cRyPtHoN™ INFOSEC (EN)
Latest news of INFOSEC (EN)
1. Latest Vulnerability.
2. Latest Patch.
3. Privacy Breach.
4. Security Breach.
5. InfoSec News.
German Version 🇩🇪
@cRyPtHoN_INFOSEC_DE
France Version 🇫🇷
@cRyPtHoN_INFOSEC_FR
Italian Version 🇮🇹
@cRyPtHoN_INFOSEC_IT
1. Latest Vulnerability.
2. Latest Patch.
3. Privacy Breach.
4. Security Breach.
5. InfoSec News.
German Version 🇩🇪
@cRyPtHoN_INFOSEC_DE
France Version 🇫🇷
@cRyPtHoN_INFOSEC_FR
Italian Version 🇮🇹
@cRyPtHoN_INFOSEC_IT
TGlist rating
0
0
TypePublic
Verification
Not verifiedTrust
Not trustedLocation
LanguageOther
Channel creation dateNov 27, 2018
Added to TGlist
Jul 01, 2024Linked chat
cRyPtHoN™ INFOSEC (EN) Chat
92
Records
08.12.202423:59
4.2KSubscribers08.02.202520:48
1200Citation index29.10.202423:59
203Average views per post07.09.202423:59
176Average views per ad post06.02.202520:16
5.88%ER29.10.202423:59
4.82%ERR
28.04.202514:19
GoSearch: Open-source OSINT tool for uncovering digital footprints
GoSearch is an open-source OSINT tool built to uncover digital footprints linked to specific usernames. Designed for speed and accuracy, it lets users quickly track someone’s online presence across multiple platforms.
https://github.com/ibnaleem/gosearch
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
GoSearch is an open-source OSINT tool built to uncover digital footprints linked to specific usernames. Designed for speed and accuracy, it lets users quickly track someone’s online presence across multiple platforms.
https://github.com/ibnaleem/gosearch
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
28.04.202513:49
MemoryGuardian
Take Control of Your Clipboard
A Small App for Enhanced Privacy & SecurityMemory Guardian is a lightweight Android app that enhances user privacy and security by automatically clearing the clipboard at set intervals. This helps protect sensitive information, like passwords, from potential leaks to other applications.
https://f-droid.org/packages/ara.memoryguardian/
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
Take Control of Your Clipboard
A Small App for Enhanced Privacy & SecurityMemory Guardian is a lightweight Android app that enhances user privacy and security by automatically clearing the clipboard at set intervals. This helps protect sensitive information, like passwords, from potential leaks to other applications.
https://f-droid.org/packages/ara.memoryguardian/
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
28.04.202513:27
Implement Auto-Delete Clipboard History to Prevent Sensitive Data Leaks
I copy passwords from my password manager all the time (I use KeePass, so they're long and complex), and I know a lot of people do the same. How is it that Samsung’s clipboard saves everything in plain text with no expiration? That’s a huge security issue.
I even tried switching to Gboard (Google’s keyboard), thinking that would help, but nope, everything I copied was still getting saved in Samsung’s clipboard. Turns out the clipboard functionality is tightly integrated with One UI, so it doesn’t matter what keyboard you use, your clipboard history still gets stored in plain text.
https://us.community.samsung.com/t5/Suggestions/Implement-Auto-Delete-Clipboard-History-to-Prevent-Sensitive/td-p/3200743
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
I copy passwords from my password manager all the time (I use KeePass, so they're long and complex), and I know a lot of people do the same. How is it that Samsung’s clipboard saves everything in plain text with no expiration? That’s a huge security issue.
I even tried switching to Gboard (Google’s keyboard), thinking that would help, but nope, everything I copied was still getting saved in Samsung’s clipboard. Turns out the clipboard functionality is tightly integrated with One UI, so it doesn’t matter what keyboard you use, your clipboard history still gets stored in plain text.
https://us.community.samsung.com/t5/Suggestions/Implement-Auto-Delete-Clipboard-History-to-Prevent-Sensitive/td-p/3200743
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
28.04.202513:18
Coinbase 2FA error fixed after many believed their account was hacked
The crypto exchange fixed a confusing flaw
The two-factor authentication (2FA) error on Coinbase, one of the biggest cryptocurrency trading platforms in the world, was finally fixed.
In early April, Coinbase customers started noticing that their Account Activity logs showed “2-step verification failed” entries. These would suggest that someone tried to log in using valid credentials but was only stopped after entering the wrong 2FA code.
https://www.techradar.com/pro/security/coinbase-2fa-error-fixed-after-many-believed-their-account-was-hacked
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
The crypto exchange fixed a confusing flaw
The two-factor authentication (2FA) error on Coinbase, one of the biggest cryptocurrency trading platforms in the world, was finally fixed.
In early April, Coinbase customers started noticing that their Account Activity logs showed “2-step verification failed” entries. These would suggest that someone tried to log in using valid credentials but was only stopped after entering the wrong 2FA code.
https://www.techradar.com/pro/security/coinbase-2fa-error-fixed-after-many-believed-their-account-was-hacked
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
28.04.202514:08
iOS and Android juice jacking defenses have been trivial to bypass for years
New ChoiceJacking attack allows malicious chargers to steal data from phones.
About a decade ago, Apple and Google started updating iOS and Android, respectively, to make them less susceptible to “juice jacking,” a form of attack that could surreptitiously steal data or execute malicious code when users plug their phones into special-purpose charging hardware. Now, researchers are revealing that, for years, the mitigations have suffered from a fundamental defect that has made them trivial to bypass.
https://arstechnica.com/security/2025/04/ios-and-android-juice-jacking-defenses-have-been-trivial-to-bypass-for-years/
https://krebsonsecurity.com/2011/08/beware-of-juice-jacking/
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
New ChoiceJacking attack allows malicious chargers to steal data from phones.
About a decade ago, Apple and Google started updating iOS and Android, respectively, to make them less susceptible to “juice jacking,” a form of attack that could surreptitiously steal data or execute malicious code when users plug their phones into special-purpose charging hardware. Now, researchers are revealing that, for years, the mitigations have suffered from a fundamental defect that has made them trivial to bypass.
https://arstechnica.com/security/2025/04/ios-and-android-juice-jacking-defenses-have-been-trivial-to-bypass-for-years/
https://krebsonsecurity.com/2011/08/beware-of-juice-jacking/
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
28.04.202513:11
Google confirms that Driving Mode has been removed from Google Assistant
Google has officially announced that it has removed Assistant Driving Mode from Google Maps on Android. This is part of a broader transition to its new AI initiative, Gemini.
First introduced in 2019, the Driving Mode function had undergone several updates and refinements over the years, but it is no longer accessible within the Google Maps app, according to a report from 9to5Google.
https://www.ghacks.net/2025/04/28/google-confirms-that-driving-mode-has-been-removed-from-google-assistant/
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
Google has officially announced that it has removed Assistant Driving Mode from Google Maps on Android. This is part of a broader transition to its new AI initiative, Gemini.
First introduced in 2019, the Driving Mode function had undergone several updates and refinements over the years, but it is no longer accessible within the Google Maps app, according to a report from 9to5Google.
https://www.ghacks.net/2025/04/28/google-confirms-that-driving-mode-has-been-removed-from-google-assistant/
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
28.04.202515:05
IR Trends Q1 2025: Phishing soars as identity-based attacks persist
Phishing attacks spiked this quarter as threat actors leveraged this method of initial access in half of all engagements, a vast increase from previous quarters. Conversely, the use of valid accounts for initial access was rarely seen this quarter, despite being the top observed method in 2024, according to our Year in Review report. Nevertheless, valid accounts played a prominent role in the attack chains Cisco Talos Incident Response (Talos IR) observed as actors predominately used phishing to gain access to a user account, then leveraged this access to establish persistence in targeted networks.
https://blog.talosintelligence.com/ir-trends-q1-2025/
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
Phishing attacks spiked this quarter as threat actors leveraged this method of initial access in half of all engagements, a vast increase from previous quarters. Conversely, the use of valid accounts for initial access was rarely seen this quarter, despite being the top observed method in 2024, according to our Year in Review report. Nevertheless, valid accounts played a prominent role in the attack chains Cisco Talos Incident Response (Talos IR) observed as actors predominately used phishing to gain access to a user account, then leveraged this access to establish persistence in targeted networks.
https://blog.talosintelligence.com/ir-trends-q1-2025/
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
28.04.202515:04
Ransomware gang says it hacked the Malaysia’s Kuala Lumpur International Airport
Ransomware gang Qilin today claimed responsibility for a March 2025 cyber attack against the Kuala Lumpur International Airport in Malaysia.
The airport has not verified Qilin’s claim. The airport announced a cyberattack disrupted flight information displays, check-in counters, and baggage handling starting on March 23, 2025, forcing staff to write departure times on dry erase boards. Airport officials say they rejected a ransom demand of $10 million, but didn’t name the attacker.
https://www.comparitech.com/news/ransomware-gang-says-it-hacked-the-malaysias-kuala-lumpur-international-airport/
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
Ransomware gang Qilin today claimed responsibility for a March 2025 cyber attack against the Kuala Lumpur International Airport in Malaysia.
The airport has not verified Qilin’s claim. The airport announced a cyberattack disrupted flight information displays, check-in counters, and baggage handling starting on March 23, 2025, forcing staff to write departure times on dry erase boards. Airport officials say they rejected a ransom demand of $10 million, but didn’t name the attacker.
https://www.comparitech.com/news/ransomware-gang-says-it-hacked-the-malaysias-kuala-lumpur-international-airport/
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
28.04.202514:21
Iran claims it stopped large cyberattack on country’s infrastructure
Iran repelled a “widespread and complex” cyberattack targeting the country’s infrastructure on Sunday, according to a senior official who spoke to the Islamic Revolutionary Guard Corps-linked Tasnim News Agency.
The incident, which was not described in detail, was revealed by Behzad Akbari, the head of the government’s Telecommunication Infrastructure Company (TIC).
https://therecord.media/iran-cyberattack-national-infrastructure
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
Iran repelled a “widespread and complex” cyberattack targeting the country’s infrastructure on Sunday, according to a senior official who spoke to the Islamic Revolutionary Guard Corps-linked Tasnim News Agency.
The incident, which was not described in detail, was revealed by Behzad Akbari, the head of the government’s Telecommunication Infrastructure Company (TIC).
https://therecord.media/iran-cyberattack-national-infrastructure
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
28.04.202514:17
React Router Vulnerabilities Allow Attackers to Spoof Content and Alter Values
The widely used React Router library, a critical navigation tool for React applications, has resolved two high-severity vulnerabilities (CVE-2025-43864 and CVE-2025-43865) that allowed attackers to spoof content, alter data values, and launch cache-poisoning attacks.
Developers must update to react-router v7.5.2 immediately to mitigate risks.
https://gbhackers.com/react-router-vulnerabilities/
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
The widely used React Router library, a critical navigation tool for React applications, has resolved two high-severity vulnerabilities (CVE-2025-43864 and CVE-2025-43865) that allowed attackers to spoof content, alter data values, and launch cache-poisoning attacks.
Developers must update to react-router v7.5.2 immediately to mitigate risks.
https://gbhackers.com/react-router-vulnerabilities/
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
28.04.202514:14
JokerOTP Dismantled After 28,000 Phishing Attacks, 2 Arrested
JokerOTP dismantled after 28,000 phishing attacks across 13 countries; UK and Dutch police arrest two suspects linked to £7.5M cyber fraud.
Two individuals have been arrested in a joint international operation dismantling JokerOTP, a sophisticated phishing tool used to intercept 2FA codes and steal over £7.5 million. Learn how this scam worked, the charges involved, and the ongoing efforts to combat this cybercrime network.
https://hackread.com/jokerotp-dismantled-28000-phishing-attacks-2-arrested/
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
JokerOTP dismantled after 28,000 phishing attacks across 13 countries; UK and Dutch police arrest two suspects linked to £7.5M cyber fraud.
Two individuals have been arrested in a joint international operation dismantling JokerOTP, a sophisticated phishing tool used to intercept 2FA codes and steal over £7.5 million. Learn how this scam worked, the charges involved, and the ongoing efforts to combat this cybercrime network.
https://hackread.com/jokerotp-dismantled-28000-phishing-attacks-2-arrested/
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
28.04.202514:01
CISA Warns Planet Technology Network Products Let Attackers Manipulate Devices
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical advisory warning of multiple high-severity vulnerabilities in Planet Technology network products that could allow attackers to gain administrative control over affected devices without authentication.
https://cybersecuritynews.com/cisa-warns-planet-technology-network-products/
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical advisory warning of multiple high-severity vulnerabilities in Planet Technology network products that could allow attackers to gain administrative control over affected devices without authentication.
https://cybersecuritynews.com/cisa-warns-planet-technology-network-products/
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
28.04.202513:59
4 Million Affected by VeriSource Data Breach
VeriSource Services says the personal information of 4 million people was compromised in a February 2024 cyberattack.
Employee benefit administrative services provider VeriSource Services is notifying four million individuals that their personal information was stolen in a year-old hack.
The incident, the company says, was discovered on February 28, 2024, one day after a threat actor exfiltrated data from its systems.
https://www.securityweek.com/4-million-affected-by-data-breach-at-verisource-services/
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
VeriSource Services says the personal information of 4 million people was compromised in a February 2024 cyberattack.
Employee benefit administrative services provider VeriSource Services is notifying four million individuals that their personal information was stolen in a year-old hack.
The incident, the company says, was discovered on February 28, 2024, one day after a threat actor exfiltrated data from its systems.
https://www.securityweek.com/4-million-affected-by-data-breach-at-verisource-services/
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
28.04.202513:57
Brave's Cookiecrumbler tool taps community to help block cookie notices
Brave has open-sourceed a new tool called "Cookiecrumbler," which uses large language models (LLMs) to detect cookie consent notices and then community-driven reviews to block those that won't break site functionality.
The Brave browser has been blocking cookie consent banners by default on all websites since 2022 but found that blocking consent banners may cause website problems that severely disrupt and degrade the site's usability.
https://www.bleepingcomputer.com/news/security/braves-cookiecrumbler-tool-taps-community-to-help-block-cookie-notices/
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
Brave has open-sourceed a new tool called "Cookiecrumbler," which uses large language models (LLMs) to detect cookie consent notices and then community-driven reviews to block those that won't break site functionality.
The Brave browser has been blocking cookie consent banners by default on all websites since 2022 but found that blocking consent banners may cause website problems that severely disrupt and degrade the site's usability.
https://www.bleepingcomputer.com/news/security/braves-cookiecrumbler-tool-taps-community-to-help-block-cookie-notices/
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
28.04.202513:19
4chan is back online, says it’s been ‘starved of money’
4chan is partly back online after a hack took the infamous image-sharing site down for nearly two weeks.
The site first went down on April 14, with the person responsible for the hack apparently leaking data including a list of moderators and “janitors” (one janitor told TechCrunch they were “confident” that the leaked data was real).
https://techcrunch.com/2025/04/27/4chan-is-back-online-says-its-been-starved-of-money/
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
4chan is partly back online after a hack took the infamous image-sharing site down for nearly two weeks.
The site first went down on April 14, with the person responsible for the hack apparently leaking data including a list of moderators and “janitors” (one janitor told TechCrunch they were “confident” that the leaked data was real).
https://techcrunch.com/2025/04/27/4chan-is-back-online-says-its-been-starved-of-money/
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
Log in to unlock more functionality.
