cRyPtHoN™ INFOSEC (EN)
28.04.202515:05
IR Trends Q1 2025: Phishing soars as identity-based attacks persist
Phishing attacks spiked this quarter as threat actors leveraged this method of initial access in half of all engagements, a vast increase from previous quarters. Conversely, the use of valid accounts for initial access was rarely seen this quarter, despite being the top observed method in 2024, according to our Year in Review report. Nevertheless, valid accounts played a prominent role in the attack chains Cisco Talos Incident Response (Talos IR) observed as actors predominately used phishing to gain access to a user account, then leveraged this access to establish persistence in targeted networks.
https://blog.talosintelligence.com/ir-trends-q1-2025/
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
Phishing attacks spiked this quarter as threat actors leveraged this method of initial access in half of all engagements, a vast increase from previous quarters. Conversely, the use of valid accounts for initial access was rarely seen this quarter, despite being the top observed method in 2024, according to our Year in Review report. Nevertheless, valid accounts played a prominent role in the attack chains Cisco Talos Incident Response (Talos IR) observed as actors predominately used phishing to gain access to a user account, then leveraged this access to establish persistence in targeted networks.
https://blog.talosintelligence.com/ir-trends-q1-2025/
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
28.04.202514:17
React Router Vulnerabilities Allow Attackers to Spoof Content and Alter Values
The widely used React Router library, a critical navigation tool for React applications, has resolved two high-severity vulnerabilities (CVE-2025-43864 and CVE-2025-43865) that allowed attackers to spoof content, alter data values, and launch cache-poisoning attacks.
Developers must update to react-router v7.5.2 immediately to mitigate risks.
https://gbhackers.com/react-router-vulnerabilities/
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
The widely used React Router library, a critical navigation tool for React applications, has resolved two high-severity vulnerabilities (CVE-2025-43864 and CVE-2025-43865) that allowed attackers to spoof content, alter data values, and launch cache-poisoning attacks.
Developers must update to react-router v7.5.2 immediately to mitigate risks.
https://gbhackers.com/react-router-vulnerabilities/
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
28.04.202513:59
4 Million Affected by VeriSource Data Breach
VeriSource Services says the personal information of 4 million people was compromised in a February 2024 cyberattack.
Employee benefit administrative services provider VeriSource Services is notifying four million individuals that their personal information was stolen in a year-old hack.
The incident, the company says, was discovered on February 28, 2024, one day after a threat actor exfiltrated data from its systems.
https://www.securityweek.com/4-million-affected-by-data-breach-at-verisource-services/
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
VeriSource Services says the personal information of 4 million people was compromised in a February 2024 cyberattack.
Employee benefit administrative services provider VeriSource Services is notifying four million individuals that their personal information was stolen in a year-old hack.
The incident, the company says, was discovered on February 28, 2024, one day after a threat actor exfiltrated data from its systems.
https://www.securityweek.com/4-million-affected-by-data-breach-at-verisource-services/
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
28.04.202513:19
4chan is back online, says it’s been ‘starved of money’
4chan is partly back online after a hack took the infamous image-sharing site down for nearly two weeks.
The site first went down on April 14, with the person responsible for the hack apparently leaking data including a list of moderators and “janitors” (one janitor told TechCrunch they were “confident” that the leaked data was real).
https://techcrunch.com/2025/04/27/4chan-is-back-online-says-its-been-starved-of-money/
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
4chan is partly back online after a hack took the infamous image-sharing site down for nearly two weeks.
The site first went down on April 14, with the person responsible for the hack apparently leaking data including a list of moderators and “janitors” (one janitor told TechCrunch they were “confident” that the leaked data was real).
https://techcrunch.com/2025/04/27/4chan-is-back-online-says-its-been-starved-of-money/
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
28.04.202513:11
Google confirms that Driving Mode has been removed from Google Assistant
Google has officially announced that it has removed Assistant Driving Mode from Google Maps on Android. This is part of a broader transition to its new AI initiative, Gemini.
First introduced in 2019, the Driving Mode function had undergone several updates and refinements over the years, but it is no longer accessible within the Google Maps app, according to a report from 9to5Google.
https://www.ghacks.net/2025/04/28/google-confirms-that-driving-mode-has-been-removed-from-google-assistant/
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
Google has officially announced that it has removed Assistant Driving Mode from Google Maps on Android. This is part of a broader transition to its new AI initiative, Gemini.
First introduced in 2019, the Driving Mode function had undergone several updates and refinements over the years, but it is no longer accessible within the Google Maps app, according to a report from 9to5Google.
https://www.ghacks.net/2025/04/28/google-confirms-that-driving-mode-has-been-removed-from-google-assistant/
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
16.02.202507:00
Virginia Attorney General’s Office Struck by Cyberattack Targeting Attorneys’ Computer Systems
The chief deputy attorney general of the agency sent an email on Wednesday that said nearly all of is computer systems were offline.
The Virginia Attorney General’s office, the state’s top prosecutorial agency led by Jason Miyares, was struck by a cyberattack this week that forced officials off the office’s computer systems.
https://www.securityweek.com/virginia-attorney-generals-office-struck-by-cyberattack-targeting-attorneys-computer-systems/
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
The chief deputy attorney general of the agency sent an email on Wednesday that said nearly all of is computer systems were offline.
The Virginia Attorney General’s office, the state’s top prosecutorial agency led by Jason Miyares, was struck by a cyberattack this week that forced officials off the office’s computer systems.
https://www.securityweek.com/virginia-attorney-generals-office-struck-by-cyberattack-targeting-attorneys-computer-systems/
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
28.04.202515:04
Ransomware gang says it hacked the Malaysia’s Kuala Lumpur International Airport
Ransomware gang Qilin today claimed responsibility for a March 2025 cyber attack against the Kuala Lumpur International Airport in Malaysia.
The airport has not verified Qilin’s claim. The airport announced a cyberattack disrupted flight information displays, check-in counters, and baggage handling starting on March 23, 2025, forcing staff to write departure times on dry erase boards. Airport officials say they rejected a ransom demand of $10 million, but didn’t name the attacker.
https://www.comparitech.com/news/ransomware-gang-says-it-hacked-the-malaysias-kuala-lumpur-international-airport/
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
Ransomware gang Qilin today claimed responsibility for a March 2025 cyber attack against the Kuala Lumpur International Airport in Malaysia.
The airport has not verified Qilin’s claim. The airport announced a cyberattack disrupted flight information displays, check-in counters, and baggage handling starting on March 23, 2025, forcing staff to write departure times on dry erase boards. Airport officials say they rejected a ransom demand of $10 million, but didn’t name the attacker.
https://www.comparitech.com/news/ransomware-gang-says-it-hacked-the-malaysias-kuala-lumpur-international-airport/
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
28.04.202514:14
JokerOTP Dismantled After 28,000 Phishing Attacks, 2 Arrested
JokerOTP dismantled after 28,000 phishing attacks across 13 countries; UK and Dutch police arrest two suspects linked to £7.5M cyber fraud.
Two individuals have been arrested in a joint international operation dismantling JokerOTP, a sophisticated phishing tool used to intercept 2FA codes and steal over £7.5 million. Learn how this scam worked, the charges involved, and the ongoing efforts to combat this cybercrime network.
https://hackread.com/jokerotp-dismantled-28000-phishing-attacks-2-arrested/
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
JokerOTP dismantled after 28,000 phishing attacks across 13 countries; UK and Dutch police arrest two suspects linked to £7.5M cyber fraud.
Two individuals have been arrested in a joint international operation dismantling JokerOTP, a sophisticated phishing tool used to intercept 2FA codes and steal over £7.5 million. Learn how this scam worked, the charges involved, and the ongoing efforts to combat this cybercrime network.
https://hackread.com/jokerotp-dismantled-28000-phishing-attacks-2-arrested/
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
28.04.202513:57
Brave's Cookiecrumbler tool taps community to help block cookie notices
Brave has open-sourceed a new tool called "Cookiecrumbler," which uses large language models (LLMs) to detect cookie consent notices and then community-driven reviews to block those that won't break site functionality.
The Brave browser has been blocking cookie consent banners by default on all websites since 2022 but found that blocking consent banners may cause website problems that severely disrupt and degrade the site's usability.
https://www.bleepingcomputer.com/news/security/braves-cookiecrumbler-tool-taps-community-to-help-block-cookie-notices/
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
Brave has open-sourceed a new tool called "Cookiecrumbler," which uses large language models (LLMs) to detect cookie consent notices and then community-driven reviews to block those that won't break site functionality.
The Brave browser has been blocking cookie consent banners by default on all websites since 2022 but found that blocking consent banners may cause website problems that severely disrupt and degrade the site's usability.
https://www.bleepingcomputer.com/news/security/braves-cookiecrumbler-tool-taps-community-to-help-block-cookie-notices/
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
28.04.202513:18
Coinbase 2FA error fixed after many believed their account was hacked
The crypto exchange fixed a confusing flaw
The two-factor authentication (2FA) error on Coinbase, one of the biggest cryptocurrency trading platforms in the world, was finally fixed.
In early April, Coinbase customers started noticing that their Account Activity logs showed “2-step verification failed” entries. These would suggest that someone tried to log in using valid credentials but was only stopped after entering the wrong 2FA code.
https://www.techradar.com/pro/security/coinbase-2fa-error-fixed-after-many-believed-their-account-was-hacked
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
The crypto exchange fixed a confusing flaw
The two-factor authentication (2FA) error on Coinbase, one of the biggest cryptocurrency trading platforms in the world, was finally fixed.
In early April, Coinbase customers started noticing that their Account Activity logs showed “2-step verification failed” entries. These would suggest that someone tried to log in using valid credentials but was only stopped after entering the wrong 2FA code.
https://www.techradar.com/pro/security/coinbase-2fa-error-fixed-after-many-believed-their-account-was-hacked
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
16.02.202507:05
Zelensky calls to build ‘army of Europe’ to counter future Russian threats
MUNICH, Germany — Ukrainian President Volodymyr Zelensky called on Europe to develop its own armed forces, warning that the continent must become more self-reliant in the face of potential threats from Russia.
Speaking at the Munich Security Conference (MSC) on Saturday, Zelensky said Europe has the capacity to manufacture its own artillery, air defense systems and other military technologies necessary for modern warfare.
https://therecord.media/zelensky-calls-for-army-of-europe-to-counter-russia
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
MUNICH, Germany — Ukrainian President Volodymyr Zelensky called on Europe to develop its own armed forces, warning that the continent must become more self-reliant in the face of potential threats from Russia.
Speaking at the Munich Security Conference (MSC) on Saturday, Zelensky said Europe has the capacity to manufacture its own artillery, air defense systems and other military technologies necessary for modern warfare.
https://therecord.media/zelensky-calls-for-army-of-europe-to-counter-russia
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
16.02.202506:58
Microsoft: Hackers steal emails in device code phishing attacks
An active campaign from a threat actor potentially linked to Russia is targeting Microsoft 365 accounts of individuals at organizations of interest using device code phishing.
The targets are in the government, NGO, IT services and technology, defense, telecommunications, health, and energy/oil and gas sectors in Europe, North America, Africa, and the Middle East.
https://www.bleepingcomputer.com/news/security/microsoft-hackers-steal-emails-in-device-code-phishing-attacks/
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
An active campaign from a threat actor potentially linked to Russia is targeting Microsoft 365 accounts of individuals at organizations of interest using device code phishing.
The targets are in the government, NGO, IT services and technology, defense, telecommunications, health, and energy/oil and gas sectors in Europe, North America, Africa, and the Middle East.
https://www.bleepingcomputer.com/news/security/microsoft-hackers-steal-emails-in-device-code-phishing-attacks/
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
28.04.202514:21
Iran claims it stopped large cyberattack on country’s infrastructure
Iran repelled a “widespread and complex” cyberattack targeting the country’s infrastructure on Sunday, according to a senior official who spoke to the Islamic Revolutionary Guard Corps-linked Tasnim News Agency.
The incident, which was not described in detail, was revealed by Behzad Akbari, the head of the government’s Telecommunication Infrastructure Company (TIC).
https://therecord.media/iran-cyberattack-national-infrastructure
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
Iran repelled a “widespread and complex” cyberattack targeting the country’s infrastructure on Sunday, according to a senior official who spoke to the Islamic Revolutionary Guard Corps-linked Tasnim News Agency.
The incident, which was not described in detail, was revealed by Behzad Akbari, the head of the government’s Telecommunication Infrastructure Company (TIC).
https://therecord.media/iran-cyberattack-national-infrastructure
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
28.04.202514:08
iOS and Android juice jacking defenses have been trivial to bypass for years
New ChoiceJacking attack allows malicious chargers to steal data from phones.
About a decade ago, Apple and Google started updating iOS and Android, respectively, to make them less susceptible to “juice jacking,” a form of attack that could surreptitiously steal data or execute malicious code when users plug their phones into special-purpose charging hardware. Now, researchers are revealing that, for years, the mitigations have suffered from a fundamental defect that has made them trivial to bypass.
https://arstechnica.com/security/2025/04/ios-and-android-juice-jacking-defenses-have-been-trivial-to-bypass-for-years/
https://krebsonsecurity.com/2011/08/beware-of-juice-jacking/
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
New ChoiceJacking attack allows malicious chargers to steal data from phones.
About a decade ago, Apple and Google started updating iOS and Android, respectively, to make them less susceptible to “juice jacking,” a form of attack that could surreptitiously steal data or execute malicious code when users plug their phones into special-purpose charging hardware. Now, researchers are revealing that, for years, the mitigations have suffered from a fundamental defect that has made them trivial to bypass.
https://arstechnica.com/security/2025/04/ios-and-android-juice-jacking-defenses-have-been-trivial-to-bypass-for-years/
https://krebsonsecurity.com/2011/08/beware-of-juice-jacking/
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
28.04.202513:49
MemoryGuardian
Take Control of Your Clipboard
A Small App for Enhanced Privacy & SecurityMemory Guardian is a lightweight Android app that enhances user privacy and security by automatically clearing the clipboard at set intervals. This helps protect sensitive information, like passwords, from potential leaks to other applications.
https://f-droid.org/packages/ara.memoryguardian/
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
Take Control of Your Clipboard
A Small App for Enhanced Privacy & SecurityMemory Guardian is a lightweight Android app that enhances user privacy and security by automatically clearing the clipboard at set intervals. This helps protect sensitive information, like passwords, from potential leaks to other applications.
https://f-droid.org/packages/ara.memoryguardian/
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
28.04.202513:16
Big Changes to COPPA: How the FTC’s New Rule Impacts Children’s Online Privacy
After years of consideration and public comment, the Federal Trade Commission (FTC) has officially updated its Children’s Online Privacy Protection Act (COPPA) rule, which will take effect on June 23, 2025. The update, finalized this week, aims to better protect children’s privacy online amid increasing concerns about the use of personal data by digital platforms, especially for advertising purposes. While privacy advocates have been pushing for tougher regulations for years, this new rule marks the first major shift in federal children’s privacy laws since COPPA’s inception in 2000.
https://thecyberexpress.com/ftc-announces-new-childrens-privacy-rule/
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
After years of consideration and public comment, the Federal Trade Commission (FTC) has officially updated its Children’s Online Privacy Protection Act (COPPA) rule, which will take effect on June 23, 2025. The update, finalized this week, aims to better protect children’s privacy online amid increasing concerns about the use of personal data by digital platforms, especially for advertising purposes. While privacy advocates have been pushing for tougher regulations for years, this new rule marks the first major shift in federal children’s privacy laws since COPPA’s inception in 2000.
https://thecyberexpress.com/ftc-announces-new-childrens-privacy-rule/
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
16.02.202507:03
Microsoft: Russian-Linked Hackers Using 'Device Code Phishing' to Hijack Accounts
Microsoft is calling attention to an emerging threat cluster it calls Storm-2372 that has been attributed to a new set of cyber attacks aimed at a variety of sectors since August 2024.
The attacks have targeted government, non-governmental organizations (NGOs), information technology (IT) services and technology, defense, telecommunications, health, higher education, and energy/oil and gas sectors in Europe, North America, Africa, and the Middle East.
https://thehackernews.com/2025/02/microsoft-russian-linked-hackers-using.html
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
Microsoft is calling attention to an emerging threat cluster it calls Storm-2372 that has been attributed to a new set of cyber attacks aimed at a variety of sectors since August 2024.
The attacks have targeted government, non-governmental organizations (NGOs), information technology (IT) services and technology, defense, telecommunications, health, higher education, and energy/oil and gas sectors in Europe, North America, Africa, and the Middle East.
https://thehackernews.com/2025/02/microsoft-russian-linked-hackers-using.html
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
16.02.202506:56
Chinese spies suspected of 'moonlighting' as tawdry ransomware crooks
Some employees steal sticky notes, others 'borrow' malicious code
A crew identified as a Chinese government-backed espionage group appears to have started moonlighting as a ransomware player – further evidence that lines are blurring between nation-state cyberspies and financially motivated cybercriminals.
https://www.theregister.com/2025/02/14/chinese_spies_ransomware_moonlighting/
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
Some employees steal sticky notes, others 'borrow' malicious code
A crew identified as a Chinese government-backed espionage group appears to have started moonlighting as a ransomware player – further evidence that lines are blurring between nation-state cyberspies and financially motivated cybercriminals.
https://www.theregister.com/2025/02/14/chinese_spies_ransomware_moonlighting/
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
28.04.202514:19
GoSearch: Open-source OSINT tool for uncovering digital footprints
GoSearch is an open-source OSINT tool built to uncover digital footprints linked to specific usernames. Designed for speed and accuracy, it lets users quickly track someone’s online presence across multiple platforms.
https://github.com/ibnaleem/gosearch
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
GoSearch is an open-source OSINT tool built to uncover digital footprints linked to specific usernames. Designed for speed and accuracy, it lets users quickly track someone’s online presence across multiple platforms.
https://github.com/ibnaleem/gosearch
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
28.04.202514:01
CISA Warns Planet Technology Network Products Let Attackers Manipulate Devices
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical advisory warning of multiple high-severity vulnerabilities in Planet Technology network products that could allow attackers to gain administrative control over affected devices without authentication.
https://cybersecuritynews.com/cisa-warns-planet-technology-network-products/
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical advisory warning of multiple high-severity vulnerabilities in Planet Technology network products that could allow attackers to gain administrative control over affected devices without authentication.
https://cybersecuritynews.com/cisa-warns-planet-technology-network-products/
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
28.04.202513:27
Implement Auto-Delete Clipboard History to Prevent Sensitive Data Leaks
I copy passwords from my password manager all the time (I use KeePass, so they're long and complex), and I know a lot of people do the same. How is it that Samsung’s clipboard saves everything in plain text with no expiration? That’s a huge security issue.
I even tried switching to Gboard (Google’s keyboard), thinking that would help, but nope, everything I copied was still getting saved in Samsung’s clipboard. Turns out the clipboard functionality is tightly integrated with One UI, so it doesn’t matter what keyboard you use, your clipboard history still gets stored in plain text.
https://us.community.samsung.com/t5/Suggestions/Implement-Auto-Delete-Clipboard-History-to-Prevent-Sensitive/td-p/3200743
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
I copy passwords from my password manager all the time (I use KeePass, so they're long and complex), and I know a lot of people do the same. How is it that Samsung’s clipboard saves everything in plain text with no expiration? That’s a huge security issue.
I even tried switching to Gboard (Google’s keyboard), thinking that would help, but nope, everything I copied was still getting saved in Samsung’s clipboard. Turns out the clipboard functionality is tightly integrated with One UI, so it doesn’t matter what keyboard you use, your clipboard history still gets stored in plain text.
https://us.community.samsung.com/t5/Suggestions/Implement-Auto-Delete-Clipboard-History-to-Prevent-Sensitive/td-p/3200743
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
28.04.202513:14
Attackers chained Craft CMS zero-days attacks in the wild
Orange Cyberdefense’s CSIRT reported that threat actors exploited two vulnerabilities in Craft CMS to breach servers and steal data.
Orange Cyberdefense’s CSIRT warns that threat actors chained two Craft CMS vulnerabilities in recent attacks. Orange experts discovered the flaws while investigating a server compromise.
https://securityaffairs.com/177085/hacking/attackers-chained-craft-cms-zero-days-attacks-in-the-wild.html
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
Orange Cyberdefense’s CSIRT reported that threat actors exploited two vulnerabilities in Craft CMS to breach servers and steal data.
Orange Cyberdefense’s CSIRT warns that threat actors chained two Craft CMS vulnerabilities in recent attacks. Orange experts discovered the flaws while investigating a server compromise.
https://securityaffairs.com/177085/hacking/attackers-chained-craft-cms-zero-days-attacks-in-the-wild.html
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
16.02.202507:02
New Microsoft Windows GUI 0-Day Vulnerability Actively Exploited in the Wild
A newly discovered vulnerability in Microsoft Windows, identified by ClearSky Cyber Security, is reportedly being actively exploited by the Chinese state-sponsored Advanced Persistent Threat (APT) group Mustang Panda.
The vulnerability, which affects the Windows Explorer graphical user interface (GUI), has been classified as low-severity by Microsoft but poses significant risks due to its exploitation in targeted attacks.
https://gbhackers.com/new-microsoft-windows-gui-0-day-vulnerability/
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
A newly discovered vulnerability in Microsoft Windows, identified by ClearSky Cyber Security, is reportedly being actively exploited by the Chinese state-sponsored Advanced Persistent Threat (APT) group Mustang Panda.
The vulnerability, which affects the Windows Explorer graphical user interface (GUI), has been classified as low-severity by Microsoft but poses significant risks due to its exploitation in targeted attacks.
https://gbhackers.com/new-microsoft-windows-gui-0-day-vulnerability/
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
16.02.202506:54
What is an encryption backdoor?
Talk of backdoors in encrypted services is once again doing the rounds after reports emerged that the U.K. government is seeking to force Apple to open up iCloud’s end-to-end encrypted (E2EE) device backup offering. Officials were said to be leaning on Apple to create a “backdoor” in the service that would allow state actors to access data in the clear.
https://techcrunch.com/2025/02/15/what-is-an-encryption-backdoor/
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
Talk of backdoors in encrypted services is once again doing the rounds after reports emerged that the U.K. government is seeking to force Apple to open up iCloud’s end-to-end encrypted (E2EE) device backup offering. Officials were said to be leaning on Apple to create a “backdoor” in the service that would allow state actors to access data in the clear.
https://techcrunch.com/2025/02/15/what-is-an-encryption-backdoor/
📡@cRyPtHoN_INFOSEC_IT
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
Shown 1 - 24 of 81
Log in to unlock more functionality.