RE: https://mastodon.social/@knoppix95/116234366116470824

We urge anyone affected by this OS-level legal issue to write down notes to their local representatives and push for these laws to be repealed or replaced. #MidnightBSD needs them to get rid of these laws, especially those bills that are unconstitutional to the #FirstAmendment and #FourthAmendment. #DigitalFreedom #DigitalRights #NoOSSpies #Spyware #CyberSecurity #PrivacyFirst

@concertina226 @Samsung I'm sure this is having a positive impact for women in many countries...
https://www.malwarebytes.com/blog/news/2025/11/budget-samsung-phones-shipped-with-unremovable-spyware-say-researchers

#spyware

A Possible #US Government #iPhone-Hacking Toolkit Is Now in the Hands of Foreign Spies and Criminals

https://www.wired.com/story/coruna-iphone-hacking-toolkit-us-government/

#cybersecurity #Coruna #spyware #malware #hacking #DigitalForensics

RE: https://phire.place/@phire/116167753188355563

Of course! And now when I think of this has anyone issued GDPR related data request after trying these spy glasses? It should let you know exactly what they can and will see.

#privacy #meta #spyware

Meta’s AI Smart Glasses and Data Privacy Concerns: Workers Say “We See Everything”

Bank details, sex and naked people who seem unaware they are being recorded. Behind Meta’s new smart glasses lies a hidden workforce, uneasy about peering into the most intimate parts of other people’s lives.

👓 https://www.svd.se/a/K8nrV4/metas-ai-smart-glasses-and-data-privacy-concerns-workers-say-we-see-everything

#meta #aismartglasses #dataprivacy #spy #datapractice #ai #lies #privacy #naked #smartglasses #spyware #spying #dataprivacy #weseeyou

This week's signal: Predator #spyware bypasses #iOS camera/mic indicators — that green dot means nothing if you're compromised;

→ Week #09/2026 also covers:

🔓 Conduent #breach: 25M people's data exposed;

🇰🇵 #Lazarus goes #ransomware with Medusa;

⏱️ #CrowdStrike: avg attacker breakout time now 29 minutes;

🤖 #Anthropic drops core #AI safety pledge & stands firm against Pentagon;

Full issue 👉 https://infosec-mashup.santolaria.net/p/infosec-mashup-09-2026-your-iphone-has-a-green-dot-predator-doesn-t-care

If you find it useful, subscribe to get it in your inbox every weekend 📨 #infosecMASHUP #cybersecurity #infosec #threatintel

Signal ist US-amerikanisch und unterliegt FISA sowie dem CLOUD Act. Behörden können Daten anfordern – auch mit Maulkorberlass, ohne dass Signal es öffentlich machen darf.

Aber: Signal hat technisch kaum etwas herzugeben. Keine Inhalte, keine Kontaktlisten, nur Registrierungsdatum und letzter Login. Durch reale Gerichtsverfahren belegt.

FISA ist ein aufwendiges Geheimgerichtsverfahren – das wird nicht gegen einzelne Journalisten oder Aktivisten angestrengt. Wer gezielt überwacht wird, bekommt kommerzielle Spyware auf sein Gerät – Pegasus, Predator, FinFisher und Konsorten. Dann ist der Messenger egal. Der Angreifer liest mit, bevor die Nachricht verschlüsselt wird.
Die Schwachstelle ist das Endgerät, nicht das Protokoll.

#Signal #Surveillance #Spyware #Datenschutz #FISA #CloudAct

Intellexa founder Tal Dilian & 3 associates sentenced in Greece over Predator spyware scandal.
• 90+ politicians & journalists targeted
• 126+ year combined sentence
• Further investigations pending
A major development in spyware accountability.

Full details:
https://www.technadu.com/intellexa-executives-sentenced-in-predator-spyware-scandal-targeting-90-individuals-in-greece-including-politicians-journalists/621265/

#InfoSec #Spyware #Predator #CyberSecurity

Alt...

Intellexa Executives Sentenced in Predator Spyware Scandal Targeting 90+ Individuals in Greece, Including Politicians, Journalists

RE: https://cyberplace.social/@GossiTheDog/116136534798311130

THIS IS VIOLENCE

1. to demand emotional #labor for team cohesion
2. to then fire half the team
3. to dehumanize the lost team by calling them redundancies
4. to shame workers grieving their lost team mates
5. to declare XYZ #tech is better than people
6. to pocket the salaries of fired teams
7. to force free labor & reduced benefits from remaining teams
8. to lie about XYZ not being digital shackles and #spyware
9. to gaslight workers who wont willingly use the shackles

#AI #classWar

AodeRelay boosted

Kevin Beaumont » 🌐 2026-02-26
@GossiTheDog@cyberplace.social

Accenture are firing people who don't use Copilot enough. This one comes from Microsoft (Accenture are a major vendor for MS). https://pivot-to-ai.com/2026/02/25/accenture-youre-promoted-or-fired-on-using-the-ai/

It's been a busy 24 hours in the cyber world with significant updates on AI-assisted attacks, actively exploited vulnerabilities, a data exposure incident, new spyware techniques, and a look at AI for defence. Let's dive in:

AI-Augmented FortiGate Breaches 🤖📰

- A Russian-speaking, financially motivated threat actor used commercial generative AI services to breach over 600 FortiGate firewalls across 55 countries between January and February 2026.
- The attacks exploited exposed management interfaces and weak credentials lacking multi-factor authentication, rather than zero-day vulnerabilities, demonstrating how AI lowers the barrier to entry for less skilled actors.
- AI was used to generate attack methodologies, develop custom reconnaissance tools (in Python and Go), plan lateral movement, and draft operational documentation, leading to the extraction of sensitive configurations, Active Directory compromise, and targeting of backup infrastructure, likely for ransomware deployment.

🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/amazon-ai-assisted-hacker-breached-600-fortigate-firewalls-in-5-weeks/
📰 The Hacker News | https://thehackernews.com/2026/02/ai-assisted-threat-actor-compromises.html

Actively Exploited Vulnerabilities: React2Shell & Roundcube 🕶️📰

- React2Shell (CVE-2025-55182): This critical RCE (CVSS 10.0) in React Server Components is still being actively exploited, with a new "ILovePoop" toolkit used by a possibly state-sponsored actor for reconnaissance against government, defence, finance, and industrial targets globally. Patching is complex due to Next.js bundling React as a 'vendored' package, making it invisible to standard dependency scanners.
- Roundcube Webmail Flaws: CISA has added two actively exploited vulnerabilities to its KEV catalog: CVE-2025-49113 (RCE, CVSS 9.9) and CVE-2025-68461 (XSS, CVSS 7.2). The RCE flaw, a deserialization issue present for over 10 years, was weaponised within 48 hours of public disclosure, with nation-state actors previously targeting Roundcube.
- Organisations should prioritise patching these vulnerabilities, especially React2Shell, which affects default configurations and has seen sophisticated post-exploitation tradecraft, and Roundcube, with a CISA deadline for FCEB agencies by March 13, 2026.

🕶️ Dark Reading | https://www.darkreading.com/application-security/attackers-new-tool-scan-react2shell-exposure
📰 The Hacker News | https://thehackernews.com/2026/02/cisa-adds-two-known-exploited-vulnerabilities-catalog

PayPal Code Error Exposes PII 🕵🏼

- PayPal notified approximately 100 customers of a data exposure incident due to a coding error in its Working Capital loan application, which inadvertently leaked personal information including names, Social Security numbers, dates of birth, email addresses, and business addresses.
- The exposure occurred between July 1, 2025, and December 13, 2025, with a "few" customers also experiencing unauthorised transactions, all of which have been fully refunded by PayPal.
- The company has rolled back the problematic code change, reset affected account passwords, and is offering two years of free credit monitoring to impacted individuals.

🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/02/20/paypal_app_code_error_leak/

Predator Spyware's iOS Stealth Techniques 🤖

- Intellexa's Predator spyware can effectively hide iOS camera and microphone recording indicators (the green/orange dots) from users, allowing it to secretly stream audio and video feeds to operators.
- The malware achieves this by leveraging kernel-level access to hook a single function, ‘HiddenDot::setupHook()’, within SpringBoard, which intercepts and nullifies sensor activity updates before they reach the UI layer.
- This sophisticated technique prevents the operating system from displaying any visual cues of active surveillance, making the spyware's activity completely hidden to a regular user, although technical analysis can still reveal malicious processes.

🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/predator-spyware-hooks-ios-springboard-to-hide-mic-camera-activity/

Anthropic Launches AI for Code Security 📰

- Anthropic has introduced "Claude Code Security," a new feature for its Enterprise and Team customers that uses AI to scan software codebases for vulnerabilities and suggest targeted patches.
- This initiative aims to counter the growing threat of adversaries weaponising AI for automated vulnerability discovery by providing defenders with an AI-powered tool that can reason about code like a human security researcher, tracing data flows and identifying issues missed by traditional static analysis.
- The system includes a multi-stage verification process to filter false positives, assigns severity ratings, and operates with a human-in-the-loop approach, ensuring that no patches are applied without developer review and approval.

📰 The Hacker News | https://thehackernews.com/2026/02/anthropic-launches-claude-code-security.html

#CyberSecurity #ThreatIntelligence #AI #FortiGate #Vulnerabilities #RCE #Roundcube #React2Shell #Spyware #Predator #iOS #DataBreach #PayPal #CodeSecurity #InfoSec #CyberAttack #IncidentResponse

MuMu Player Pro for macOS (by NetEase) executes a comprehensive system data collection routine every 30 minutes while the emulator is running. This includes enumerating all devices on your local network, capturing every running process with full command-line arguments, inventorying all installed applications, reading your hosts file, and dumping kernel parameters -- all tied to your Mac's serial number via SensorsData analytics.

https://gist.github.com/interpiduser5/547d8a7baec436f24b7cce89dd4ae1ea

#macos #NetEase #spyware

#Intellexa’s #Predator #spyware used to hack #iPhone of journalist in #Angola, research says

https://techcrunch.com/2026/02/17/intellexas-predator-spyware-used-to-hack-iphone-of-journalist-in-angola-research-says/

#journalism #privacy #cybersecurity #surveillance

Apple restores a key spyware detection artifact in iOS 26.2 after backlash, helping investigators again spot Pegasus/Predator traces 🔍📱 Details: https://cyberinsider.com/apple-restores-spyware-detection-artifact-in-ios-26-2-after-backlash/ #Apple #iOS #cybersecurity #spyware #Newz

In the name of "safety", these assholes (print&go) are trying to get their spyware baked into everyone's 3d printers.

#3dprinting #spyware #security

Alt...

Screenshot: "3. Complete print traceability The system keeps a record of everything that's printed, including who printed it, what was printed, and even where they were when it was printed. If someone does manage to print a gun, the authorities will be able to identify and trace any instances of printing gun-related material."

Israeli exec at Paragon accidentally exposed Graphite spyware dashboard on LinkedIn—real-time access to Czech user's WhatsApp, Signal, geolocation, camera/mic via zero-click exploits 🔍

Post deleted, shows US agency sales after Trump lifted rights bans, fueling surveillance concerns ⚠️

🔗 https://news-pravda.com/world/2026/02/12/2071096.html

#TechNews #Privacy #Spyware #Security #Surveillance #Cybersecurity #Data #Encryption #Graphite #HumanRights #Tech #FOSS #DigitalRights #Cyber #Israel #Paragon #CzechRepublic #US #Trump

Apple patches decade-old iOS zero-day, possibly exploited by commercial spyware

https://www.theregister.com/2026/02/12/apple_ios_263/

#apple #ios #spyware

@bsi

Chatbots gehören heute wie selbstverständlich zum Alltag.

Nein, tun diese nicht, und ich schmeiß Leute hochkant für die Nutzung jener #Spyware hinaus.

• Wer #ChatGPT nutzt, ist IMHO noch bescheuerter als #Stasi-#IM's denn letztere haben wenigstens theoretisch ne Gegenleistung für deren #Verrat an deren Mitmenschen erhalten!

• Ernsthaft, wer den Post geschrieben hat sollte mal bei euch raus und #RasenAnfassen gehen!

  • Zu #Rheinaue ist es nicht weit vom #BSI-Büro in #Bonn…

Wir müssen aufhören vorsätzliche Fahrlässigkeit.von #TechIlliterates zu normalisieren!

• Weil sowas gefärdet die Sicherheit aller!!!

@quincy also so flatout illegal that it on it's own should make #MicrosoftTeams illegal in #Germany as a #Malware / #Nannyware / #Spyware…

Verdacht auf Android-Spyware? Diese 10-Punkte-Checkliste zeigt Schritte zum Prüfen, Entfernen und Absichern von Konten – ohne Panik, aber systematisch. 👇

https://www.kuketz-blog.de/android-spyware-in-10-schritten-erkennen-und-entfernen/

#adnroid #security #sicherheit #hack #hacking #surveillance #spyware #schadsoftware

Tech Crunch: Hacktivist scrapes over 500,000 stalkerware customers’ payment records https://techcrunch.com/2026/02/09/hacktivist-scrapes-over-500000-stalkerware-customers-payment-records/ @TechCrunch @zackwhittaker @lorenzofb #infosec #spyware #privacy

Alright team, it's been a busy 24 hours in the cyber world with some critical zero-days under active exploitation, a couple of significant breaches, new insights into nation-state tactics, and a stark warning about broken ransomware. Let's dive in:

Recent Cyber Attacks and Breaches 💸

- Step Finance, a Solana DeFi platform, lost approximately $40 million in digital assets after attackers compromised executive devices. While some assets were recovered, the incident has raised questions, including suspicions of a "rug pull."
- Coinbase confirmed an insider breach where a contractor improperly accessed data for about 30 customers. This highlights the ongoing threat of Business Process Outsourcing (BPO) firms being targeted through bribes, social engineering, or compromised accounts.
- The Police Service of Northern Ireland (PSNI) is offering a universal £7,500 compensation to staff affected by a 2023 data breach that exposed personal details, leading to safety risks and mental health issues for officers.
- Mexico's government is facing allegations from the Chronus Group of a 2.3TB data leak impacting 28% of the population. However, the Agencia de Transformación Digital y Telecomunicaciones (ATDT) has downplayed the claims, stating the data appears to be from older breaches.

🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/step-finance-says-compromised-execs-devices-led-to-40m-crypto-theft/
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/coinbase-confirms-insider-breach-linked-to-leaked-support-tool-screenshots/
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/02/04/psni_breach_compensation/
🕶️ Dark Reading | https://www.darkreading.com/cyberattacks-data-breaches/big-breach-or-nada-de-nada-mexican-govt-faces-leak-allegations

New Threat Research and Tradecraft 🕵️‍♀️

- Russia's APT28 (Fancy Bear) weaponised a newly patched Microsoft Office bug (CVE-2026-21509) in just three days. Their "Operation Neusploit" uses RTF documents and localised phishing to deploy credential stealers (MiniDoor) and backdoors (Covenant Grunt via PixyNetLoader).
- Nitrogen ransomware, specifically targeting VMware ESXi, has a critical programming error that corrupts the public key during encryption. This means victims' files cannot be decrypted, even if the ransom is paid, making recovery impossible.
- Microsoft warns that Python-based infostealers are rapidly expanding to target macOS environments. These campaigns use social engineering techniques like "ClickFix" lures and fake installers to distribute malware such as AMOS, MacSync, and DigitStealer, stealing credentials and sensitive data.
- A new EDR killer tool is abusing a legitimate but long-revoked EnCase kernel driver (EnPortv.sys) to disable 59 security tools. This "Bring Your Own Vulnerable Driver" (BYOVD) technique exploits Windows' driver signature enforcement exceptions for older certificates, bypassing protections like PPL.
- New research reveals that Predator spyware can turn off Apple's iOS camera and microphone recording indicators (the green and orange dots). This "elegantly simple" interception mechanism allows the spyware to operate stealthily, defeating a key user-facing security feature.
- While AI agents aren't yet capable of fully autonomous cyberattacks, they are proving highly effective for criminals in various stages of the attack chain. This includes automating vulnerability scanning and writing malicious code, though they still struggle with complex, multi-stage operations without human intervention.

🕶️ Dark Reading | https://www.darkreading.com/cyberattacks-data-breaches/russian-hackers-weaponize-office-bug-within-days
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/02/04/nitrogen_ransomware_broken_decryptor/
📰 The Hacker News | https://thehackernews.com/2026/02/microsoft-warns-python-infostealers.html
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/edr-killer-tool-uses-signed-kernel-driver-from-forensic-software/
🗞️ The Record | https://therecord.media/predator-spyware-iphone-camera-microphone-indicators
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/02/03/autonomous_cyberattacks_not_real_yet/

Actively Exploited Vulnerabilities and Zero-Days ⚠️

- Ivanti's Endpoint Manager Mobile (EPMM) is under active attack due to two critical zero-day vulnerabilities, CVE-2026-1281 and CVE-2026-1340 (CVSS 9.8). These flaws allow unauthenticated remote code execution, with CISA adding one to its KEV catalog. Patches are available, but a permanent fix is pending.
- CISA has added a critical SolarWinds Web Help Desk (WHD) RCE flaw, CVE-2025-40551 (CVSS 9.8), to its KEV catalog, confirming active exploitation. This untrusted data deserialization vulnerability allows unauthenticated attackers to execute OS commands, with federal agencies given a three-day deadline to patch.
- Two significant vulnerabilities have been found in Google Looker: CVE-2025-12743, an SQL injection allowing internal database data exfiltration, and a complex RCE chain. The RCE could lead to arbitrary code execution and potential cross-tenant access on Google Cloud Platform (GCP). Patching is advised but can be challenging.
- A five-year-old GitLab server-side request forgery (SSRF) flaw, CVE-2021-39935, has been added to CISA's KEV catalog due to active exploitation. This vulnerability allows unauthenticated external users to access the CI Lint API, posing a significant risk to the many exposed GitLab instances.
- CISA has confirmed that the VMware ESXi sandbox escape vulnerability, CVE-2025-22225, is now being actively exploited by ransomware gangs. This flaw, previously a zero-day, allows an arbitrary kernel write and sandbox escape, with Chinese-speaking threat actors suspected of chaining it with other vulnerabilities.

🤫 CyberScoop | https://cyberscoop.com/ivanti-endpoint-manager-mobile-zero-day-vulnerabilities-exploit/
📰 The Hacker News | https://thehackernews.com/2026/02/cisa-adds-actively-exploited-solarwinds.html
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/02/04/critical_solarwinds_web_help_desk/
🕶️ Dark Reading | https://www.darkreading.com/application-security/google-looker-bugs-cross-tenant-rce-data-exfil
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/cisa-warns-of-five-year-old-gitlab-flaw-exploited-in-attacks/
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/cisa-vmware-esxi-flaw-now-exploited-in-ransomware-attacks/

Geopolitical Cyber and Regulatory Updates 🌐

- The US military reportedly used cyber weapons to disrupt Iranian air missile defense systems during 2025 strikes on its nuclear program. This "non-kinetic" operation targeted "aim points" in the network to prevent surface-to-air missile launches against American warplanes.
- Ukraine has implemented a mandatory "whitelist" for Starlink satellite internet terminals to counter Russian forces using the technology on attack drones. This measure, in cooperation with SpaceX, aims to make Russian drones harder to detect, jam, or shoot down.
- CISA is working on replacing the Critical Infrastructure Partnership Advisory Council (CIPAC) to foster broader and more specific discussions on cybersecurity and operational technology (OT) threats. They are also developing an AI information-sharing center (AI-ISAC) to coordinate with industry efforts.
- The Eclipse Foundation is mandating pre-publish security checks for extensions submitted to its Open VSX Registry. This proactive shift aims to combat supply chain threats by identifying and quarantining suspicious uploads, such as impersonation, leaked credentials, or known malicious patterns, before publication.

🗞️ The Record | https://therecord.media/iran-nuclear-cyber-strikes-us
🗞️ The Record | https://therecord.media/ukraine-tightens-starlink-controls-counter-russian-drones
🤫 CyberScoop | https://cyberscoop.com/whats-next-for-dhss-forthcoming-replacement-critical-infrastructure-protection-panel-ai-information-sharing/
📰 The Hacker News | https://thehackernews.com/2026/02/eclipse-foundation-mandates-pre-publish.html

Other Noteworthy News 📰

- Rui-Siang Lin, known as "Pharoah," has been sentenced to 30 years in prison for operating Incognito Market, a dark web narcotics marketplace that facilitated over $105 million in illegal drug sales. Lin also extorted users before shutting down the platform.
- Microsoft is rolling out native Sysmon functionality to Windows 11 systems enrolled in the Windows Insider program. This built-in System Monitor will enhance threat detection and hunting capabilities by logging system events, though it remains disabled by default.
- Cloud providers are rushing to offer "OpenClaw-as-a-service," despite strong warnings from Gartner. OpenClaw, an AI assistant platform, is described as "demonstrably insecure" due to plaintext credential storage and lack of default authentication, posing unacceptable cybersecurity risks.

🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/taiwanese-man-gets-30-years-for-operating-dark-web-drug-market/
🗞️ The Record | https://therecord.media/incognito-market-sentenced-thirty
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/microsoft/microsoft-rolls-out-native-windows-11-sysmon-security-monitoring/
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/02/04/cloud_hosted_openclaw/

#CyberSecurity #ThreatIntelligence #Vulnerabilities #ZeroDay #RCE #Ransomware #APT28 #Infostealer #MacOS #EDR #Spyware #AI #IncidentResponse #DataBreach #CyberWarfare #Starlink #CISA #InfoSec

If for some reason you have one of Bezos' Li'l Snitches in your house and it's rolled out the new voice (a lot younger-sounding, kinda creepy), turn to it now, say its name and tell it to "turn off follow-up mode." The new voice wasn't the only change (of course); it now listens actively to the conversation and inserts comments where no one asked for feedback.

Ideally, you'd throw the hockey puck out the window, but maybe you're staying with a relative and just need to shut the thing up without destroying it. This should do the trick.

#Echo #Dot #Alexa #spyware

Ireland drafts new surveillance bill expanding police powers to intercept encrypted messages 🔐
Includes legal basis for spyware use & device scanning tech 🕵️‍♀️
Civil rights groups warn of normalization of extraordinary powers ⚖️

🔗 https://www.theregister.com/2026/01/21/ireland_wants_to_give_police/

#TechNews #Privacy #Surveillance #Spyware #Encryption #HumanRights #Law #Cybersecurity #PoliceTech #CivilLiberties #EU #Government #DataProtection #Security #DigitalRights #Ireland #Irish

RE: https://infosec.exchange/@briankrebs/115962508398912420

Do Not Visit The United States

#WorldCup #Olympics #Spyware #SocialMedia #Fascism

AodeRelay boosted

BrianKrebs » 🌐 2026-01-26
@briankrebs@infosec.exchange

We knew this was coming, but now the clock is running. From Privacy International:

"Yesterday the Trump Administration announced a proposed change in policy for travellers to the U.S. It applies to the powers of data collection by the Customs and Border Police (CBP)."

"If the proposed changes are adopted after the 60-day consultation, then millions of travellers to the U.S. will be forced to use a U.S. government mobile phone app, submit their social media from the last five years and email addresses used in the last ten years, including of family members. They’re also proposing the collection of DNA."

PI linked to and summarized a Federal Register entry describing the proposed requirements:

-All visitors must submit ‘their social media from the last 5 years’

-ESTA (Electronic System for Travel Authorization) applications will include ‘high value data fields’, ‘when feasible’
‘telephone numbers used in the last five years’
-‘email addresses used in the last ten years’
-‘family number telephone numbers (sic) used in the last five years’
-biometrics – face, fingerprint, DNA, and iris
-business telephone numbers used in the last five years
-business email addresses used in the last ten years.

https://www.privacyinternational.org/news-analysis/5713/trump-administration-wants-your-dna-and-social-media

The Federal Register entry says comments are encouraged and
must be submitted (no later than
February 9, 2026) to be assured of
consideration

Federal Register entry: https://www.govinfo.gov/content/pkg/FR-2025-12-10/pdf/2025-22461.pdf

Tech Crunch: Saudi satirist hacked with Pegasus spyware wins damages in court battle https://techcrunch.com/2026/01/26/saudi-satirist-hacked-with-pegasus-spyware-wins-damages-in-court-battle/ @TechCrunch @zackwhittaker #infosec #spyware

🔥 Latest issue of my curated #cybersecurity and #infosec list of resources for week #04/2026 is out!

→ It includes the following and much more:

🎣 📩 LastPass warns of a #phishing campaign pretending to be #LastPass;

🇺🇸 🎽 Under Armour investing breach;

🇯🇴 📲 Jordanian authorities used #Cellebrite phone-cracking tools to extract data from activists’ phones without consent;

🇮🇪 👀 #Ireland plans a new law to let police use #spyware;

💬 🔐 @moxie launched #Confer, a #ChatGPT-like service built to protect user #privacy;

💥 Attackers exploiting critical Fortinet #FortiCloud flaw;

🇷🇺 🇵🇱 Russian government hackers likely tried to knock out parts of Poland’s power grid;

--

👉 NEVER MISS my curations and updates on information security and cybersecurity news and challenges 📨 Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️

https://infosec-mashup.santolaria.net/p/infosec-mashup-04-2026

#Amazon seems to realize that people don't like their #Spyware / #Snitchware / #Govware appliances at their doors, so they try to sell it to #TechIlliterates in #Germany...

• Well, nope!

#Camover #GAFAMs #AmericanGestapo #CloudAct #blink #ring #CamOver #sarcasm #commentary #USpol #DEpol #Ads #Advertising

Alt...

Amazon Germany pushing a promo for their blink & ring devices

#Predator #Spyware Turns Failed Attacks Into Intelligence for Future Exploits

https://www.securityweek.com/predator-spywares-granular-anti-analysis-features-exposed/

#cybersecurity #Cytrox #privacy #Intellexa

#Michigan man learns the hard way that “catch a cheater” #spyware apps aren’t legal
#privacy #security #malware

https://arstechnica.com/security/2026/01/michigan-man-learns-the-hard-way-that-catch-a-cheater-spyware-apps-arent-legal/

Morning all! It's been a bit quiet on the news front over the last 24 hours, but we've still got some important updates to chew on, including a few recent breaches, a critical RCE vulnerability, a look at AI as the next big insider threat, and some interesting policy shifts around commercial spyware. Let's dive in:

Multiple Breaches: Korean Air, EmEditor, and UK Councils 🚨
- Korean Air's former catering unit, KC&D, suffered a breach exposing PII for around 30,000 employees, including names and bank account numbers. The notorious Clop ransomware group has claimed responsibility, likely exploiting a zero-day in Oracle Enterprise Business Suite.
- Emurasoft's official EmEditor website was compromised between 19-22 December, leading users to download a maliciously modified MSI installer signed by an unauthorised third party (Walsham Investments Limited). This installer executes a PowerShell command to download and run external content.
- Westminster City Council confirmed that a November 2025 "cyber security incident" resulted in the unauthorised copying of potentially sensitive and personal data from shared IT systems, impacting residents in Westminster and Kensington and Chelsea.

🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/04/trump_admin_lifts_sanctions_predator_spyware_execs/

Critical RCE Zero-Day in Xspeeder Firmware Ignored by Vendor ⚠️
- Researchers at Pwn.ai claim to have used an AI agent to discover CVE-2025-54322, a CVSS 10.0 unauthenticated root RCE vulnerability in Xspeeder's SXZOS firmware, affecting an estimated 70,000 hosts.
- This pre-authorisation flaw allows attackers to gain full control of vulnerable devices. Pwn.ai found the bug over seven months ago using emulated software.
- Despite repeated outreach, Xspeeder has reportedly ignored the disclosure, leaving a significant number of devices exposed to active exploitation.

🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/04/trump_admin_lifts_sanctions_predator_spyware_execs/

AI Agents: The New Insider Threat for 2026 🤖
- Palo Alto Networks' Chief Security Intel Officer, Wendi Whitmore, predicts AI agents will be the biggest insider threat by 2026, as 40% of enterprise apps are expected to integrate task-specific AI agents.
- The risk stems from the "superuser problem" where agents are granted excessive privileges, potentially chaining access to sensitive systems without oversight, and the emergence of "doppelganger" agents that could approve critical transactions or manipulate models with malicious intent via prompt injection.
- Organisations must implement least privilege for AI agents, establish robust access controls, and focus on quickly detecting rogue agent behaviour, much like securing cloud deployments in the past.

🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/04/ai_agents_insider_threats_panw/

Trump Admin Lifts Sanctions on Predator Spyware Executives ⚖️
- The Trump administration has removed three individuals associated with the Intellexa spyware consortium (behind the Predator surveillance tool) from the Treasury Department's Specially Designated Nationals list.
- These individuals – Sara Hamou, Andrea Gambazzi, and Merom Harpaz – were sanctioned by the Biden administration for their involvement with Intellexa, which was previously deemed a "significant threat to national security."
- The delistings, reportedly due to individuals demonstrating separation from Intellexa, signal a shift in US policy towards commercial spyware, following earlier moves to lift restrictions on ICE purchasing software from Paragon Solutions.

🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/04/trump_admin_lifts_sanctions_predator_spyware_execs/

#CyberSecurity #ThreatIntelligence #AI #InsiderThreat #RCE #ZeroDay #Vulnerability #DataBreach #Ransomware #Clop #Spyware #InfoSec #CyberAttack #Regulatory

Meet the team that investigates when #journalists and #activists get hacked with government #spyware
In the last few years, in the fight to protect these higher-risk communities, a team of a dozen digital security experts, mostly based in Costa Rica, Manila, and Tunisia, among other places, have played a key role. They work for the New York-headquartered nonprofit #AccessNow, specifically its Digital Security Helpline https://techcrunch.com/2025/12/27/meet-the-team-that-investigates-when-journalists-and-activists-get-hacked-with-government-spyware/

It's been a busy 24 hours in the cyber world with updates on insider threats, crypto hacks, a new ClickFix automation tool, actively exploited vulnerabilities, and some interesting shifts in sanctions and data privacy. Let's dive in:

Cybersecurity Pros Moonlighting as Ransomware Scum ⚠️
- Two cybersecurity professionals, a ransomware negotiator and an incident response manager, have pleaded guilty to acting as ALPHV BlackCat ransomware affiliates.
- They used their infosec skills to infect five US entities (medical device, pharma, doctor's office, engineering, drone manufacturer) between May and November 2023.
- One victim paid $1.2 million in Bitcoin, which the trio split and attempted to launder, highlighting a disturbing insider threat within the security industry.

🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/12/31/alphv_ransomware_affiliates_plead_guilty/

Unleash Protocol $3.9M Multisig Hijack 💸
- Decentralised intellectual property platform Unleash Protocol lost approximately $3.9 million in cryptocurrency due to an unauthorised contract upgrade.
- Attackers gained administrative control via Unleash's multisig governance system, enabling asset withdrawals of WIP, USDC, WETH, stIP, and vIP.
- The stolen funds were bridged and transferred to external addresses, with PeckShieldAlert reporting deposits into the Tornado Cash mixing service, prompting Unleash Protocol to pause all operations.

🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/hackers-drain-39m-from-unleash-protocol-after-multisig-hijack/

European Space Agency Data Breach 🛰️
- The European Space Agency (ESA) has confirmed a security incident affecting "a very small number of external servers" used for unclassified engineering and scientific collaboration.
- Cybercriminals are claiming to have stolen over 200 GB of data, including source code, CI/CD pipelines, API/access tokens, confidential documents, and Bitbucket repository dumps.
- This marks another incident where ESA's external systems have been targeted, raising concerns about consistent security posture across its broader digital footprint.

🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/12/31/european_space_agency_hacked/

ErrTraffic Automates ClickFix Attacks ⚠️
- A new cybercrime service called ErrTraffic is being promoted on Russian-speaking forums, enabling automated ClickFix attacks for $800.
- It functions as a self-hosted traffic distribution system (TDS) that generates fake browser glitches (e.g., corrupted text, font errors) on compromised websites.
- The platform lures users into downloading payloads like Lumma, Vidar, Cerberus, and AMOS info-stealers by presenting a "fix," with a hardcoded exclusion for CIS countries.

🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/new-errtraffic-service-enables-clickfix-attacks-via-fake-browser-glitches/

DarkSpectre Browser Extension Espionage 🕵️
- A Chinese threat actor, DarkSpectre, is behind three malicious browser extension campaigns (ShadyPanda, GhostPoster, The Zoom Stealer) that have impacted over 8.8 million users.
- These extensions mimic legitimate tools for videoconferencing (Google Meet, Zoom, GoTo Webinar) to exfiltrate corporate meeting intelligence, including URLs, passwords, participant lists, and speaker details.
- The campaigns utilise tactics like time-delayed activation, C2 servers on Alibaba Cloud, and Chinese language artifacts, indicating a focus on corporate espionage rather than consumer fraud.

📰 The Hacker News | https://thehackernews.com/2025/12/darkspectre-browser-extension-campaigns.html

Critical IBM API Connect Auth Bypass 🛡️
- IBM has issued a critical warning for an authentication bypass vulnerability (CVE-2025-13915, CVSS 9.8) in its API Connect enterprise platform.
- The flaw affects versions 10.0.11.0 and 10.0.8.0 through 10.0.8.5, allowing unauthenticated remote attackers to gain unauthorised access to exposed applications.
- Organisations are urged to upgrade immediately or disable self-service sign-up on their Developer Portal as a mitigation to minimise exposure.

🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/ibm-warns-of-critical-api-connect-auth-bypass-vulnerability/

RondoDox Botnet Exploits React2Shell Flaw 🚨
- The RondoDox botnet is actively exploiting the critical React2Shell flaw (CVE-2025-55182) to compromise vulnerable Next.js servers.
- This unauthenticated remote code execution (RCE) vulnerability, exploitable via a single HTTP request, allows the deployment of malware and cryptominers.
- With over 94,000 internet-exposed assets vulnerable, RondoDox is conducting hourly IoT exploitation waves, deploying coinminers, botnet loaders, and Mirai variants.

🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/rondodox-botnet-exploits-react2shell-flaw-to-breach-nextjs-servers/

Disney's $10M Children's Data Privacy Settlement 🔒
- Disney has agreed to pay a $10 million civil penalty to settle claims that it violated the Children's Online Privacy Protection Act (COPPA).
- The company allegedly failed to correctly label kid-directed videos on YouTube as "Made for Kids," allowing personal data collection for targeted advertising to children under 13.
- The settlement mandates Disney to alert parents before collecting children's personal information and ensure proper video designation on YouTube to prevent unlawful data practices.

🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/disney-will-pay-10m-to-settle-claims-of-childrens-privacy-violations-on-youtube/

US Treasury Lifts Predator Spyware Sanctions ⚖️
- The U.S. Treasury's OFAC has removed three individuals linked to the Intellexa Consortium, developers of the Predator commercial spyware, from its specially designated nationals list.
- These individuals were previously sanctioned for their roles in developing, operating, and distributing Predator, a tool known for targeting civil society figures.
- The reason for the removal is currently unknown, raising concerns among some experts about the potential signal this sends to other malicious actors in the commercial spyware industry.

📰 The Hacker News | https://thehackernews.com/2025/12/us-treasury-lifts-sanctions-on-three.html

Finland Seizes Ship Suspected of Cable Damage 🚢
- Finnish authorities have seized a ship suspected of damaging a subsea telecommunications cable in the Baltic Sea, following a report from Elisa telecom company.
- The incident is being investigated as aggravated criminal damage and interference with telecommunications, amidst broader concerns about critical infrastructure sabotage in the region.
- This follows a previous incident in 2024 involving a Russia-linked oil tanker, highlighting ongoing vulnerabilities and the importance of maritime critical infrastructure protection.

🗞️ The Record | https://therecord.media/finland-seizes-ship-suspected-damaging-undersea-cable

Hong Kong's New Anti-Scam Banking 🏦
- Hong Kong's Monetary Authority has introduced "Money Safe" accounts, requiring customers to visit a physical branch to access funds, as a new measure against surging scam cases.
- This initiative aims to provide a crucial "cooling-off" period, allowing customers to reconsider potential scams during a face-to-face anti-scam verification process.
- The move is a direct response to the constant stream of phishing campaigns and fake bank websites targeting the territory's financial sector, a quarter of its GDP.

🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/12/31/hong_kong_antiscam_money_safe/

#CyberSecurity #ThreatIntelligence #Ransomware #DataBreach #Vulnerability #RCE #Botnet #Spyware #DataPrivacy #InfoSec #CyberAttack #Malware #IncidentResponse #CriticalInfrastructure #SocialEngineering

New talk “Suing spyware in Europe: news from the front!” spotlights Pegasus abuses, Irídia’s flagship case, and the PEGA coalition’s push for EU-wide accountability and safeguards against spyware. 🔍⚖️

https://media.ccc.de/v/39c3-suing-spyware-in-europe-news-from-the-front

#Pegasus #Spyware #EU #DigitalRights #39c3

You’ve been targeted by government #spyware. Now what?

https://techcrunch.com/2025/12/29/youve-been-targeted-by-government-spyware-now-what/

#cybersecurity #privacy #guide

THIS is some good #PSA re: #JavaScript, which is being rampantly abused for #malware!

• I did expand it here because the #AltText field is too small to put the entire text in it...

(CLICK/TAP THIS OVERLAY ANYWHERE TO CLOSE IT)

Ah, yes. That moment. The one that sends a chill down your spine and makes you do a quick, frantic scan of your surroundings, hoping nobody noticed that brief, undeniable flash of panic on your face. You know exactly what I'm talking about: That split second when you spot that website in your browser's tab bar.

Heart pounding, you dart a glance at your coworkers, your friends, your partner, or anyone in the vicinity, searching for signs of judgment or, worse, curiosity. No one's looking, but somehow, you feel like everyone is. It's like the universe knows, and it's giggling behind its hand. You quickly click over to the tab, praying, hoping it's not what you think it is.

And then, oh sweet relief, it's not that. But now, a whole new, equally horrible truth sinks in. You've just been pranked by the cruel, merciless soul who crafted this infernal website. You, my friend, have just experienced the finest torture modern web technology has to offer: Unwarranted suspense, followed by the revelation that nothing is as it seems.

JavaScript, you son of a smoking gun. The great trickster of the web, slinking in the background, making you believe that your browsing experience is smooth and simple, only to slap you with a pop-up, a subtle redirect, or worse, a blinking ad that's seemingly impossible to close.

And here you are, caught in the endless cycle of knowing you should turn JavaScript off but just not caring enough to actually do it. It's like knowing you should stop eating those extra chips but doing it anyway. But this? This is the universe giving you a little nudge, perhaps a not-so-subtle one, reminding you of your folly.

So, here it is, loud and clear: Turn JavaScript off, now, and only allow it on websites you trust! Save your sanity, preserve your dignity, and maybe give your browser a fighting chance at actually doing what you want it to do. Because if you don't, the next time you see that icon, your heart might not only drop, it might skip a beat or two.

More information here.

You have no idea what any of this means? Then you probably haven't noticed this page's tab icon and title while it was inactive/sent to the background. Simply open a new tab and see how this tab changes. :-)

(CLICK/TAP THIS OVERLAY ANYWHERE TO CLOSE IT)

• Source: https://マリウス.com/gomphotherium-a-command-line-mastodon-client/

#ITSec #InfoSec #OpSec #ComSec #JS #WebDesign #Tech #technology #spyware #IT #security #ITsecurity

Alt...

(CLICK/TAP THIS OVERLAY ANYWHERE TO CLOSE IT) [...] JavaScript, you son of a smoking gun. The great trickster of the web, slinking in the background, making you believe that your browsing experience is smooth and simple, only to slap you with a pop-up, a subtle redirect, or worse, a blinking ad that's seemingly impossible to close. And here you are, caught in the endless cycle of knowing you should turn JavaScript off but just not caring enough to actually do it. It's like knowing you should stop eating those extra chips but doing it anyway. But this? This is the universe giving you a little nudge, perhaps a not-so-subtle one, reminding you of your folly. So, here it is, loud and clear: Turn JavaScript off, now, and only allow it on websites you trust! Save your sanity, preserve your dignity, and maybe give your browser a fighting chance at actually doing what you want it to do. Because if you don't, the next time you see that icon, your heart might not only drop, it might skip a beat or two. More information here. You have no idea what any of this means? Then you probably haven't noticed this page's tab icon and title while it was inactive/sent to the background. Simply open a new tab and see how this tab changes. :-) (CLICK/TAP THIS OVERLAY ANYWHERE TO CLOSE IT)

If you missed this. The brands in question are Sony, Samsung, LG, Hisense and TCL. These companies allegedly recorded "what viewers watch without their consent. The predatory technology, Automated Content Recognition (ACR), identifies the content being played on a device by matching short content fingerprints to a database."

Engadget: Texas sues five TV manufacturers over predatory ad-targeting spyware https://www.engadget.com/cybersecurity/texas-sues-five-tv-manufacturers-over-predatory-ad-targeting-spyware-201500248.html @Engadget #privacy #spyware #infosec #Sony #LG #Samsung

@slashdot IDC all I know is that people using that #Spyware are #Glassholes!

Whoever came up with #SancharSaathi should be fired and excluded from public office in #India and elsewhere for life!

https://www.youtube.com/watch?v=-xCp7nag3GM&t=3m39s

#Cyberfascism #INpol #INgov #Govware #Malware #Spyware #fascism

Berlin : la police peut pénétrer secrètement dans les maisons pour installer des programmes d'espionnages : ( pour espionner les deviants, antivax, etc,... !!! )

- Police ( municipale ??? ) autorisé à pirater les systèmes informatiques, mais également à pénétrer secrètement dans les appartements des suspects.
- le paragraphe 26 autorise explicitement les enquêteurs à « entrer ( chez moi ) et fouiller secrètement les locaux » afin d'accéder aux systèmes informatiques.
- les forces de police sont désormais autorisées à activer les caméras secrètes dans les maisons privées , dans le lieu le plus intime des citoyens et dans d'autres espaces non publics .
- paragraphe 28a. Cela permet à la police d'effectuer des comparaisons biométriques de visages et de voix avec des données accessibles au public sur Internet. Cela permet à la police d'effectuer des recherches automatisées sur les réseaux sociaux ou les plateformes de photos, par exemple avec une reconnaissance faciale automatisée, en utilisant des éléments issus de la vidéosurveillance pour identifier des individus.
- utilisation de données réelles de la police – telles que des images, des vidéos ou des SMS issus d'enquêtes – pour la formation d'algorithmes d'IA. ( donner a facebook, google, etc,.. ).

#police #spyware #de

https://www.heise.de/en/news/Berlin-Police-can-secretly-enter-homes-for-state-trojan-installation-11103284.html

@briankrebs Did you read this article yet?🤔 "Adblock ban" by several companies like #YouTube and #Google to prevent users from blocking ads, poses a security problem. From International Cyber Digest📰

"malicious advertisement created by the attacker to be shown on the target’s phone. This malicious ad could be served on any website which displays ads, such as a trusted news website or mobile app, and would appear like any other ad that the target is likely to see. Internal company materials explain that simply viewing the advertisement is enough to trigger the infection on the target’s device, without any need to click on the advertisement itself." 😱

"To Catch a Predator: Leak exposes the internal operations of Intellexa’s mercenary #spyware"

🔗 https://securitylab.amnesty.org/latest/2025/12/intellexa-leaks-predator-spyware-operations-exposed/

#opseC #infosec

Predator spyware now leverages a new zero-click vector—no user interaction needed. HIGH severity for European orgs in gov, defense, & critical infra. Patch devices, deploy EDR, and monitor for stealthy activity! Details: https://radar.offseq.com/threat/predator-spyware-uses-new-infection-vector-for-zer-5b9e3101 #OffSeq #ZeroClick #Spyware #ThreatIntel

Alt...

High threat: Predator spyware uses new infection vector for zero-click attacks

It's been a busy 24 hours in the cyber world with significant updates on major data breaches, critical RCE vulnerabilities under active exploitation, evolving botnet and spyware threats, and key geopolitical cyber developments. Let's take a look:

Major Breaches & Insider Threats 🚨
- Financial software provider Marquis suffered a ransomware attack via a SonicWall firewall, impacting over 74 US banks and credit unions and exposing personal data for over 400,000 customers.
- Twin brothers with a history of hacking were charged with insider data destruction after being fired from a federal contractor, allegedly deleting 96 government databases (DHS, IRS, EEOC) and using AI to cover their tracks.
- A critical exploit in Yearn Finance's yETH pool led to a $9 million DeFi theft, while the Shai-Hulud 2.0 npm worm exposed 400,000 secrets from 800+ packages and 30,000 GitHub repositories due to CI/CD misconfiguration.

🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/marquis-data-breach-impacts-over-74-us-banks-credit-unions/
🤫 CyberScoop | https://cyberscoop.com/muneeb-sohaib-akhter-government-contractors-insider-attack/
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/contractors-with-hacking-records-accused-of-wiping-96-govt-databases/
🗞️ The Record | https://therecord.media/twin-brothers-arrested-hacking-deleting-foia-databases
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/12/04/twin_brothers_charged_with_deleting_databases/
📰 The Hacker News | https://thehackernews.com/2025/12/threatsday-bulletin-wi-fi-hack-npm-worm.html

Critical Vulnerabilities Under Attack ⚠️
- A critical privilege escalation flaw (CVE-2025-8489) in the King Addons for Elementor WordPress plugin is under active exploitation, allowing attackers to create rogue admin accounts.
- A maximum-severity RCE (CVE-2025-55182, "React2Shell") affects React Server Components and Next.js, with exploitation considered imminent for 39% of cloud environments.
- Microsoft quietly patched CVE-2025-9491, a Windows LNK file bug long abused by nation-state actors (like China's UNC6384/Mustang Panda) to hide malicious command-line arguments and deploy RATs.

🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/critical-flaw-in-wordpress-add-on-for-elementor-exploited-in-attacks/
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/12/03/exploitation_is_imminent_react_vulnerability/
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/critical-react2shell-flaw-in-react-nextjs-lets-hackers-run-javascript-code/
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/12/04/microsoft_lnk_bug_fix/

Advanced Threat Actor & Malware Campaigns 🛡️
- The AISURU botnet launched a record 29.7 Tbps DDoS attack, leveraging 1-4 million infected IoT devices in a UDP carpet-bombing campaign, with DDoS attacks against AI companies spiking 347%.
- GoldFactory, a Chinese financially motivated group, is using modified banking apps (e.g., Gigabud, MMRat) to infect over 11,000 mobile users in Southeast Asia, impersonating government services and bypassing security features.
- Intellexa's Predator spyware now employs a zero-click "Aladdin" infection vector via malicious ads, and "Triton" for baseband exploits, with the company linked to 15 zero-day exploits since 2021 and remaining active despite sanctions.
- CISA, NSA, and Canada's Cyber Security Centre warn of Chinese hackers (UNC5221/Warp Panda) deploying "BrickStorm" malware to backdoor VMware vSphere servers, creating hidden VMs and stealing credentials via nested TLS and DoH.
- Silver Fox is using a false flag operation, mimicking Russian threat groups, to spread ValleyRAT (Winos 4.0, a Gh0st RAT variant) in China via fake Microsoft Teams installers, often leveraging BYOVD techniques to disable security products.

📰 The Hacker News | https://thehackernews.com/2025/12/record-297-tbps-ddos-attack-linked-to.html
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/12/04/cloudflare_aisuru_botnet/
📰 The Hacker News | https://thehackernews.com/2025/12/goldfactory-hits-southeast-asia-with.html
🗞️ The Record | https://therecord.media/intellexa-predator-spyware-continues-despite-sanctions
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/predator-spyware-uses-new-infection-vector-for-zero-click-attacks/
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/cisa-warns-of-chinese-brickstorm-malware-attacks-on-vmware-servers/
📰 The Hacker News | https://thehackernews.com/2025/12/silver-fox-uses-fake-microsoft-teams.html
📰 The Hacker News | https://thehackernews.com/2025/12/threatsday-bulletin-wi-fi-hack-npm-worm.html

2025 Web Security Landscape Review 🌐
- The web security landscape in 2025 was reshaped by AI-powered attacks ("vibe coding" flaws, AI dev tool compromises), large-scale JavaScript injection campaigns, a 103% surge in Magecart attacks, and a 156% increase in malicious open-source packages.
- These threats highlight a shift towards continuous validation and an "assume breach" mentality, as reactive security methods are proving insufficient against rapidly evolving, AI-driven attacks.
- Organisations are urged to inventory third-party dependencies, implement behavioural monitoring, audit AI-generated code, and validate privacy controls continuously to adapt to this new threat reality.

📰 The Hacker News | https://thehackernews.com/2025/12/5-threats-that-reshaped-web-security.html

Regulatory & Geopolitical Cyber Moves ⚖️
- Let's Encrypt plans to reduce SSL/TLS certificate validity from 90 to 45 days by 2028 to enhance internet security and revocation efficiency.
- Russia has blocked FaceTime and Snapchat, citing their use in terrorist attacks and fraud, continuing a trend of restricting foreign communication platforms.
- The UK sanctioned Russia's GRU agency and 11 officers for the 2018 Salisbury nerve agent attack and ongoing hybrid operations, while a Russian physicist was sentenced to 21 years for treason and cyber sabotage.

📰 The Hacker News | https://thehackernews.com/2025/12/threatsday-bulletin-wi-fi-hack-npm-worm.html
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/russia-blocks-facetime-and-snapchat-over-use-in-terrorist-attacks/
🗞️ The Record | https://therecord.media/uk-sanctions-russia-gru-cyber-spies-nerve-agent-attack
🗞️ The Record | https://therecord.media/russia-sentences-physicist-treason-ddos-attacks

Government Cyber Strategy & Personnel 🏛️
- The Trump administration is preparing a concise, five-page national cybersecurity strategy for January, focusing on cyber offense, deterrence, and critical infrastructure protection.
- Sean Plankey's nomination to lead CISA appears stalled due to Senate holds, leaving the agency without a Senate-confirmed leader as a new national cybersecurity strategy is set to roll out.
- NATO conducted its largest-ever Cyber Coalition exercise in Estonia, involving 1,300 participants, simulating major critical infrastructure attacks and emphasising information sharing against hybrid threats, including space-based scenarios.

🤫 CyberScoop | https://cyberscoop.com/trump-national-cybersecurity-strategy-2025-release/
🤫 CyberScoop | https://cyberscoop.com/sean-plankey-cisa-nomination-stalled-senate-holds/
🗞️ The Record | https://therecord.media/nato-holds-largest-ever-cyberdefense-exercise-estonia

Software Development & Protocol Deep Dives 💻
- Rust's Ferrocene compiler toolchain has achieved IEC 61508 (SIL 2) certification for parts of its core library, paving the way for broader adoption in safety-critical embedded systems.
- An in-depth analysis of TLS 1.3 highlights the subtle tradeoff between using 0-RTT data for performance and maintaining forward secrecy, as 0-RTT may rely on long-lived secrets vulnerable to future compromise.

🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/12/04/rust_core_library_partly_polished/
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/12/04/tls_13_includes_welcome_improvements/

#CyberSecurity #ThreatIntelligence #Ransomware #Vulnerability #RCE #ZeroDay #APT #Malware #DDoS #Spyware #SupplyChain #DataBreach #InfoSec #CyberAttack #IncidentResponse #WebSecurity #AI #Policy #Government

#MicrosoftOutlook liest nicht nur mit, sondern schickt ALLE #Logins im #Klartext an #Microsoft!

• Wenn dass nicht #MicrosoftOffice #Outlook, #Windows11 & Microsoft selbst als #Malware disqalifiziert dann weiß ich auch nicht...

#Datenschutz #Privatsphäre #Sicherheit #ITsec #InfoSec #OpSec #ComSec #Windows #Govware #Spyware

#CISA warns #spyware crews are breaking into #Signal and #WhatsApp accounts

https://www.theregister.com/2025/11/25/cisa_spyware_gangs/

#cybersecurity

Well, it looks like you can't buy #Samsung any more:

"Unremovable #Spyware on Samsung Devices Comes Pre-installed on #Galaxy Series Devices"
https://cybersecuritynews.com/spyware-on-samsung-devices/amp/

"This has sparked outrage among consumers in countries such as Egypt, Saudi Arabia, and the UAE, where affordable Galaxy models are popular entry points into Android."

Another datapoint in favor of "in future, only #rich people can afford #privacy or #security". 😔

#security #privacy #malware #smartphones #Android #IronSource #AppCloud #tracking

#CISA: #Spyware and #RATs used to target #WhatsApp and #Signal Users
https://securityaffairs.com/185047/intelligence/cisa-spyware-and-rats-used-to-target-whatsapp-and-signal-users.html
#securityaffairs #hacking #malware

#SharePoint #Spyware #Surveillance #uBlockOrigin