REcon is a computer security conference with a focus on reverse engineering and advanced exploitation techniques. It is held annually in Montreal, Canada.
-Windows 10 reaches End-of-Life -CISA layoffs didn't touch cyber personnel -US seizes $15 billion from cyber scam compound operator -Secure Boot bypass impacts 200k Framework systems -German police take down 1,400 scam sites -South Korea to investigate KT for obstruction over a breach -Ansell, Harvard breached -5CA denies role in Discord hack -Unity shop got skimmed -4chan fined in the UK -Calls to investigate TikTok in the UK
-Firmware update bricks Jeeps -Firefox 144 changes login storage encryption -Also get a VPN -California regulates AI -UK Crypt-Key goes live -Taiwan warns of "abnormal" social media accounts -China offers reward for Taiwan's psychological warfare unit -Australia, UK publish annual cyber threat reports -SonicWall SSLVPN mass-compromise -Another surveillance provider exposed (Cyber WAP) -TA585 profile -Analysis of Oct 7 DDoS attacks -Venezuela ran info-ops in Ecuador
-New UAC-0239 and UNC-RUS-ZIC APTs -Patch Tuesday is out -3 Microsoft zero-days -RMPocalypse attack -Pixnapping attack -LatentBreak attack -Half of satellite traffic is unencrypted -LevelBlue acquires Cybereason
I read the article about UNC-RUS-ZIC when it came out. It seems highly suspect to me. The attribution is vague at best, the other "details" are merely four-line paragraphs _devoid of details_. What made you chose this article for the newsletter?
25-cr-312_indictment.pdf BROOKLYN, NY - An indictment was unsealed today in federal court in Brooklyn charging Chen Zhi, also known as “Vincent,” the founder and chairman of Prince Holding Group (Prince Group), a multinational business conglomerate b…
Chinese authorities have issued bounties for 18 Taiwanese military members.
Police in China's Fujian province claim the 18 are part of Taiwan's "psychological warfare unit" that spread disinformation and propaganda on Taiwan's independence
Die Generalstaatsanwaltschaft Karlsruhe, das Landeskriminalamt Baden-Württemberg und die Finanzaufsicht BaFin informieren über einen Schlag gegen international agierende Cyberkriminelle.
Strange, I saw no mention of this in the Bulgarian news outlets I'm following...
BTW, 86k-per-day requests to a web site (most of them automated) is nothing special. Literally *anything* running on *any* port (not just 80 or 443) will get HTTP GET requests quite often.
-CVE-2025-24990 — Windows Agere Modem Driver Elevation of Privilege Vulnerability -CVE-2025-59230 — Windows Remote Access Connection Manager Elevation of Privilege Vulnerability -CVE-2025-47827 — Secure Boot bypass in IGEL OS before 11
I just realized this might screw up a lot of infostealers in the coming weeks. Chrome also does this regularly. Let's see how quick they adapt this time.
Researchers pointed a satellite dish at the sky for 3 years and monitored what unencrypted data it picked up. The results were shocking: They obtained thousands of T-Mobile users' phone calls and texts, military and law enforcement secrets, much more: 🧵👇wired.com/story/satellites-are…
"Pixnapping is a new class of attacks that allows a malicious Android app to stealthily leak information displayed by other Android apps or arbitrary websites."
Tested to steal data from Gmail, Google Accounts, Signal, Google Authenticator, Venmo, and Google Maps
“Pixnapping forces sensitive pixels into the rendering pipeline and overlays semi-transparent activities on top of those pixels via Android intents. To induce graphical operations on these pixels, our instantiations use Android’s window blur API. To measure rendering time, our instantiations use VSync callbacks.”
Security firm DarkTower has discovered four different Telegram emoji packs that contain bank logos and are likely used in cybercrime channels as a way to order phishing pages.
Trevor Wilson Introduction A Telegram Emoji Pack is a collection of custom static or animated images that users can add to the messenger to personalize their communication.
-Nigerian scammer arrested in Argentina -Scam compound raided in Cambodia -PowerSchool hacker sentencing is this week -Spain arrests major phishing provider -RDP attack wave targets US -Aisuru botnet gets US-heavy -New Brotherhood leak site -New ChaosBot and ClayRat malware -New APT35 leaks -DPRK IT workers now target architects -New Gladinet zero-day -New Oracle EBS bug -NSO has US owners now
Is 'don't use InTune because the authors have no idea what the principle of least privilege means, put a huge pile of things that handle untrusted code in high-privilege modes, and then tell you "it's a management system not a security system, don't use it for security" when you object to it being rolled out across all devices' one of them?
El sospechoso está acusado de ser uno de los líderes de una organización internacional dedicada a las estafas virtuales que se hizo de un botín de US$8.000.000
Trend Micro's ZDI has reported 13 vulnerabilities in the Ivanti Endpoint Manager that are still unpatched after the vendor requested an extension until March next year
Telegram founder and general a-hole Pavel Durov, whose IM network hosts hundreds of groups where info-ops coordinate their activity and pay for content, is annoyed that democracies are fighting back against the damage he, personally, has helped usher in in many autocratic regimes
The US, the UK, and the EU are gradually implementing shit they used to criticize China, Russia, and Iran for. Global surveillance, censorship, imprisoning people for their speech, cancel culture, Internet fragmentation, etc.
I haven't seen any evidence that Pavel Durov is an arsehole.
If you're going to post takes like this, please elaborate on whether you would want the same measures Durov describes being enacted against Mastodon.
The line of reasoning that goes 'this encrypted app hosts <bad content>' is exactly the line authoritarians of all stripes use to shut down any form of free internet.
Also he's using mildly right-coded speech, but so what, he's correct.
What repercussions has the ransomware attack had on the people in your IT/cybersecurity team, if any?
...I can't imagine a ransomware attack not resulting in just a tiny bit of "increased pressure" from senior leaders.
"Oh, we're under a ransomware attack? Not to worry, all in good time, folks. No need to work overtime, we'll get around to fixing things eventually."
I'm not sure I'd be able to respond to the question without clarification. Are they talking about increased pressure during the attack, or increased pressure after the next quarterly financial report? Constant pressure or only while stuff is on fire?
-EU scraps Chat Control vote -Ukraine establishes a Cyber Force -CISA workers reassigned to immigration enforcement -Teenagers arrested for Kido hack -Salesforce will not pay the ransom -US Court halts FCC data breach rules -California enacts tracking opt-out law -China cleanses its internet of bad feelings -All MySonicWall customers impacted by recent breach -Discord breach impacted only 70k -Kasatkin case starts in France
Profitez des vidéos et de la musique que vous aimez, mettez en ligne des contenus originaux, et partagez-les avec vos amis, vos proches et le monde entier.
Trend Micro says that a botnet named RondoDox that launched earlier this year has grown to a massive size and is now exploiting more than 50 vulnerabilities across 30+ different vendors
Trend™ Research and ZDI Threat Hunters have identified a large-scale RondoDox botnet campaign exploiting over 50 vulnerabilities across more than 30 vendors, including flaws first seen in Pwn2Own contests.
The first hearing in the case of Daniil Kasatkin, the Russian basketball player accused to be part of the Conti ransomware group, took place yesterday. Notes from the hearing are below:
Recent Nezha abuse linked to an unnamed Chinese APT
"What began with a creative way to drop a web shell onto the system quickly escalated into a multi-stage attack that demonstrated a clear focus on stealth and persistence. Tools, malware, IP addresses, domains, and victim demographics all appear to point towards a capable China-nexus threat actor who has been underreported on."
Beginning in mid-2025, Huntress discovered a new tool being used to facilitate webserver intrusions known as Nezha, which up until now hasn’t been publicly reported on.
System Adminihater
in reply to Catalin Cimpanu • • •Catalin Cimpanu
in reply to System Adminihater • • •@systemadminihater Those are Google app notifications
Phishers can't spoof them
⁉️
in reply to Catalin Cimpanu • • •dangerous, it gives G**gle even more data for profiling, drawing connections of trust.
Sebastian Fourier
in reply to Catalin Cimpanu • • •