Lorenzo ha ricondiviso questo.

mastodon - Collegamento all'originale

Firefox users... you dirty little privileged c***s!

You're living in the tech bro future utopia!

Techmeme

2026-04-21 19:35:54

mastodon - Collegamento all'originale

Mozilla says its Firefox 150 release includes fixes for 271 vulnerabilities identified using early access to Anthropic's Mythos Preview (Lily Hay Newman/Wired)

wired.com/story/mozilla-used-a…
techmeme.com/260421/p37#a26042…


Mozilla Used Anthropic’s Mythos to Find and Fix 271 Bugs in Firefox

The Firefox team doesn’t think emerging AI capabilities will upend cybersecurity long term, but they warn that software developers are likely in for a rocky transition.
Lily Hay Newman (WIRED)

reshared this

Lorenzo ha ricondiviso questo.

mastodon - Collegamento all'originale

Kaspersky has a report out on Lotus Wiper, which it believes was the malware behind the Petroleos de Venezuela "ransomware" attack in December of last year

They don't specifically say it, but they imply it very obviously. They also don't mention the US once.

The timeline they provide also seems to hint this might have been used against the energy and utilities sector in Venezuela, which might have led to those blackouts? Maybe?

securelist.com/tr/lotus-wiper/…

Lotus Wiper: a new threat targeting the energy and utilities sector

Kaspersky researchers analyze the attack chain of a highly destructive Lotus Wiper that can be linked to a targeted attack on the energy and utilities sector.
GReAT (Securelist)
Questa voce è stata modificata (11 ore fa)

reshared this

akkoma - Collegamento all'originale

It's not just Anthropic using this dark pattern. I checked my Mac and found #1Password installing similar extension bridges to browsers I've never installed. They should notify users of these changes during installation and never install for software that is not present.

$ cd ~/Library/Application\ Support
$ find . -name "com.1password.1password.json" | egrep "Arc|Microsoft"
./Microsoft Edge Beta/NativeMessagingHosts/com.1password.1password.json
./Microsoft Edge Dev/NativeMessagingHosts/com.1password.1password.json
./Microsoft Edge Canary/NativeMessagingHosts/com.1password.1password.json
./Microsoft Edge/NativeMessagingHosts/com.1password.1password.json
./Arc/User Data/NativeMessagingHosts/com.1password.1password.json

EDIT - updated find results to reflect 1Password-installed manifests

Matthias Ott

2026-04-20 15:11:24

mastodon - Collegamento all'originale

Can confirm this for Arc, Brave, Edge, Chromium, and Vivaldi on my machine:

#Anthropic secretly installs spyware when you install Claude Desktop
thatprivacyguy.com/blog/anthro…


Anthropic secretly installs spyware when you install Claude Desktop — That Privacy Guy!

Anthropic's Claude Desktop silently installs a Native Messaging bridge into seven Chromium browsers, including browsers Anthropic's own documentation says it does not support, and browsers the user has not even installed.
Alexander Hanff (That Privacy Guy!)

#1password
Questa voce è stata modificata (12 ore fa)
Lorenzo ha ricondiviso questo.

mastodon - Collegamento all'originale

Interesting story of an Irish company falling victim to BEC fraud. Criminals hijacked an employee’s email account in the victim company. They then used that account to send payment instructions to the company’s outsourced financial admin company. The victim company lost €2 million.

The victim company is now suing the payments company on the basis that the payment company should have spotted that the emails were fraudulent

m.independent.ie/irish-news/co…

Company has more than €2m stolen from account following cyber attack

An Irish financial services company had more than €2m stolen from its bank account following a cyber attack.
Shane Phelan (Irish Independent)
Questa voce è stata modificata (1 giorno fa)

reshared this

Lorenzo ha ricondiviso questo.

mastodon - Collegamento all'originale

Can confirm this for Arc, Brave, Edge, Chromium, and Vivaldi on my machine:

#Anthropic secretly installs spyware when you install Claude Desktop
thatprivacyguy.com/blog/anthro…

Anthropic secretly installs spyware when you install Claude Desktop — That Privacy Guy!

Anthropic's Claude Desktop silently installs a Native Messaging bridge into seven Chromium browsers, including browsers Anthropic's own documentation says it does not support, and browsers the user has not even installed.
Alexander Hanff (That Privacy Guy!)
#anthropic
Lorenzo ha ricondiviso questo.

mastodon - Collegamento all'originale

Cynthia Kaiser, senior vice president of Halcyon’s ransomware research center and former FBI Cyber Deputy Director, calls on Congress to designate ransomware groups who attack hospitals and critical infrastructure as terrorist organizations

youtube.com/live/58UVfeHWMzc

Online Scams, Crypto Fraud & Digital Extortion: How Transnational Criminal Networks Target Americans

Profitez des vidéos et de la musique que vous aimez, mettez en ligne des contenus originaux, et partagez-les avec vos amis, vos proches et le monde entier.
Homeland Security Committee Events (YouTube)

reshared this

Lorenzo ha ricondiviso questo.

mastodon - Collegamento all'originale
The media in this post is not displayed to visitors. To view it, please go to the original post.

A CEPS study that looked at anti-piracy blocking across the EU indirectly blamed the second rise of pirated content we're seeing these days to rightsholders splitting their content across a bazillion platforms

ceps.eu/ceps-publications/the-…

The benefits and costs of website-blocking legislation: an economic, legal and policy assessment – CEPS

In recent years, we have witnessed a proliferation of new EU Member State measures and cases that seek to block the access of the public to specific internet co
Julien Libert (CEPS)

reshared this

Lorenzo ha ricondiviso questo.

mastodon - Collegamento all'originale
The media in this post is not displayed to visitors. To view it, please go to the original post.

A hacker is selling data from France's ANTS, the agency that deals with vehicle registration, driving licence, and identity documents

clubic.com/actualite-580066-le…

Confirmed by authorities yesterday: interieur.gouv.fr/actualites/c…

Le hacker qui dit vendre des bases de données géantes de l'ANTS et de France Travail est le roi du pipeau

Ces derniers jours, un hacker a mis en vente de supposées bases de données de France Titres, ex-ANTS, et de France Travail, entre autres, pour des sommes dérisoires. En plus d'avoir menti, il a été écarté par ses pairs.
Alexandre Boero (clubic.com)

reshared this

Lorenzo ha ricondiviso questo.

mastodon - Collegamento all'originale

A cluster of 26 malicious iOS apps have been uploaded on the Chinese version of the Apple App Store

The apps redirected users to phishing pages posing as legitimate cryptocurrency services

securelist.com/fakewallet-cryp…

FakeWallet cryptostealer propagating via iOS App Store applications

In March 2026, we uncovered more than twenty phishing apps in the Apple App Store masquerading as popular crypto wallets.
antonkarpin (Securelist)

reshared this

Lorenzo ha ricondiviso questo.

mastodon - Collegamento all'originale

The third security firm employee who worked with the BlackCat ransomware has also pleaded guilty now

justice.gov/opa/pr/florida-man…

Florida Man Working as a Ransomware Negotiator Pleads Guilty to Conspiracy to Deploy Ransomware and Extort U.S. Victims

A Florida man, formerly employed as a ransomware negotiator, pleaded guilty to conspiring to commit ransomware attacks against U.S. companies in 2023.  
www.justice.gov

reshared this

Lorenzo ha ricondiviso questo.

glitchsoc - Collegamento all'originale

The Onion have finally completed their takeover of InfoWars, and it's everything I wanted and more.

theonion.info/

InfoWars

Let me tell you a story. When I was a child, I suffered from night terrors. It was always the same dream: I could hear my family and neighbors wailing…
yurivictor (InfoWars)
Lorenzo ha ricondiviso questo.

glitchsoc - Collegamento all'originale
The media in this post is not displayed to visitors. To view it, please go to the original post.

How the modem dial-up sound was actually created :neobot_3c:

#enough #negative #tech #and #news #timeFor #eyebleach

#tech #News #enough #negative #and #eyebleach #timefor
Questa voce è stata modificata (1 giorno fa)
Lorenzo ha ricondiviso questo.

mastodon - Collegamento all'originale

Vercel says its recent breach originated at Context[.]ai, a third-party AI tool used by a Vercel employee.

Attackers used the compromised Context[.]ai account to pivot to the employees Google Workspace account, then to some work systems from where they stole env files

vercel.com/kb/bulletin/vercel-…

Vercel April 2026 security incident | Vercel Knowledge Base

We’ve identified a security incident that involved unauthorized access to certain internal Vercel systems.
vercel.com

reshared this

Lorenzo ha ricondiviso questo.

flipboard - Collegamento all'originale

End of an Apple era: Tim Cook to step back, John Ternus named CEO
https://mashable.com/article/apple-tim-cook-john-ternus-ceo?utm_source=flipboard&utm_medium=activitypub

Posted into All the Biggest Apple News in One Place @all-the-biggest-apple-news-in-one-place-Mashable

Apple's next CEO announced as Tim Cook steps back

Apple makes it official: the Ternus era begins this fall.
Chris Taylor (Mashable)
@all-the-biggest-apple-news-in-one-place-Mashable

reshared this

Lorenzo ha ricondiviso questo.

mastodon - Collegamento all'originale

AI token subsidies seem to be ending across the industry.

GitHub Copilot has paused new signups on a number of plans, removed Opus from $10-a-month subscriptions, and plans to move users to token/API-based billing later this year.

Usage quotas are also being reduced and users will hit limits sooner.

github.blog/changelog/2026-04-…

Changes to GitHub Copilot plans for individuals - GitHub Changelog

As shared in our recent blog post, we’re making the following changes to Copilot plans for individuals as part of our ongoing efforts to ensure service reliability and a sustainable…
Allison (The GitHub Blog)

reshared this

Lorenzo ha ricondiviso questo.

mastodon - Collegamento all'originale
The media in this post is not displayed to visitors. To view it, please go to the original post.
Russia's Defense Ministry posted a list of companies across Europe that are reportedly linked to the production of the drones Ukraine fires at Russia. According to Russian Security Council Deputy Chairman Medvedev, these sites are "potential targets." t.me/mod_russia/62686

Минобороны России

❗️ По имеющейся информации, 26 марта 2026 года руководством ряда европейских стран на фоне роста потерь и усугубляющейся нехватки живой силы у ВСУ было принято решение о наращивании производства и поставок Украине БПЛА для ударов по территории России…
Telegram

reshared this

Lorenzo ha ricondiviso questo.

mastodon - Collegamento all'originale
The media in this post is not displayed to visitors. To view it, please go to the original post.

-Data breach at Vercel
-New malware tries to sabotage Israel's water system but fails because it's buggy
-US government wants Mythos access
-Supreme Court hacker gets no prison time
-Ransomware kingpin arrested in Kazakhstan
-Kelp DAO hacked for $292m
-Rhea Finance hacked for $18.4m
-Tallahassee down after cyberattack
-BlueSky says DDoS attack caused outage
-Failed startups are selling their internal chats to AI labs

Podcast: risky.biz/RBNEWS553/
Newsletter: news.risky.biz/tries-to-sabota…

Risky Bulletin: Malware tried to sabotage Israel's water system

In other news: US government wants Mythos access; Supreme Court hacker gets no prison time; ransomware kingpin arrested in Kazakhstan.
Catalin Cimpanu (Risky.Biz)

reshared this

in reply to Catalin Cimpanu

mastodon - Collegamento all'originale

Catalin Cimpanu

The media in this post is not displayed to visitors. To view it, please go to the original post.
-Sandboxed GPU process coming to Firefox
-DOJ refuses to help France's probe into X and Musk
-Russia introduces mandatory border device searches
-US wants Mythos access
-US bill would require age verification at OS level
-FISA S702 gets a 10-day extension
-DraftKings hacker sentenced to prison
-Scattered Spider member pleads guilty
-South Korea warns of Midnight, Endpoint ransomware attacks
-North Korea is recruiting foreigners for its remote IT worker schemes

Catalin Cimpanu reshared this.

in reply to Catalin Cimpanu

mastodon - Collegamento all'originale

Catalin Cimpanu

The media in this post is not displayed to visitors. To view it, please go to the original post.
-Malware reports on Nexcorium IoT botnet, Black Shrantac and BravoX ransomware, BORZ C2, FaceFish rootkit, SHub Stealer
-UNC1069 goes back to spear-phishing
-TeamPCP gives stolen creds to Vect ransomware group
-Hafnium APT member to be extradited to US
-BlueHammer, RedSun enter active exploitation
-Protobuf.js RCE
-EU age verification app has vulns
-Chrome exploit leaks online
-New FP-DSS attack on AMD chips
-Meta gives Burp Suite Pro to bug bounty hunters
-New MITRE Fight Fraud Framework
Questa voce è stata modificata (1 giorno fa)
Lorenzo ha ricondiviso questo.

mastodon - Collegamento all'originale
The TeamPCP hacking group is feeding credentials stolen in the Trivy and Checkmarx KICS supply chain attacks to the Vect ransomware group, per a new report: dataminr.com/resources/intel-b…

Cyber Intel Brief: Vect, BreachForums, and TeamPCP Converge

An unprecedented ransomware partnership that mobilizes 300,000 cybercrime forum members and weaponizes stolen supply chain credentials.
Hank Schless (Dataminr)

reshared this

Lorenzo ha ricondiviso questo.

mastodon - Collegamento all'originale

A Iranian hacktivist group named Harakat Ashab al-Yamin al-Islamia was allegedly the one behind the cyberattack on LA Metro last month

darkowl.com/blog-content/harak…

Harakat Ashab al-Yamin al-Islamia: A New Group or Part of a Broader Iranian-Aligned Network?

Explore Harakat Ashab al-Yamin al-Islamia: is it a new distinct organization or part of a broader Iranian-Aligned network?
DarkOwl Content Team (DarkOwl, LLC)

reshared this

Lorenzo ha ricondiviso questo.

mastodon - Collegamento all'originale

TL;DR: Use our software if you wanna turn your democracy into a dictatorship! We have a FAQ page!

Techmeme

2026-04-19 18:10:38

mastodon - Collegamento all'originale

Palantir posts a 22-point summary of Alex Karp's book, advocating for hard power, AI weapons and deterrence, and denouncing pluralism, and "regressive" cultures (Anthony Ha/TechCrunch)

techcrunch.com/2026/04/19/pala…
techmeme.com/260419/p11#a26041…


Palantir posts mini-manifesto denouncing inclusivity and ‘regressive’ cultures | TechCrunch

Palantir's ideological bent has come under more scrutiny as it's worked with ICE and positioned itself as a defender of "the West."
Anthony Ha (TechCrunch)

reshared this

Lorenzo ha ricondiviso questo.

mastodon - Collegamento all'originale

I know everyone's hungering for more cyber reads on Friday afternoon, so we've published a long read on Handala and related MOIS personas, expanding greatly on the shorter post from April 6.

We were originally going to keep this one closely held, but the number of questions we're fielding about IR threat actors, and some trends in current whispernets, convinced us to publish it instead.

#threatintel #cybersecurity #infosec

dti.domaintools.com/research/m…

DomainTools Investigations | MOIS Linked MOIST GRASSHOPPER / Homeland Justice / KarmaBelow80 / Handala Hackers / Campaigns and Evolution

Explore the evolution of MOIS-linked actors Homeland Justice, Karma, and Handala. Analysis of destructive malware, surveillance integration, and the 2026 Stryker incident.
DomainTools
#Cybersecurity #infosec #threatintel
Questa voce è stata modificata (4 giorni fa)

reshared this

Lorenzo ha ricondiviso questo.

mastodon - Collegamento all'originale

Florida capital city Tallahassee has shut down its IT network after a mysterious cyberattack on Friday

The surrounding Leon County disconnected from the city network to prevent contamination (aka ransomware language)

eu.tallahassee.com/story/news/…

Cyberattack targets city of Tallahassee; official says no data compromised

The city of Tallahassee has confirmed it was the target of a cyberattack earlier Friday morning, and a county IT administrator says they have disconnected from the internet.
, Tallahassee Democrat (Tallahassee Democrat)

reshared this