Microsoft drops Israel's surveillance contract that allowed intel services to process data from intercepted phone calls and messages sent across Palestine
Brad Smith, Vice Chair & President, shared the below communication with Microsoft employees this morning. I want to let you know that Microsoft has ceased and disabled a set of services to a unit within the Israel Ministry of Defense (IMOD).
Koi Security claims to have spotted the world's first malicious MCP server that secretly copies and stealers all emails passing through a Postmark server
The European Commission has opened a formal investigation to assess whether SAP may have distorted competition in the aftermarket for maintenance and support services related to an on-premises type of
DomainTools has a good profile on Salt Typhoon, the Chinese APT that hacked over a dozen US telcos at the end of last year. It's actually a very old and sprawling APT, involving everything from MSS supervisors to front companies and contractors.
Salt Typhoon is a Chinese state-sponsored cyber threat group aligned with the Ministry of State Security (MSS), specializing in long-term espionage operations targeting global telecommunications infrastructure.
Eight orgs involved in FOSS and package repos have asked for more support for package repos because of the skyrocketing costs for hosting everyone's code
"In effect, public registries have become free global CDNs for commercial vendors."
-17yo Romanian teens sends bomb threats to hundreds of US schools -US charges him -Romania refuses extradition -Teen sends mass-shooting threats to hundreds of Romanian schools
Tânărul de 17 ani suspectat că a trimis către sute de școli și spitale din România mesaje în care amenința că va comite „un adevărat masacru” a fost acuzat și
-US raids SIM farm in New York -EU airport disruptions caused by ransomware -Thieves steal gold from French museum after cyberattack -SonicWall firmware update removes rootkit -Jaguar ransomware incident extends to October -Breach at car giant Stellantis -Circle K hack upends Hong Kong operations -South Korean asset management firms hacked -UXLINK hacker gets phished, loses funds -Kirk doxing app leaks user data
In other news: EU airport disruptions caused by ransomware; thieves steal gold from French museum after cyberattack; SonicWall firmware update removes rootkit.
-GitHub to improve npm security -TikTok to retrain algorithm on US data (yuck) -CISA 2015 renewal unlikely -Russia wants to minimize data collection -Russia prepares to amp up the persecution of its own citizens -EU looking to reduce cookie popups -Poland threatens hack-back operations -Romania says Russian cyber-attack could crash payment system in 3 days -Crypto-fraud gang dismantled in EU -New DDoS record, now at 22.2 Tbps
-YiBackdoor comes to replace Latrodectus -Malware reports on Zloader, RomCom, Gunra, and Elons ransomware -New Naikon APT ops -Kimsuky's sex offender campaign -New DELMIA Apriso bugs -Libraesva ESG zero-day -Russia's Moldova info-ops are a sign of the future of all elections -New Chrome extension loading technique -Malware found in qbittorrent Docker container -m0leCon 2025 videos
AttackIQ has published a report on the evolution of the RomCom malware, covering up to v5 of the tool, which others also call SnipBot and SingleCamper. The malware started out as an e-crime MaaS, but is now often used for APT ops against Ukraine and Europe.
New DELMIA bugs disclosed after another was exploited in early Sep
"Both findings chain together: the unauth account creation gives an attacker credentials, and those credentials are then used to authenticate and abuse the file upload to drop a web shell."
Introduction
DELMIA Apriso is a manufacturing execution and operations orchestration platform used by large manufacturers, service providers, and critical infrastructure operators.
The Python Software Foundation warns of a phishing campaign targeting PyPI users. The phishing domain is pypi-mirror[.]org, a variation of the main pypi[.]org domain.
Jeżeli Polska stałaby się celem ataku, który skutecznie doprowadziłby do przesilenia infrastruktury krytycznej, która wpłynęłaby na każdego obywatela, to my jesteśmy w stanie odpowiedzieć tym samym – powiedział w niedzielę w TVN24 wicepremier i minis…
România nu poate discuta despre o transformare totală de la plata în numerar spre digital în primul rând pentru că populația preferă plațile cash, iar apoi
hm, i wonder if they mean passkeys? restricting publishing to those who can afford hardware security tokens seems like adding barriers to developers when software passkeys are also reliable and secure
Russia prepares to amp up the persecution of its own citizens
The government wants to create a database of people who continue to visit and access the sites of "foreign agents"... aka foreign media who don't parrot the government's lies
В России необходимо создать реестр граждан, которые поддерживают иноагентов, заявил депутат Николай Новичков. По его словам, эта мера должна стать следующим шагом после введения системы предупреждений в соцсетях.
Ежемесячный охват аудитории в мессенджере WhatsApp (принадлежит Meta, признанной экстремистской и запрещенной в РФ) превысил в августе 97 млн уникальных пользователей. Мессенджер стал лидером по показателю, несмотря на блокировки звонков в сервисе.
Cookie banners are malicious compliance by surveillance capitalists. Are we sure ‘simplifying’ doesn’t mean caving to the tactic and reducing privacy rights?
The Department of Defense is seeking to address persistent shortages in its cyber workforce by reducing the time to fill vacant cybersecurity jobs to 25 days.
In fairness, it should be a lot quicker to hire people when you're more concerned about their ideological purity and political reliability than whether they're technically competent.
Nick Andersen, the agency’s assistant executive director for cybersecurity, says the CVE project would benefit from a "more holistic look" with international partners.
Security researcher Mehmet Ergene has published the Microsoft Vulnerable Driver Block Lists after Microsoft stopped publishing the list in a browsable web page
LinkedIn Corp. will resume training its generative AI models on information about non-US users after a nearly year-long halt for discussions with data protection regulators about privacy concerns.
Wow this sounds extremely scare to me! As a non Ruby dev I can't really grasp the reach, but considering that Mac OS development heavily relies on CocoaPods (Ruby based) this can be huge 😱
Ruby Community,
At the heart of Ruby Central’s mission is our responsibility to steward the open source tools that power the Ruby ecosystem. That commitment is only as strong as the people and processes behind it.
years ago a client asked me about moving to Ruby. My response was simple: why? I'd read on it a bit and couldn't see any reason to switch, or benefit. Still can't.
A teenage boy suspected of involvement in the 2023 cyberattacks that disrupted the two largest Las Vegas casino companies has surrendered to authorities, according to the Las Vegas Metropolitan Police Department (LVMPD).
-Pentagon has +70K cyber staff -Hackers steal SonicWall firewall configs -DeepSeek returns flawed code on purpose for minorities -UK arrests two Scattered Spider members -Hackers steal SonicWall firewall configs -Leak at DHS I&A -Hackers extort med-evac service -Tails 7 is out -Firefox 143 is out -Brazil passes age verification law -Moldova establishes disinfo agency -ICE signs new phone-hacking contract
-Congress to hold hearing on online radicalization /s -Suspect charged in UK political honeytrap scandal -GOLD SALEM and ShinyHunters profiles -Shai-Hulud worm reaches 500 packages -New CoinbaseCartel extortion group -SystemBC botnet returns -CopyCop info-ops infrastructure expands -TA415 abuses VSCode tunnels -Pixie Dust is still exploitable -Chrome zero-day -Companies pull out of ATT&CK evaluations -Netskope increases IPO -Case Theme User exploitation -ShadowLeak ChatGPT zero-click attack
Using Github event archives, UpGuard Research identifies companies with indicators of compromise of the Shai-Hulud attacks, even after the repos have been deleted.
Every time SpecOps comes out with one of these tables, we (the password hasing community) try to get them to include a disclaimer in the next one: that these statistics only apply to randomly generated passwords. And every year, we get ignored.
"P@ssw0rd!" isn't going to take 230,000 years to crack! But how many people are going to walk away from this table believing that?
It is a bad sign that the word "random" doesn't even appear in the article.
scott
in reply to Catalin Cimpanu • • •Wolf480pl
in reply to Catalin Cimpanu • • •LogicalErzor
in reply to Catalin Cimpanu • • •this seems strange. while the “Open Infrastructure is Not Free” blog is sound, I went to the about page and noted:
> The founding members are GitHub, Google, IBM, JPMorgan Chase, Microsoft, NCC Group, OWASP Foundation, and Red Hat, among others.
arent these members the perpetrators here? something seems amiss
——
anyways, best solution is prob going distributed (eg. @radicle )
Adi
in reply to Catalin Cimpanu • • •