A (0:01)

Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at meter.com CST Wikipedia worm exploits user scripts hacktivists leak ICE contractor data the FBI and Europol shut down Leakbase, a cybercrime forum. This is Cybersecurity Today. I'm your host Jim Love. Wikipedia administrators had to respond this week to a self propagating JavaScript worm that briefly spread across the site, vandalizing pages by abusing the platform's own scripting features. The attack began when a single editor account inserted malicious JavaScript into a user script file. Investigators don't know yet whether that edit was intentional or accidental, but the code quickly began to spread. According to reporting from Bleeping Computer, the script appears to have originated from code seen on the Russian language version of Wikipedia. To understand how this worked, you have to know a little bit about how Wikipedia customizes its editing interfaces. Editors can create personal JavaScript files user JS scripts that modify how the site behaves for them. There are also shared or global script files that can affect more pages across the platform. The worm first inserted itself into an individual JS script when another logged in editor viewed an infected page. The JavaScript executed inside their browser and used their authenticated session to automatically edit other pages, copying the malicious code into additional script files. In some cases, it also modified global scripts, which helped extend the spread. Administrators moved quickly to contain the problem. They temporarily restricted edits, reverted affected JavaScript files to earlier versions, suppressed the vandalized edits, and replaced compromised user script files that stopped the propagation and restored normal operation. The worm now appears to be contained, but administrators are still reviewing the edits and the account that introduced the script. And as is often the case with incidents like this, the real lessons will likely come in the postmortem that Wikipedia's maintainers are expected to release once their investigation is complete. Once again, you can learn about it on Wikipedia. A hacktivist group is claiming responsibility for a breach involving data tied to contractors working with U.S. immigration enforcement. But the way the data was released could also give investigators a trail to follow. The group calling itself the Department of Peace said it obtained internal records connected to the U.S. department of Homeland Security's Office of Industry Partnership, which manages relationships with companies that work with Immigration and Customs Enforcement, better known as ICE. According to reporting from TechRepublic, the data set contains information tied to 6,681 organizations that applied for ICE related contracts, including major technology and defense firms such as Microsoft, Oracle, Palantir Technologies, Raytheon Technologies, Anduril industries and and L3Harris Technologies. The hackers released the records through Distributed Denial of Secrets, a transparency collective that publishes leaked data sets. In a message quoted by Tech Republic, the hackers explained their motive, saying they wanted to expose companies involved in the immigration enforcement and make the hidden infrastructure of deportation visible. For investigators, however, the public claim of responsibility may work both ways. Hacktivist campaigns that publish statements, release data sets and use public platforms often leave digital breadcrumbs that law enforcement can use to identify participants. For now, the U.S. department of Homeland Security has not confirmed the breach or verified the authenticity of the data set, and investigators are still working to determine whether the files came from a compromised system or or another source. And finally, our Friday Good Guys segment. In one of those moments when the good guys get a win, international law enforcement has dismantled a major cybercrime forum known as Leak Base, a site used by criminals to distribute stolen data. The operation involved the Federal Bureau of Investigation working with Europol and multiple international partners. Leak Base has been operating since 2021, maintaining a constantly updated archive of breached databases ranging from older leaks to newly compromised data. According to Europol, by December 2025, the forum had more than 142,000 registered users, along with roughly 32,000 posts and over 215,000 private messages highlighting just how widely the platform was used in the cybercrime ecosystem. On March 3, authorities launched coordinated actions around the world that included arrests, house searches, and about 100 investigative actions targeting 37 of the forum's most active users. The following day, investigators seized the leak based domain and replaced it with a law enforcement noticed effectively shutting down the site. But the real value of the operation may come from what investigators recovered. Authorities seized the forum's entire database, giving them access to user accounts, communications and operational data that can help de anonymize participants who believe they were operating safely behind aliases. In an unusual move, investigators also use the forum's own communication channels to to contact suspects directly, sending messages to warn them that law enforcement now had access to all of the platform's records. The forum itself is now offline, but with that database in hand, the investigation is likely far from over. As we've seen in previous takedowns, the real wave of arrests often comes months later, once investigators finish mapping the network of users behind a marketplace like this. Sometimes the good guys really do win. And that's our show Join us if you can for the month in review this Saturday we'll be covering a lot of the key stories from this month and there been a lot with our all star panel and some new guests as well. You can catch us anytime after early Saturday morning. And finally, we'd like to thank our sponsor, Meter for their support in bringing you this podcast. Meter delivers full stack networking infrastructure, wired, wireless and cellular to leading enterprises. Working with their partners, Meter designs, deploys and manages everything required to get performant, reliable and secure connectivity in a space. They design the hardware, the firmware, build the software, manage deployments and run support. It's a single integrated solution that scales from branch offices to warehouses to large campuses, all the way to data centers. Book a demo@meter.com CST that's M E T E R.com CST I'm your host, Jim Love. Thanks for listening.