WaPo reporter account got hacked
-suspected APT
-targeted MSFT accounts
-targeted natsec and economic policy reporters
-breach discovered Thursday
-staff notified today
reshared this
CISA has asked organizations to install firmware updates or restrict access to pan-tilt-zoom security cameras from four vendors
Firmware updates are only available for PTZOptics camera models.
ValueHD, multiCAM, and SMTAV have failed to reply to security researchers
reshared this
The admin of the biggest Facebook group dedicated to Romanian SMBs has turned into an AI edgelord and he's ruining all topics and conversations.
You have to be an AI stan or you're getting banned... AI can do no evil in his eyes and we're all wrong.
[grabs popcorn] for community pushback posts 😂
reshared this
Come avere successo su Mastodon e guadagnare soldi con Mastodon: questi sono i 20 consigli segreti di “FediversoFaSchifo”
In tanti mi hanno chiesto insistentemente consigli su come avere un account di successo e siccome sono l’unico in grado di rispondere a questa domanda, ho deciso di scrivere un post che anche l’utente medio di Mastodon è in grado di capire.
Mi hanno chiesto anche si spiegare come avere successo con un account Misskey, ma purtroppo non sono esperto di fumetti pedopornografici giapponesi, quindi no, non saprei esservi d’aiuto. Se usate Friendica invece ho il consiglio giusto: passate a Mastodon.
Ecco invece i 20 consigli segreti e sperimentati che devi seguire per avere successo su Mastodon con il tuo account Mastodon
Come avere successo su Mastodon:
- curare la descrizione del profilo: anche se tutti sanno che non esistono donne su Mastodon, presentati possibilmente come una donna giovane e con la passione per qualche sport. Aggiungi un gatto o un cane nella foto, ma niente figli. Ricorda a tutti della tua neurodivergenza: sarà un’ottimo argomento di conversazione
- scrivere un post lecchino e pieno di piaggeria e lodi verso gli amministratori: loro te lo ricondivideranno e ti risponderanno e questo crea engagement
- scrivere un post vittimista contro GAFAM e Twitter/Facebook a favore di Mastodon. Se raggiunge almeno 10 condivisioni, fissalo in cima alla tua timeline
- se hai fatto una donazione, scrivilo, fornisci motivazioni ideologiche e ringrazia gli amministratori: loro ricondivideranno il tuo profilo e tu avrai visibilità; meglio ancora se aggiungi che hai fatto una donazione malgrado i tuoi problemi economici (lacrimuccia)
- non parlare mai della morte dei tuoi cari/amici/animali, ma limiti a parlare della loro malattia; come sanno bene i venditori di rimedi miracolosi, la malattia crea coinvolgimento, la morte no.
- parlare malissimo della destra, perché sta sul cazzo a tutti in maniera indistinta, ma ATTENZIONE: non parlare mai bene della sinistra, perché anche la sinistra sta sul cazzo a tutti, ma a ognuno in modo diverso (semicit)
- scopiazza le notizie dall’estero e traducile come viene: @informapirata non ha mai fatto nient’altro e lui ha 7000 follower, mentre io ce ne ho 355 e ne ho guadagnato 200 quando ho tradotto un post dall’inglese
- se hai deciso di essere una donna, prendi posizioni antifemministe: i maschietti adorano le donne maschiliste
- parlare male di mastodon uno per raccogliere le reazioni dei disagiati, ma ATTENZIONE: fallo solo se non sei iscritto a mastodon uno, altrimenti sarai bannato senza alcuna pietà
- se sei stato bannato senza pietà da mastodon uno, non preoccuparti: iscriviti su sociale network, menziona @gubi e lamentati del fatto che sei stato bannato. Aggiungi dettagli raccapriccianti anche se inventati (esempio: “ho parlato contro la strage di Gaza e mi hanno bannato per antisemitismo”; “ho problemi economici e mi hanno bannato perché non ho fatto donazioni”; “ho detto che non mi piacciono i nudi e mi hanno inviato un cazzo in PVT, ed era pure piccolo”, etc), tanto l’amministratore di sociale network li prenderà comunque per buoni e ricondividerà i tuoi messaggi
- se sei stato bannato da Mastodon uno e ora sei in un’istanza sfigata come bida, puntarella, devianze e poliversity, partecipa attivamente alle discussioni su #chiesebrutte, cose di #taglioecucito, #cucinaveg e musica rinascimentale suonata con strumenti improbabili e temperamenti molesti per l’orecchio umano. E ricordati di parlare male di mastodon uno perché tanto queste sono le uniche cose che ti daranno gratificazione
- se ti trovi su livellosegreto, usa almeno degli avvisi di contenuto intriganti: tanto devi mettere il content warning ogni volta che non parli di videogiochi
- pubblicare meme che sembrano da nerd, possibilmente riciclati da Reddit
- mostrare ogni tanto qualche foto del culo o della scollatura: Mastodon è sessualmente represso e per i suoi utenti ogni centimetro di pelle è un raggio di sole e una scarica di noradrenalina
- non seguire i VIP perché non sono simpatici: @quinta quasi sicuramente ti odia perché sei un comunista di merda, @marcocappato non ti darà neanche un passaggio, @giuliocavalli non ti si inculerà neanche con un wurstel, @phastidio è stronzo qui come su twitter e @smaurizi è sempre di cattivo umore: e no, neanche @sio su Mastodon è veramente simpatico e se gli scrivi non ti si caga di pezza. Ok @ildisinformatico è un’eccezione, ma solo perché non è italiano
- seguire solo persone attive nelle ultime 24 ore; e se non vi seguono a loro volta mandatele affanculo perché vuol dire che non vi si cagheranno mai
- rispondere solo alle persone che di solito rispondono; e se non vi rispondono mandatele affanculo perché vuol dire che non vi si cagheranno mai
- menzionare solo le persone che di solito rispondono; e se non vi rispondono mandatele affanculo perché vuol dire che non vi si cagheranno mai
- seguire tutti i consigli precedenti per creare altri due o tre account per istanza, così create rumore e almeno vi rispondete da soli
Come guadagnare soldi con Mastodon:
- chiudi il tuo account e vai a lavorar, terùn!
reshared this
si, confermo che sei proprio tu il pirla della foto 😂
@informapirata @gubi @quinta @marcocappato @giuliocavalli @phastidio @smaurizi @sio @ildisinformatico
Eleonora reshared this.
The European Union is investing €145.5 million to boost the cybersecurity posture of EU hospitals and healthcare providers
The money will go to two programs:
-Horizon Europe Programme (€90.5mil)
-Digital Europe Programme (€50mil)
digital-strategy.ec.europa.eu/…
EU allocates €145.5 million to boost European cybersecurity, including for hospitals and healthcare providers
The European Commission is making available €145.5 million to empower small and medium-sized enterprises and public administrations in deploying cybersecurity solutions and adopting the results of cybersecurity research.Shaping Europe’s digital future
reshared this
The EU's cybersecurity agency ENISA has published an interactive map showing each member's implementations of national cybersecurity strategies and their status
enisa.europa.eu/topics/nationa…
National Cyber Security Strategies | ENISA
ENISA is the EU agency dedicated to enhancing cybersecurity in Europe. They offer guidance, tools, and resources to safeguard citizens and businesses from cyber threats.www.enisa.europa.eu
reshared this
Security researcher Vsevolod Kokorin has abused a new browser technology named credentialless iframes for a new way to execute XSS attacks
blog.slonser.info/posts/make-s…
developer.mozilla.org/en-US/do…
IFrame credentialless - Security | MDN
IFrame credentialless provides a mechanism for developers to load third-party resources inMDN Web Docs
reshared this
Ukraine's military intelligence agency GUR has allegedly hacked Russian internet service provider Orion Telecom
GUR hackers allegedly disabled 370 servers and 500 network switches and wiped backup servers
reshared this
-Predator spyware alive despite US sanctions
-Paragon spyware used a zero-click iOS zero-day
-28 OAGs sue 23andMe
-South Korea’s largest online bookstore gets ransomwared
-Another CISA leadership departure
-Europol complains about E2EE again
-CNIL draft targets email tracking pixels
-Meta sues nudify app maker
-Privacy groups protest against STOP CSAM Act
-Academics say govts should launch period tracking apps
Podcast: risky.biz/RBNEWS437/
Newsletter: news.risky.biz/risky-bulletin-…
Risky Bulletin: Predator spyware alive despite US sanctions
In other news: Paragon spyware used a zero-click iOS zero-day; 28 OAGs sue 23andMe; and major week for law enforcement actions.Catalin Cimpanu (Risky.Biz)
reshared this
-New DDoS against Russian Railways DDoS
-DDoS attack hit Sweden
-Hack costs Victoria's Secret $10mi
-RCMP lost an USB with informant names
-Dutch police identify Cracked[.]io users
-Interpol takes down infostealer infra
-Scammers detained across SE Asia
-Turkiye detains 400+ on cybercrime charges
-China spies on Airbus
-Sextortionist pleads guilty
-Proxy provider linked to DDoS attacks
-ConnectWise rotates certs over security
-Threat actors abuse dead Discord invite link
-New Teamxxx, Warlock, and Walocker ransomware gangs
-Malware reports on BrowserVenom, CyberEye, Pickai, Myth Stealer, Fog
-Campaign places keyloggers on Exchange login pages
-EchoLeak zero-click Copilot vulnerability
-TokenBreak attack
-Thunderbird patches bug that leaked Windows credentials
-GitHub Device Code Phishing
-Major Magento bug warning
An Intelligence Online report claims that a small Chinese telecommunications company deployed an unauthorized antenna near Airbus sites in an apparent attempt to spy on Airbus and French satellites
reshared this
There's a bug in Discord that lets threat actors exploit and hijack expired or deleted Discord invite links and redirect users to malware
research.checkpoint.com/2025/f…
The Discord Invite Loop Hole Hijacked for Attacks - Check Point Research
Learn how Discord's invite links are hijacked and reused to redirect users to harmful servers in place of trusted communitiesalexeybu (Check Point Research)
reshared this
The Stryker mobile pen-testing app is now free: t.me/strykerapp/518
Learn how to use it from Lukas Stefanko, an expert in Android malware and reverse engineering: mobile-hacker.com/2025/06/12/s…
Stryker App Goes Free: The Ultimate Mobile Pentesting Toolkit
Stryker is a powerful mobile app that transforms your Android device into a pentesting workspace. Designed to help you test networks and devices for common vulnerabilities without requiring specialized skills or extensive knowledgemh (Mobile Hacker)
reshared this
New Predator spyware infrastructure discovered... now in Mozmbique for the first time
recordedfuture.com/research/pr…
Predator Still Active, with New Client and Corporate Links Identified
Despite sanctions and global scrutiny, Predator spyware operations persist. Insikt Group reveals new infrastructure links in Mozambique, Africa, and Europe, highlighting ongoing threats to civil society and political targets.Insikt Group® (Recorded Future)
reshared this
Dutch police identified 126 Cracked hacking forum users, with the youngest being an 11-year-old
They filed criminal cases against 8 and warned the rest
politie.nl/nieuws/2025/juni/10…
Politie identificeert gebruikers op internationaal verdacht cyber platform
Steeds vaker worden gebruikersnamen en e-mailadressen aangetroffen op platforms waar cybercriminelen actief zijn. Denk aan de handel in hacking tools, frauduleuze refunds, combolijsten en verboden tools.www.politie.nl
reshared this
The use of E2EE apps has become an increasingly important obstacle to Europol investigations. Short metadata retention periods also impact criminal network mapping efforts.
This is the third year in a row that Europol has highlighted E2EE as a problem
europol.europa.eu/media-press/…
Steal, Deal, Repeat: Cybercriminals cash in on your data | Europol
Europol’s 2025 Internet Organised Crime Threat Assessment (IOCTA), published today, reveals how stolen data fuels the digital underworld, powering a criminal ecosystem that spans from online fraud and ransomware to child exploitation and extortion.Europol
reshared this
France's privacy watchdog is exploring the possibility of adding a consent mechanism to email tracking pixel technologies
cnil.fr/fr/consultation-publiq…
Pixels de suivi : la CNIL lance une consultation publique sur son projet de recommandation
Qu’est-ce qu’un pixel de suivi ? Les pixels de suivi (tracking pixel en anglais) sont une méthode de traçage alternative aux traceurs/cookies.www.cnil.fr
reshared this
Email tracking pixels are such a bs issue, because regardless of who the slimy party sending them is, it's always your own MUA selling you out by honoring them.
Please give us laws that make the party selling the MUA liable for the privacy breach.
RedTeam Pentesting and Synacktiv have published technical analyses of CVE-2025-33073, a new way to execute NTLM reflection attacks.
This was fixed in this month's Patch Tuesday and also works against Kerberos.
blog.redteam-pentesting.de/202…
synacktiv.com/publications/ntl…
A Look in the Mirror - The Reflective Kerberos Relay Attack
It is a sad truth in IT security that some vulnerabilities never quite want to die and time and time again, vulnerabilities that have long been fixed get revived and come right back at you. While researching relay attacks, the bane of Active …RedTeam Pentesting - Blog
reshared this
SySS has also published its analysis of CVE-2025-33073 today:
blog.syss.com/posts/kerberos-r…
Authentication coercion of machine accounts and Kerberos relaying/reflection over SMB
In this blog article, further technical details concerning the Microsoft Windows SMB security vulnerability CVE-2025-33073 are presented.Stefan Walter, Daniel Isern (SySS Tech Blog)
For the past decade, academics have explored ways of exfiltrating data from air-gapped systems using smartphones as the receivers in those attacks. New research looks at the possibility of using smartwatches instead
reshared this
Sekoia has published a report looking at the AitM phishing kit landscape, its evolution, and today's largest providers.
blog.sekoia.io/global-analysis…
Global analysis of Adversary-in-the-Middle phishing threats
Explore the 2025 landscape of Adversary-in-the-Middle phishing threats with data, trends, and top detection insights.Quentin Bourgue, Grégoire Clermont and Sekoia TDR (Sekoia.io Blog)
reshared this
A new threat actor named UNK_SneakyStrike used TrustedSec's TeamFiltration tool to enumerate Entra ID accounts and launch password-spraying attacks against 80k+ Entra ID accounts
proofpoint.com/us/blog/threat-…
Attackers Unleash TeamFiltration: Account Takeover Campaign (UNK_SneakyStrike) Leverages Popular Pentesting Tool | Proofpoint US
Key takeaways Proofpoint threat researchers have recently uncovered an active account takeover (ATO) campaign, tracked as UNK_SneakyStrike, using the TeamFiltration pentestingProofpoint
reshared this
ISC2's 2025 Cybersecurity Hiring Trends is out
isc2.org/Insights/2025/06/cybe…
2025 Cybersecurity Hiring Trends: Why Investing in Entry- and Junior-Level Talent is Key to Building a More Resilient Cybersecurity Workforce
To understand how cybersecurity hiring managers are finding success investing in entry- and junior-level roles, ISC2 surveyed 929 hiring managers across organizations of all sizes in Canada, Germany, India, Japan, the U.K. and the U.S.www.isc2.org
reshared this
The CISSP is supposed to have 5 years of experience in cyber.
It is INSANE to “require” it for an entry level or junior position.
(Yes, ISC2 has the associate CISSP for those without 5 years, but CISSP is one of ISC’s main certs, so they should be aware enough to specify if the chart was talking about associate since it is a chart they made.)
Come proteggersi durante le proteste. I dimostranti affrontano gas lacrimogeni, granate stordenti, coronavirus e sorveglianza
Come evitare che le cosiddette armi non letali provochino danni temporanei o permanenti? Come proteggere la propria identità dagli strumenti di identificazione biometrica?
Nota dell'editore (11/06/25): Ripubblichiamo questo articolo del 2020 alla luce delle recenti proteste contro i raid sull'immigrazione a Los Angeles.
Grazie a @Mike Taylor 🦕 che ha condiviso l'articolo
scientificamerican.com/article…
It's astonishing that Scientific American is having to publish an article on How Not To Be Killed By The Police, but here it is: scientificamerican.com/article…(Update: as several people have pointed out to me, this article is from 2020. Not that that makes it any better.)
How to Protect Yourself during Protests
Demonstrators face tear gas, flash bangs, coronavirus and surveillanceKaren Kwon (Scientific American)
like this
reshared this
Etica Digitale (Feddit) reshared this.
Etica Digitale (Feddit) reshared this.
-SentinelOne avoids a Chinese APT hack
-New Salt Typhoon victims uncovered
-Cyberattack disrupts grocery deliveries in the US
-Kazakhstan arrests 140 for selling citizens' data on Telegram
-New lead for FBI cyber division
-300k hit in Texas DOT breach
-Android 16 launched
-macOS to support container images
-Ofcom to investigate 4chan
-Outlook to block more file attachments
-YouTube quietly relaxed content moderation
Podcast: risky.biz/RBNEWS436/
Newsletter: news.risky.biz/risky-bulletin-…
Risky Bulletin: SentinelOne says it avoided Chinese APT hack
In other news: New Salt Typhoon victims uncovered; cyberattack disrupts grocery deliveries in the US; Kazakhstan arrests 140 for selling citizen data on Telegram.Catalin Cimpanu (Risky.Biz)
reshared this
-Grok getting blocked in corporate networks
-Gabbard pushes IC to outsource to tech sector
-Paragon and Italy cut ties
-Russia denies entry to users who wiped phones
-Five scammers plead guilty in US
-Extortionist sentenced in South Africa
-Over 40k cams expose feeds online
-Scammers target app testers
-New GhostVendors group
-New HelloTDS
-Librarian Ghouls steal data at night
-BlackSuit adopts social-engineering attacks
-Most internet scans target Git and env files
-Mirai botnet targets Wazuh SIEMs
-DanaBleed vulnerability in DanaBot exposed operator identities
-Stealth Falcon uses WebDAV zero
-Patch Tuesday is out
-Apple accused of silently patching major bug
-Two new Secure Boot bypasses found
-Google patches bug exposing users' phone numbers
-Switch 2 exploit found day one
-New Russian disinfo op launched
-New Kimsuky ops
-Guardian launches CoverDrop, secure IM whistleblowing app
Google launching Android 16 on the second day of WWDC has peak screw you energy
reshared this
This month, Microsoft patched 67 vulnerabilities, including one actively exploited zero-days—CVE-2025-33053, a WebDAV RCE discovered by Check Point
reshared this
Check Point has linked this to the Stealth Falcon APT
research.checkpoint.com/2025/s…
Stealth Falcon's Exploit of Microsoft Zero Day Vulnerability - Check Point Research
Check Point Research uncovers Stealth Falcon's cyber espionage campaign exploiting a Microsoft Zero Day Vulnerabilitysamanthar@checkpoint.com (Check Point Research)
The UK's telecommunications watchdog has started an investigation of online message board 4chan for hosting potential illegal content under the UK Online Safety Act
Prolly the easiest investigation ever
ofcom.org.uk/online-safety/ill…
Enforcing the Online Safety Act: Ofcom opens nine new investigations
Ofcom has today launched investigations into whether seven file-sharing services, 4chan and porn provider First Time Videos have failed to comply with their duties under the UK’s Online Safety Act.www.ofcom.org.uk
reshared this
A hacking group is breaching Russian companies using special malware designed to steal data only at night
The Librarian Ghouls (Rare Wolf and Rezet) uses scripts that wake up infected systems between 1AM and 5AM to steal data while employees are at home
securelist.com/librarian-ghoul…
Sleep with one eye open: how Librarian Ghouls steal data by night
According to Kaspersky, Librarian Ghouls APT continues its series of attacks on Russian entities. A detailed analysis of a malicious campaign utilizing RAR archives and BAT scripts.Kaspersky
reshared this
DanaBot had a HeartBleed-like bug for three years
Leaked all the juicy stuff, such as threat actor usernames, IP addresses, private keys, and loads more
zscaler.com/blogs/security-res…
DanaBleed: DanaBot C2 Server Memory Leak Bug
A flaw in DanaBot's C2 server code caused a memory leak that we named "DanaBleed", exposing sensitive data and offering researchers a look into DanaBot’s operations.ThreatLabz (Zscaler)
reshared this
Akamai has spotted two Mirai botnets abusing a recently patched RCE (CVE-2025-24016) in the Wazuh SIEM
akamai.com/blog/security-resea…
cvereports.com/cve-2025-24016-…
CVE-2025-24016: Unsafe Deserialization Vulnerability in Wazuh Leading to Remote Code Execution
Executive Summary CVE-2025-24016 is a critical remote code execution (RCE) vulnerability affecting Wazuh, a widely used open-source security information and event management (SIEM) platform.Robert Morgan (Daily CVE Reports)
reshared this
A cyberattack is disrupting the operations of United Natural Foods, a distributor of grocery products in the US.
United Natural Foods is the largest grocery carrier and the 14th largest logistics company in the US.
ttnews.com/articles/cybersecur…
Cyberattack at United Natural Foods Affects Orders
United Natural Foods has taken some of its systems offline while it investigates “unauthorized activity” with outside cybersecurity help.Margi Murphy (Transport Topics)
reshared this
Russian border authorities are denying entry to Ukrainians with clean phones.
According to court documents, authorities denied entry to users who wiped their image galleries, messenger chats, or deleted their YouTube watch history
ria.ru/20250608/prichiny-20216…
Стало известно, из-за чего некоторым украинцам отказали во въезде в Россию
Признаки удаления информации с мобильного телефона становились причиной для отказа гражданам Украины во въезде в Россию, следует из десятка судебных документов, РИА Новости, 08.06.2025РИА Новости
reshared this
-EU launches private DNS service
-Trump scraps and revises Biden and Obama cyber EOs
-Supply chain attack hits popular npm packages
-Mysterious iOS attacks in the US and EU
-FSB can allegedly intercept some Telegram messages
-Russia wants prison sentences for DDoS attacks, but not those attacking "prohibited sites"
-Russia has a WeChat surveillance program
-DOGE gets SSN access
-Brazil's dWallet will pay users for their PII
Podcast: risky.biz/RBNEWS435/
Newsletter: news.risky.biz/risky-bulletin-…
Risky Bulletin: EU launches private DNS service
In other news: Trump scraps and revises Biden and Obama cyber EOs; supply chain attack hits popular npm packages; mysterious iOS attacks in the US and EU.Catalin Cimpanu (Risky.Biz)
reshared this
-Italy admits to using spyware against NGOs, again
-Linux Found. launches FAIR package manager for WordPress
-Spanish ISPs blocked Google trying to block piracy sites
-Twitter sues content farmers
-Nigerian hacker sentenced in the US
-Nigeria sentences 72 for cybercrime
-India disrupts two scam call centers
-Feds go after pig-butchering couple
-New Grey Nickel group
-APT-Q-27 (Golden Eye Dog) targets the gambling sector
-Stark Industries rebrands after sanctions
-New Global ransomware gang
-APT reports on Cyber Partisans, APT36, Taiwan's ICEFCOM
-Security updates for Splunk, Jenkins, QNAP
-Samsung bug bounty payouts reach $6mil
-Loads of Tenda POCs published online
-Scamnetic sues BlackCloak in new infosec drama
-F5 acquires Fletch
-New tools ProxyBlob, Newtowner, DroidGround, and Code Auditor CTF
-Security Fest and CyCon conference streams
evariste.gal🌈is reshared this.
like this
reshared this
Bitwarden vs LastPass 2024: Which Password Manager Is Best?
LastPass’ recent data breaches makes Bitwarden the clear choice as a secure and all-around password manager in 2025.Luis Millares (TechRepublic)
Giorgio Sarto reshared this.
@.mau. hai ragione i meganegozi di bici ormai sono diventati peggio di decathlon. E almeno da decathlon trovi spesso meccanici che avevano il negozietto e che l'hanno chiuso per sfinimento ma che almeno hanno passione e competenza, mentre i megastore della bici sfornano solo roba standard.
Se vuoi qualcosa di meglio ormai devi andare da quei negozi legatissimi ai club di cicloturisti o mountain bikers perché ancora ragionano sulla personalizzazione
Giorgio Sarto reshared this.
Giorgio Sarto reshared this.
Giorgio Sarto reshared this.
Giorgio Sarto reshared this.
La California è il primo stato a fare causa a Trump sui dazi. Si tratta dell'attacco più diretto del governatore Gavin Newsom contro Trump da quando il presidente è rientrato in carica.
SACRAMENTO, California — Il governatore della California, Gavin Newsom, ha intentato causa a Donald Trump per i dazi, in una mossa aggressiva per porre fine alla morsa del presidente sul commercio globale.
La causa intentata da Newsom, annunciata mercoledì mattina insieme al procuratore generale della California Rob Bonta, è la prima contestazione da parte di uno Stato americano contro il simbolo della politica estera di Trump.
reshared this
Poloniousmonk
in reply to Catalin Cimpanu • • •Brian Honan
in reply to Catalin Cimpanu • • •