if you want to make affordable housing.” The bigger problem, he says, is the financialization of housing—unlike a car, which you expect to lose value and cost money each year, we expect our homes to continually increase in value. “If we could get away from that, we could focus on what’s really important about housing: which is comfort, space, light, services.” As appeared in the June 2025 issue of Canadian Architect magazine The post Editorial: Gentle Density in Action appeared first on Canadian Architect.

Reading Time: 8 minutes Sometimes, even the slickest emails can land with a thud in the spam folder. The culprit? Your email sender reputation. Just like a bank checks your credit history before lending you money, mailbox providers (like Gmail, Yahoo, etc.) check your sender reputation before deciding whether to deliver your customer relationship emails to the inbox or banish them to spam. So buckle up, because here, we’re about to unpack everything you need to know about what an email domain reputation is and how to keep yours squeaky clean. Now, you’re probably wondering…   What is Email Sender Reputation? Email sender reputation, also known as email domain reputation, is a measure of your brand’s trustworthiness as an email sender. It’s based on factors like your sending history, email engagement, and complaint rates, influencing whether mailbox providers deliver your messages to recipients’ inboxes or junk folders. A solid sender reputation is the golden ticket to inbox placement. Without it, your carefully crafted automated email marketing campaigns might as well be shouting into the void. Mailbox providers are constantly on the lookout for spammers and shady senders, and your reputation is a key indicator of whether you’re one of the good guys. But how do they know that?   5 Factors That Influence Email Marketing Sender Reputation Your email sending reputation isn’t built overnight; it’s a result of consistent behavior and several critical factors. Let’s break down the big five: 1. Quality of Your Email List Building your email list is hard, we know. But honestly, validating it to ensure that all email addresses are real and belong to existing subscribers helps you maintain a positive sender reputation score with mailbox providers. This is why you should use a proper email validation API, as it can help you quickly check if the email addresses are legitimate. Your reputation score can suffer if you’re labeled as a bad email sender, with all the bounces you get from a bad email list. 2. Email Sending History Having an established history with a particular IP address can boost the legitimacy and reputation score of your emails, which means the sender, messages, and recipients are all coming from a legitimate place. Spammers will often change IP addresses and, therefore, cannot establish a long and reputable sending history with IPs. 3. Consistency and Volume of Emails The number of emails you send and your consistency in sending them are also indicators of your legitimacy and reputation. Sending two emails every other week, for example, shows stability and predictability in terms of your sending volume and activities. Mailbox providers and Internet Service Providers (ISPs) also examine your sending patterns and frequency to determine whether you’re still on the right track or have turned to spamming. 4. Email Open Rates or Engagement This is a metric that records subscriber activity or your email engagement, such as the open or click-through rates. It’s very significant because mailbox providers value their subscribers’ preferences. Your emails could be filtered out if there is a very low response rate or no interactions at all. 5. Emails Marked as ‘SPAM’ Mailbox providers would take a cue from their subscribers’ preferences whenever they receive emails. So, if your email messages are consistently marked as ‘Spam’, then this feedback would result in your emails being screened or placed in the Spam or Junk folder. And that’s not where you’d want your emails to hang out.   How to Check Email Sender Reputation You can verify your email domain reputation by monitoring key metrics and using reputation checking tools. Many email marketing software platforms (like MoEngage, for example) provide dashboards and analytics that help you monitor these crucial indicators. MoEngage goes a step further by offering insights and tools to help you proactively manage and improve your email deliverability, making it easier to spot and address potential reputation issues before they escalate. In fact, you can achieve an inbox placement rate of over 95%! Coming back to the topic, the platform indicates email domain reputation as High, Medium, Low, or Bad. More specifically, it lets you: Filter campaigns based on reputation while exporting their data. See historical trends in your domain reputation. View more information, such as when the reputation information was last updated. Analyze email marketing metrics, like open rates and click-through rates. How an Email Sender Reputation Score Works Your email sender reputation score is a dynamic rating that mailbox providers assign to your sending domain and IP address. This score isn’t a fixed number, but rather, a constantly evolving assessment based on your list quality, sending history, and other factors we’ve discussed above. Higher scores generally mean better inbox placement, while lower scores can lead to the dreaded spam folder. Different mailbox providers have their own algorithms for calculating this score, and the exact formulas are usually kept secret. However, the underlying principles revolve around your sending behavior and recipient engagement. How Can You Do a Domain Reputation Test and How Often Should You Do This? You can run an email domain reputation test using various software tools (we’ll get to some of the best ones in a sec!). These reputation checkers analyze your domain and IP address against known blacklists and provide insights into your current standing. Ideally, you should be monitoring your key metrics within your ESP regularly (daily or weekly) and perform a more comprehensive domain reputation test at least monthly, or more frequently if you’re experiencing deliverability issues. Consistent monitoring helps you catch problems early and maintain a healthy reputation.   3 Best Email Domain Reputation Checkers Alright, let’s talk tools. While your ESP often provides built-in deliverability insights, these external domain reputation checkers can offer another layer of perspective. Let’s jump right in! 1. MoEngage Okay, we might be a little biased, but hear us out. MoEngage is more than just an email marketing platform; it’s a powerhouse for cross-channel customer engagement. Its robust analytics and deliverability features give you a clear view of your email performance, helping you proactively manage your email sender reputation. MoEngage stands out because it integrates domain reputation monitoring with tools to improve engagement and personalize your campaigns, leading to better deliverability in the long run. Unlike some standalone domain reputation checkers, MoEngage provides actionable insights within your workflow. How Pricing Works: MoEngage offers customized pricing plans based on your specific needs and scale. Contact the sales team for a personalized quote. Best For: Brands looking for an integrated customer engagement platform (CEP) with robust email deliverability management capabilities. 2. Spamhaus Project The Spamhaus Project allows you to track spam, malware, phishing, and other cybersecurity threats. ISPs and email servers filter out unwanted and harmful content using Spamhaus’s DNS-based blocklists (DNSBLs). How Pricing Works: Spamhaus provides its blacklist data and lookup tools for free to most users, as part of their mission to combat spam. Best For: Quickly checking if your domain or IP is on major spam blacklists. 3. MxToolbox You can use MxToolbox to check if your domain is mentioned on any email blocklists. It scans your domain for mail servers, DNS records, web servers, and any problems. While comprehensive in its checks, this domain reputation checker doesn’t provide the same level of integrated deliverability management and analytics that a platform like MoEngage offers. How Pricing Works: MxToolbox offers both free tools and paid subscription plans with more advanced features, with pricing starting from around $85 per month. Best For: Performing a broad check across numerous email blacklists.   How to Improve Your Email Domain Reputation So, your domain email reputation doesn’t look as shiny as you’d like? No worries! Here are concrete steps you can take to improve it. Think of it as spring cleaning for your email sending practices. 1. Manage a Clean Email List Email list management is foundational. Regularly prune inactive subscribers, remove bounced addresses, and promptly honor unsubscribe requests. Implement a double opt-in process to ensure subscribers genuinely want to hear from you. A clean, engaged email list signals to mailbox providers that you’re sending to interested recipients, and reduces bounce rates and spam complaints. It’s crucial for a positive email sender reputation score. 2. Send Confirmation Emails with Double Opt-Ins Include double opt-ins where you send automated confirmation emails to subscribers. This helps you distinguish valid email addresses from nonexistent ones. Basically, protecting your email sender reputation is easy when you adhere to best practices. Ensuring that your email messages are engaging and interesting helps you get more clicks and open rates. Attracting more interaction to your email messages sends a signal to mailbox providers that you have a legitimate and professional organization. Increasing the positive activities and reviews will help build and solidify your branding strategy, sending a message that is relatable and understood by your subscribers. 3. Pause Violating Campaigns Notice a sudden spike in bounces or spam complaints after a particular email marketing campaign? Pause the campaign immediately to investigate the cause. Ideally, you should not send transactional and non-transactional emails from the same domain (domain/IP set). If the compliance requirements are met, there is no need to pause transactional emails. However, you should pause all one-time emails. Continuing to send problematic emails will only further damage your email sending reputation. Addressing the issue swiftly demonstrates responsibility to mailbox providers. 4. Correct the Mistakes Once you’ve paused a problematic campaign, take the time to understand what went wrong. Did you use a purchased list? Was the content or subject line misleading? (In which case, you need to have a list of the best email subject lines handy). Identify the root cause and implement corrective measures so it doesn’t happen again. Showing that you learn from your mistakes helps rebuild trust with mailbox providers over time. Then, raise a ticket to Gmail or other ESP explaining the cause behind the reputation issues, your changes, and the next steps you plan to follow. Have checkpoints to detect issues immediately, so you can always stay on top of them. 5. Use Subdomains for Sending Emails Establish a subdomain you’re going to use only for sending emails to customers. That’s because if anything goes wrong, the subdomain will take the hit directly, while mildly affecting your company’s main registered domain. It’s like a backup. Also, hopefully, your customers will remember and recognize your subdomain with time. So even if your emails do land in the spam folder, customers might mark them as ‘Not spam’. Yay! 6. Resume and Ramp Up Your Email Frequency After addressing the issues and making necessary changes, don’t be afraid to resume sending. But take baby steps. Resume your transactional emails first. Don’t send transactional and promotional emails from the same domains and IPs. If you already have, separate them while correcting your email setup. Next, resume your personalized event-triggered campaigns. Then, slowly send one-time campaigns to email openers and clickers (such as emails that have been opened 5 times in the last 60 days). Send at a lower RPM and send only 2-3 campaigns per week. After the email domain reputation improves, gradually increase the overall sending frequency and volume (it could take 6-8 weeks). When emailing non-engaged customers, slowly raise your email frequency to prevent sudden volume spikes from triggering spam filters. This careful approach communicates to mailbox providers that you are a responsible sender. 7. Customize Your Sending Patterns Avoid sending all your emails at the same time to everyone on your list. Segment your audience and tailor your sending schedules based on their engagement and time zones. This shows mailbox providers that you’re sending relevant content to the right customers at the right time, improving engagement and your overall email marketing domain reputation. Create lifecycle campaigns to engage your customers. Use dynamic segments, so inactive customers get dropped off automatically. Implement personalization across every aspect of your email.   Maintaining Email Domain Reputation with MoEngage Maintaining a stellar email domain reputation is an ongoing effort, but it doesn’t have to be complicated. Hundreds of B2C brands trust MoEngage to provide the insights and tools they need to monitor deliverability, understand audience engagement, and proactively manage their sending practices. By leveraging the platform’s analytics and segmentation capabilities, our customers can be sure their emails consistently land in the inbox, where they belong. Ready to take control of your email deliverability and build a rock-solid email sender reputation? Explore MoEngage’s comprehensive email marketing solutions. Or better yet, request a demo to see MoEngage’s email solutions in action today. The post How to Check and Fix Your Email Sender Reputation appeared first on MoEngage.

Originally published at 92% of Top Email Domains Remain Unprotected Against Phishing by Anush Yolyan. New EasyDMARC report reveals widespread gaps in DMARC enforcement and reporting, leaving most business email domains exposed to spoofing and impersonation. New research from EasyDMARC reveals that just 7.7% of the world’s top 1.8 million email domains are fully protected against phishing and spoofing, having implemented the most stringent DMARC (Domain-based Message Authentication, Reporting, and Conformance) policy. This configuration, known as ‘p=reject’, actively blocks malicious emails from reaching inboxes. While DMARC adoption has accelerated since 2023, driven by regulatory pressure and mandates from major email providers, most leading organisations continue to rely on the weakest policy, ‘p=none’, which passively monitors inboxes for threats without intercepting them. The findings are part of EasyDMARC’s 2025 DMARC Adoption Report, which analyses email security practices across the highest-traffic websites globally, as well as Fortune 500 and Inc. 5000 organisations. The report reveals a significant gap between DMARC implementation and effective enforcement, with more than half (52.2%) of the domains still lacking even a basic DMARC record. Among those that have implemented DMARC, most fail to apply the enforcement policies or reporting mechanisms needed to make the protocol truly effective. The report comes at a time of escalating phishing threats and increasing pressure from both regulators and mailbox providers. Mandates from Google, Yahoo, and Microsoft, along with frameworks like PCI DSS v4.0.1, have spurred a rush to adopt DMARC. But in many cases, that adoption stops at a passive monitoring setting known as ‘p=none’, which doesn’t block fraudulent emails or provide full visibility into authentication failures. “There’s a growing perception that simply publishing a DMARC record is enough,” said EasyDMARC CEO Gerasim Hovhannisyan. “But adoption without enforcement creates a dangerous illusion of security. In reality, most organisations are leaving the door wide open to attacks targeting customers, partners, or even employees.” Countries with strict DMARC mandates, such as the United States, the UK, and the Czech Republic, saw the biggest reductions in phishing emails reaching inboxes. In the US, for example, the percentage of phishing emails accepted dropped from 68.8% in 2023 to just 14.2% in 2025. In contrast, countries with voluntary or no guidance, like the Netherlands and Qatar, showed little to no improvement. Compounding the problem is the lack of visibility. Even among domains with DMARC records, over 40% fail to include reporting mechanisms, such as RUA tags, that allow organisations to see who’s sending email on their behalf and whether it’s failing authentication checks. Hovhannisyan added: “Misconfigurations, missing reporting, and passive DMARC policies are like installing a security system without ever turning it on. Phishing remains one of the oldest and most effective forms of cyberattack, and without proper enforcement, organisations are effectively handing attackers the keys to their business. As threats grow more sophisticated and compliance pressures mount, stopping halfway with DMARC enforcement is no longer an option.” For more information, view the full report here.  Notes for Editors Research Methodology The EasyDMARC May 2025 DMARC Adoption Report is based on an analysis of the world’s top 1.8 million email domains, ranked by global web traffic. It examines the scale of DMARC adoption worldwide and assesses how effectively organisations are enforcing and monitoring the protocol. The report includes dedicated insights into the world’s top 1.8M domains, Fortune 500 and Inc. 5000 companies, offering a comparative view of email security maturity across different organisational sizes. It also incorporates findings from a survey of 980 IT professionals across the United States, the United Kingdom, Canada, and the Netherlands, providing regional perspectives on phishing trends, adoption challenges, and the influence of evolving regulatory mandates. In addition to public DNS data, the report also draws on proprietary data collected through EasyDMARC’s platform, including anonymised aggregate DMARC reports received from major mailbox providers (MBPs).  About EasyDMARC EasyDMARC is a cloud-native B2B SaaS that solves email security and deliverability challenges in just a few clicks. With advanced tools, including its AI-powered DMARC Report Analyser, DMARC, SPF, DKIM cloud management solutions, and email source reputation monitoring, EasyDMARC helps customers protect their domains, increase their email deliverability, and maintain strong email health. Media InquiriesResonance for EasyDMARCeasydmarc@resonancecrowd.com The post 92% of Top Email Domains Remain Unprotected Against Phishing appeared first on EasyDMARC.

Microsoft has shed light on a previously undocumented cluster of malicious activity originating from a Russia-affiliated threat actor dubbed Void Blizzard (aka Laundry Bear) that it said is attributed to "worldwide cloud abuse." Active since at least April 2024, the hacking group is linked to espionage operations mainly targeting organizations that are important to Russian government objectives, including those in government, defense, transportation, media, non-governmental organizations (NGOs), and healthcare sectors in Europe and North America. "They often use stolen sign-in details that they likely buy from online marketplaces to gain access to organizations," the Microsoft Threat Intelligence team said in a report published today. "Once inside, they steal large amounts of emails and files." Attacks mounted by Void Blizzard have been found to disproportionately single out NATO member states and Ukraine, suggesting that the adversary is looking to collect intelligence to further Russian strategic objectives. Specifically, the threat actor is known to target government organizations and law enforcement agencies in NATO member states and countries that provide direct military or humanitarian support to Ukraine. It's also said to have staged successful attacks aimed at education, transportation, and defense verticals in Ukraine. This includes the October 2024 compromise of several user accounts belonging to a Ukrainian aviation organization that had been previously targeted by Seashell Blizzard, a threat actor tied to the Russian General Staff Main Intelligence Directorate (GRU), in 2022. The attacks are characterized as opportunistic and targeted high-volume efforts that are engineered to breach targets deemed of value to the Russian government. Initial access methods comprise unsophisticated techniques like password spraying and stolen authentication credentials. In some of the campaigns, the threat actor has utilized stolen credentials likely sourced from commodity information stealer logs available on the cybercrime underground to access Exchange and SharePoint Online and harvest email and files from compromised organizations. "The threat actor has also in some cases enumerated the compromised organization's Microsoft Entra ID configuration using the publicly available AzureHound tool to gain information about the users, roles, groups, applications, and devices belonging to that tenant," Microsoft said. As recently as last month, the Windows maker said it observed the hacking crew shifting to "more direct methods" to steal passwords, such as sending spear-phishing emails that are engineered to trick victims into parting with their login information by means of an adversary-in-the-middle (AitM) landing pages. The activity entails the use of a typosquatted domain to impersonate the Microsoft Entra authentication portal to target over 20 NGOs in Europe and the United States. The email messages claimed to be from an organizer from the European Defense and Security Summit and contained a PDF attachment with fake invitations to the summit. Present wishing the PDF document is a malicious QR code that redirects to an attacker-controlled domain ("micsrosoftonline[.]com") that hosts a credential phishing page. It's believed that the phishing page is based on the open-source Evilginx phishing kit. Post-compromise actions after gaining initial access encompass the abuse of Exchange Online and Microsoft Graph to enumerate users' mailboxes and cloud-hosted files, and then make use of automation to facilitate bulk data collection. In select instances, the threat actors are also said to have accessed Microsoft Teams conversations and messages via the web client application. "Many of the compromised organizations overlap with past – or, in some cases, concurrent – targeting by other well-known Russian state actors, including Forest Blizzard, Midnight Blizzard, and Secret Blizzard," Microsoft said. "This intersection suggests shared espionage and intelligence collection interests assigned to the parent organizations of these threat actors." Void Blizzard Linked to September Breach of Dutch Police Agency In a separate advisory, the Netherlands Defence Intelligence and Security Service (MIVD) attributed Void Blizzard to a September 23, 2024, breach of a Dutch police employee account via a pass-the-cookie attack, stating work-related contact information of police employees was obtained by the threat actor. Pass-the-cookie attack refers to a scenario where an attacker uses stolen cookies obtained via information stealer malware to sign in to accounts without having to enter a username and password. It's currently not known what other information was stolen, although it's highly likely that other Dutch organisations were also targeted. "Laundry Bear is looking for information about the purchase and production of military equipment by Western governments and Western supplies of weapons to Ukraine," said MIVD director, Vice Admiral Peter Reesink, in a statement. Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.

I wanted Journey Together to hit big. After Surging Sparks and Prismatic Evolutions delivered some real heat, it felt like we were on a roll. But instead of a clean three-hit combo, this set tripped over itself on the way out the gate. Prices were inflated from the start, and now that the market has had time to breathe, this correction is aggressive.N's Reshiram - 167/159 (Journey Together Stamped)Lillie's Clefairy ex 184/159Salamence ex 187/159N's Zoroark ex 185/159Articuno - 161/159Wailord 162/159N's Reshiram 167/159Iono's Bellibolt ex 172/159Lillie's Clefairy ex 173/159N's Zoroark ex 175/159Hop's Zacian ex 176/159Volcanion ex 182/159Iono's Bellibolt ex 183/159Hop's Zacian ex 186/159It’s still a solid set. Great art, fun pulls, some nostalgic hits. But a lot of the single prices were built on hype that couldn’t hold.Collectors thought we’d get another round of rapid value climbs. That didn’t happen. If you're buying now, you're catching cards on the way down instead of riding them on the way up. Just go in knowing what’s worth grabbing and what’s still floating on leftover launch-day fumes.Illustration RaresArticuno had a strong start. Prices hit $55 back in late March, which made sense at the time—it's a fan-favorite Legendary with great artwork. Since then, it’s taken a 36% dip and now floats around $35. Honestly, that’s still a bit high. I’ve seen near-mint listings at $18.69, and that feels more in line with where this card belongs. I think it’s a solid pickup if you just want a great-looking bird without the early adopter tax.Maractus - 160/159Articuno - 161/159Wailord 162/159Iono's Kilowattrel 163/159Lillie's Ribombee 164/159Swinub 165/159Lycanroc 166/159N's Reshiram 167/159N's Reshiram - 167/159 (Journey Together Stamped)Furret 168/159Noibat 169/159Hop's Wooloo 170/159Wailord was one of those early hype Illustration Rares that got pumped fast, mostly because it’s Wailord and people have a soft spot for absurdly large water types. It hit $60 at the end of March, which didn’t last long. It’s now dropped 63.66% to a market value of around $22.49, and I’ve seen copies listed for as low as $14.55. Personally, I think this one’s due for a soft bounce back to $30, but only once the panic listings clear out and the Wailord fans circle back.My favorite Illustration Rare is N’s Reshiram. The artwork is top-tier, and the character pairing actually adds something meaningful to the card. It started at $39.43, which honestly didn’t feel too far off given the demand at launch. Now it’s sitting around $17.44. Even the Journey Together stamped variant, which you'd think would carry some extra value, is undercutting the regular one at about $14. That’s a 79.51% drop, and in my opinion, a steal. If you want a chase card without paying chase prices, this is the one.Special Illustration Rare And Hyper RaresIGN Photo Composite / The Pokémon CompanyLillie’s Clefairy ex SIR was positioned as the face of the set, and for a moment it looked like it might stay there. Prices hit $400, which was wild, considering the only thing more expensive than that in Journey Together was probably regret. Now it’s sitting around $180 and in my opinion, it’s still too high. It’s a gorgeous card, no doubt about that, but I think we’ll see it hit $150 soon. Not a crash but a correction to something a little more in line with what most people are willing to pay.Volcanion ex 182/159Iono's Bellibolt ex 183/159Lillie's Clefairy ex 184/159N's Zoroark ex 185/159Hop's Zacian ex 186/159Salamence ex 187/159Iono's Bellibolt ex 188/159N's Zoroark ex 189/159Spiky Energy 190/159I thought Iono’s Bellibolt ex SIR was going to be the top card of the set. It had the rarity, it had the character, and it looked just chaotic enough to become a fan favorite. Instead, it’s hovering around $80, which is fine. Not great, not terrible. The price feels stable, and I don’t think it's going to tank like some of the other launch-day hype magnets. If you like it, grab it. If you're hoping it doubles in value, maybe take a walk.Salamence ex SIR is probably the best example of what went wrong with Journey Together’s early pricing. At launch, people were paying up to $250 for it like it was the last dragon card ever printed. Now it’s going for about $106, and I think it’ll settle closer to $100. Still expensive, sure, but at least now it’s priced like a high-tier chase card and not a collector’s retirement plan. The art’s strong, and Salamence has always had staying power, so I think this one holds up better than most.Full ArtsIono’s Bellibolt ex is my favorite full art, mostly because I pulled it and immediately convinced myself I was sitting on gold. At launch, it was going for around $80. It's now comfortably sitting in the $7–$8 range. Honestly, if you paid anything above $15, I don’t know what to tell you. It’s a great-looking card, though, and I think it’ll stick around this price for a while now that the dust has settled. Just maybe don’t buy it thinking it's the next Supporter-tier Iono. It’s a Bellibolt. Let’s be reasonable.Volcanion ex 171/159Iono's Bellibolt ex 172/159Lillie's Clefairy ex 173/159Mamoswine ex 174/159N's Zoroark ex 175/159Hop's Zacian ex 176/159Salamence ex 177/159Dudunsparce ex 178/159Brock's Scouting 179/159Iris's Fighting Spirit 180/159Ruffian 181/159Lillie’s Clefairy ex had a bizarre start. Prices climbed past $110 before launch, which had me wondering if people thought it was a Special Illustration Rare by mistake. It’s now found its lane at around $17–$19, which is where it probably should’ve been all along. I think it’s a great pickup at that price if you're into Lillie, or Clefairy, or just want something that won’t lose half its value before it hits your mailbox.N’s Zoroark ex started out a little more grounded at around $30, but even that wasn’t safe from the drop. It's landed around $12 now, which honestly feels like a fair deal. The card still looks fantastic, and it’s got some collector appeal thanks to N.But when I say Journey Together prices are crashing, this is exactly what I mean. Remember all those “can’t-miss deals” I was posting at launch? It wasn’t because the cards were underpriced — it’s because they were about to fall off a cliff.Find out more top tips on where to find Pokémon cards with my extensive guide, and check out this weeks latest crashers and climbers article for more Pokémon cards market watch updates.Here's the Pokémon TCG full Release Schedule so far for this year, too, so you don't miss anything. Buying singles is the cheapest way to collect right now, but don't feel like you have to "Catch Em' All!".Christian Wait is a contributing freelancer for IGN covering everything collectable and deals. Christian has over 7 years of experience in the Gaming and Tech industry with bylines at Mashable and Pocket-Tactics. Christian also makes hand-painted collectibles for Saber Miniatures. Christian is also the author of "Pokemon Ultimate Unofficial Gaming Guide by GamesWarrior". Find Christian on X @ChrisReggieWait.

There’s an old adage I’ve followed since I was a kid: Always put your best foot forward. That mentality extends into every part of your life, from the clothes you wear to the words you speak... and even to your home. When it comes to your home, putting your best foot forward starts before your guests put even a single foot inside your house—it starts at the curb. Perfecting your home’s exterior charm requires dedication. From lush landscaping to fresh-looking paint, there is a seemingly endless list of tasks to make your home the most stunning house on the block. However, there is one front-yard décor piece that just might be killing your curb appeal, despite all your extra work: the mailbox. Mailboxes, for better or worse, are a necessary eyesore. The United States Postal Service sets specific requirements for what a mailbox should be, leaving little room for stylish alternatives. (Take Note: If it’s a post mailbox, aka not affixed to your house or front gate, then it is required to be 41" to 45" tall, sit 6" to 8" back from the curb, and have a house or apartment number attached.) Unless you want to spend a ton of money on a custom brick or handmade wood mailbox, you’ll have go with something ready-made, which can mean limited options and a hefty price tag for anything other than a basic black mailbox. No worries! If you’re looking for a quick-fix way to spruce up your existing mailbox in just a weekend, we have easy (and budget-friendly!) ideas for you: For More Ways to Boost Your Curb Appeal:Paint It to Match Your Exterior The fastest way to give your mailbox and post a quick refresh is with paint. I’ve talked a lot (and I do mean a lot) about how paint can easily transform a space, and the mailbox is no different. Match your home’s exterior paint color for a seamless look or make it pop with a fun color to match your equally-fun painted front door. Don’t forget to paint the mailbox flag either! If you want something guaranteed to be timeless, try Rub n' Buff for a metallic look. (Just be sure to lightly sand a metal mailbox first and finish up with your preferred sealant.) Paint Picks to Get You Started:Pretty It Up With Plants In the mood to get your hands dirty? Just add plants. “Opt for a climbing vine,” says Country Living’s garden expert, Charlyne Mattox. “It will grow up the mailbox and cover anything unsightly.” Asiatic jasmine, clematis, or mandevilla are her go-to suggestions, but if you don’t want something covering the entire post and mailbox, she suggests going with a blooming evergreen, such as rosemary or a compact gardenia. More Flower Ideas:Re-Stain the Wood Post If you’d rather not paint, give your mailbox post a refresh with stain. Pick a darker shade for a timeless, traditional look (that won’t show dirt as easily!) or go for something lighter to add cottage charm. Lightly sand the post before staining and seal it afterward to ensure it stands up to the elements over time. For More Ways to Spruce Up Your Porch and Yard:Anna LoganSenior Homes & Style EditorAnna Logan is the Senior Homes & Style Editor at Country Living, where she has been covering all things home design, including sharing exclusive looks at beautifully designed country kitchens, producing home features, writing everything from timely trend reports on the latest viral aesthetic to expert-driven explainers on must-read topics, and rounding up pretty much everything you’ve ever wanted to know about paint, since 2021. Anna has spent the last seven years covering every aspect of the design industry, previously having written for Traditional Home, One Kings Lane, House Beautiful, and Frederic. She holds a degree in journalism from the University of Georgia. When she’s not working, Anna can either be found digging around her flower garden or through the dusty shelves of an antique shop. Follow her adventures, or, more importantly, those of her three-year-old Maltese and official Country Living Pet Lab tester, Teddy, on Instagram.  

Introducing Pixel Post 2D posted in Introducing Pixel Post 2D for project Pixel Post 2D Published May 22, 2025 Advertisement Introducing Pixel Post 2DA fun 2D pixel game about the life of a postman. Collect stamps and deliver to mailboxes! But first, you have to protect the stamps.. from the guards, and the boss!Play here: https://pixel.raymelon.com/The game has currently joined a Vibe Jam.Feel free support my submission by leaving an upvote and feedback at https://vibecodinglist.com/projects/pixel-post-2d?code=gnXDoy Comments Nobody has left a comment. You can be the first! You must log in to join the conversation. Don't have a GameDev.net account? Sign up!

As Russia continues its relentless assaults on Ukraine despite in defiance of continuing efforts to work towards a peace deal, multiple western security agencies have issued a new advisory warning of a Moscow-backed  campaign of cyber intrusions targeting logistics and technology organisations in the west. The campaign, run through Unit 26165 of the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU), better known as Fancy Bear, includes credential guessing, spear-phishing attacks, exploitation Microsoft Exchange and Roundcube vulnerabilities, and flaws in public-facing infrastructure including VPNs. This pattern of activity likely dates back to the early days of the war in February 2022 – at which point Fancy Bear was more heavily involved in cyber operations for purposes of espionage. However, as Russia failed to achieve its military objectives as quickly as it had wanted, the group expanded its targeting to include entities involved in the delivery of support and aid to Ukraine’s defence. Over the past three years its victims have included organisations involved in air traffic control, airports, defence, IT services, maritime and port systems sectors across various Nato countries. The advanced persistent threat (APT) actor is also understood to be targeting internet-connected cameras at Ukraine’s border crossings and around its military bases. These intrusions mostly took place in Ukraine but have also been observed in neighbouring states including Hungary, Poland, Romania and Slovakia. The GCHQ-run National Cyber Security Centre (NCSC) urged UK organisations to familiarise themselves with Unit 26165’s tactics and take action to safeguard themselves. “This malicious campaign by Russia’s military intelligence service presents a serious risk to targeted organisations, including those involved in the delivery of assistance to Ukraine,” said Paul Chichester, NCSC Director of Operations. “The UK and partners are committed to raising awareness of the tactics being deployed. We strongly encourage organisations to familiarise themselves with the threat and mitigation advice included in the advisory to help defend their networks.” The NCSC’s latest warning comes a couple of weeks after the cyber body’s CEO, Richard Horne, talked of a “direct connection” between Russian cyber attacks and physical threats to the UK at its annual conference. Horne told an audience at the CyberUK event that Russia was focusing on acts of sabotage, often involving criminal proxies. He said these threats, which are thought to have included arson attacks, are now manifesting on the streets of the UK, “putting lives, critical services and national security” at risk. Rafe Pilling, director of threat intelligence at the Sophos (formerly Secureworks) Counter Threat Unit (CTU) – which tracks Fancy Bear as Iron Twilight – said that the group's targeting of spear-phishing and vulnerability exploitation to gain access to target mailboxes had been a staple tactic for some time. “The focus of their operations pivots as the intelligence collection of the Russian military change and since 2022 Ukraine has been a significant focus of their attention. The targeting of Nato  and Ukranian defense and logistics companies involved in the support of the Ukrainian war effort makes a lot of sense in that context,” Pilling told Computer Weekly.   “The targeting of IP cameras for intelligence collection purposes is interesting and is a tactic generally associated with state-sponsored adversaries like Iron Twilight where they anticipate a physical effects aspect to their operations. As an intelligence provider to the Russian military this access would assist in the understanding of what goods were being transported, when, in what volumes and support kinetic targeting.   “We've seen other APT actors make use of compromised CCTV feeds to monitor the effects of cyber-physical attacks, for example the 2022 attacks against steel mills in Iran where video from the CCTV feed was used to time the execution of the attack in an attempt to avoid harm to people at the site and confirm the damage being caused,” he added. The NCSC said Britain’s support for Ukraine remained “steadfast”. Having already committed £13bn in military aid, the UK this week announced 100 new sanctions on Russia targeting entities and organisations involved in its energy, financial and military systems. This comes in the wake of the largest drone attack on Ukraine staged so far during the three-year war, which Russian dictator Vladimir Putin launched mere hours before a scheduled call with US president Donald Trump. The full advisory – which can be read here – sets out Fancy Bear’s tactics, techniques and procedures (TTPs) in its latest campaign in accordance with the Mitre ATT&CK framework, and also details a number of the common vulnerabilities and exposures (CVEs) being used to attain initial access. Besides the UK and US, the advisory is cosigned by cyber and national security agencies from Australia, Canada, Czechia, Denmark, Estonia, France, Germany, the Netherlands and Poland. Read more about Russian state cyber campaigns Russia is using phishing attacks to compromise encrypted Signal Messenger services used by targets in the Ukraine. Experts warn that other encrypted app users are at risk. The Russian cyber spy operation known as Star Blizzard changed tactics after a takedown operation by Microsoft and the US authorities, turning to widely used messaging platform WhatsApp to try to ensnare its targets. Computer Weekly talks to GCHQ’s National Cyber Security Centre operations director Paul Chichester and former NCSC chief executive Ciaran Martin on Russia, China and Salt Typhoon.

May 21, 2025Ravie LakshmananCyber Espionage / Vulnerability Russian cyber threat actors have been attributed to a state-sponsored campaign targeting Western logistics entities and technology companies since 2022. The activity has been assessed to be orchestrated by APT28 (aka BlueDelta, Fancy Bear, or Forest Blizzard), which is linked to the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center, Military Unit 26165. Targets of the campaign include companies involved in the coordination, transport, and delivery of foreign assistance to Ukraine, according to a joint advisory released by agencies from Australia, Canada, Czechia, Denmark, Estonia, France, Germany, the Netherlands, Poland, the United Kingdom, and the United States. "This cyber espionage-oriented campaign targeting logistics entities and technology companies uses a mix of previously disclosed TTPs and is likely connected to these actors' wide scale targeting of IP cameras in Ukraine and bordering NATO nations," the bulletin said. The alert comes weeks after France's foreign ministry accused APT28 of mounting cyber attacks on a dozen entities including ministries, defense firms, research entities, and think tanks since 2021 in an attempt to destabilize the nation. Then last week, ESET took the wraps off a campaign dubbed Operation RoundPress that it said has been ongoing since 2023 by exploiting cross-site scripting (XSS) vulnerabilities in various webmail services like Roundcube, Horde, MDaemon, and Zimbra to single out governmental entities and defense companies in Eastern Europe, as well as governments in Africa, Europe, and South America. According to the latest advisory, cyber attacks orchestrated by APT28 are said to have involved a combination of password spraying, spear-phishing, and modifying Microsoft Exchange mailbox permissions for espionage purposes. The primary targets of the campaign include organizations within NATO member states and Ukraine spanning defense, transportation, maritime, air traffic management, and IT services verticals. No less than dozens of entities in Bulgaria, Czechia, France, Germany, Greece, Italy, Moldova, the Netherlands, Poland, Romania, Slovakia, Ukraine, and the United States are estimated to have been targeted. Initial access to targeted networks is said to have been facilitated by leveraging seven different methods - Brute-force attacks to guess credentials Spear-phishing attacks to harvest credentials using fake login pages impersonating government agencies and Western cloud email providers that were hosted on free third-party services or compromised SOHO devices Spear-phishing attacks to deliver malware Exploitation of Outlook NTLM vulnerability (CVE-2023-23397) Exploitation of Roundcube vulnerabilities (CVE-2020-12641, CVE-2020-35730, CVE-2021-44026) Exploitation of internet-facing infrastructure such as corporate VPNs using public vulnerabilities and SQL injection Exploitation of WinRAR vulnerability (CVE-2023-38831) Once the Unit 26165 actors gain foothold using one of the above methods, the attacks proceed to the post-exploitation phase, which involves conducting reconnaissance to identify additional targets in key positions, individuals responsible for coordinating transport, and other companies cooperating with the victim entity. The attackers have also been observed using tools like Impacket, PsExec, and Remote Desktop Protocol (RDP) for lateral movement, as well as Certipy and ADExplorer.exe to exfiltrate information from the Active Directory. "The actors would take steps to locate and exfiltrate lists of Office 365 users and set up sustained email collection," the agencies pointed out. "The actors used manipulation of mailbox permissions to establish sustained email collection at compromised logistics entities." Another notable trait of the intrusions is the use of malware families like HeadLace and MASEPIE, to establish persistence on compromised hosts and harvest sensitive information. There is no evidence that malware variants like OCEANMAP and STEELHOOK have been used to directly target logistics or IT sectors. During data exfiltration, the threat actors have relied on different methods based on the victim environment, often utilizing PowerShell commands to create ZIP archives to upload the collected data to their own infrastructure, or employing Exchange Web Services (EWS) and Internet Message Access Protocol (IMAP) to siphon information from email servers. "As Russian military forces failed to meet their military objectives and Western countries provided aid to support Ukraine's territorial defense, Unit 26165 expanded its targeting of logistics entities and technology companies involved in the delivery of aid," the agencies said. "These actors have also targeted internet-connected cameras at Ukrainian border crossings to monitor and track aid shipments." The disclosure comes as Cato Networks revealed that suspected Russian threat actors are leveraging Tigris Object Storage, Oracle Cloud Infrastructure (OCI) Object Storage, and Scaleway Object Storage to host fake reCAPTCHA pages that make use of ClickFix-style lures to trick users into downloading Lumma Stealer. "The recent campaign leveraging Tigris Object Storage, OCI Object Storage, and Scaleway Object Storage builds upon earlier methods, introducing new delivery mechanisms aimed at evading detection and targeting technically proficient users," researchers Guile Domingo, Guy Waizel, and Tomer Agayev said. Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post. SHARE    

Cybersecurity leaders aren't just dealing with attacks—they're also protecting trust, keeping systems running, and maintaining their organization's reputation. This week's developments highlight a bigger issue: as we rely more on digital tools, hidden weaknesses can quietly grow. Just fixing problems isn't enough anymore—resilience needs to be built into everything from the ground up. That means better systems, stronger teams, and clearer visibility across the entire organization. What's showing up now isn't just risk—it's a clear signal that acting fast and making smart decisions matters more than being perfect. Here's what surfaced—and what security teams can't afford to overlook. ⚡ Threat of the Week Microsoft Fixes 5 Actively Exploited 0-Days — Microsoft addressed a total of 78 security flaws in its Patch Tuesday update for May 2025 last week, out of which five of them have come under active exploitation in the wild. The vulnerabilities include CVE-2025-30397, CVE-2025-30400, CVE-2025-32701, CVE-2025-32706, and CVE-2025-32709. It's currently not known in what context these defects have been exploited, who is behind them, and who was targeted in these attacks. Download the Report ➝ 🔔 Top News Marbled Dust Exploits Output Messenger 0-Day — Microsoft revealed that a Türkiye-affiliated threat actor codenamed Marbled Dust exploited as zero-day a security flaw in an Indian enterprise communication platform called Output Messenger as part of a cyber espionage attack campaign since April 2024. The attacks, the company said, are associated with the Kurdish military operating in Iraq. The attacks exploited CVE-2025-27920, a directory traversal vulnerability affecting version 2.0.62 that allows remote attackers to access or execute arbitrary files. It was addressed in December 2024. Konni APT Focuses on Ukraine in New Phishing Campaign — The North Korea-linked threat actor known as Konni APT has been attributed to a phishing campaign targeting government entities in Ukraine, indicating the threat actor's targeting beyond Russia amidst the ongoing Russo-Ukrainian war. Proofpoint, which disclosed details of the activity, said the objective of the attacks is to collect intelligence on the "trajectory of the Russian invasion." The attack chains entail the use of phishing emails that impersonate a fictitious senior fellow at a non-existent think tank, tricking recipients into visiting credential harvesting pages or downloading malware that can conduct extensive reconnaissance of the compromised machines. Coinbase Discloses Data Breach — Cryptocurrency giant Coinbase disclosed that unknown cyber actors broke into its systems and stole account data for a small subset of its customers. The activity bribed its customer support agents based in India to obtain a list of customers, who were then approached as part of a social engineering attack to transfer their digital assets to a wallet under the threat actor's control. The attackers also unsuccessfully attempted to extort the company for $20 million on May 11, 2025, by claiming to have information about certain customer accounts as well as internal documents. The compromised agents have since been terminated. While no passwords, private keys, or funds were exposed, the attackers made away with some amount of personal information, including names, addresses, phone numbers, email addresses, government ID images, and account balances. Coinbase did not disclose how many of its customers fell for the scam. Besides voluntarily reimbursing retail customers who were duped into sending cryptocurrency to scammers, Coinbase is offering a $20 million reward to anyone who can help identify and bring down the perpetrators of the cyber attack. APT28 Behind Attacks Targeting Webmail Services — APT28, a hacking group linked to Russia's Main Intelligence Directorate (GRU), has been targeting webmail servers such as Roundcube, Horde, MDaemon, and Zimbra via cross-site scripting (XSS) vulnerabilities. The attacks, ongoing since at least 2023, targeted governmental entities and defense companies in Eastern Europe, although governments in Africa, Europe, and South America were also singled out. The victims in 2024 alone included officials from regional national governments in Ukraine, Greece, Cameroon and Serbia, military officials in Ukraine and Ecuador, and employees of defense contracting firms in Ukraine, Romania and Bulgaria. The group's spear-phishing campaign used fake headlines mimicking prominent Ukrainian news outlets like the Kyiv Post about the Russia-Ukraine war, seemingly in an attempt to entice targets into opening the messages using the affected webmail clients. Those who opened the email messages using the affected webmail clients were served, via the XSS flaws, a custom JavaScript payload capable of exfiltrating contacts and email data from their mailboxes. One of the payloads could steal passwords and two-factor authentication codes, allowing the attackers to bypass account protections. The malware is also designed to harvest the email credentials, either by tricking the browser or password manager into pasting those credentials into a hidden form or getting the user to log out, whereupon they were served a bogus login page. Earth Ammit Breaches Drone Supply Chains to Target Taiwan and South Korea — The threat actor known as Earth Ammit targeted a broader range of organizations than just Taiwanese drone manufacturers, as initially supposed. While the set of attacks was believed to be confined to drone manufacturers in Taiwan, a subsequent analysis has uncovered that the campaign is more broader and sustained in scope than previously thought, hitting the heavy industry, media, technology, software services, healthcare, satellite, and military-adjacent supply chains, and payment service providers in both South Korea and Taiwan. The attacks targeted software vendors and service providers as a way to reach their desired victims, who were the vendors' downstream customers. "Earth Ammit's strategy centered around infiltrating the upstream segment of the drone supply chain. By compromising trusted vendors, the group positioned itself to target downstream customers – demonstrating how supply chain attacks can ripple out and cause broad, global consequences," Trend Micro noted. "Earth Ammit's long-term goal is to compromise trusted networks via supply chain attacks, allowing them to target high-value entities downstream and amplify their reach." ‎️‍🔥 Trending CVEs Attackers love software vulnerabilities—they're easy doors into your systems. Every week brings fresh flaws, and waiting too long to patch can turn a minor oversight into a major breach. Below are this week's critical vulnerabilities you need to know about. Take a look, update your software promptly, and keep attackers locked out. This week's list includes — CVE-2025-30397, CVE-2025-30400, CVE-2025-32701, CVE-2025-32706, CVE-2025-32709 (Microsoft Windows), CVE-2025-42999 (SAP NetWeaver), CVE-2024-11182 (MDaemon), CVE-2025-4664 (Google Chrome), CVE-2025-4632 (Samsung MagicINFO 9 Server), CVE-2025-32756 (Fortinet FortiVoice, FortiMail, FortiNDR, FortiRecorder, and FortiCamera), CVE-2025-4427, CVE-2025-4428 (Ivanti Endpoint Manager Mobile), CVE-2025-3462, CVE-2025-3463 (ASUS DriverHub), CVE-2025-47729 (TeleMessage TM SGNL), CVE-2025-31644 (F5 BIG-IP), CVE-2025-22249 (VMware Aria Automation), CVE-2025-27696 (Apache Superset), CVE-2025-4317 (TheGem WordPress theme), CVE-2025-23166 (Node.js), CVE-2025-47884 (Jenkins OpenID Connect Provider Plugin), CVE-2025-47889 (Jenkins WSO2 Oauth Plugin), CVE-2025-4802 (Linux glibc), and CVE-2025-47539 (Eventin plugin). 📰 Around the Cyber World Attackers Leverage PyInstaller to Drop Infostealers on Macs — Attackers are using PyInstaller to deploy information stealers on macOS systems. These ad-hoc signed samples bundle Python code into Mach-O executables using PyInstaller, allowing them to be run without requiring Python to be installed or meet version compatibility requirements. "As infostealers continue to become more prevalent in the macOS threat landscape, threat actors will continue the search for new ways to distribute them," Jamf said. "While the use of PyInstaller to package malware is not uncommon, this marks the first time we've observed it being used to deploy an infostealer on macOS." Kosovo National Extradited to the U.S. for Running BlackDB.cc — A 33-year-old Kosovo national named Liridon Masurica has been extradited to the United States to face charges of running an online cybercrime marketplace active since 2018. He has been charged with five counts of fraudulent use of unauthorized access devices and one count of conspiracy to commit access device fraud. If convicted on all counts, Masurica faces a maximum penalty of 55 years in federal prison. He was taken into custody by authorities in Kosovo on December 12, 2024. Masurica is alleged to be the lead administrator of BlackDB.cc from 2018 to the present. "BlackDB.cc illegally offered for sale compromised account and server credentials, credit card information, and other personally identifiable information of individuals primarily located in the United States," the Justice Department said. "Once purchased, cybercriminals used the items purchased on BlackDB.cc to facilitate a wide range of illegal activity, including tax fraud, credit card fraud, and identity theft." Former BreachForums Admin to Pay $700k in Healthcare Breach — Conor Brian Fitzpatrick, aka Pompompurin, a former administrator of the BreachForums cybercrime forum, will forfeit roughly $700,000 in a civil lawsuit settlement related to Nonstop Health, a health insurance company whose customer data was posted for sale on the forum in 2023. Fitzpatrick was sentenced to time served last year, but he went on to violate the terms of his release. He is set to be resentenced next month. Tor Announces Oniux for Kernel-Level Tor Isolation — The Tor project has announced a new command-line utility called oniux that provides Tor network isolation for third-party applications using Linux namespaces. This effectively creates a fully isolated network environment for each application, preventing data leaks even if the app is malicious or misconfigured. "Built on Arti, and onionmasq, oniux drop-ships any Linux program into its own network namespace to route it through Tor and strips away the potential for data leaks," the Tor project said. "If your work, activism, or research demands rock-solid traffic isolation, oniux delivers it." DoJ Charges 12 More in RICO Conspiracy — The U.S. Department of Justice announced charges against 12 more people for their alleged involvement in a cyber-enabled racketeering conspiracy throughout the United States and abroad that netted them more than $263 million. Several of these individuals are said to have been arrested in the U.S., with two others living in Dubai. They face charges related to RICO conspiracy, conspiracy to commit wire fraud, money laundering, and obstruction of justice. The defendants are also accused of stealing over $230 million in cryptocurrency from a victim in Washington D.C. "The enterprise began no later than October 2023 and continued through March 2025," the Justice Department said. "It grew from friendships developed on online gaming platforms. Members of the enterprise held different responsibilities. The various roles included database hackers, organizers, target identifiers, callers, money launderers, and residential burglars targeting hardware virtual currency wallets." The attacks involved database hackers breaking into websites and servers to obtain cryptocurrency-related databases or acquiring databases on the dark web. The miscreants then determined the most valuable targets and cold-called them, using social engineering to convince them their accounts were the subject of cyber attacks and that they were helping them take steps to secure their accounts. The end goal of these attacks was to siphon the cryptocurrency assets, which were then laundered and converted into fiat U.S. currency in the form of bulk cash or wire transfers. The money was then used to fund a lavish lifestyle for the defendants. "Following his arrest in September 2024 and continuing while in pretrial detention, Lam is alleged to have continued working with members of the enterprise to pass and receive directions, collect stolen cryptocurrency, and have enterprise members buy luxury Hermes Birkin bags and hand-deliver them to his girlfriend in Miami, Florida," the agency said. ENISA Launches EUVD Vulnerability Database — The European Union launched a new vulnerability database called the European Vulnerability Database (EUVD) to provide aggregated information regarding security issues affecting various products and services. "The database provides aggregated, reliable, and actionable information such as mitigation measures and exploitation status on cybersecurity vulnerabilities affecting Information and Communication Technology (ICT) products and services," the European Union Agency for Cybersecurity (ENISA) said. The development comes in the wake of uncertainty over MITRE's CVE program in the U.S., after which the U.S. Cybersecurity and Infrastructure Security Agency (CISA) stepped in at the last minute to extend their contract with MITRE for another 11 months to keep the initiative running. 3 Information Stealers Detected in the Wild — Cybersecurity researchers have exposed the workings of three different information stealer malware families, codenamed DarkCloud Stealer, Chihuahua Stealer, and Pentagon Stealer, that are capable of extracting sensitive data from compromised hosts. While DarkCloud has been advertised in hacking forums as early as January 2023, attacks distributing the malware have primarily focused on government organizations since late January 2025. DarkCloud is distributed as AutoIt payloads via phishing emails using PDF purchase order lures that display a message claiming their Adobe Flash Player is out of date. Chihuahua Stealer, on the other hand, is a .NET-based malware that employs an obfuscated PowerShell script shared through a malicious Google Drive document. First discovered in March 2025, Pentagon Stealer makes use of Golang to realize its goals. However, a Python variant of the same stealer was detected at least a year prior when it was propagated via fake Python packages uploaded to the PyPI repository. Kaspersky Outlines Malware Trends for Industrial Systems in Q1 2025 — Kaspersky revealed that the percentage of ICS computers on which malicious objects were blocked in Q1 2025 remained unchanged from Q4 2024 at 21.9%. "Regionally, the percentage of ICS computers on which malicious objects were blocked ranged from 10.7% in Northern Europe to 29.6% in Africa," the Russian security company said. "The biometrics sector led the ranking of the industries and OT infrastructures surveyed in this report in terms of the percentage of ICS computers on which malicious objects were blocked." The primary categories of detected malicious objects included malicious scripts and phishing pages, denylisted internet resources, and backdoors, and keyloggers. Linux Flaws Surge by 967% in 2024 — The number of newly discovered Linux and macOS vulnerabilities increased dramatically in 2024, rising by 967% and 95% in 2024. The year was also marked by a 96% jump in exploited vulnerabilities from 101 in 2023 to 198 in 2024, and an unprecedented 37% rise in critical flaws across key enterprise applications. "The total number of software vulnerabilities grew by 61% YoY in 2024, with critical vulnerabilities rising by 37.1% – a significant expansion of the global attack surface and exposure of critical weaknesses across diverse software categories," Action1 said. "Exploits spiked 657% in browsers and 433% in Microsoft Office, with Chrome leading all products in known attacks." But in a bit of good news, there was a decrease in remote code execution vulnerabilities for Linux (-85% YoY) and macOS (-44% YoY). Europol Announces Takedown of Fake Trading Platform — Law enforcement authorities have disrupted an organized crime group that's assessed to be responsible for defrauding more than 100 victims of over €3 million ($3.4 million) through a fake online investment platform. The effort, a joint exercise conducted by Germany, Albania, Cyprus, and Israel, has also led to the arrest of a suspect in Cyprus. "The criminal network lured victims with the promise of high returns on investments through a fraudulent online trading platform," Europol said. "After the victims made initial smaller deposits, they were pressured to invest larger amounts of money, manipulated by fake charts showing fabricated profits. Criminals posing as brokers used psychological tactics to convince the victims to transfer substantial funds, which were never invested but directly pocketed by the group." Two other suspects were previously arrested from Latvia in September 2022 as part of the multi-year probe into the criminal network. New "defendnot" Tool Can Disable Windows Defender — A security researcher who goes by the online alias es3n1n has released a tool called "defendnot" that can disable Windows Defender by means of a little-known API. "There's a WSC (Windows Security Center) service in Windows which is used by antiviruses to let Windows know that there's some other antivirus in the hood and it should disable Windows Defender," the researcher explained. "This WSC API is undocumented and furthermore requires people to sign an NDA with Microsoft to get its documentation." Rogue Communication Devices Found in Some Chinese Solar Power Inverters — Reuters reported that U.S. energy officials are reassessing the risk posed by Chinese-made solar power inverters after unexplained communication equipment was found inside some of them. The rogue components are designed to provide additional, undocumented communication channels that could allow firewalls to be circumvented remotely, according to two people familiar with the matter. This could then be used to switch off inverters remotely or change their settings, enabling bad actors to destabilize power grids, damage energy infrastructure, and trigger widespread blackouts. Undocumented communication devices, including cellular radios, have also been found in some batteries from multiple Chinese suppliers, the report added. Israel Arrest Suspect Behind 2022 Nomad Bridge Crypto Hack — Israeli authorities have arrested and approved the extradition of a Russian-Israeli dual national Alexander Gurevich over his alleged involvement in the Nomad Bridge hack in August 2022 that allowed hackers to steal $190 million. Gurevich is said to have conspired with others to execute an exploit for the bridge's Replica smart contract and launder the resulting proceeds through a sophisticated, multi-layered operation involving privacy coins, mixers, and offshore financial entities. "Gurevich played a central role in laundering a portion of the stolen funds. Blockchain analysis shows that wallets linked to Gurevich received stolen assets within hours of the bridge breach and began fragmenting the funds across multiple blockchains," TRM Labs said. "He then employed a classic mixer stack: moving assets through Tornado Cash on Ethereum, then converting ETH to privacy coins such as Monero (XMR) and Dash." Using V8 Browser Exploits to Bypass WDAC — Researchers have uncovered a sophisticated technique that leverages vulnerable versions of the V8 JavaScript engine to bypass Windows Defender Application Control (WDAC). "The attack scenario is a familiar one: bring along a vulnerable but trusted binary, and abuse the fact that it is trusted to gain a foothold on the system," IBM X-Force said. "In this case, we use a trusted Electron application with a vulnerable version of V8, replacing main.js with a V8 exploit that executes stage 2 as the payload, and voila, we have native shellcode execution. If the exploited application is whitelisted/signed by a trusted entity (such as Microsoft) and would normally be allowed to run under the employed WDAC policy, it can be used as a vessel for the malicious payload." The technique builds upon previous findings that make it possible to sidestep WDAC policies by backdooring trusted Electron applications. Last month, CerberSec detailed another method that employs WinDbg Preview to get around WDAC policies. 🎥 Cybersecurity WebinarsDevSecOps Is Broken — This Fix Connects Code to Cloud to SOC Modern applications don't live in one place—they span code, cloud, and runtime. Yet security is still siloed. This webinar shows why securing just the code isn't enough. You'll learn how unifying AppSec, cloud, and SOC teams can close critical gaps, reduce response times, and stop attacks before they spread. If you're still treating dev, infra, and operations as separate problems, it's time to rethink. 🔧 Cybersecurity Tools Qtap → It is a lightweight eBPF tool for Linux that shows what data is being sent and received—before or after encryption—without changing your apps or adding proxies. It runs with minimal overhead and captures full context like process, user, and container info. Useful for auditing, debugging, or analyzing app behavior when source code isn't available. Checkov → It is a fast, open-source tool that scans infrastructure-as-code and container packages for misconfigurations, exposed secrets, and known vulnerabilities. It supports Terraform, Kubernetes, Docker, and more—using built-in security policies and Sigma-style rules to catch issues early in the development process. TrailAlerts → It is a lightweight, serverless AWS-native tool that gives you full control over CloudTrail detections using Sigma rules—without needing a SIEM. It's ideal for teams who want to write, version, and manage their own alert logic as code, but find CloudWatch rules too limited or complex. Built entirely on AWS services like Lambda, S3, and DynamoDB, TrailAlerts lets you detect suspicious activity, correlate events, and send alerts through SNS or SES—without managing infrastructure or paying for unused capacity. 🔒 Tip of the Week Catch Hidden Threats in Files Users Trust Too Much → Hackers are using a quiet but dangerous trick: hiding malicious code inside files that look safe — like desktop shortcuts, installer files, or web links. These aren't classic malware files. Instead, they run trusted apps like PowerShell or curl in the background, using basic user actions (like opening a file) to silently infect systems. These attacks often go undetected because the files seem harmless, and no exploits are used — just misuse of normal features. To detect this, focus on behavior. For example, .desktop files in Linux that run hidden shell commands, .lnk files in Windows launching PowerShell or remote scripts, or macOS .app files silently calling terminal tools. These aren't rare anymore — attackers know defenders often ignore these paths. They're especially dangerous because they don't need admin rights and are easy to hide in shared folders or phishing links. You can spot these threats using free tools and simple rules. On Windows, use Sysmon and Sigma rules to alert on .lnk files starting PowerShell or suspicious child processes from explorer.exe. On Linux or macOS, use grep or find to scan .desktop and .plist files for odd execution patterns. To test your defenses, simulate these attack paths using MITRE CALDERA — it's free and lets you safely model real-world attacker behavior. Focusing on these overlooked execution paths can close a major gap attackers rely on every day. Conclusion The headlines may be over, but the work isn't. Whether it's rechecking assumptions, prioritizing patches, or updating your response playbooks, the right next step is rarely dramatic—but always decisive. Choose one, and move with intent. Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.