"A Russian citizen suspected of hacking IT systems of Polish companies was arrested in Krakow, Polish Interior Minister Marcin Kierwinski said on Thursday."
reshared this
Hackers have stolen data from OnSolve CodeRED, an emergency notification platform used by some US law enforcement agencies. The platform has been down since the hack, per an alert sent to police departments
reshared this
RE: mastodon.social/@campuscodi/11…
This has now impacted more than 800 npm libraries
koi.ai/incident/live-updates-s…
Live Updates: Shai1-Hulud, The Second Coming - Hundreds of NPM Packages Compromised
A new wave of the Shai-Hulud malware is compromising hundreds of npm packages and destroying user home directories. Get live updates and mitigation steps.www.koi.ai
Shai-Hulud Returns: Over 300 NPM packages infected via fake Bun runtime within hourshelixguard.ai/blog/malicious-s…
reshared this
"A cross-party group of lawmakers will urge the European Parliament to ditch internal use of Microsoft’s ubiquitous software in favor of a European alternative, according to a letter obtained by POLITICO."
politico.eu/article/get-us-off…
Get us off Microsoft! Lawmakers press EU Parliament to change in-house IT.
“We cannot afford this level of dependence on foreign tech,” lawmakers say in letter obtained by POLITICO.Mathieu Pollet (POLITICO)
reshared this
watchTowr Labs has found thousands of secret tokens and credentials shared publicly on code formatting and beautification sites, such as JSONFormatter and CodeBeautify
labs.watchtowr.com/stop-puttin…
Stop Putting Your Passwords Into Random Websites (Yes, Seriously, You Are The Problem)
Welcome to watchTowr vs the Internet, part 68. That feeling you’re experiencing? Dread. You should be used to it by now.Jake Knott (@inkmoro) (watchTowr Labs)
reshared this
The Tor Project replaces the Tor relay encryption with a new algorithm named the Counter Galois Onion
blog.torproject.org/introducin…
Counter Galois Onion: Improved encryption for Tor circuit traffic | Tor Project
Tor is upgrading its relay encryption algorithm for improved security. In upcoming releases, Arti and Tor will both support a new encryption algorithm called Counter Galois Onion (CGO).blog.torproject.org
reshared this
Some recent security conference videos:
Troopers - youtube.com/playlist?list=PL1e…
Hexacon - youtube.com/playlist?list=PLiE…
Bsides Canberra - youtube.com/playlist?list=PLqJ…
NYMJCSC - youtube.com/playlist?list=PLlg…
VirusBulletin - youtube.com/playlist?list=PLff…
reshared this
A secretive unit inside Iran's IRGC cyber branch is responsible for using hacked data for assassination operations
reshared this
RE: mstdn.social/@hkrn/11560477218…
The only sites that should cost this much are YouTube, Amazon, or Facebook
This is plain fraud
Hacker News (@hkrn@mstdn.social)
Bureau of Meteorology asked to examine $96.5M bill for website redesign L: https://www.abc.net.au/news/2025-11-23/bureau-of-meteorology-new-website-cost-blowout-to-96-million/106042202 C: https://news.ycombinator.com/item?id=46033435 posted on 2025.Hacker News (Mastodon 🐘)
reshared this
From the new chief executive of Australia's Bureau of Meteorology:
"The $96.5 million that we're talking about was not just the front end of the website, the tip of the iceberg that the public sees, but the back end, which sees data flowing from tens of thousands of pieces of equipment in the field, to the supercomputer that does all the modelling, right through to systems that actually forecast the weather and put it through to the website," he said.
...
So, a website AND a supercomputer AND other stuff.
It may not be fraudulent at all.
abc.net.au/news/2025-11-24/bom…
ABC News
ABC News provides the latest news and headlines in Australia and around the world.Jane Norman (Australian Broadcasting Corporation)
Shai-Hulud Returns: Over 300 NPM packages infected via fake Bun runtime within hours
reshared this
great job guys really showing us how much more secure you are than foss
The Fairfax County Police Department is looking for help in identifying suspects part of a group that installed malware on ATMs to carry out jackpotting attacks
fcpdnews.wordpress.com/2025/11…
Detectives Ask for the Public’s Help Identifying ATM Jackpotting Suspects
Fair Oaks Police District –Detectives from our Financial Crimes Unit are actively investigating a series of ATM thefts after Apple Federal Credit Union reported that $175,000 was stolen from one of…Fairfax County Police Department News
reshared this
AI company Factory has detected multiple threat actors abusing its free tiers to automate cyberattacks, including "at least one state‑linked actor."
factory.ai/news/droid-neutrali…
The Droid Wars: Breaking up an AI‑orchestrated cyber fraud campaign | Factory.ai
Over the course of several days in October we detected and disrupted a highly automated cyber operation that had attemp...Factory.ai
reshared this
Security firm DoubleVerify has found SkyWalk, a network of iOS games that serve ads inside invisible windows.
The malicious code was traced back to the UniSkyWalking iOS mobile framework
doubleverify.com/blog/web/prov…
FRAUD ALERT: Fake Gaming Apps May Be Gaming Your Ads
Read DV's latest blog to learn The DV Fraud Lab has discovered a new fraud scheme lurking on customers’ mobile devices.DoubleVerify (doubleverify.com)
reshared this
because they're an adtech company
isn't it funny that for the most part only adtech companies care about detecting "ad fraud", which isn't a real thing because it only "hurts" adtech companies which are really just malware companies in disguise
The DomainTools security team has analyzed the recent leak of APT35 internal documents and how the documents map out to past campaigns and infrastructure, as well as how they reveal more of the internal structure of Iran's cyber apparatus
dti.domaintools.com/threat-int…
Threat Intelligence Report: APT35 Internal Leak of Hacking Campaigns Against Lebanon, Kuwait, Turkey, Saudi Arabia, Korea, and Domestic Iranian Targets - DomainTools Investigations | DTI
Unmasking APT35 (Charming Kitten). New report analyzes leaked internal documents, revealing their operational profile, Exchange attack chains (ProxyShell, EWS), and quota-driven compromise strategies.DomainTools Investigations | DTI
reshared this
Australia's eSafety Commission has expanded the country's kids social media ban to video streaming service Twitch.
Australia's kids social media ban will be enforced on 10 platforms:
-Facebook
-Instagram
-Snapchat
-Threads
-TikTok
-X
-Reddit
-Kick
-YouTube
reshared this
Maxwell Schultz, a former IT contractor for an American waste disposal company, pleaded guilty to hacking his former employer after he was fired to reset passwords and delete logs
justice.gov/usao-sdtx/pr/forme…
Former contractor admits to hacking employer in retaliation for termination
A 35-year-old Ohio man has pleaded guilty to computer fraud for hacking his former employer’s network after he was firedwww.justice.gov
reshared this
youtube.com/watch?v=RcfTAPeCak…- YouTube
Profitez des vidéos et de la musique que vous aimez, mettez en ligne des contenus originaux, et partagez-les avec vos amis, vos proches et le monde entier.www.youtube.com
VessOnSecurity
in reply to Catalin Cimpanu • • •