LodeHQSubscribe →

Six U-Boot bugs, GodDamn driver, 1M SSNs leak

Infosec · 2026-07-11

Vulnerabilities & Exploits
Six U‑Boot FIT Bugs Enable Firmware Takeover or Device Crash3 MIN

Binarly uncovered six new flaws in the U‑Boot bootloader’s FIT signature verification, four causing denial‑of‑service crashes and two permitting arbitrary code execution before the OS loads. The bugs affect releases back to 2013, putting routers, BMCs, IoT gear and servers at risk of stealthy firmware attacks.

Threats & Malware
GodDamn ransomware leverages signed PoisonX driver to blind EDR3 MIN

The GodDamn ransomware, a fresh rebrand of the Beast family, hijacks a Microsoft‑signed PoisonX driver to disable endpoint security tools. Coupled with AnyDesk remote access and a NirSoft credential‑harvesting suite, it lets attackers move laterally and encrypt data with little resistance.

Breaches & Industry News
Puerto Rico Tax Agency Leaked 1 Million SSNs via Public Property Map4 MIN

The Municipal Revenue Collection Center’s online property map unintentionally exposed the Social Security numbers of about 1 million residents. Researchers showed that anyone could pull the data without authentication, forcing the agency to patch the flaw after denial of any breach. The incident highlights chronic cybersecurity gaps in Puerto Rico’s government infrastructure.

Puerto Rico Tax Agency Leaked 1 Million SSNs via Public Property Map4 MIN

The Municipal Revenue Collection Center’s online property map unintentionally exposed the Social Security numbers of about 1 million residents. Researchers showed that anyone could pull the data without authentication, forcing the agency to patch the flaw after denial of any breach. The incident highlights chronic cybersecurity gaps in Puerto Rico’s government infrastructure.

Privacy, Policy & Governance
Transsion phones silently leak full app activity and location to China11 MIN

Researchers reverse‑engineered Transsion’s Athena telemetry stack on TECNO, Infinix and itel phones and found it streams every app’s network activity, precise location, foreground app and camera usage to a Chinese server, tied to permanent IDs. The encryption keys are hard‑coded, making the data trivially decryptable, exposing a continent‑wide privacy breach.

Get Infosec in your inbox, every issue.
Subscribe free
Privacy · Terms · About · Contact
© 2026 LodeHQ