patch ye MongoDB, there's an exploit for a vuln which has been in the product for over a decade that allows the remote, unauth read of any memory - which includes plaintext creds.
Somebody posted an exploit on Christmas Day, Merry Christmas!
doublepulsar.com/merry-christ...
another robot highlight for 2025: man wearing humanoid mocap suit kicks himself in the balls
If you’ve been laid off from a cyber threat intel position, and you want a ticket to CYBERWARCON, please reach out.
New Blog! Lessons from the BlackBasta Ransomware Attack on Capita
When a company that manages data for millions of UK citizens falls victim to ransomware, the whole industry should pay attention to it. 📝
blog.bushidotoken.net/2025/10/less...
Hacker Plants Computer 'Wiping' Commands in Amazon's AI Coding Agent
🔗 www.404media.co/hacker-plant...
Important and very timely research:
So... known hacked agencies so far include:
-US Department of Homeland Security
-US National Nuclear Security Administration
-US National Institutes of Health
Did I miss any?
Oh the critical vuln is in SHAREPOINT, gotcha
An Iranian security firm is behind a years-long hacking campaign that targeted airlines all over the world.
Security firm Amnban is allegedly one of the contractors behind an Iranian hacking group known as APT39.
blog.narimangharib.com/posts/2025%2...
Mandiant is now aware of multiple incidents in the airline sector that resemble Scattered Spider. The industry should button up its call centers where this actor has had a lot of success with social engineering. www.axios.com/2025/06/27/a...
I took a look at the changes to Microsoft Recall, which is rolling out to compatible Windows devices soon.
Photographic memory that stores all your deleted messages, keystrokes etc 😅
doublepulsar.com/microsoft-re...
"Defense Secretary Pete Hegseth shared detailed information about forthcoming strikes in Yemen on March 15 in a private Signal group chat that included his wife, brother and personal lawyer, according to four people with knowledge of the chat."
www.nytimes.com/2025/04/20/u...
In the midst of a Trade War - would China actually pull the trigger on destructive cyber attacks using known footholds (think Volt & Salt Typhoon) in US critical infrastructure? 🤔
We've taken a closer look at how this could - and has - unfolded: opalsec.io/is-cyber-a-l...
#InfoSec #ThreatIntel
Chris Krebs (@thekrebscycle.bsky.social) is being politically persecuted, and in this week's Seriously Risky Business podcast @tom.risky.biz and I talk about why we're not expecting an outcry from angry cybersecurity executives
FULL VIDEO: www.youtube.com/watch?v=1oSJ...
AUDIO: risky.biz/SRB117/
In a last-minute switch, the #CISA said it will continue funding a contract for #MITRE to manage the CVE program and other vulnerability databases. via @derekbjohnson.bsky.social cyberscoop.com/cisa-reverse...
This makes no sense if you look at it from a targeting point of view. Why would the NSA even go after a sporting event. There isn't anything of worth for an intel op there.
This looks like a political move, China falling for a false flag, or just a straight-up made up case
@campuscodi.risky.biz did a great write up on an APT10's clever use of the Windows Sandbox to keep malware stealthy... running malware in Windows Sandbox via a scheduled task from a separate account is smart.
You don't gotta hand it to 'em etc.
risky.biz/risky-bullet...
Palo Alto looks at Slow Pisces, a North Korean APT and its recent campaign that targeted cryptocurrency developers on LinkedIn, posing as potential employers, and sending malware disguised as coding challenges.
unit42.paloaltonetworks.com/slow-pisces-...
The Oval Office
A screenshot from Alibaba
A comparison of the photo from the Oval Office and an item on Alibaba.
The Oval Office
Noticed a bunch of these ornate gold medallions slapped all over the Oval Office. We found em on Alibaba. “High-density Home Decoration Polyurethane Appliques Ornament PU Foam Veneer Accessories” from seller Guangzhou Homemax Decorative Material Limited.
sherwood.news/power/shop-t...
#Chinese law enforcement places #NSA operatives on wanted list over alleged #cyberattacks. The allegations, supported by the foreign ministry, are more specific and aggressive than usual and say the U.S. sought to disrupt the Asian Winter Games. via @timstarks.bsky.social youtu.be/SAPjQxbruL0?...
Dutch police study on ransomware:
-companies with cyber insurance pay almost 2.8 times bigger ransoms than non-insured ones
-95/100 have to pay ransomware groups or go bankrupt
-those with backups paid ransoms 27 times less often
cyberpolice.gov.ua/news/infikuv...
🚨 New ASR rules are now GA:
❌ Block rebooting in Safe Mode
🕵️♂️ Block copied/impersonated system tools
ASRGEN had these since preview. 😎
Want to:
⚡ Quickly create Intune-ready ASR policies
🧪 Simulate and understand rule impacts
Check → asrgen.streamlit.app
Be proactive. Be precise.
I guess because like five of us are saying something, what was done to @thekrebscycle.bsky.social is an absolute injustice and a mockery of his selfless service.
America no longer supports or protects critical infrastructure defenders. I hope someone else appreciates him a lot more.
Recent developments in the US suggest a troubling shift away from expert-driven cyber defense towards political expediency. From sidelined Russia operations to gutted agencies, we examine the evidence and the potential global fallout.
Read our full analysis here: opalsec.io/eroding-foun...
This should be obvious!
Their CEO had a full blown meltdown at the researchers for daring to assign a CVE - that ship sailed a while ago on them being one of "those organisations"
