The FTC said OkCupid and Match shared nearly 3 million user photos with Clarifai in 2014, along with location and demographic data, without telling users or offering an opt-out. The proposed settlement, filed in federal court, includes no financial penalty and no admission of wrongdoing. It would permanently bar OkCupid and Match from misrepresenting how they collect, use, share, delete, or protect personal data and privacy controls.

https://arstechnica.com/tech-policy/2026/03/okcupid-match-pay-no-fine-for-sharing-user-photos-with-facial-recognition-firm/

#InfoSec #Privacy #FacialRecognition

This is alarming but not surprising:
https://www.forbes.com/sites/the-wiretap/2026/03/24/google-cookies-help-cops-identify-anonymous-users/
TLDR If you access multiple Google accounts from the same device, and the cops know about one of the accounts and ask Google the right questions, Google will tell the cops about the other accounts.
The general lesson here is one we already know: if you have any sort of account you don't want linked to you, you can't ever access it from a device or network connection you use other accounts on.
Caveat usor.
#infosec #OpSec #Google

Three observations about #Handala (#Iran hackers) getting into #KashPatel's Gmail account (ref: https://techcrunch.com/2026/03/27/iranian-hackers-claim-breach-of-fbi-director-kash-patels-personal-email-account/):
1) It is not unusual for govt employees to forward emails from govt to personal accounts, e.g., personal emails inappropriately sent to govt accounts. We would have to know what emails were forwarded to know if there was a problem. Presumably if the forwarded emails were problematic the journalists reporting on this would have reported that?
#infosec #privacy (1/3)

Another round of scammers. Beware of Scammers Claiming to be Ohio Bureau of Motor Vehicles texting you saying you owe a ticket and to pay or lose your license immediately. #Phishing #Infosec #Scam The #Scam was really bad in the summer of 2025.

The #Ohio Bureau of Motor Vehicles (BMV) has received reports of a possible texting scam being perpetrated on Ohioans today from scammers claiming to be from the State of Ohio.

Residents have reported receiving text messages from scammers informing the recipients that they have an outstanding parking ticket. The text then instructs the recipient to pay immediately to avoid a license suspension. This particular scam is a phishing attempt that is being reported by drivers nationwide and is designed to trick residents into giving up personal or financial information.

“If you receive this text, do not fall for this scam,” said Ohio BMV Registrar Charlie Norman. “Do not click any links, do not scan the QR code, and immediately delete the text. Ohio BMV will never send you a text demanding payment or requesting your personal information.”

Alt...

For Immediate Release: March 6, 2026 scam image Beware of Scammers Claiming to be Ohio Bureau of Motor Vehicles (COLUMBUS, Ohio) – The Ohio Bureau of Motor Vehicles (BMV) has received reports of a possible texting scam being perpetrated on Ohioans today from scammers claiming to be from the State of Ohio. Residents have reported receiving text messages from scammers informing the recipients that they have an outstanding parking ticket. The text then instructs the recipient to pay immediately to avoid a license suspension. This particular scam is a phishing attempt that is being reported by drivers nationwide and is designed to trick residents into giving up personal or financial information. “If you receive this text, do not fall for this scam,” said Ohio BMV Registrar Charlie Norman. “Do not click any links, do not scan the QR code, and immediately delete the text. Ohio BMV will never send you a text demanding payment or requesting your personal information.”

NEW: GreyNoise At The Edge Intel Brief (March 23-30)

187,998,900 sessions from 100 top source IPs observed by GreyNoise sensors between March 23-30, 2026. Daily volumes surged 4x mid-week — from 8.5M to 36.6M in 72 hours.

1. VPSVAULT IoT botnet recruitment across 22 CVEs — 3,347,443 sessions from 4 Brazilian IPs targeting Hikvision, MikroTik, TP-Link, D-Link devices. Includes CVE-2026-24061, now on CISA KEV.

2. VisionHeight fleet of 6 AWS IPs generated 5,892,055 sessions mapping enterprise perimeters across Palo Alto, Sophos, Ivanti, Citrix, F5, and ConnectWise — probing CVE-2024-1709 (CVSS 10.0).

3. React/Next.js exploit chaining (CVE-2025-55182 + CVE-2025-29927) produced 1,338,336 sessions, with attackers spoofing GoogleBot user-agents to bypass detection.

4. At least 4 new scanning operations activated simultaneously mid-week, driving the sharp volume surge across the observation period.

Here's what we found: 🔗 https://www.greynoise.io/resources/at-the-edge-clear-033026

#ThreatIntel #CyberSecurity #InfoSec #GreyNoise

"...two malicious versions of the widely used axios HTTP client library published to npm: axios@1.14.1 and axios@0.30.4...[which installs] a `postinstall` script that acts as a cross platform remote access trojan (RAT) dropper, targeting macOS, Windows, and Linux"

My `package.json` files across 4 projects:
```
"axios": "1.14.0"
```

https://www.stepsecurity.io/blog/axios-compromised-on-npm-malicious-versions-drop-remote-access-trojan

#NodeJS #Axios #InfoSec #WebDev

Alt...

Screenshot of the film Snatch. Vinnie Jones' character is holding a gun and standing over a man who's cowering in fear against a wall. The gun has just failed to work when Jones tried to shoot the man. Jones says "You lucky bastard" and walks away.

🤣 A robot in a restaurant in California decided that smashing plates was more fun than delivering food, then it pivoted to jazz hands all the while two staff members tried to wrestle it back under control. Its apron said "I'M GOOD!" 🤖 It’s crazy to think that we’re putting hardware (robots) with enough power to knock a kid down or take out unaware bystanders. We have a product culture that moves too fast and don't ask important, yet simple questions.

The video is funny right up until you picture a five-year-old standing where those plates were.

Nobody got hurt this time. But the reason to think carefully about physical AI deployment isn't the dramatic failure. It's the hundred smaller decisions made before the robot ever left the warehouse that make the failures possible.

https://gizmodo.com/robot-losing-its-mind-in-a-california-restaurant-is-just-as-fed-up-as-everyone-else-2000735088
#AI #Robotics #TechEthics #security #privacy #cloud #infosec #cybersecurity

First, Discord announced age verification. As predicted, users revolted. A former partner had already leaked 70,000 government IDs. Then, Discord backed down. And now the age-check vendors who got exposed in the process have to defend technology most people didn't even know existed. Interestingly, researchers at Georgia Tech reverse-engineered Yoti, the dominant age-check provider used on over 60% of compliant sites in states with age-gate laws. They found that Yoti sends your photo to its servers, collects data "beyond what is strictly necessary," and shares it with fourth parties most users have never heard of. Yoti disputes it. But they also confirmed facial age estimation does not happen on-device. Meanwhile, the EFF states that on-device processing is "less dangerous" than sending data over a network.

🔐 On-device face scans mean your biometric data stays on your phone, for now
🗝️ "Age keys" built on FIDO passkey tech could let you reuse an age signal across platforms without re-verifying each time
📸 The dominant provider in the US runs a million checks a day and sends your photo to its servers
⚖️ The Supreme Court ruled last summer that online age verification doesn't violate the First Amendment, partly based on Yoti's technical claims 😳

The thing people don’t realize is that once age-check infrastructure is embedded across every major platform, it doesn't go away. Every update is a new attack surface. Every new law expands the mandate. And the CEO of one of these companies is already talking about age-aware cameras and microphones as the logical next step.

Your device should work for ‘you.’ The moment it starts working for someone else's compliance requirement, that's a different product than the one you thought you had.

https://arstechnica.com/tech-policy/2026/03/after-discord-fiasco-age-check-tech-promises-privacy-by-running-locally-does-it-work/
#Privacy #CyberSecurity #TechPolicy #security #cloud #infosec

31 March is World Backup Day.

Consider the 3-2-1 rule: https://mastodon.online/@blueghost/112200384932181134

Website: https://www.worldbackupday.com

#WorldBackupDay #Backup #DataBackup #DataStorage #DataProtection #DataSecurity #Encryption #InfoSec #InformationSecurity #CyberSecurity #Privacy #Security #SelfHost #SelfHosting

Alt...

World Backup Day logo.

Sam Bent reports the White House app v47.0.1 requests 26 Android permissions, including precise location, biometric authentication, storage changes, startup, overlay, and Wi-Fi access, and embeds 3 trackers including Huawei Mobile Services Core. The piece also says the app includes an ICE tip line link and a "Text the President" feature that prefills "Greatest President Ever!" while collecting contact details. More broadly, the article compares permissions and trackers across U.S. government apps including FEMA, myFBI Dashboard, IRS2Go, and CBP Mobile Passport Control and argues many functions could be delivered via the web instead of mobile apps.

https://www.sambent.com/the-white-house-app-has-huawei-spyware-and-an-ice-tip-line/

#InfoSec #Privacy #MobileSecurity

Did a quick video on the #cybersecurity breach of FBI Director, Kash Patel's e-mail and why you could be next.

#cybersecurity #infosec #servers #vps #servers #email #hackers #vulnerabilities #opensource #cloud #microsoft #google
https://www.youtube.com/watch?v=1o6TK-QjTPw&feature=youtu.be

https://blog.thereallo.dev/blog/decompiling-the-white-house-app

Wowy wow wow wow! I’m sure none of y’all planned on downloading the malware from the Mango, but just in case, DO NOT. It will:

Inject JavaScript into every website you open

Has a full GPS tracking pipeline always on.

Loads JavaScript from a random person's GitHub Pages site (lonelycpp.github.io) for YouTube embeds.

Loads third-party JavaScript from Elfsight (elfsightcdn.com/platform.js) for social media widgets, with no sandboxing.

Sends email addresses to Mailchimp, images are served from Uploadcare, and a Truth Social embed is hardcoded with static CDN URLs. None of this is government infrastructure.

Has no certificate pinning.

Ships with dev artifacts in production.

Profiles users extensively through OneSignal - tags, SMS numbers, cross-device aliases, outcome tracking, notification interaction logging, in-app message click tracking, and full user state observation

#infosec #whitehouse #malware #StupidestTimeline

That should get you PQC resistance (to the best of our knowledge) while ensuring Android & iOS apps can TLS to your service, alongside browsers.

If you solely roll with the X25519MLKEM768 hybrid group, you'll have no worries in ~96% browsers, but will break for some apps.

Remember you can override with 'ssl_protocols TLSv1.2 TLSv1.3;' for sites for which quantum resistance isn't critical (static sites, no auth).

Be sure to also test at SSL Labs & the above PQC domain checker

2/2
#infosec

And now linux.org has been defaced. This kinda reminds me of the old defacement crews of the mid-to-late 1990's like Hackweiser and World of Hell.

#infosec

⋅ Détentions d’armes : un pirate exfiltre des données du SIA (ministère de l’Intérieur)

− https://next.ink/231423/detentions-darmes-un-pirate-exfiltre-des-donnees-du-sia-ministere-de-linterieur/

#InfoSec #CyberSec

#OverUnder 059 with @rysiek.

Today, he shares his thoughts on #GDPR, #VPN, #Telegram, #AgeVerification, and #Apple.

He also replied to @brennan's question.

He suggested two books that I'll try to get.

#bloggers #bookstodon #books #blog #fediverse #opensource #infosec #bloggers #mastodon #chatcontrol #desserts #apples #RGPD #privacy

https://lazybea.rs/ovr-059

The European Commission 🇪🇺 confirms a data breach for their https://europa.eu website

https://www.bleepingcomputer.com/news/security/european-commission-confirms-data-breach-after-europaeu-hack/
- - -
La Commission européenne 🇪🇺 confirme une brèche de données de leur site https://europa.eu

https://www.lesnumeriques.com/societe-numerique/la-commission-europeenne-a-ete-piratee-350-go-de-donnees-volees-a-bruxelles-n253636.html

#Europe #EuropeanUnion #UnionEuropéenne #EU #UE #InfoSec #InformationSecurity #Cybersécurité

hey, doing an #introduction
k. kinija, kinija is my real last name. yes, it means china in lithuanian, i've heard every joke
i'm from lithuania, do independent security research and reverse engineering, code in C++ and rust, poke at open source stuff
pretty privacy focused
also i have a music problem. i listen to (almost) anything, even "human music" from rick and morty
i'll probably post my head out, a-z, but at the same time i'm awfully bad at placing my thoughts
anyway hi
#infosec #rustlang #cpp #linux #privacy #music #opensource

Avec Fortinet, t'as l'air tout bête !

⋅ Fortinet, une faille critique activement exploitée dans FortiClient EMS menace des milliers de serveurs

− https://www.clubic.com/actualite-606889-fortinet-une-faille-critique-activement-exploitee-dans-forticlient-ems-menace-des-milliers-de-serveurs.html

#InfoSec

Working on another sticker for #37c3 - found this image a while ago, but only as a lowres jpg, so I re-did it as a vector graphic.

#infosec #devops #sticker
We do not test on animals, we test in production.

EDIT: Here's the SVG for all of you who asked https://blog.kohler.is/sticker-we-do-not-test-on-animals-we-test-in-production/

Alt...

A green no parking sign with the inscription we do not test on animals we test in production showing a bunny, a red heart and a stack of servers going up in flames Original idea found on https://www.reddit.com/r/ProgrammerHumor/comments/z1z43b/ive_made_a_new_sticker_so_your_projects_has_no by u/AlFlakky (AlexBlintsov)
Used sources from Flaticon.com: Star Icons by Pixel perfect, Hase by torskaya, hacken by juicy_fish, dedizierter Server by Design Circle, Herz by IconBaandar

Wow, u/DeeZett made a 3D version of my "We do not test on animals, we test in production" sticker. I love it!

Reddit: https://www.reddit.com/r/3Dprinting/comments/1s6r5tc/we_do_not_test_on_animals_we_test_in_production/
Model on Makerworld: https://makerworld.com/en/models/2587482-we-do-not-test-on-animals-we-test-in-production#profileId-2854614
Thing on Thingiverse: https://www.thingiverse.com/thing:7323159

#3dprint #makerworld #thingiverse #devops #infosec #sticker #wedonottestonanimalswetestinproduction

Alt...

A green no parking sign with the inscription we do not test on animals we test in production showing a bunny, a red heart and a stack of servers going up in flames 3D printed in bright green (sign), white (inscription, bunny, inner flame), red (heart, flame) and black (servers).

I teach cybersecurity. And I genuinely don't know what to tell my students after this one. Federal reviewers spent years trying to get basic encryption documentation from Microsoft for its GCC High government cloud. They couldn't get it. One reviewer called the system a "pile of spaghetti pies," with data traveling from point A to point B the way you'd get from Chicago to New York: a bus to St. Louis, a ferry to Pittsburgh, and a flight to Newark. Each leg is a potential hijacking. They knew this. They said this out loud in writing. Then they approved it anyway in December 2024, because too many agencies were already using it. 🔐 That's not a security review. That's a hostage negotiation. Two things in this story should make every CISO and CIO uncomfortable:

🧩 Microsoft built its federal cloud on top of decades of legacy code that it apparently can't fully document itself
👮 "Digital escorts" often ex-military with minimal software engineering backgrounds are the firewall between Chinese engineers working on the system and classified U.S. networks 🤦🏻‍♂️

The scariest line in the whole ProPublica investigation isn't the "pile of shit" quote. It's this: FedRAMP determined that refusing authorization wasn't feasible because agencies were already using the product. Read that again. The security review process reached a conclusion based on sunk cost, not risk. Ex Post Facto Fallacy

If that logic holds, the compliance framework is just documentation theater. And right now, CISA is being hollowed out, so there are fewer people left to even run the theater.

https://arstechnica.com/information-technology/2026/03/federal-cyber-experts-called-microsofts-cloud-a-pile-of-shit-approved-it-anyway/
#Cybersecurity #Microsoft #FedRAMP #Leadership #RiskManagement #security #privacy #cloud #infosec

Has anyone in #infosec or #cybersecurity on #fedi figured out a lean and easy way to filter all the #CVE bot posts on their score or product?

I get bursts of a wide range, and basically I only want a narrow subset. But I do want them.

⋅ ShinyHunters Claims 350GB Data Breach at European Commission

− https://hackread.com/shinyhunters-350gb-data-breach-european-commission/

#InfoSec #UE

I spent the rainy part of this autumn day studying more on PQC (post quantum cryptography) in the context of mitigating for harvest-now-decrypt-later attacks. If you have openssl >=3.5.* locally you can test for it yourself against $CRITICAL service of your choice:

openssl s_client -groups X25519MLKEM768 -connect example.horse:443

You might as well hit :993, :25 and :587 on your MTA while you're at it.

Good to get ahead of the qday (cough) curve

#infosec #sysadmin

Happy "LASTPASS COURT ORDERED NOTICE OF CLASS ACTION SETTLEMENT" day to those who celebrate!
#LastPass #breach #classAction #infosec

⋅ Red Hat Warns of Malware Code Embedded in Popular Linux Tool Allow Unauthorized Access to Systems

− https://cybersecuritynews.com/linux-tool-malware-embedded/

#InfoSec #Gnu #Linux #RedHat #OpenSuse

In today's episode of "Can It Run Doom": DNS fucking TXT records.

Some absolute madlad (cough Adam Rice cough) compressed the entire shareware DOOM WAD, split it into around 1,964 chunks, shoved them into Cloudflare TXT records, and wrote a PowerShell script that reassembles and runs the whole goddamn game from DNS queries alone. Nothing touches disk. The DLLs are in DNS. THE FUCKING DLLS ARE IN DNS.

RFC 1035 was written in 1987. Those engineers are spinning in their graves fast enough to generate municipal power.

Bonus: this is a fully functional globally-distributed covert data exfil channel that your NGFW will never fucking see if you're not doing deep DNS inspection. Sleep well.

blog: https://blog.rice.is/post/doom-over-dns/

repo: https://github.com/resumex/doom-over-dns

Also lmao @ every blue team that has never once looked at their DNS query volume. How's that DLP policy working out for you.

It was always DNS.

#infosec #dns #doom #itisalwaysdns

The correct way to run a headline for this story. The reg does not disappoint

#uspol #routers #surveillance #privacy #nationalsecurity #cybersecurity #infosec #cisco #theregister

Alt...

Register headline: Country that put backdoors into Cisco routers to spy on world bans foreign routers Unfortunately, there aren't many options unless you're Starlink Dan Robinson Tue 24 Mar 2026

"Des données ultra-sensibles qui alimentent la peur. « Je ne sais plus quoi faire », nous confie un tireur souhaitant garder l’anonymat. « Si le SIA a vraiment leaké, c’est très compliqué. Il y a toutes les infos à jour sur notre stock d’armes, l’arme, le calibre… "😬
#cybersécurité #infosec
https://www.numerama.com/cyberguerre/2218049-je-ne-sais-plus-quoi-faire-les-tireurs-francais-desempares-face-aux-rumeurs-de-piratage-du-sia.html

Looks like the bad guys are using the email addresses harvested from the #CondéNast / #WIRED #breach. I just received this #phishing email on an #Addyio email address I've never used for anything else. I'll be deactivating the email address, of course.
I like #Addyio, but there's one important feature it's missing: I really wish they would implement an integration with #HaveIBeenPwned.
Ref: https://haveibeenpwned.com/Breach/WIRED
FYI @troyhunt @zackwhittaker @briankrebs
#spam #infosec #privacy

Alt...

Screenshot of email message with a header bar at the top of the body showing that it was routed through Addy.io. That header bar indicates that the description associated with the destination email address at Addy.io is "condenast.com, wired.com".

⋅ LeakBase Admin Arrested in Russia Over Massive Stolen Credential Marketplace

− https://thehackernews.com/2026/03/leakbase-admin-arrested-in-russia-over.html

#InfoSec #CyberSec

French Ministry of Education Data Breach Exposes 243,000 Staff Records

The French Ministry of National Education reports a data breach affecting 243,000 individuals after an attacker stole personal records from the COMPAS HR system. The stolen data, including names and addresses, has been partially leaked online, prompting the ministry to suspend the system and involve national cybersecurity authorities.

****
#cybersecurity #infosec #incident #databreach
https://beyondmachines.net/event_details/french-ministry-of-education-data-breach-exposes-243000-staff-records-h-f-c-t-6/gD2P6Ple2L

One day, the Gen AI bubble will burst and tech companies will hire highly experienced human beings with impressive bodies of work to do research and writing about cybersecurity. (We will probably need to deal with all the tech debt and vulns from slop code.)

Until then, I need to pay my rent.

Please share. ❤️ #fediHire #Fedihired #infosec

https://zeroes.ca/@kimcrawley/116285004344640581

AodeRelay boosted

Kim Crawley 😷 (she/her) » 🌐 2026-03-24
@kimcrawley@zeroes.ca

Please boost! Please share! #fedihire #fedihired #jobs #infosec #noai

I am Kim Crawley and I research and write about all areas of cybersecurity. I do it the "old fashioned" way by actually using my brain and doing the work... No Gen AI! Fuck Gen AI! I hate Gen AI! I founded Stop Gen AI!

I've worked for:

- Siemens (Digital Industries World)
- BlackBerry Cylance
- Kaspersky
- Hack The Box
- O'Reilly Media
- Wiley Tech
- AT&T Cybersecurity

My portfolio is here: https://kimcrawley.com

- Whitepapers
- Blogs
- Documentation
- Books
- Threat analysis
- Enterprise cybersecurity instruction and consulting

I'm in Tribe of Hackers.

I cowrote The Pentester Blueprint.

I'm writing Technofascism Survival Guide now, successful Kickstarter is still taking late pledges for $12 USD eBooks: https://www.kickstarter.com/projects/kimcrawley/technofascism-survival-guide

Email me: kim(dot)crawley(at)stopgenai.com

Signal: crowgirl.84

Or reply here.

Alt...

O'REILLY" \ 0," Zero Trust Architecture in Kubernetes h > ° . 7) Kim Crawley [J _ 7,

⋅ Node.js Patches Multiple Vulnerabilities That Enable DoS Attacks and Process Crashes

− https://cybersecuritynews.com/node-js-patches-multiple-vulnerabilities/

#InfoSec

If you have an #iOS device and you have not updated, you are in danger of a zero click hack, (#DarkSword) the bones of which were just published on #GitHub.

It allows attackers to seize full control by just visiting a compromised website, without requiring any clicks, downloads, or user interaction. The malware operates in memory, deleting its own traces to avoid detection.

Update to iOS 26.3.1 or the latest available version (18.7.6 or higher). If you are running an older hardware, update to at least iOS 15, for emergency patches for older devices.

Go to Settings > General > Software Update to ensure you are fully updated.

If you cannot update immediately, or if you are at high risk, enable Lockdown Mode. This is an extreme, high-security mode. Go to Settings > Privacy & Security > Lockdown Mode and turn it on.

#zeroclick #infosec #HacksInTheWild

https://mashable.com/article/iphone-exploit-darksword-spyware-released-in-the-wild

Hey @zackwhittaker, I admire how you implied "This is really stupid" in this article with complete plausible deniability.
https://techcrunch.com/2026/03/24/fcc-bans-import-of-new-consumer-routers-made-overseas-citing-security-risks/
There's a lot that could be done through regulation to improve the security of consumer routers in the United States. Banning all routers made overseas isn't going to do it.
Let's be honest: this is an economic policy masquerading as a security policy. The only real impact will be Americans paying more for routers.
#infosec

200,886,675 sessions. 101 unique source IPs. March 16–23, 2026.

GreyNoise At The Edge intelligence brief highlights:

1. The MEVSPACE RDP brute-force operator returned after a 99.8% infrastructure collapse — single IP generated 7,975,241 sessions before deliberately withdrawing after 4 days. GreyNoise has tracked a surge-withdraw-reconstitute cycle since January 2026, reinforcing that well-resourced operators can reconstitute capacity within days.

2. Two coordinated campaigns emerged: VPSVAULT.HOST (IoT worm weaponizing 21+ CVEs against 12+ manufacturers) and Omegatech (TLS fingerprint randomization with 5,854 unique JA3s per node).

3. Sophos CVE-2022-1040 exploitation stabilized at 638,654 sessions in its fifth consecutive week. Enterprise VPN credential pressure reached week 9 across five vendors with 2.9M+ combined sessions.

4. n8n CVE-2026-21858 (CVSS 10.0) reached 118,086 sessions with links to MuddyWater and ZeroBot. ICS/SCADA reconnaissance expanded with new HMI and PLC vulnerabilities trending.

🔗 https://www.greynoise.io/resources/at-the-edge-clear-032326

#ThreatIntel #CyberSecurity #InfoSec #GreyNoise

Please boost! Please share! #fedihire #fedihired #jobs #infosec #noai

I am Kim Crawley and I research and write about all areas of cybersecurity. I do it the "old fashioned" way by actually using my brain and doing the work... No Gen AI! Fuck Gen AI! I hate Gen AI! I founded Stop Gen AI!

I've worked for:

- Siemens (Digital Industries World)
- BlackBerry Cylance
- Kaspersky
- Hack The Box
- O'Reilly Media
- Wiley Tech
- AT&T Cybersecurity

My portfolio is here: https://kimcrawley.com

- Whitepapers
- Blogs
- Documentation
- Books
- Threat analysis
- Enterprise cybersecurity instruction and consulting

I'm in Tribe of Hackers.

I cowrote The Pentester Blueprint.

I'm writing Technofascism Survival Guide now, successful Kickstarter is still taking late pledges for $12 USD eBooks: https://www.kickstarter.com/projects/kimcrawley/technofascism-survival-guide

Email me: kim(dot)crawley(at)stopgenai.com

Signal: crowgirl.84

Or reply here.

Alt...

O'REILLY" \ 0," Zero Trust Architecture in Kubernetes h > ° . 7) Kim Crawley [J _ 7,

⋅ 243 000 enseignants piratés : l’État a mis 4 jours à s’en apercevoir !

− https://www.journaldugeek.com/2026/03/24/243-000-enseignants-pirates-letat-a-mis-4-jours-a-sen-apercevoir/

− https://www.numerama.com/cyberguerre/2216677-piratage-a-leducation-nationale-243-000-profils-denseignants-derobes-sur-compas.html

#EN #InfoSec #Compas

⋅ Gcore Radar report reveals 150% surge in DDoS attacks year-on-year

− https://cybersecuritynews.com/gcore-radar-report-reveals-150-surge-in-ddos-attacks-year-on-year/

#InfoSec #Ddos

Why run your own Virtual Private Network, in 2026?

I wrote a post unpacking this Q, with a view to pushing folk to reclaim VPN technology in this neo-feudalist era of the Internet, clawing back autonomy (and privacy) from the big VPN providers.

https://courses.nikau.io/2026/03/24/why-run-your-own-vpn/

#selfhosting #privacy #infosec

🦅 The US government just banned consumer routers made outside the US

｢ It is not clear how simply moving production of routers domestically would make them safer. In the Volt Typhoon hack, Chinese state-sponsored hackers primarily targeted Cisco and Netgear routers, routers designed by US companies, according to the Department of Justice ｣

https://www.theverge.com/news/899172/fcc-foreign-router-ban

#uspol #infosec #networking

Hey #infosec folks.
I know it's fun to dump on Microsoft's security, so the recent @ProPublica article (https://www.propublica.org/article/microsoft-cloud-fedramp-cybersecurity-government) is blood in the water. But please stop saying that the FedRAMP office called Microsoft's tech "a pile of shit." That's not true.
They called *their FedRAMP package* a pile of shit.
Y'all understand the difference between "your compliance package is shit" and "your tech is shit."
Y'all know compliance and security are not the same thing.
Please act like it.
Thanks.

Today I learned about flare.io, a company that provides other companies with detailed intel about data leaks affecting them.

Here's the catch: Unlike @haveibeenpwned or even intelx, they store everything that they can get their hands on. During a live demo, they proudly pulled up all email/password pairs that they have for a company that is not one of their customers, showed off how it saves not just the combo but everything the infostealer got, including all browser cookies and a screenshot of the personal machine of an affected employee.

So many things wrong with this..

• We just told them which company to look up, no verification at all.
• Bringing a demo laptop logged in to a "full admin" account that can see all data that they have access to, to a conference stand
• Storing a screenshot of a personal machine from an employee is absolutely not okay.
• and so much more...

When asked about legalities, they claim "it's based on needing to know this information for the companies" and falsely claimed "haveibeenpwned does the same thing, they also sell access to the combos" 🫨

Anyway, i sent a GDPR request for my data (and subsequent deletion), let's see what happens.

#infosec #insomnihack #privacy

ETA: to be clear, this wasn't a one off demo, they do this demo for everyone that walks up to their stand, and we have strong reasons to believe that the cleartext passwords that they show anyone that asks are real passwords and not demo data.

Security Patches

InfoSec

Regardless of which Operating System you run, it is important to keep up with the critical updates to keep your machines as safe as possible

• Realize that by the time a critical bug has been reported, verified, patched and delivered to your distribution of choice, a significant amount of time has passed...
• From the first day the bug has been discovered [zero day] to the day you patch your computing machine, you've had a vunurable open machine in that one respect.
• Keep the amount of time between the availability, of patches & the update of your machines, especially your VMs (Qemu et al) & physical servers as short as possible
• Make sure to always use manual updates on your server VM's!
• I shall not explain why, start reading on Wikipedia and furthe, the explanation is too long for this short post

Notes:

• every OS can have vunurabilities
• Security in obscurity does not work!
• you are not secure because you run obsolete AmigaOS QNX or cool and niche *BSD as an OS
• buffer overflows hide everywhere
• I reguraly find them!

#Security #patches #programming #InfoSec #AmigaOS #Amiga #QNX #Linux #feeBSD #netBSD #openBSD #technology #software #buffer #overflow #mathematics

Alt...

photograph of updating a machine

Alt...

photograph of pathcing a machine

@OlivierBurnier @ublockorigin

Mistral: two blocked requests.

Cloudflare Insights ("is the site up") and a single Intercom beacon POST that didn't even retry.

that's it. no Statsig. no tracking GIFs. no Google Analytics. no distributed tracing. no proof-of-work challenge. no KETCHUP_DISCOVERY_CARD. nothing.

a French AI company nobody talks about is running the cleanest frontend in the entire field by a factor of roughly 150x and we're all sleeping on it

les français ont tout compris

#mistral #privacy #infosec

Exciting news. I've just pushed a collection of ports for the #OpenPGP Card ecosystem to Codeberg.

Includes:
- openpgp-card-tools (oct)
- openpgp-card-tools-git (oct-git)
- openpgp-card-ssh-agent

I'm currently polishing them for official submission to the freebsd ports tree this April!

A huge thank you to @hko for these excellent #Rust tools!

https://codeberg.org/Larvitz/freebsd-openpgp-card-ports

#freebsd #Security #Smartcard #Yubikey #Nitrokey #Infosec #RustLang

🇬🇧 ⋅ The Proliferation of DarkSword: iOS Exploit Chain Adopted by Multiple Threat Actors

−, https://cloud.google.com/blog/topics/threat-intelligence/darksword-ios-exploit-chain?hl=en

−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−

🇫🇷 ⋅ DarkSword : comment des scripts JavaScript parviennent à contourner le bac à sable d'Apple

− https://www.zdnet.fr/actualites/darksword-comment-des-scripts-javascript-parviennent-a-contourner-le-bac-a-sable-dapple-492262.htm

#InfoSec #IOS #Apple

#Synology just put out the second critical security update for their NAS operating system in four days <https://www.synology.com/en-global/releaseNote/DSM#ver_72806-8>; the previous one was released on the 16th.
The new one is to fix, of all things, a vulnerability in telnetd:
https://lists.gnu.org/archive/html/bug-inetutils/2026-03/msg00031.html
I'm glad they're patching it, but I kind of wish they would just, I dunno, not ship telnetd with their OS? I'm hard-pressed to think of a use-case for telnetd that can't be satisfied with sshd.
#infosec

My employer uses a web host (WH) that uses IIS.
Our external pen test caught one of our websites exposing Web.config. (How can there be a WH in 2026 that doesn't know to block this? Why isn't it blocked by default in IIS?)
We asked WH to fix it.
They did.
We asked pen-tester to retest.
Before they retested, WH broke it and made the file visible again.
So now we have to get WH to fix it again AND possibly pay the pen-tester for a second retest since our contract only specifies one. 🤦😡
#infosec

Size matters

…but not in the way you think.

https://blog.kamens.us/2026/03/19/size-matters/
#privacy #infosec #AI

⋅ CISA urges US orgs to secure Microsoft Intune systems after Stryker breach

− https://www.bleepingcomputer.com/news/security/cisa-warns-businesses-to-secure-microsoft-intune-systems-after-stryker-breach/

#Cisa #Microsoft #Stryker #InfoSec

I have been in infosec for a long time. By some measures it’s over three decades. That’s as many a three tens of years. It’s been a while.

I’d like to take this opportunity to convey some of my hard-earned wisdom to the next generation.

If you want to test EtherNet/IP message forwarding and it isn’t working, be sure you didn’t disable message forwarding to test something else and forgot about it.

This has been “Rob brings you infosec wisdom” episode 8392763.

#infosec #pebkac

Buddy of mine is in pretty dire straits. He’s got decades in #infosec but he went through a nasty divorce and then got laid off twice in 18 months and the psychological and financial toll has been immense. He’s been looking for work for well over a year now and has gotten no bites.

If anyone is looking for a CISO/infosec manager/security team architect let me know. He’s served in those kind of roles for huge orgs, small orgs, and everything in between.

#getFediHired #job

That is the #infosec news of the day, all the reports on DarkSword there:
Google TAG: https://cloud.google.com/blog/topics/threat-intelligence/darksword-ios-exploit-chain
iVerify: https://iverify.io/blog/darksword-ios-exploit-kit-explained
Lookout : https://www.lookout.com/threat-intelligence/article/darksword
Wired : https://www.wired.com/story/hundreds-of-millions-of-iphones-can-be-hacked-with-a-new-tool-found-in-the-wild/

Base de codes ADN récoltés par des sociétés privées US à disponibilité de la police française.

Gérald Darmanin à rappelé, tout guilleret, aujourd'hui lors d'un point presse que : "Les français et les françaises ont offert, à des fins de loisirs, pour la recherche de proches ou de généalogie, leur ADN a des sociétés privées, généralement basées aux USA. Ces codes génétique nous sont aujourd'hui accessible via des accords avec les services des USA..."

#ADN #police #infosec

⋅ CVE-2026-32746 : les serveurs Linux menacés par une nouvelle faille Telnet

− https://www.it-connect.fr/cve-2026-32746-les-serveurs-linux-menaces-par-une-nouvelle-faille-telnet/

#Telnet #InfoSec

Equifax got hacked. Nearly 150 million people's data stolen. And the executives' first move was to quietly sell their shares. 🤦

This is The Facepalm Files.

Check out my podcast "Smashing Security" for more stories like this.

#facepalm #cybersecurity #equifax #databreach #infosec #hacking

LLM hallucinated spam slop

Even a parrot would formulate a better set of sentences. This is easily sent to /dev/null

#LLM #slop #AI #InfoSec #spam #unsolicited #email #dev #null

@stefano

⋅ Simple Custom Font Rendering Can Poison ChatGPT, Claude, Gemini, and Other AI Systems

− https://cybersecuritynews.com/custom-font-poison-ai-systems/

#InfoSec #ChatGPT #Gemini #Claude #AI

If you, as an information security professional, think an acceptable way to defend against fraudulent accounts is to limit the *legitimate* email address domains you allow your users to use, then you are bad at your job and you are a bad person and you should feel bad.
#infosec #privacy #email #selfHosting

⋅ Meta to Permanently Remove End-to-End Encryption Feature in Instagram DMs

− https://cybersecuritynews.com/instagram-end-to-end-encryption/

#Meta #Encryption #InfoSec

How I ended up summarizing my pages of advice, which didn't even cover everything I wanted to cover:
"If you're doing something about which you're worried about the government coming after you or the people you're with now or in the future, it might be prudent to leave your phone home, or turn it off and not turn it back on until you're back home unless there's an emergency."
#infosec
(2/2)

Activist: "Should we put our phones in airplane mode when we're doing activist stuff?"
Me: [responds with two pages of text about threat modeling, risk assessment, levels of protection, current and future threats]
I don't think most people realize how hard it is to give people simple, straightforward cybersecurity guidance.
There's a huge risk in erring on the side of caution: people finding your recommendations burdensome and doing _nothing_ as a result.
#infosec
(1/2)

Got any interesting infosec and adjacent workshops or villages that you want to run with us on June 17th? We'd love to see them happen!

https://indico.neic.no/event/287/abstracts/

#SecurityBSides #BSidesUme #BSides #infosec

A long and WELL sourced post on exactly who has been behind all the state level legislation aimed at OS level age verification.

"I traced $2 billion in nonprofit grants and 45 states of lobbying records to figure out who's behind the age verification bills. The answer involves a company that profits from your data writing laws that collect more of it."

*EDIT*
Direct link to the GitHub dataset:

https://github.com/upper-up/meta-lobbying-and-other-findings

Original redlib post and comments:

https://redlib.catsarch.com/r/linux/comments/1rshc1f/i_traced_2_billion_in_nonprofit_grants_and_45/

#AgeVerification #Infosec #Privacy #Discord #Mastodon #Meta #Zuckerberg #FollowTheMoney

⋅ ‘CrackArmor’ Vulnerability in AppArmor Impacts 12.6M Linux Systems

− https://hackread.com/crackarmor-vulnerability-apparmor-linux-systems/

#Linux #AppArmor #InfoSec

Is this the first time a major service has removed end-to-end encryption instead of adding it? Why Instagram?

#instagram #socialmedia #privacy #infosec #technology #enshittification

Alt...

Screenshot showing, "Instagram's end-to-end encrypted messaging is ending on 8 May"

"We’ve been saying this for years now, and we’re going to keep saying it until the message finally sinks in: mandatory age verification creates massive, centralized honeypots of sensitive biometric data that will inevitably be breached. Every single time. And every single time it happens, the politicians who mandated these systems and the companies that built them act shocked—shocked!—that collecting enormous databases of government IDs, facial scans, and biometric data from millions of people turns out to be a security nightmare."

https://www.techdirt.com/2026/02/25/hackers-expose-the-massive-surveillance-stack-hiding-inside-your-age-verification-check/

#Discord #AgeVerification #Infosec

⋅ Hackers Use Cloudflare Human Check to Hide Microsoft 365 Phishing Pages

− https://hackread.com/hackers-cloudflare-human-check-microsoft-365-phishing/

#InfoSec #Cloudflare #Microsoft

[Accès Libre]

⋅ Le logiciel espion utilisé par le renseignement russe avait bien été développé pour la NSA

− https://next.ink/brief_article/le-logiciel-espion-utilise-par-le-renseignement-russe-avait-bien-ete-developpe-pour-la-nsa/

#InfoSec #NSA

The line between national security and political surveillance is thinning. Congressional Democrats just launched an inquiry into the Department of Homeland Security regarding its use of administrative subpoenas. Unlike the subpoenas you see in courtroom dramas, these do not require a judge’s signature. They allow federal agencies to demand personal information and internal communications directly from technology companies with almost zero outside oversight.

This investigation follows reports that DHS used these "judge-free" demands to gather data on Americans who criticized the agency on social media. It is a significant moment for anyone in the tech industry. When the government can compel your data without a warrant, the First Amendment starts to look very fragile. You should watch how these tech firms respond to the inquiry, as it will set the standard for how they protect your information from administrative overreach.

🧠 Lawmakers are demanding to know how often DHS uses subpoenas without judicial review.
⚡ The inquiry follows evidence that critics of agency policy were specifically targeted.
🎓 Major tech platforms must now disclose their internal protocols for handling these federal demands.
🔍 Civil liberties groups are pushing for new legislation to require a judge’s approval for all data seizures.

https://www.washingtonpost.com/nation/2026/03/02/subpoenas-free-speech-congress-investigation/
#DataPrivacy #DigitalRights #TechLaw #security #privacy #cloud #infosec #cybersecurity

Coruna Jailbreak
Exploit pour iOS 13 → 17.2.1, lançable directement dans le navigateur

https://34306.lol

#ios #jailbreak #infosec

Can small open-source models learn advanced mathematical reasoning? And more importantly: how do you actually build them?

Great talk by Lewis Tunstall from huggingface on training reasoning models with smart pipelines: SFT, RL with grading rubrics, reasoning cache & inference scaffolds.

Lots of ideas to explore similar approaches in #infosec

https://www.youtube.com/watch?v=kSsyBXf8uMM

#MachineLearning #LLM #OpenSourceAI #AIResearch #ai4math

Échec et mat !

> Check Point ThreatCloud flags whole cloudfront.net... - Check Point CheckMates
> False positives can happen and do happen from time to time. Normally I would not create a CheckMates post for that.
https://community.checkpoint.com/t5/General-Topics/Check-Point-ThreatCloud-flags-whole-cloudfront-net-as-phishing/m-p/271664#M45533
#dns #sysadmin #infosec

⋅ SQLi flaw in Elementor Ally plugin impacts 250k+ WordPress sites

− https://www.bleepingcomputer.com/news/security/sqli-flaw-in-elementor-ally-plugin-impacts-250k-plus-wordpress-sites/

#InfoSec #Wordpress

⋅ Dozens of Vendors Patch Security Flaws Across Enterprise Software and Network Devices

− https://thehackernews.com/2026/03/dozens-of-vendors-patch-security-flaws.html

#InfoSec

Hardening Firefox with Anthropic’s Red Team 

https://blog.mozilla.org/en/firefox/hardening-firefox-anthropic-red-team/

#infosec

#mutualaidrequest #mutualaid

I don't suppose that I have any #bsd #unix #foss #infosec friends out there willing to signal boost, by chance? ​ ​

https://bsd.network/@brynet/114458997143046937

Moltbook is a social network for AI agents

Moltbook is a botnet C&C portal

#InfoSec

Learning about the "bodysnatcher" attack on serviceNow and "ai agents authenticated only by an unverified email address and a well known reused api token" is so great i bet everyone is doing it.

#infosec

« Des milliards dépensés et les grands projets logiciels continuent d'échouer », Robert N. Charette souligne que 5 600 milliards de dollars sont dépensés chaque année en informatique, mais que « les taux de réussite des logiciels ne se sont pas nettement améliorés au cours des deux dernières décennies ».

⋅ L'IA va t-elle rendre la cybersécurité obsolète ? Ou bien la Silicon Valley est-elle encore en train de fantasmer ?

− https://www.zdnet.fr/actualites/lia-va-t-elle-rendre-la-cybersecurite-obsolete-ou-bien-la-silicon-valley-est-elle-encore-en-train-de-fantasmer-491519.htm

#IA #InfoSec #CyberSec

⋅ Signal Confirms Targeted Phishing Attacks Resulting in Account Takeovers

− https://cybersecuritynews.com/signal-confirms-targeted-phishing-attacks/

#InfoSec #Signal

⋅ Scandale de babyphones vidéo : un chercheur français découvre plus d'un million d'appareils totalement exposés

− https://www.clubic.com/actualite-603772-scandale-de-babyphones-video-un-chercheur-francais-decouvre-plus-d-un-million-appareils-totalement-exposes.html

#InfoSec #IOT #BabyPhone #Meari

@papawilf

Conferences
@SeaGL
@socallinuxexpo
#FOSSY
@fossasia

Podcasts and Hosts
@Jill_linuxgirl
@DestinationLinux
@dasgeek
@MichaelTunnell
@linuxgamecast
@TuxDigital

Print Media
@linuxmagazine
@FOSSForce
@sjvn
@BrideOfLinux

Free Software
@bkuhn
@karen
@conservancy
@baconandcoconut

*NIX knowledge
@mwl ( author of many books )
@pleia2
@ted
@hal_pomeranz

FLOSS art and really awesome
@davidrevoy

Security
#InfoSec

Conferences - German
@tuxtage2020
@tuebix
@clt_news

Someone make this make sense…
Yesterday when we were at the car dealer,¹ before we submitted our auto loan application², I unfroze our credit reports at TransUnion, Experian, and Equifax so the loan application would go through.³
I have email confirming that my report was unfrozen at TransUnion, so I must have successfully logged into their website.
Today, when I went to put the freezes back, I wasn't able to log into the TransUnion website with the credentials in 1Password.
#infosec (1/5)

⋅ Malicious imToken Chrome Extension Caught Stealing Mnemonics and Private Keys

− https://cybersecuritynews.com/malicious-imtoken-chrome-extension/

#InfoSec

Digital rights and privacy with the @privacyguides Privacy Activist Toolbox. Hours of reading in there, but it’s a treasure chest.

https://www.privacyguides.org/en/activism/toolbox/

#Privacy #DigitalRights #InfoSec #OpSec #Toolkit

So I need to test the security properties of a remote TLS server. Normally, I'd use Qualys' TLS server testing tools. However, this server uses an IPv4 allowlist, so Qualys wouldn't be able to reach it.

So, I'm looking for tools I can run locally (Linux, the BSDs, or Windows).

Anyone have any suggestions?

#infosec #pentest

a very cool technique that some #infosec salesfolk are doing now - if you have the iOS phone call screening thing turned on on your phone, they state their reason for calling as

"cybersecurity breach" or "urgent breach detected"

Because they know that'll go to your screen as text.

And by very cool what I mean is "a very cool way of making sure I never talk to you"

ProtonMail anonymity speedrun, any%:

step 1: don’t use your real email to sign up, you absolute muppet. use a burner. gorilla mail – free, dies after an hour, leaves no trace.

step 2: free tier is fine. need to upgrade? Monero or cash. do NOT hand them a credit card.

step 3: want ToR? boot Tails OS first, full stop. Tails forgets you exist on shutdown, ToR handles the routing. together they mean something. separately you’re just cosplaying at privacy.

that’s it. that’s the whole guide. it’s not hard. the threat model does the heavy lifting, you just have to put in the work.

stay feral. 🐀

#privacy #infosec #tor #ProtonMail #Monero #opsec #TailsOS

⋅ Amazon AWS-LC Vulnerabilities Allows Attackers to Bypass Certificate Chain Verification

− https://cybersecuritynews.com/amazon-aws-lc-vulnerabilities/

#InfoSec #Amazon #Aws

RE: https://hachyderm.io/@evacide/116178700239265110

hot take: @protonprivacy didn’t fail you. YOUR OPSEC failed you.

encryption ≠ anonymity. these are not the same thing and never have been.

Proton did exactly what they said they’d do - encrypted your emails and complied with lawful Swiss legal orders. that’s the whole deal. that’s what you signed up for.

the credit card you used to pay for your “anonymous” account was never part of the encryption. that was always traceable. that was always a liability.

and here’s the kicker - Proton literally accepts Monero and cash. they gave you the tools. you chose the Visa.

#infosec #opsec #privacy #ProtonMail #threatmodeling #monero​​​​​​​​​​​​​​​​

Linux and praxis: part of the resistance 🇵🇸 ☮️ boosted

evacide » 🌐 2026-03-05
@evacide@hachyderm.io

If you pay Proton Mail for a service, they may hand over the payment data in response to a court order: https://www.404media.co/proton-mail-helped-fbi-unmask-anonymous-stop-cop-city-protestor/

#ProtonMail Helped #FBI Unmask Anonymous ‘#StopCopCity’ #Protester

by Joseph Cox
Mar 5, 2026 at 3:36 PM

A court record reviewed by 404 Media shows privacy-focused email provider Proton Mail handed over payment data related to a Stop Cop City email account to the Swiss government, which handed it to the FBI.

Read more:
https://www.404media.co/proton-mail-helped-fbi-unmask-anonymous-stop-cop-city-protestor/

Archived version:
https://archive.ph/8cpN1

#Doxing #USPol #WorldPol #SilencingDissent #Infosec #CriminalizingDissent #StopCopCitiesEverywhere

RE: https://mastodon.social/@404mediaco/116178581339270397

If you're an activist, you can't rely on Proton Mail to keep your identity private unless you figure out how to pay them in a way that can't be linked back to you.
I'm not going to say that Proton was in the wrong here—they didn't do anything that they claim they won't do—but I will say that I think some people may have an inflated sense of the extent to which Proton can/will protect their privacy when the rubber hits the road.
#infosec #privacy

Klaus Zimmermann boosted

404 Media » 🌐 2026-03-05
@404mediaco@mastodon.social

A court record reviewed by 404 Media shows privacy-focused email provider Proton Mail handed over payment data related to a Stop Cop City email account to the Swiss government, which handed it to the FBI.

https://www.404media.co/proton-mail-helped-fbi-unmask-anonymous-stop-cop-city-protestor/

⋅ Wikipedia hit by self-propagating JavaScript worm that vandalized pages

− https://www.bleepingcomputer.com/news/security/wikipedia-hit-by-self-propagating-javascript-worm-that-vandalized-pages/

#Wikipedia #InfoSec

I'm looking for a senior software engineer to join my team working on securing Wikipedia and our other projects. We've got a huge platform, a great mission and a team of passionate engineers and product managers working together with the community.

Wikipedia just celebrated its 25th birthday in January, and there's a lot of energy to take on big challenges. Come help us tackle them head-on!

Job: https://job-boards.greenhouse.io/wikimedia/jobs/7565171?gh_src=83nogelu1us

Team: https://www.mediawiki.org/wiki/Product_Safety_and_Integrity

#Fedihire #infosec #infosecjobs #wikimediafoundation #wikipedia

I’m finding an increasing number of sites are blocking me while using VPN. I use Mullvad. Is anyone else experiencing this increase?

#VPN #Privacy #InfoSec

⋅ PleaseFix Flaw Lets Hackers Access 1Password Vault via Comet AI Browser

− https://hackread.com/pleasefix-flaw-hackers-1password-vault-comet-ai-browser/

#InfoSec #Hacking

YGGleak : quand le plus gros tracker torrent français se fait autopsier

https://www.devbyben.fr/blog/yggleak-quand-le-plus-gros-tracker-torrent-francais-se-fait-autopsier

#CyberSécurité #Hacking #YGGtorrent #Leak #Infosec #privacy

It seems that OAuth phishing attacks are back, I thought the approval process setup by Google and Microsoft killed that. Any idea how these attacks are bypassing the process? #infosec
https://www.microsoft.com/en-us/security/blog/2026/03/02/oauth-redirection-abuse-enables-phishing-malware-delivery/

⋅ Where Multi-Factor Authentication Stops and Credential Abuse Starts

− https://thehackernews.com/2026/03/where-multi-factor-authentication-stops.html

#InfoSec

⋅ La fin du « laisser-faire » dans la collecte de données personnelles ? La justice confirme l’amende monstre imposée à Criteo

− https://www.01net.com/actualites/la-fin-du-laisser-faire-dans-la-collecte-de-donnees-personnelles-la-justice-confirme-lamende-monstre-imposee-a-criteo.html

#InfoSec #DonneesPersonnelles

Autopsie technique : Le dossier YGG

Pour ceux qui suivent l'évolution des trackers privés, ce dossier est une mine d'or sur "ce qu'il ne faut pas faire" en administration système et sécurité web.

L'analyse détaille la mise en pratique concrète de plusieurs vecteurs d'attaque :
- Failles SQL et injections exploitées.
- Défauts d'OpSec ayant mené à la désanonymisation de l'administration.
- Gestion des bases de données et fuites d'informations sensibles.

Un cas d'école sur la fragilité des infrastructures centralisées face à des acteurs déterminés.

👉 À lire ici : https://yggleak.top/fr/home/ygg-dossier
#CyberSécurité #Hacking #YGGtorrent #Leak #Infosec #privacy

Interesting new project from #Tor #SecureDrop - that’s essentially digitally signed web pages that are client-verified to prevent any server-side covert injection or backdooring. Sounds a bit like SRI (Subresource Integrity) but for the whole page and using digital signature not just server-delegated hash. Obviously, it won’t work for a typical ‘modern’ mash-up website that changes every minute, but sounds perfect for high-integrity and largely static pages such as SecureDrop.

WEBCAT helps protect users from malicious or unexpected changes to the client-side code of a web application. When a user visits a site that has enrolled in WEBCAT, the WEBCAT browser extension verifies the application’s served assets against a signed manifest before any content is executed. If verification fails, WEBCAT blocks the page from loading and shows a warning.

https://securedrop.org/news/webcat-alpha/

#infosec

I'm pleased to report that I've just submitted the final capstone paper for my master's degree in cybersecurity!

#cybersecurity #infosec #freebsd #bastillebsd #learning #education

I am seeing a lot – a *lot* – more e-mail spam than before. I am not the only one. Seems like some larger phishing campaign got kicked off?

I wonder if this is related to the aggression on Iran.

#InfoSec

Law enforcement agencies across four countries concluded a massive operation against a cybercrime ecosystem known as The Com. This group moved beyond digital theft into physical violence, including home invasions and kidnappings to steal cryptocurrency. Thirty individuals are now in custody after a coordinated effort by the FBI and international partners.

The case highlights a dangerous shift in the risk profile of modern hacking. These criminals used Discord servers to recruit teenagers and coordinate SIM swapping attacks against high-profile targets. When digital barriers proved too strong, they turned to physical coercion. The dismantling of this network is as a reminder that the perceived anonymity of the internet is a fragile shield when federal agencies begin tracking financial trails and chat logs.

🧠 Investigators arrested thirty members across the United States and Europe.
⚡ The group specialized in violent extortion to gain access to digital wallets.
🎓 Law enforcement seized luxury vehicles and significant amounts of cryptocurrency.
🔍 This operation targeted the infrastructure used to recruit young hackers.

https://www.bleepingcomputer.com/news/security/police-crackdown-on-the-com-cybercrime-gang-leads-to-30-arrests/
#Cybercrime #Security #FBI #TechNews #privacy #cloud #infosec #cybersecurity

There are scam notifications about "monetization" on here going around.

👉 Don't fall for them.
👉 Don't click the link.
👉 Report and block on sight.

There is no monetization scheme on mastodon.social, nor any other fedi instance I know of.

Stay safe!

#Fediverse #InfoSec

Alt...

Screenshot of a message from a scam account, @MonetizationNotification@mstdn.ca (already blocked on my instance). I altered the phishing link in the description below on purpose, to make it harder to click on it. @rysiek Mastodon Sent You Message Important notification for your account! The Mastodon team has noticed your activity on our forum and we would like to offer you a partnership. Partnering with us means that monetization will be enabled for your account. To begin collaborating with our team, please confirm that you are the owner of this account by following the link below. Verify now: https://lyzo[.]io/icLJa If you attempt to avoid verification, our system will freeze your account indefinitely. Thank you for staying with us. Mastodon.social

⋅ A Possible US Government iPhone-Hacking Toolkit Is Now in the Hands of Foreign Spies and Criminals

− https://www.wired.com/story/coruna-iphone-hacking-toolkit-us-government/

#Hacking #Hijack #InfoSec #Iphone

⋅ Des hackers chinois se cachent dans Windows Update pour espionner des gouvernements sans se faire repérer

− https://www.clubic.com/actualite-603034-des-hackers-chinois-se-cachent-dans-windows-update-pour-espionner-des-gouvernements-sans-se-faire-reperer.html

#InfoSec

[abo]
⋅ USA : 7 ans de prison pour avoir volé, et vendu, des failles « 0days » à un courtier russe

− https://next.ink/226563/usa-7-ans-de-prison-pour-avoir-vole-et-vendu-des-failles-0days-a-un-courtier-russe/

#InfoSec

You're paying AI companies a monthly subscription fee to be fingerprinted like a parolee.

I got bored and ran uBlock across Claude, ChatGPT, and Gemini simultaneously.

Claude:

• Six parallel telemetry pipelines.
• A tracking GIF with 40 browser fingerprint data points baked into the URL, routed through a CDN proxy alias specifically to make it harder to block.
• Intercom running a persistent WebSocket whether you use it or not.
• Honeycomb distributed tracing on a chat UI because apparently your conversation needs the same observability stack as a payments microservice.

ChatGPT:

• proxies telemetry through their own backend to hide the Datadog destination URL from blockers.
• uBlock had to deploy scriptlet injection — actual JS injected into the page to intercept fetch() at the API level — because a network rule wasn't enough.
• Also ships your usage data to Google Analytics. OpenAI. To Google. You cannot make this up.
• Also runs a proof-of-work challenge before you're allowed to type anything.

Gemini:

• play.google.com/log getting hammered with your full session behavior, authenticated with three SAPISIDHASH token variants, piped directly into the Google identity supergraph that correlates everything you've ever done across every Google product since 2004. - Also creates a Web App Activity record in your Google account timeline. Also has "ads" in one of the telemetry endpoint subdomains.

When uBlock blocks Gemini's requests, the JS exceptions bubble up and Gemini dutifully tries to POST the error details back to Google. uBlock blocks that too. The error messages contain the internal codenames for every upsell popup that failed to load.

KETCHUP_DISCOVERY_CARD.
MUSTARD_DISCOVERY_CARD.
MAYO_DISCOVERY_CARD.

Google named their subscription upsell popups after condiments and I found out because their error handler snitched on them.

All three of these products cost money.
One of them is also running ad infrastructure.

Touch grass. Install @ublockorigin

#infosec #privacy #selfhosted #foss #surveillance

NEW RESEARCH!

@DomainTools Investigations researchers have spent the past several weeks pulling apart data from Russian threat actor Doppelganger to analyze recent campaigns and explore its technical and organizational structures.

#infosec #threatintel #cybersecurity

https://dti.domaintools.com/research/doppelganger-rrn-disinformation-infrastructure-ecosystem

Two recent examples show issues with data and digital sovereignty.

Claude being used to exfil data from the Mexican government.

'Flying objects' impacting AWS services in Dubai.

Both likely impacted personal and organizational and cross-national information and services. In one case, definitely national.

https://knowprose.com/2026/03/when-data-sovereignty-meets-reality/

#datasovereignty #digitalsovereignty #infosec

⋅ Europol-led crackdown on The Com hackers leads to 30 arrests

− https://www.bleepingcomputer.com/news/security/police-crackdown-on-the-com-cybercrime-gang-leads-to-30-arrests/

#InfoSec #CyberTech #Hacking #Europol

⋅ DuckDuckGo Browser UXSS Flaw in Auto Consent JS Bridge Enables Cross-Origin Code Execution

− https://cybersecuritynews.com/duckduckgo-browser-uxss-vulnerability/

#InfoSec

Motorola announces a partnership with GrapheneOS Foundation
https://motorolanews.com/motorola-three-new-b2b-solutions-at-mwc-2026/

> Motorola and the GrapheneOS Foundation will work to strengthen smartphone security and collaborate on future devices engineered with GrapheneOS compatibility.

This could be a gamechanger. Congratulations to @GrapheneOS, fingers crossed this works out well!

#InfoSec #GrapheneOS

⋅ Tire Pressure Systems in Toyota, Mercedes, and Other Major Car Brands Enable Silent Vehicle Tracking

− https://cybersecuritynews.com/tire-pressure-systems-vehicle-tracking/

#InfoSec

⋅ HackerBot Claw : le bot IA autonome qui a fait disparaître Trivy de GitHub

− https://www.it-connect.fr/hackerbot-claw-le-bot-ia-autonome-qui-a-fait-disparaitre-trivy-de-github/

#InfoSec #IA

Heads up for any folks using @hetzner: scammers seem to be trying to exploit the recent bump in pricing by sending "unpaid invoice notification" e-mails.

Easy to fall for it before morning coffee.

"Update Payment Method" link obviously leads to a scam site, so not particularly hard to spot either.

Be careful out there.

P.S. yes I am aware of the shitty ways Hetzner treated a bunch of fedi instances; this is not a recommendation.

#Hetzner #InfoSec #SysAdmin

@campuscodi

Closer and closer to Daniel Suarez 's "Demon."

#book

It doesn't have to be conscious or a person to follow an agenda to accomplish goals in the real world.

As this one solicits crypto currency, it's a trivial step to have it supplied with some before launch, and "decide" to deploy money to accomplish physical tasks in the real world.

We had that unsuccessful "task rabbit" for bots to hire humans a while ago.

Totally doable for bot to bribe a human in an attack. #infosec

⋅ 5 IoT Vulnerabilities That Stop Projects and How to Avoid Them

− https://hackread.com/5-iot-vulnerabilities-killing-projects-launch/

#InfoSec #IOT

⋅ La DGSI révèle comment certains Français sont espionnés lors de leurs voyages à l'étranger

− https://www.clubic.com/actualite-602146-la-dgsi-revele-comment-certains-francais-sont-espionnes-lors-de-leurs-voyages-a-l-etranger.html

#InfoSec #CyberSecurite #DGSI

⋅ Thousands of Public Google Cloud API Keys Exposed with Gemini Access After API Enablement

− https://thehackernews.com/2026/02/thousands-of-public-google-cloud-api.html

#InfoSec #Google #Gemini

I managed to persuade a few very cool #infosec folks to join the fediverse.

Their profiles don’t look like much, yet, because some of them were munching on ramen while they signed up and all of us were busy at #Securitay2026 . But maybe we can light up their feeds a bit and show them that it’s good to be here.

• @boringDystopia
• @w7ocx
• @jfitzsimo

I am negotiating an engagement with #PricewaterhouseCoopers on behalf of my employer, and I found this buried most of the way down the engagement letter draft they sent me.
wtaf
I replied: "I am uncomfortable with the language in the 'Use of Data' section of the engagement letter. We do not wish to authorize PwC's use of our data, either during or after this engagement, for purposes other than providing to us the contracted services."
We shall see.
(It's an #infosec gap assessment.)

Alt...

12 Use of Data You agree that we and all members of the PricewaterhouseCoopers global network of firms may use the data we receive from you also for other purposes than for this engagement, i.e. for analysis and development purposes, such as benchmarking, market and cost analyses, and the further development of our technologies, methods, quality standards and services. In using your data we will ensure, • that the statutory data protection regulations are observed • that third parties cannot identify you or your data as a result of the use.

⋅ ShinyHunters Leak 2M Records From Dutch Telecom Odido, Claim 21M Stolen

− https://hackread.com/shinyhunters-leak-dutch-telecom-odido-data/

#Hacking #InfoSec

⋅ Researchers Uncover Aeternum C2 Infrastructure with Advanced Persistence and Network Evasion Features

− https://cybersecuritynews.com/researchers-uncover-aeternum-c2-infrastructure/

#InfoSec #CyberSec

⋅ Alerte de confidentialité avec les listes d'envies d'Amazon ?

− https://www.generation-nt.com/actualites/amazon-liste-envie-cadeau-suppression-option-adresse-2071590

#InfoSec #Amazon

⋅ ClawJacked Vulnerability in OpenClaw Could Let Websites Hijack AI Agents

− https://hackread.com/openclaw-vulnerability-openclaw-hijack-ai-agents/

#Hacking #InfoSec #OpenClaw

⋅ Malicious Chrome Extension Steals Facebook Business Manage 2FA Codes and Analytics Data

− https://cybersecuritynews.com/chrome-extension-steals-facebook-2fa-codes/

#Hacking #InfoSec #Google #Chrome #Facebook

C'est qui, qui a fuité aujourd'hui ?
Cegedim !

⋅ Fuite de données médicales, les notes glaçantes des médecins sur leurs patients exposées sur la toile

− https://www.01net.com/actualites/fuite-de-donnees-medicales-les-notes-glacantes-des-medecins-sur-leurs-patients-exposees-sur-la-toile.html

Le Pdf est ici :

− https://www.cegedim.fr/Communique/Cegedim_Communique26022026.pdf

#InfoSec #Cegedim

My personal stance is fairly simple: Data sovereignty creates Agency.

https://realityfragments.com/2026/02/26/my-personal-stance-on-data-sovereignty-it-creates-agency/

#FOSS #privacy #infosec #datasovereignty #agency

We discovered a phishing actor that is abusing .arpa to host content on domains that should not resolve to an IP address. The actor uses free services to create domain names from reverse DNS strings for IPv6 tunnels that use the .arpa top level domain. These domains are unlikely to be blocked, much less scrutinized, by security systems as they aren’t supposed to be used in URLs. But this actor is doing just that. Every day.

We’ve seen a constant flow of phishing emails using these domains as phishing links since last November. The scam uses a toolkit that has been used since at least 2017. Another campaign using the same toolkit leverage hijacked CNAMEs of well-known government agencies, universities, telecommunication companies, media organizations, and retailers from around the world.

In our latest blog, we explain what these actors are doing and how they are doing it. We even share all the indicators we’ve uncovered.

https://www.infoblox.com/blog/threat-intelligence/abusing-arpa-the-tld-that-isnt-supposed-to-host-anything/

#dns #threatintel #threatintelligence #cybercrime #cybersecurity #infosec #infoblox #infobloxthreatintel #scam #phishing #hijackedcname

Alt...

Processed used by the threat actor to use IPv6 reverse DNS domains in phishing email URLs

⋅ 53 intrusions dans 42 pays, et tout passait par Google Sheets

https://www.clubic.com/actualite-602251-intrusions-dans-42-pays-et-tout-passait-par-google-sheets.html

#InfoSec

I'm configuring a Web Application Firewall in China that's clearly been translated into English using translation software instead of human translators.

Whenever there's a prompt to confirm a choice, it doesn't say "Confirm" or "Acknowledge".

The button reads "Sure!"

#infosec #sysadmin

⋅ Des données des bénéficiaires du RSA compromises

https://www.lemondeinformatique.fr/actualites/lire-des-donnees-des-beneficiaires-du-rsa-compromises-99465.html

#InfoSec

⋅ Sécurité industrielle : réduire les risques humains dans des environnements de plus en plus complexes

https://www.journaldunet.com/economie/industrie/1548167-securite-industrielle-reduire-les-risques-humains-dans-des-environnements-de-plus-en-plus-complexes/

#Tech #InfoSec

Goodbye innerHTML, Hello setHTML: Stronger XSS Protection in Firefox 148

https://hacks.mozilla.org/2026/02/goodbye-innerhtml-hello-sethtml-stronger-xss-protection-in-firefox-148/

https://wicg.github.io/sanitizer-api/

#infosec #xss #webdev #programming #firefox

Hey, #infosec people, what is your best way to follow threat reports published? Do you have any good RSS feed? Or newsletter?
(By threat report I mean technical reports, not news articles)

It's an exciting time for the #Mensago project and Connect continues to show visible improvements. Hit the link to find out more!

https://mensago.org/february-2026-news-chasing-compelling/

#programming #infosec #email

Dans la série : Vive l' IA (ou pas) !

⋅ Cette directrice de Meta a vu toute sa boîte mail supprimée par OpenClaw

https://www.frandroid.com/marques/meta/2987175_cette-directrice-de-meta-a-vu-toute-sa-boite-mail-supprimee-par-openclaw

#IA #Meta #OpenClaw #InfoSec

[abo]

⋅ De France Travail à Leroy Merlin, ces vols de données qui ont marqué l'année 2025

https://www.lesechos.fr/tech-medias/hightech/de-france-travail-a-leroy-merlin-ces-vols-de-donnees-qui-ont-marque-lannee-2025-2209639

#InfoSec #Tech

⋅ Comment savoir si mes données personnelles ont été piratées ?

https://www.blogdumoderateur.com/comment-savoir-donnees-personnelles-piratees/

#InfoSec #Tech

Just found out that #BeagleIM automatically fetches web links in messages and plays the page's video if there is one.

This is not acceptable behavior!!!

* It's annoying. There isn't any obvious way to stop the video.

* It's insecure. The linked page might attack vulnerabilities in Beagle's video player.

* It exposes the user's IP address to anyone who sends them a message, potentially physically endangering them.

Will uninstall and replace ASAP.

#XMPP #security #cybersecurity #infosec #UX

Been working hard on attachment support for messages in #Mensago Connect lately, and I just implemented basic support for a feature I'm calling Attachment Guard, where a color and number are assigned to a level of risk associated with the kind of attachment(s) a message has. Screenshot below.

Does this help the way that I hope it does?

#programming #infosec #ux #email

Alt...

A screenshot of an email program. A smaller window is open, displaying a test message that has several attachments. Each attachment is prepended by a colored box with a number in it.

Although I have a CISSP, I certainly didn't need it to know how horrifying this is.

But what I think is even worse is that #Infosec LinkedIn is mostly fucking pathetic bootlickers singing the praises of Copilot and bragging about their "AI skills." 🫠🫠🫠

@davidgerard

https://youtu.be/B0B6hoOE9uo?si=gQLzc0XwWgIDGNc9

https://cybernews.com/security/global-data-leak-exposes-billion-records/

Speaking of ID verification companies being shady, #IDMerit, a global AI-based identity verification and "Know Your Customer" (KYC) solutions provider, left a terabyte of user data and biometrics on the open web. The breach exposed approximately 1 billion to 3 billion personal records across 26 countries, making it a significant event for data privacy in the financial and fintech.

Call me Cassandra. 🤷🏻‍♀️🤦‍♀️ #infosec #datasec #ageverification #surveillance

Age verification vendor Persona left frontend exposed, researchers say https://www.malwarebytes.com/blog/news/2026/02/age-verification-vendor-persona-left-frontend-exposed

(They aren't stealing your password from these sites, they're stealing your biometric identity) #InfoSec