Lorenzo ha ricondiviso questo.

mastodon - Collegamento all'originale

Intellexa had a secret US partner with government ties that fed it Android and iOS exploits on a revenue sharing scheme 🫥

via @drwhax

antenna.gr/ereynes/article/4/9…

Πώς το Predator απέκτησε ψηφιακά "όπλα" που προορίζονταν για δυτικές μυστικές υπηρεσίες

Παράλληλα με την καταδίκη, το δικαστήριο, κάνοντας δεκτή τη σχετική εισαγγελική πρόταση, αποφάσισε τη διαβίβαση των πρακτικών στην Εισαγγελία προκειμένου να διερευνηθεί η τέλεση περαιτέρω αδικημάτων, συμπεριλαμβανομένου του κακουργήματος της κατασκοπ…
ant1News (antenna.gr/news)
@DrWhax
Questa voce è stata modificata (3 giorni fa)

reshared this

Lorenzo ha ricondiviso questo.

mastodon - Collegamento all'originale
The media in this post is not displayed to visitors. To view it, please go to the original post.

Looks like Vidar is the new king of the infostealer market

intrinsec.com/chaos-is-a-ladde…

pointwild.com/threat-intellige…

Inside Vidar (2026): From Infection to Memory Execution via JPEG and TXT Payloads | Point Wild

Point Wild

reshared this

Lorenzo ha ricondiviso questo.

mastodon - Collegamento all'originale

Google is seeing prompt injection attacks in the wild.

The observed attacks usually fell into five categories—pranks, attempts to control AI summaries, SEO ranking manipulation, attempts to deter AI crawlers, and malicious cases.

security.googleblog.com/2026/0…

AI threats in the wild: The current state of prompt injections on the web

Posted by Thomas Brunner, Yu-Han Liu, Moni Pande At Google, our Threat Intelligence teams are dedicated to staying ahead of real-world adver...
Google Online Security Blog

reshared this

Lorenzo ha ricondiviso questo.

mastodon - Collegamento all'originale

A malware strain used for cheating at poker is still active 14 years later, with a new sample spotted this month 😂

derp.ca/research/urelas-korean…

Urelas is old, weird, and still watching Korean card games

A fresh Urelas cluster shows thousands of March-April 2026 samples, Korean ISP command-and-control hosts, a bit-flipped MSMP config, and JPEG capture records built for Korean card-game clients.
Kirk (Derp)

reshared this

friendica (DFRN) - Collegamento all'originale

Xubuntu 26.04 LTS tutte le novità e download

@GNU/Linux Italia

linuxeasy.org/xubuntu-26-04-lt…

Xubuntu 26.04 LTS aggiorna Xfce 4.20, introduce nuovi pacchetti e migliora stabilità e supporto su Linux leggero.
L'articolo Xubuntu 26.04 LTS tutte le novità e download proviene da Linux Easy.
E' vietato riprodurre questo articolo senza autorizzazione.
Questo feed

@GNU/Linux Italia
Lorenzo ha ricondiviso questo.

flipboard - Collegamento all'originale

FCC: Router ban includes portable hotspots, but not phones with hotspot features
https://arstechnica.com/tech-policy/2026/04/fcc-says-ban-on-foreign-made-routers-includes-portable-wi-fi-hotspots/?utm_source=flipboard&utm_medium=activitypub

Posted into Ars Technica @ars-technica-ArsTechnica

FCC: Router ban includes portable hotspots, but not phones with hotspot features

FCC defines consumer routers expansively, updates FAQ to include Wi-Fi hotspots.
Jon Brodkin (Ars Technica)
@ars-technica-ArsTechnica

reshared this

Lorenzo ha ricondiviso questo.

mastodon - Collegamento all'originale

(arcticwolf.com) Large-Scale Device Code Phishing Campaign Abusing OAuth and Phishing-as-a-Service Infrastructure

New large-scale device code phishing campaign abuses OAuth 2.0 Device Authorization Grant to compromise Microsoft 365 accounts. Threat actors leverage Kali365 Live PhaaS platform for automated token theft and post-exploitation.

In brief - Arctic Wolf uncovered a sophisticated phishing campaign targeting multiple sectors, exploiting OAuth device code flow via Kali365 Live PhaaS. Attackers bypass MFA, steal tokens, and create malicious inbox rules to evade detection. Multi-tenant infrastructure and Cloudflare Workers enable scalable operations.

Technically - The campaign abuses the OAuth 2.0 Device Code flow (RFC 8628) to obtain access/refresh tokens without handling credentials or MFA directly. Kali365 Live, a three-tier PhaaS platform, automates lure generation (PDF/Word/Excel/PPT), token theft, and post-compromise actions. Affiliates share captured tokens server-side, enabling persistent Microsoft 365 access. Infrastructure includes Cloudflare Workers for hosting and Telegram-based C2. Post-compromise: inbox rules suppress security alerts; Electron malware manages tokens. IoCs include IPs sharing identical TLS certificates. Requires monitoring OAuth flows and enforcing conditional access policies.

Source: arcticwolf.com/resources/blog/…

#Cybersecurity #ThreatIntel

Token Bingo: Don't Let Your Code be the Winner - Arctic Wolf

Arctic Wolf recently observed a large scale device code phishing campaign leveraging the Kali365 phishing‑as‑a‑service platform to obtain initial access and conduct follow-on activity.
Arctic Wolf Labs (Arctic Wolf)
#Cybersecurity #threatintel

reshared this

Lorenzo ha ricondiviso questo.

mastodon - Collegamento all'originale

'As alleged, on or about Dec. 26, 2025, Van Dyke created a Polymarket account ... approximately 13 bets from Dec. 27, 2025, through the evening of Jan. 26 ... Van Dyke bet a total of approximately $33,034 on those outcomes while in possession of classified nonpublic information about Operation Absolute Resolve.

'In total, Van Dyke allegedly profited approximately $409,881.

'... allegedly sent most of his proceeds to a foreign cryptocurrency vault before depositing them into a newly created online brokerage account. The same day of the operation, Van Dyke withdrew the majority of his allegedly unlawful proceeds from his Polymarket account ... On or about January 6, 2026, for example, Van Dyke asked Polymarket to delete his Polymarket account, falsely claiming that he had lost access to the email address to which the account had been associated. That same day, Van Dyke changed the email registered to his cryptocurrency exchange account to an email address that was not subscribed to in his name, and which he had created on or about Dec. 14, 2025'.
justice.gov/opa/pr/us-soldier-…

U.S. Soldier Charged With Using Classified Information To Profit From Prediction Market Bets

The Justice Department announced today the unsealing of an indictment charging Gannon Ken Van Dyke, a U.S.
www.justice.gov

reshared this

Lorenzo ha ricondiviso questo.

mastodon - Collegamento all'originale
The media in this post is not displayed to visitors. To view it, please go to the original post.

-There are now SIM-Farm-as-a-Service providers
-Russians hack the Bundestag President
-Randoms accessed Anthropic's coveted Mythos model
-Plankey withdraws CISA nomination
-US sanctions Cambodian senator for scam compounds
-Hackers steal Sri Lanka's money
-Volo hacked for $3.5m
-New KICS supply chain attack
-New Mastodon DDoS attack
-Iran says routers went down during US missile strikes
-New SS7 hacking campaigns

Newsletter: news.risky.biz/risky-bulletin-…
Podcast: risky.biz/RBNEWS555/

Risky Bulletin: There are now SIM-Farm-as-a-Service providers

In other news: Russians hack the Bundestag President; some randoms accessed Anthropic's coveted Mythos model; Plankey withdraws CISA nomination.
Catalin Cimpanu (Risky.Biz)

reshared this

in reply to Catalin Cimpanu

mastodon - Collegamento all'originale

Catalin Cimpanu

The media in this post is not displayed to visitors. To view it, please go to the original post.
-Meta installs spyware on employee's systems
-GitHub CLI now collects telemetry
-GitHub unreachable in Kazakhstan
-NCSC announces SilentGlass device
-Russia revokes almost 2,000 telco licenses
-Two privacy bills arrive in Congress
-CyberCom carried out 8k operations last year
-100+ countries have spyware now
-HexDex arrested in France
-US charges scam compound operators
-UNC6692 behind Teams social engineering attacks
-Hidden prompt injections found in the wild
-CDE exposure reaches 8.8k

Catalin Cimpanu reshared this.

in reply to Catalin Cimpanu

mastodon - Collegamento all'originale

Catalin Cimpanu

The media in this post is not displayed to visitors. To view it, please go to the original post.
-ZionSiphon is AI-generated
-Mirai botnet goes after old D-Links
-New OLUOMO phishing kit
-New Devil NFC MaaS
-New HexagonalRodent and Geo Likho APTs
-UAT-4356 never left Cisco ASA firewalls
-Qihoo has a Mythos-scale rival
-Nextcloud stops bug bounty program due to AI flood
-LMDeploy bug gets exploited after 12h
-Apple patches notification retention bug
-Oracle April CPU is out
-New Pack2TheRoot vulnerability
-Rust-coreutils security audit
-Cyberinsurers look to cap AI-related payouts
Lorenzo ha ricondiviso questo.

mastodon - Collegamento all'originale

An SSRF bug in an LLM deployment server got exploited 12 hours after it was patched

sysdig.com/blog/cve-2026-33626…

CVE-2026-33626: How attackers exploited LMDeploy LLM Inference Engines in 12 hours | Sysdig

CVE-2026-33626 in LMDeploy was exploited within 12 hours of disclosure, enabling attackers to use a vision-LLM endpoint for SSRF-based internal network scanning, cloud metadata access, and service enumeration.
Sysdig Threat Research Team (Sysdig)

reshared this

Lorenzo ha ricondiviso questo.

mastodon - Collegamento all'originale
The media in this post is not displayed to visitors. To view it, please go to the original post.

US charges two Chinese nationals for running the Shunda scam compound in Burma

justice.gov/opa/pr/scam-center…

Scam Center Strike Force Takes Major Actions Against Southeast Asian Scam Centers Targeting Americans

The Department of Justice, through U.S. Attorney Jeanine Ferris Pirro and Assistant Attorney General A.
www.justice.gov

reshared this

Lorenzo ha ricondiviso questo.

mastodon - Collegamento all'originale

Kazakhstan government officials have denied that they are blocking access to GitHub after developers reported issues accessing the platform this week

tengrinews.kz/curious/github-c…

GitHub только через VPN. Казахстанцы жалуются на проблемы с доступом к популярному сервису

В Казахстане пользователи столкнулись с проблемами при доступе к GitHub – крупнейшему в мире сервису для хостинга IT-проектов, передаёт корреспондент Tengrinews.kz.
Ақбота Сіләм (Главные новости Казахстана - Tengrinews.kz)

reshared this

Lorenzo ha ricondiviso questo.

mastodon - Collegamento all'originale

Nextcloud stops bug bounty program due to increase of low-effort AI-generated reports

discuss.privacyguides.net/t/ne…

Nextcloud stops bug bounty program due to increase of low-effort AI-generated reports

Nextcloud has joined a growing list of projects, including Curl, that have ended their bug‑bounty partnerships with HackerOne due to an unmanageable surge of low‑effort, AI‑generated security reports.
Privacy Guides Community

reshared this

friendica (DFRN) - Collegamento all'originale

Kubuntu 26.04 LTS Rilasciato

@GNU/Linux Italia

linuxeasy.org/kubuntu-26-04-lt…

Plasma 6.6, Wayland default e kernel 7.0 in Kubuntu 26.04 Resolute Raccoon: stabilità LTS per utenti Linux avanzati.
L'articolo Kubuntu 26.04 LTS Rilasciato proviene da Linux Easy.
E' vietato riprodurre questo articolo senza autorizzazione.
Questo feed RSS è destinato ai lettori, non agli scraper o aggregatori.

@GNU/Linux Italia
Lorenzo ha ricondiviso questo.

mastodon - Collegamento all'originale

French authorities have arrested a 21-year-old hacker named HexDex

He is accused of hacking French organizations, including 15 sports federations, a weapons manufacturer, an e-campus platform, and even a police training platform.

leparisien.fr/faits-divers/fui…

« Hexdex », un jeune hacker de 21 ans, soupçonné de cyberattaques massives, notamment contre des fédérations sportives, arrêté

Le jeune homme, âgé d’une vingtaine d’années, a été interpellé ce lundi en Vendée. Il est soupçonné de récentes cyberattaques d’ampleur, not
Manon Aublanc (leparisien.fr)

reshared this

Lorenzo ha ricondiviso questo.

mastodon - Collegamento all'originale

Iran says networking equipment mysteriously went down during a recent missile strike on Isfahan

entekhab.ir/fa/news/917640/

فارس: طی اتفاقی عجیب و هشدار دهنده، «جعبه‌های سیاه» آمریکایی در ساعت صفر حمله به اصفهان از کار افتادند/ این اختلال در شرایطی رخ داد که گیت‌وی‌های بین‌الملل عملاً مسدود بودند، بنابراین فروپاشی مذکور نشان از یک خرابکاری عمیق دارد/ سناریوی خطرناک، دستکاری در

فارس نوشت: طی اتفاقی عجیب و هشداردهنده، «جعبه‌های سیاه» آمریکایی در ساعت صفر حمله به اصفهان از کار افتادند.
پایگاه خبری تحلیلی انتخاب | Entekhab.ir

reshared this