soc.octade.net is a Fediverse instance that uses the ActivityPub protocol. In other words, users at this host can communicate with people that use software like Mastodon, Pleroma, Friendica, etc. all around the world.
This server runs the snac software and there is no automatic sign-up process.
U-Boot Bootloader Flaws Allow Stealthy Pre-Boot Code Execution
Binarly researchers discovered six vulnerabilities in the U-Boot bootloader's FIT signature verification process that allow for arbitrary code execution and denial of service. These flaws affect over 50 stable releases since 2013 and can be exploited to install persistent firmware malware.
**If you run devices that use the U-Boot bootloader (servers, network gear, industrial and IoT devices, BMCs), first make sure all these devices are isolated from the internet and their management interfaces are accessible from trusted networks only. Then ask your hardware vendors for firmware updates fixing the U-Boot FIT vulnerabilities and apply them as soon as they're released. Prioritize BMCs and core network equipment.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/u-boot-bootloader-flaws-allow-stealthy-pre-boot-code-execution-b-d-7-x-u/gD2P6Ple2L
π¨ New blog post: When Privacy Tools Fight Each Other β IronFox, Mullvad DNS and Quad9
In my latest article, I explain how I tracked down the problem, the online tools I used to verify it, why browser-level DNS can override system settings, and the simple change that solved everything.
#Privacy #CyberSecurity #DNS #DoH #IronFox #Quad9 #Android #OpenSource #Freedom #DigitalNomad
π¨ New blog post: When Privacy Tools Fight Each Other β IronFox, Mullvad DNS and Quad9
I recently ran into a strange issue where websites loaded slowly and HTTPS connections randomly failed in IronFox. At first, I suspected the browser, but the real cause turned out to be a hidden DNS over HTTPS configuration that overrode my Android Private DNS settings.
In this post, I walk through the troubleshooting process, explain how I discovered IronFox was using Mullvad DNS instead of Quad9, share the tools I used to diagnose the problem, and show the simple fix that restored normal HTTPS connectivity.
It's a good reminder that adding more privacy layers doesn't always improve your setupβunderstanding how they interact is just as important.
#Privacy #CyberSecurity #DNS #IronFox #Quad9 #Android #OpenSource #DigitalNomad #SelfHosting #freedom
From concept to reality: what is AI? #negativepid #digitalInvestigations #OSINT #cybersecurity #AI #tech #onlineInvestigations #robotics #cyberpsychology #cybercrime https://negativepid.blog/from-concept-to-reality-what-is-ai/?utm_source=mastodon&utm_medium=social&utm_campaign=fedica-Negative-PID-Blog
US #cybersecurity agency #CISA had to build its incident playbook during the incident, agency reveals
Everyone talks about end-to-end encryption, but that's only one piece of the privacy puzzle.
I compared 14 messaging apps using the LINDDUN privacy threat modeling framework, evaluating them across seven privacy threats:
β’ Linkability
β’ Identifiability
β’ Non-repudiation
β’ Detectability
β’ Data disclosure
β’ Unawareness
β’ Non-compliance
The results challenge many common assumptions about apps like WhatsApp, Telegram, Signal, iMessage, Discord, Threema, Session, SimpleX, Briar, Cwtch, Matrix, Wire, and others.
If you care about metadata, anonymity, surveillance resistance, or privacy by design, this guide is for you.
π https://thecybersecguru.com/online-privacy/most-secure-messaging-apps-2026/
#Privacy #CyberSecurity #Infosec #Encryption #Signal #SimpleX #Briar #Threema #Messaging #OpenSource #LINDDUN #DigitalPrivacy
Everyone talks about end-to-end encryption, but that's only one piece of the privacy puzzle.
I compared 14 messaging apps using the LINDDUN privacy threat modeling framework, evaluating them across seven privacy threats:
β’ Linkability
β’ Identifiability
β’ Non-repudiation
β’ Detectability
β’ Data disclosure
β’ Unawareness
β’ Non-compliance
The results challenge many common assumptions about apps like WhatsApp, Telegram, Signal, iMessage, Discord, Threema, Session, SimpleX, Briar, Cwtch, Matrix, Wire, and others.
If you care about metadata, anonymity, surveillance resistance, or privacy by design, this guide is for you.
π https://thecybersecguru.com/online-privacy/most-secure-messaging-apps-2026/
#Privacy #CyberSecurity #Infosec #Encryption #Signal #SimpleX #Briar #Threema #Messaging #OpenSource #LINDDUN #DigitalPrivacy
Foolish kings decree secret entrances be built into every would-be fortress. Assassins use them and realms fall, yet no king learns. #cybersecurity https://cromwell-intl.com/cybersecurity/backdoors.html?s=mc
WinterGate Intelligence Collectiveπ€ Β» 🌐
@WinterGateIC@infosec.exchange
π OSINTNova 2026 β WIC Investigation Report
Date: 2026-07-11
Status: Concluded β Observation Period Ongoing
Classification: Public Intelligence
Prepared by: WinterGate Intelligence Collective (WIC)
----------------------------------------------------------------
β οΈ COMMUNITY WARNING
OSINTNova sells access to your personal data without your consent.
OSINTNova is a commercial OSINT platform offering "PRO" services that allow users to look up:
- People by name
- Phone numbers with country codes
- Vehicle information (VIN/license plate)
- Discord IDs
- Social media profiles (Instagram, Facebook, YouTube, Steam)
- Breach data and dark web intelligence
- Financial and crypto wallet information
- Behavioral profiling via "Oracle"
WARNING: Purchasing from this platform may expose your own information to criminal actors.
THIS IS NOT OSINT. THIS IS A DATA BROKER OPERATING WITHOUT CONSENT.
----------------------------------------------------------------
Executive Summary
OSINTNova (app.osintnova.com) is a commercial OSINT platform offering intelligence-gathering tools. A direct copycat, LittleNuan, has appeared on BuiltByBit, branding itself as a "cheaper version of OSINTNova."
Key Finding: OSINTNova aggregates and sells access to Personally Identifiable Information (PII) through its "PRO" tier, with no visible privacy policy, terms of service, or consent mechanisms.
Status: Concluded | Risk Level: HIGH (Legal violations identified)
----------------------------------------------------------------
Platform Overview β High Risk Services
People Intelligence: Direct PII sales without consent
Phone Intelligence: Federal crime (18 U.S.C. Β§ 1039)
Breach Intelligence: Potentially trafficking stolen data
Vehicle Intelligence: Location tracking without consent
Discord Intelligence: ToS violation + PII scraping
Oracle: Algorithmic behavioral profiling
DorkGPT: Automated exposure of sensitive data
Dark Web Intelligence: Commercializing illicit data access
Crypto Wallet Analysis: Financial surveillance
WhoAmI: Comprehensive PII aggregation
----------------------------------------------------------------
LittleNuan β The Copycat
Listed on BuiltByBit (May 3, 2026). Price: $47.88 (one-time). 0 purchases, 1 download. Explicitly says: "cheaper version of OSINTNova." Likely scam or same service rebranded. No evidence of functional platform or active user base.
----------------------------------------------------------------
Alarming Questions That Must Be Asked
1. Is LittleNuan the same service under a different name?
2. Where does OSINTNova source its data? (Discord data is scraped, phone records are illegal)
3. Are users unknowingly breaking the law? (CFAA, 18 U.S.C. Β§ 1039, CCPA)
4. Why no privacy policy, ToS, or consent mechanisms?
5. Who is behind OSINTNova? (Young domain, anonymous, low trust score)
6. Is it an unregistered data broker?
7. What happens to data users submit?
----------------------------------------------------------------
Legal Violations (Summary)
18 U.S.C. Β§ 1039 β Selling confidential phone records (FEDERAL CRIME)
CCPA/CPRA β Sale of PII without consent or opt-out
CFAA (18 U.S.C. Β§ 1030) β Unauthorized scraping of social media platforms
FTC Act Β§ 5 β Unfair or deceptive trade practices
California Civil Code Β§ 1724 β Unlawful sale of data obtained via crime
Platform ToS β Discord, Meta, Google, Steam scraping violations
GDPR β Processing EU citizen data without compliance
Regulatory Exposure:
- Federal Trade Commission (FTC) action possible
- State Attorney General investigations
- Department of Justice (DOJ) criminal exposure
- Civil lawsuits from affected individuals
- Platform enforcement actions
----------------------------------------------------------------
Red Flags Summary
1. PII sales without consent
2. Phone record sales (federal crime)
3. Breach data commercialization
4. No privacy policy or ToS
5. No opt-out mechanisms
6. No data source disclosure
7. Social media scraping (ToS violations)
8. Algorithmic doxing
9. Dark web data access
10. Defensive/hostile response to questions
11. Unregistered data broker
12. Copycat product exists
13. No ownership disclosure
14. Young domain
----------------------------------------------------------------
Associated User Investigation
A user named Goofisded (guns.lol/goofisded, GitHub: Goofisded) was observed holding root and sudo roles in OSINTNova's Discord server, being defensive, dismissive, and hostile when questioned about the platform's legality, and timing out an investigator who asked legitimate legal questions.
Assessment: Likely staff or close affiliate. Defensive behavior indicates awareness of legal exposure and inability to defend the platform.
----------------------------------------------------------------
The Bigger Picture
OSINTNova Is Not a Legitimate OSINT Tool β It's a Data Broker. Legitimate OSINT tools help investigators find publicly available information. OSINTNova sells access to private phone records, scraped Discord data, breach data, and behavioral profiles. This is not OSINT. This is commercialized surveillance.
The Community Is at Risk. OSINT practitioners who use this platform may be violating platform ToS, breaking federal and state laws, exposing themselves to legal liability, and funding the commercialization of stolen data.
The Pattern Is Clear: Create a platform that looks like an OSINT tool, aggregate PII from questionable sources, sell access to that data, offer no transparency or consent, and act defensive and hostile when questioned.
----------------------------------------------------------------
What's Not Being Said
- Is OSINTNova the same as LittleNuan? If yes, they're operating under multiple names to evade scrutiny.
- Where does the data come from? If it's from breaches, it's stolen. If it's scraped, it's ToS violations.
- Who owns the platform? Anonymous ownership makes accountability impossible.
- Is this legal? Multiple federal and state laws suggest it is not.
- Why is there no privacy policy? Because they don't want to disclose what they're doing.
- Why are they defensive when questioned? Because they know they're operating in a gray area.
----------------------------------------------------------------
Recommendations
For Community Members:
- DO NOT use OSINTNova for OSINT work
- DO NOT enter personal or client information
- DO NOT purchase services from the platform
- REPORT suspicious activity to the FTC or state Attorney General
- CHANGE any passwords or credentials shared with the platform
For Regulators and Investigators:
- Review the platform's service offerings
- Verify the lack of privacy policy, ToS, and consent mechanisms
- Investigate potential violations of CCPA, CFAA, and 18 U.S.C. Β§ 1039
- Consider enforcement action
- Warn the public
----------------------------------------------------------------
Resources
Platform: https://app.osintnova.com
LittleNuan: https://builtbybit.com/resources/littlenuan.105653/
ScamAdviser: https://www.scamadviser.com/check-website/osint.nova-saas.com
Associated User: https://guns.lol/goofisded
FTC Report: https://reportfraud.ftc.gov
California AG: https://oag.ca.gov/contact/consumer-complaint-against-business-or-company
DOJ: https://www.justice.gov
----------------------------------------------------------------
Status: Concluded | Evidence: Complete | Community Notified: Yes
----------------------------------------------------------------
βββββββ βββββββββββββββ ββββββββββββββββ βββ βββββββ βββ βββ ββββββ
βββββββββββββββββββββββββ βββββββββββββββββ βββββββββββββββ βββββββββββ
βββ ββββββββββββββββββββ βββ βββ ββββββ ββββββ ββββββ βββββββββββ
βββ ββββββββββββββββββββββββ βββ βββββββββββββ βββββββ ββββββββββββ
βββββββββββββββββββββββ ββββββ βββ βββ βββββββββββββββ βββββββ βββ βββ
βββββββ ββββββββββββββ βββββ βββ βββ βββββ βββββββ βββββ βββ βββ
----------------------------------------------------------------
WINTERGATEIC βοΈ
----------------------------------------------------------------
Fort Firewall gives you detailed control over which Windows apps can access the network with custom rules, blocklists, bandwidth limits, and traffic statistics.
β οΈ Note: On Windows 10+, it currently requires disabling HVCI (Memory Integrity), so check the requirements first.
More details: https://digitalescapetools.com/tools/tool.html?id=fort
#Windows #Privacy #OpenSource #Firewall #SelfHosted #CyberSecurity
How to turn off #FaceID on #iPhone β and when you should
Keyfactor, an Ohio-based cybersecurity company providing digital identity and machine identity management software, has raised a 1B USD private equity round led by Summit Partners, with participation from Insight Partners and Sixth Street Growth. The company helps enterprises secure certificates, encryption keys and connected devices. https://news.crunchbase.com/ai/biggest-funding-rounds-billion-dollar-cyber-ai-keyfactor-sambanova/ #Tech #Startup #News #AI #Cybersecurity
PSA: #macOS28 will drop support for encrypted #MacOS Extended volumes
https://9to5mac.com/2026/07/08/psa-macos-28-will-drop-support-for-encrypted-mac-os-extended-volumes/
European cloud provider #Nextcloud leaks 367K records, exposing staff and clients
https://cybernews.com/security/nextcloud-cloud-provider-data-leak/
The brains behind the machines: how AI learns #negativepid #digitalInvestigations #OSINT #cybersecurity #AI #tech #onlineInvestigations #robotics #cyberpsychology #cybercrime https://negativepid.blog/the-brains-behind-the-machines-how-ai-learns/?utm_source=mastodon&utm_medium=social&utm_campaign=fedica-Negative-PID-Blog