Search results for tag #cybersecurity
![[?]](https://files.mastodon.social/accounts/avatars/108/165/053/108/220/032/original/6e756e7c269ed2b0.png)
Inquiry ongoing after UK government hacked, says minister
Cyber security officials have confirmed they are aiding an investigation after a minister said the UK government had been hacked.
It is understood a Chinese affiliated group is suspected of being behind the attack.
#UK #NCSC #GCHQ #China #security #cybersecurity #hackers #hacking #hacked
![[?]](https://media.infosec.exchange/infosec.exchange/accounts/avatars/109/295/362/026/663/569/original/0ef3f34cedf9edaa.jpeg)
The Art of Pivoting - Techniques for Intelligence Analysts to Discover New Relationships in a Complex World
This open source book explores how intelligence and cyber-security analysts can uncover hidden links between threat actor infrastructure and ongoing investigations by pivoting on both classic and unconventional indicators — many of which are often overlooked. The material is grounded in empirical, field-tested strategies used in cyber-security, digital forensics, cyber threat intelligence, and intelligence analysis more broadly.
I released the first version of this book following the @firstdotorg CTI Conference 2025 in Berlin, where the initial idea for the project emerged.
🔗 Source of the book in Markdown https://github.com/adulau/the-art-of-pivoting (if you want to contribute ;-)
#cti #threatintelligence #pivoting #pivot #intelligence #intelligencecommunity #cybersecurity #book #openbook #investigation #opensource
Alt...
Fabienne Verdier (born 1962) is a French painter who works in France after years of studies in China. She was the first non-Chinese woman to be awarded a post-graduate diploma in fine arts by the Sichuan Fine Arts Institute in Chongqing, China.
The photography was taken by Alexandre Dulaunoy at Poétique de la ligne, exposition de Fabienne Verdier au Domaine de Chaumont-sur-Loire, 2025.
I chose an image from Fabienne Verdier’s Poétique de la ligne because it visually echoes the essence of pivoting. Her work is not about representing objects, but about tracing lines that connect forces, movements, and spaces that would otherwise remain separate. A single line can bridge different scales, different energies, and different worlds.
This is precisely what pivoting aims to do in intelligence analysis: to trace meaningful lines between data points that appear unrelated at first glance, and to move across technical, human, and contextual domains. Just as Verdier’s line is both deliberate and exploratory, pivoting is an act of disciplined intuition—following a connection far enough to see whether it reveals structure, meaning, or truth.
The image serves as a reminder that analysis is not only about accumulation, but about connection: the art of drawing lines where others see fragments.
![[?]](https://m-cdn.flipboard.social/accounts/avatars/110/068/762/697/825/294/original/d3f34437c275e777.jpg)
When you’re at a bar, ballgame or mall, do you turn off your phone’s Wi-Fi? Here’s why you should. Important read from PC World:
![[?]](https://static.partyon.xyz/accounts/avatars/109/444/593/327/617/077/original/7ce9a1f4687784cb.jpg)
A first of its kind Linux CVE dropped and in kernel code rewritten in Rust. The Rust rewrite introduced a race condition in a multi-threaded doubly linked list implementation leading to memory corruption.
This is the first formal CVE located in the Linux Rust code, a bit of an auspicious milestone.
![[?]](https://files.social.openrightsgroup.org/system/accounts/avatars/109/382/359/215/932/523/original/ea34e4d5bb2b649c.png)
Digital ID could lead to “the worst data breach in UK government history”.
Despite fierce opposition, the UK government is embarking on a digital surveillance infrastructure that has fundamental cybersecurity holes in its foundations.
We must say #NotoDigitalID.
#digitalid #dataprotection #cybersecurity #privacy #surveillance #ukpolitics #ukpol
![[?]](https://files.mastodon.social/accounts/avatars/000/207/529/original/54f1c149bd7d41f1.jpg)
🚀🇪🇺 Big news: Tuta has been accepted into the European Tech Sovereignty Catalogue by European Digital SME Alliance.
We're proud to help build a strong, sovereign European tech stack — with privacy-first technology made in Europe. 🔒
#DigitalSovereignty #EuropeanTech
Alt...
Screenshot from the European Digital SME Alliance showcasing Tuta and Nextcloud in the Tech Sovereignty Table.
![[?]](https://media2.ai6yr.org/accounts/avatars/109/321/592/360/914/018/original/f918064fa4350d36.jpg)
LOL, tabletop Disaster Preparedness Exercise
"AI Crisis Response Model Data Poisoning"
(caresiliency.org)
Alt...
AI Crisis Response Model Data Poisoning
Over the course of several months, an external actor subtly injected altered training data into a shared emergency management and crisis response AI model that your organization uses. The modifications are carefully designed so that no one piece of altered data seems outside of historical patterns or plausible forecast scenarios, making detection difficult. Collectively, they slowly skew the dataset. When a disaster occurs, the AI model generates outputs that appear internally coherent and data-driven but are quietly misleading. Early outputs resemble normal model uncertainty or gaps in situational awareness. As response decisions compound over time, the impacts grow and decision-makers unknowingly follow decision-making inputs shaped by an adversary’s hand.
Some Questions to Consider:
What types of subtle vs. overt adversarial inputs could realistically influence disaster-response AI models before or during an incident?
How might seemingly benign data sources (sensor feeds, crowdsourced reports, historical incident datasets, social media signals) be leveraged for data poisoning?
At what point does model error become difficult to distinguish from model compromise during a live response?
How might reliance on AI recommendations evolve as organizational memory of “pre-AI” response fades?
![[?]](https://cdn.masto.host/sociallfxdev/accounts/avatars/110/000/600/151/553/684/original/e2426109b4776190.jpg)
📊 Open source isn’t just a software model—it’s a strategy. 84% of organizations find that fostering open source culture leads to higher retention. Why? Because it gives engineers:
✅ Autonomy
✅ Visibility
✅ Purpose
✅ A path to growth without leaving your team
See how it’s working in the "2025 State of Tech Talent Report". Free to download: https://training.linuxfoundation.org/2025-state-of-tech-talent-report/
#CIO #LandD #TechLeadership #Cybersecurity #HRStrategy
![[?]](https://files.hear-me.social/accounts/avatars/109/541/935/011/482/455/original/2eb92997bd1a83b5.jpg)
Almost all parked domains now serve malicious content, and it's easy to fall into a parked domain by accident.
Basically, anyone who uses a web browser should read, and share, this article because every one of us can easily become a victim:
https://krebsonsecurity.com/2025/12/most-parked-domains-now-serving-malicious-content/
![[?]](https://media.infosec.exchange/infosec.exchange/accounts/avatars/114/372/473/711/554/045/original/336266689a6c5f66.jpg)
"Hackers have stolen Pornhub members' search and activity data"
"Pornhub published a security post on December 12 stating that a recent cybersecurity incident involving Mixpanel, a third-party data analytics provider, has impacted some Pornhub Premium users.Read Entire Article"
![[?]](https://self.social/system/accounts/avatars/109/689/719/669/092/931/original/255b5e5023aa37a8.jpg)
This is happening all over. I praise him for coming forward here.#cybercrime #socialengineeting #cybersecurity
Alt...
Pic of NYT article
Wyze camera reply on Reddit form an earlier query. (basically, if they have any data AND a law enforcement agency asks with a signed warrant, that video of a bird will be provided to law enforcement. Nowadays, that includes a compromised Federal law enforcement, i.e. is Gestapo Barbie wants a video of you sunbathing naked in the backyard because they think you are a "threat", and can get any judge to sign off on a warrant, they can et a video of you sunbathing naked in the backyard). Also, audio. So... any cloud-connected appliance is a bad idea for those reasons. (we have some which I put in place when our house got flooded out... I need to basically replace and self host with non-cloud connected video). #cybersecurity
Alt...
@ WyzeCam MOD - 3y ago - # Stickied comment % Top 1% Poster
From time to time, law enforcement personnel issue subpoenas/warrants to Wyze that legally compel Wyze to provide customer data in its possession to the extent that customer data is responsive to the subpoena/warrant. If Wyze has customer data in its possession that is responsive to the subpoena/warrant, ‘Wyze will provide that customer data to the law enforcement personnel, as it is legally required to do. From time to time, law enforcement personnel issue subpoenas/warrants to Wyze that legally compel Wyze to provide customer data in its possession to the extent that customer data is responsive to the subpoena/warrant.
![[?]](https://files.mastodon.social/accounts/avatars/114/368/991/106/654/640/original/4055052cf2bcf4e8.png)
Signal’s reputation for secure messaging rests on strong E2EE using the open-source Signal Protocol 🔐
The app collects minimal metadata, but concerns remain around SGX reliance, AWS hosting, and past CDN-based deanonymization research 🛰️
Useful, but not flawless, for privacy-focused users ⚖️
🔗 https://proton.me/blog/is-signal-safe
#TechNews #Privacy #Security #Encryption #Messaging #FOSS #Cybersecurity #DataProtection #OpenSource #Safety #Metadata #Apps #DigitalRights #Tech #SecurityNews #Signal
"The latest disclosures, released this week by Markey, indicate that Ring’s new facial recognition feature, “Familiar Faces,” launched this week despite what Markey calls “reckless” failures to safeguard the biometric data of people who are unknowingly scanned."
Ha... .Malicious PDFs in the wild! (being used to compromise .gov websites)
"More than 10,000 Docker Hub container images expose data that should be protected, including live credentials to production systems, CI/CD databases, or LLM model keys."
🙄
![[?]](https://files.mastodon.social/accounts/avatars/111/771/294/235/437/140/original/1e0f4c1e1cf10ca9.jpg)
💡 Did you notice that your bank checks if the account number matches the recipient’s name during transfers? Robin Geelen from COSIC demoed a secure way to do this using fully homomorphic #encryption at the #CIF #Cybersecurity Industry Day in Mechelen!
https://www.youtube.com/watch?v=f6y-q1JKQTI
![[?]](https://media.infosec.exchange/infosec.exchange/accounts/avatars/110/411/443/466/501/677/original/8a5cbd66210dcea1.png)
Freedom Mobile reports data breach through compromised subcontractor account exposing customer data
Freedom Mobile suffered a data breach on October 23, 2025, when a threat actor exploited compromised subcontractor credentials to access their customer account management platform, exposing personal information. The company did not disclose how many customers are affected, and claims that no payment information or passwords were compromised.
****
#cybersecurity #infosec #incident #databreach
https://beyondmachines.net/event_details/freedom-mobile-reports-data-breach-through-compromised-subcontractor-account-exposing-customer-data-2-1-a-0-z/gD2P6Ple2L
A hidden microphone in a Chinese nanoKVM, and assorted other security issues
https://telefoncek.si/2025/02/2025-02-10-hidden-microphone-on-nanokvm/
![[?]](https://media.mstdn.social/accounts/avatars/109/197/908/539/057/893/original/aaccd7e755384328.png)
NHK: Japan teen arrested for alleged ChatGPT-assisted cyberattacks
And to be clear this is a real vulnerability in React which still ought to be patched.
More details on these vulnerablities and how to mitigate is linked below 👇🏿
UPDATE - It turns out this "proof of concept" was AI slop code where the AI just made a super vulnerable server instead of any exploit demo. Bc, of course it did.
Original:
There's an epic react server component RCE exploit making the rounds today.
A proof of concept just dropped. Probably wanna patch this rapidly.
"...Locations of cameras hacked in the country reportedly included private homes, karaoke rooms, a pilates studio and a gynaecologist's clinic...."
BBC: Over 120,000 home cameras hacked in South Korea for 'sexploitation' footage
More on the CodeRED Ransomware event:
"...If genuine, the chat logs suggest INC's initial ransom demand was originally set at $950,000 but later reduced to $450,000. The logs also suggest that Crisis24 offered an initial $100,000 payment, and later upped it to $150,000, which INC rejected...."
The Register: CodeRED emergency alert system CodeDEAD after INC ransomware attack
Wed 26 Nov 2025 // 14:33 UTC
https://www.theregister.com/2025/11/26/codered_emergency_alert_ransomware/?
#codered #ransomware #cybersecurity #crisis24 #emergencymanagement
The Guardian: AI’s safety features can be circumvented with poetry, research finds
Poems containing prompts for harmful content prove effective at duping large language models
https://www.theguardian.com/technology/2025/nov/30/ai-poetry-safety-features-jailbreak
Running my NPM checks again today, I see eight remaining infected packages still circulating on the Microsoft owned platform.
Unlike nodejs package index https://socket.dev NPM does not show ANY security warnings on these package's pages.
It's pretty wild that these known compromised packages have been circulating for four days now with now response or action from Microsoft despite it being one of the largest security stories this month.
#NPM #microsoft #GitHub #Sha1Hulud #cybersecurity
Curious how tabletop exercises help you prepare for digital crises? This new blog post (in Dutch) explains their value and practical use.
Read it here: https://cybersecurity-bites.be/ict-beheer/het-nut-en-gebruik-van-tabletop-exercises-voorbereiden-op-digitale-crisissituaties/
#cybersecurity
Just finished writing another tool, now I can see NINE known compromised packages are still up for download on NPM! ⚠️
This tool crawls the list of known bad packages and downloads the latest bundle.
It then runs my other checks against the downloaded bundle and logs the results.
https://github.com/datapartyjs/walk-without-rhythm
#WalkWithoutRhythm #Sha1Hulud #NPM #GitHub #Microsoft #nodejs #javascript #cybersecurity #devlog #bash
Alt...
./is-npm-still-dangerous
Reads the data/infected-pkgs.txt
Downloads the latest package metadata for every known infected package
Downloads the current latest package.tgz
Uncompresses and scans the latest version using ./check-projects
Depending upon the scan result
./is-npm-still-dangerous
capacitor-voice-recorder-wav 6.0.3 - STILL COMPROMISED
haufe-axera-api-client 0.0.2 - STILL COMPROMISED
hyper-fullfacing 1.0.3 - STILL COMPROMISED
@ifelsedeveloper/protocol-contracts-svm-idl 0.1.2 - STILL COMPROMISED
my-saeed-lib 0.1.1 - STILL COMPROMISED
quickswap-ads-list 1.0.33 - STILL COMPROMISED
@seung-ju/react-native-action-sheet 0.2.1 - STILL COMPROMISED
tcsp 2.0.2 - STILL COMPROMISED
web-types-lit 0.1.1 - STILL COMPROMISED
web-types-lit 0.1.1 - STILL COMPROMISED
Found 9 npm-reports/npm-latest-bad.txt packages STILL compromised!
See npm-reports/npm-latest-bad.txt for full listing.
Warning - Most people probably don't need to run this. It causes a lot of NPM traffic. Warning - There's a few packages this fails to download and check (likely bc's they are hosted outside of NPMjs.org)
Updated my listing of Sha1-Hulud detection tools.
I now have found at least 12 other tools for detecting Sha1-Hulud compromise on your dev box and in infrastructure.
#WalkWithoutRhythm #Sha1Hulud #npm #github #nodejs #javascript #cybersecurity #devops
Alt...
Similar Sha1-Hulud 11/24/25 Detection Tools
Links to other projects provided with no warranty express or implied.
https://github.com/TimothyMeadows/sha1hulud-scanner
https://github.com/mottibec/sha1hulud-scanner
https://github.com/gensecaihq/Shai-Hulud-2.0-Detector
https://github.com/tprinty/sha1hulud-action-detector
https://github.com/da1z/amihulud
https://github.com/bobberg/sha1-hulud-folder-checker
https://github.com/servusdei2018/sha1-halud-scan
https://github.com/kevcooper/fremkit
https://github.com/ysskrishna/shai-hulud-detector
https://github.com/Cobenian/shai-hulud-detect
GitHub Scanners
https://github.com/ysskrishna/shai-hulud-detector
panther-labs/panther-analysis#1826
GitHub has almost finished taking down the stolen data posted by the Sha1-Hulud npm/github worm. I only see about 400 repos remaining of the around 23k created by the worm.
This was the most visible evidence of the exploit, just because we can't clearly see the worm's uploads doesn't mean the worm is totally dead yet.
#Sha1Hulud #GitHub #NPM #nodejs #cybersecurity
Just finished landing Exit Code support. So now if more scanners are made or one of the projects gets more features you can quickly switch to whichever makes the most sense for your use case!
I literally lost a ton of sleep on this volunteer incident response work so I'm going to go touch grass for a bit.
More hacks later tonight, still got some loose ends gnawing at me lol.
https://github.com/datapartyjs/walk-without-rhythm?tab=readme-ov-file#how-to-use
#nodejs #npm #javascript #Sha1Hulud #WalkWithoutRhythm #Sha1HuludScanner #cybersecurity
The fork of the CrowdStrike scanner introduced me to a really good idea, I should support the same exit code design so that our tools can work in tandem.
Maybe we detect different things or maybe one vs the other works in your environment.
So I made an issue to track this support:
https://github.com/datapartyjs/walk-without-rhythm/issues/18
#CrowdStrike #Sha1HuludScanner #WalkWithoutRhythm #cybersecurity #npm #nodejs
I located a second tool for detecting Sha1-Hulud infections. Haven't looked at the details of how it works.
Some notes:
This one appears to have been released by CrowdStrike and was paywalled. Someone decided to modify and release it publicly so license is unknown.
But awesome to see I'm in the big leagues with CrowdStrike and I maybe the first clean open source release of a tool for this.
https://github.com/TimothyMeadows/sha1hulud-scanner
#Sha1Hulud #Sha1HuludScanner #NPM #nodejs #cybersecurity #opensource
If time is money and helping the community is good, then this almost completely broke and emotionally damaged open source nerd would dearly appreciate some donations so I can stay focused on helping untangle this worm.
Was planning to spend this week on a mad dash to get my latest apps shipped by turkey day(to you know, make money) but instead I'm doing worm mitigation 😭
https://ko-fi.com/nullagent
https://ko-fi.com/dataparty
#cybersecurity #incidentresponse #ShalHulud #WalkWithoutRhythm
Woot ok now that I have the dependency graph crawled I can just ship the listing of known bad NPM packages and just compare directly against that.
I updated the scanning script to alert if you have -any- version of an infected package.
You're gonna want to be very careful if you're not infected but have one of these dependencies present.
https://github.com/datapartyjs/walk-without-rhythm/blob/main/data/infected-pkgs-versions.txt
#ShalHulud #WalkWithoutRhythm #npm #github #javascript #cybersecurity #threatresponse
At the end of scanning for obvious compromise the `check-projects` script then builds a listing of all of your dependencies and all of the versions your project files mention.
You can find that info under `reports/`
I'm currently working on improving the `check-projects` script so that it will alert you if ANY of your package.json or package-lock.json mentions a known infected package.
#ShalHulud #WalkWithoutRhythm #npm #github #javascript #cybersecurity #threatresponse
Ok I've downloaded some of the compromised packages and you can search your already downloaded node modules for possibly infected packages using this command:
find ./node_modules -type f -name "bun_environment.js"
You can check your user level node cache using:
find ~/.npm -type f -name "bun_environment.js"
Still sizing this one up but if you get any hits check and see if they are big files (around 10MB) and if so you're likely infected.
I've spent the last few hours writing down my scripts for detecting this so you can use them!
I'm hitting on two or three ways to detect it and will be adding more.
Watching the attack running I can see developers all over the world still doing their morning `npm i` and getting owned 😭
Maybe let the node developers in your life know about this tool 👇🏿
https://github.com/datapartyjs/walk-without-rhythm
#ShaiHulud #WalkWithoutRhythm #nodejs #javascript #npm #github #cybersecurity
Taking a second to understand the attack rate. I constructed this query below which shows you essentially an up to date listing of developers/code that's been compromised.
Once your box is infected and PII data has been found the worm then uses your github credentials to upload that content so ANYONE can now steal your credentials.
I'm finding multiple repos being popped every minute. This is an extremely active attack right now.
#Breaking There's an active nodejs supply chain attack going around.
From the looks of it many of these compromised packages have been mitigated but quite a few have not.
https://helixguard.ai/blog/malicious-sha1hulud-2025-11-24
#nodejs #cybersecurity #aws #github #npm #trufflehog #go #cyberattack #ShaiHulud #javascript #deno #browser #Sha1Hulud
Major breach of an emergency notification provider (CodeRed/Onsolve), which is a very bad thing.
“Dear Valued Customer,
Further to our previous communications, we’d like to provide you with an update regarding the cybersecurity incident which damaged the OnSolve CodeRED environment in a targeted attack by an organized cybercriminal group. Our forensic analysis continues to indicate that this is an incident strictly contained within the OnSolve CodeRED environment with no contagion beyond.
We have learned that data associated with the legacy OnSolve CodeRED platform was removed from our systems. While there is currently no indication that this data has been published online, we are proactively informing you that it may be leaked.
It appears that the impacted dataset may contain contact information of OnSolve CodeRED users: name, address, email address, phone numbers, and/or associated passwords used to create user profiles for alerts. If the same password is used by users for any other personal or business accounts, those passwords should be changed immediately.”
https://dcsheriff.net/important-nationwide-codered-outage-data-breach-update/
Honestly, there's a lot I don't understand. And this is one thing.
Every time I pay off a credit card balance (which I do every month) I receive a credit monitoring "ALERT". I get a several because all the breaches involving me have given me free credit monitoring provided by different companies.
I cannot understand why paying off a debt is a warning sign that my account may be compromised. Why do credit monitoring companies do this? Do scammers often pay off people's debts? One of us is surely ignorant.
![[?]](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAEAAAABAAQAAAACCEkxzAAAAUUlEQVQoz43R0QkAMQwCUDdw/y3dwEvsvzlL4X1IoQkAisKmwfAFT3RgJHbQezpSRoXEqeqCL9BJBf7h3QbOCCxV5EVWMEMwG7K1/WODtlvxAYTtEsDU9F34AAAAAElFTkSuQmCC)
well, there is another way to lock VPN traffic for laws, specifically, for websites to do it.
most of the time, when you sign up for a service, you either will not use a #vpn traffic, or do. not a problem, though, because for some, say, Google, services, they have a permission to completely bypass VPN services on your phone, unless it's just apple.
this means your identity which was on your real IP can be tied back to your VPN IP.
this level of VPN coordination can allow that company to say "ok, this is a VPN IP clearly, let's block it."
then, they can violate your #privacy and, in many ways, #cybersecurity .
plus, they don't exactly protect you if they have your real identity already.
in fact, i'm sure #clownflare will also find ways to censor VPN IPs as well, given their track record.
so from a company standpoint, yes, this is absolutely enforceable.
not so much as from a state government standpoint, and, to an extent, even a US government standpoint. I say, to an extent, because keep in mind the US built #tor so I don't think even they want to ban VPNs themselves.