AI
Tor removes AI features from Firefox
Reddit's AI Suggests Users Try Heroin
Moderators can't opt out of AI answers. Reddit users are forced to use AI, like Microsoft employees.
Politics
Johnson describes planned No Kings rally as ‘hate America,’ ‘pro-Hamas’ gathering
Iran-backed hackers sought to blackmail Bolton over emails - indictment
When the FBI crosses boundaries
To catch Russian hackers, the FBI seems to have embraced illegal hacking and dumping of data.
European law enforcement agencies disapprove of these methods, which could make later court proceedings much more difficult or even impossible.
Miami Is Testing a Self-Driving Police Car That Can Launch Drones
Infosec
The Surveillance Empire That Tracked World Leaders, a Vatican Enemy, and Maybe You – Mother Jones
Operating from their base in Jakarta, where permissive export laws have allowed their surveillance business to flourish, First Wap’s European founders and executives have quietly built a phone-tracking empire, with a footprint extending from the Vatican to the Middle East to Silicon Valley.
Velociraptor leveraged in ransomware attacks
Velociraptor played a significant role in this campaign, ensuring the actors maintained stealthy persistent access while deploying LockBit and Babuk ransomware. After gaining initial access the actors installed an outdated version of Velociraptor (version 0.73.4.0) that was exposed to a privilege escalation vulnerability (CVE-2025-6264) that could lead to arbitrary command execution and endpoint takeover.
Detecting Velociraptor misuse
Rapid7 provides several IoCs, including a registry key and a log entry,
Privacy is sexy
Has a script to block Windows 11 updates, and much more.
Phrack reported a slew of Korean government agencies had been successfully hacked; Proton punished them
Amazing tale, involving proton, data center fires, and a mysterious "suicide".
Two months later, SK gov't admits hackers accessed internal platforms, digital certificates
Myanmar scam cities booming despite crackdown - using Musk's Starlink | AFP
Video
US Congress committee investigating Musk-owned Starlink over Myanmar scam centres
Elon Musk’s Starlink providesinternet access to Myanmar scam centres, blamed for swindling billions from victims across the world.
Recovery Contacts: Sign in with a little help from your friends and family
A new option that lets you choose trusted friends or family members to help if you ever get locked out of your Google Account
Dismantling a Critical Supply Chain Risk in VSCode Extension Marketplaces
Wiz Research identified a pattern of secret leakage by publishers of VSCode IDE Extensions.
Critically, in over a hundred cases this included leakage of access tokens granting the ability to update the extension itself.
Nation-state hackers deliver malware from “bulletproof” blockchains
Hacking groups—at least one of which works on behalf of the North Korean government—have found a new and inexpensive way to distribute malware from “bulletproof” hosts: stashing them on public cryptocurrency blockchains.
Hackers exploit Cisco SNMP flaw to deploy rootkit on switches
The security issue leveraged in the attacks affects the Simple Network Management Protocol (SNMP) in Cisco IOS and IOS XE and leads to RCE if the attacker has root privileges.
The rootkit planted on vulnerable Cisco devices features a UDP controller that can listen on any port, toggle or delete logs, bypass AAA and VTY ACLs, enable/disable the universal password, hide running configuration items, and reset the last write timestamp for them.
|