> JD Vance: "the US government does not even prosecute fraud if it is under $1.5M per year" > > Literally every criminal on the planet: — @vxunderground #cybersecurity #infosec #news #rant

X (formerly Twitter)

vx-underground (@vxunderground) on X

JD Vance: "the US government does not even prosecute fraud if it is under $1.5M per year" Literally every criminal on the planet:

team pcp saga has more plot twists than a real ir engagement. props to the nerds piecing it together while vxunderground dads. > Thank you > @HackingLZ > , > @ramimacisabird > , and > @MosheTov > for keeping me up to date on the latest TeamPCP anime lore > > I was incorrect. I missed parts of the TeamPCP anime yesterday. I was unaware of the full extent of the payload. — @vxunderground #cybersecurity #infosec #news #threat-intel

X (formerly Twitter)

vx-underground (@vxunderground) on X

Thank you @HackingLZ, @ramimacisabird, and @MosheTov for keeping me up to date on the latest TeamPCP anime lore I was incorrect. I missed parts of...

hiding payloads in wav files via msbuild is chef-tier evasion until antivirus catches up. family time costs you the full lore dump. > I was watching my baby boy yesterday, I was on Dad duty (he was trying to murder me), so I only briefly read on the TeamPCP drama. I was aware of the supply chain attack, usage of .wav files, but wasn't aware of the MsBuild > > smh i need to stop spending time with my family fr — @vxunderground #cybersecurity #infosec #news #incident

X (formerly Twitter)

vx-underground (@vxunderground) on X

@HackingLZ @ramimacisabird @MosheTov I was watching my baby boy yesterday, I was on Dad duty (he was trying to murder me), so I only briefly read o...

mods are the new wild west for supply chain attacks. if you're running beamng.drive, check your implants now. > BeamMP, a popular mod for BeamNG Drive, was compromised. > > Internet nerds are investigating the severity of it, but speculation is BeamMP was compromised and delivered malware to peoples machines. > > Has your machine been bamboozled? Find out next time on Dragon Ball Z — @vxunderground #cybersecurity #infosec #news #incident

X (formerly Twitter)

vx-underground (@vxunderground) on X

BeamMP, a popular mod for BeamNG Drive, was compromised. Internet nerds are investigating the severity of it, but speculation is BeamMP was compro...

> privacy journey speedrun, according to twitter: > > day 1: i don't want my photos used for AI training, Proton looks like a convenient option :) > > day 3: someone told me Proton is a honeypot, all VPNs log, Brave is google in disguise, and i need to keep my phone in a faraday bag > > day — @o7laurence #cybersecurity #infosec #news #humor

X (formerly Twitter)

laurence (@o7laurence) on X

privacy journey speedrun, according to twitter: day 1: i don't want my photos used for AI training, Proton looks like a convenient option :) day ...

default alloc in c2s lights you up like a christmas tree to memory hunters. smart move to swap it out before your beacon gets yanked. > I wrote a little piece on how to modify CrystalC2's default memory allocation and freeing strategies. — @_RastaMouse https://t.co/fd3aLAGyaO https://t.co/fd3aLAGyaO Loader/Agent Memory Allocation | Documentation | CrystalC2 (t.co) Loader/Agent Memory Allocation | Documentation | CrystalC2 (t.co) #cybersecurity #infosec #news #tooling

X (formerly Twitter)

Rasta Mouse (@_RastaMouse) on X

I wrote a little piece on how to modify CrystalC2's default memory allocation and freeing strategies. https://t.co/fd3aLAGyaO

> BlockBlock's 'ClickFix' protection vs. the (new) Infiniti Stealer > > BlockBlock is free and open-source > > https:// > objective-see.org/products/block > block.html > … — @patrickwardle

BlockBlock

Protection Against Persistent Mac Malware

BlockBlock (t.co) #cybersecurity #infosec #news #tooling

X (formerly Twitter)

Patrick Wardle (@patrickwardle) on X

BlockBlock's 'ClickFix' protection vs. the (new) Infiniti Stealer 😎 BlockBlock is free and open-source 😇 https://t.co/NaribLBa8P

bloodyad makes ad permission abuse straightforward. skip the telegram channel but grab the tool. > Active Directory Pentesting with BloodyAD > > Telegram: > https:// > t.me/hackinarticles > Twitter: > https:// > x.com/hackinarticles > > BloodyAD is a powerful Active Directory exploitation tool used to abuse AD permissions (DACLs) for privilege escalation, persistence, and domain compromise. It — @hackinarticles

Telegram

Hacking Articles

House of Pentester

#cybersecurity #infosec #news #tooling

X (formerly Twitter)

Hacking Articles (@hackinarticles) on X

Active Directory Pentesting with BloodyAD 🩸 🔥 Telegram: https://t.co/bFiHxFjLZL ✴ Twitter: https://t.co/JX3O0ZL1wX BloodyAD is a powerful...

> We wanna be perfectly clear and it's a rant: > > This industry does NOT exist without the engineers, the devops, the threat hunters, the reverse engineers, the data scientists. > > It also stems from the adversaries we all quietly study, copy, and adapt from. > > Every detection, every — @uwu_underground #cybersecurity #infosec #news #rant

X (formerly Twitter)

UwU Underground (@uwu_underground) on X

We wanna be perfectly clear and it's a rant: This industry does NOT exist without the engineers, the devops, the threat hunters, the reverse engin...

> “We have basically given up all discipline and agency for a sort of addiction, where your highest goal is to produce the largest amount of code in the shortest amount of time. Consequences be damned.” — @GaryMarcus

Thoughts on slowing the fuck down

Thoughts on slowing the fuck down

Thoughts on slowing the fuck down

Thoughts on slowing the fuck down

#cybersecurity #infosec #news #rant

X (formerly Twitter)

Gary Marcus (@GaryMarcus) on X

“We have basically given up all discipline and agency for a sort of addiction, where your highest goal is to produce the largest amount of code i...

nginx mp4 parser letting attackers feed it bad videos for crashes or worse. another reminder that media handling code is eternal attack surface. > NGINX MP4 Module Flaw Enables DoS and Potential Code Execution > > > https:// > gbhackers.com/f5-nginx-plus- > open-source-flaw/ > … > > A high-severity flaw (CVE-2026-32647) in NGINX’s MP4 module allows attackers to trigger DoS or potentially achieve code execution using crafted video files. > > The issue stems from an — @Huntio

GBHackers Security | #1 Globally Trusted Cyber Security News Platform

F5 NGINX Plus & Open‑Source Flaw Lets Attackers Execute Code via MP4 File

F5 has disclosed a high-severity vulnerability (CVE-2026-32647) in the NGINX ngx_http_mp4_module allows execute arbitrary code.

GBHackers Security | #1 Globally Trusted Cyber Security News Platform

F5 NGINX Plus & Open‑Source Flaw Lets Attackers Execute Code via MP4 File

F5 has disclosed a high-severity vulnerability (CVE-2026-32647) in the NGINX ngx_http_mp4_module allows execute arbitrary code.

GBHackers Security | #1 Globally Trusted Cyber Security News Platform

F5 NGINX Plus & Open‑Source Flaw Lets Attackers Execute Code via MP4 File

F5 has disclosed a high-severity vulnerability (CVE-2026-32647) in the NGINX ngx_http_mp4_module allows execute arbitrary code.

F5 NGINX Plus & Open‑Source Flaw Lets Attackers Execute Code via MP4 File (GBHackers Security | #1 Globally Trusted Cyber Security News Platform) F5 NGINX Plus & Open‑Source Flaw Lets Attackers Execute Code via MP4 File (GBHackers Security | #1 Globally Trusted Cyber Security News Platform) F5 NGINX Plus & Open‑Source Flaw Lets Attackers Execute Code via MP4 File (GBHackers Security | #1 Globally Trusted Cyber Security News Platform) #cybersecurity #infosec #news #vulnerability

X (formerly Twitter)

Hunt.io (@Huntio) on X

⚠️ NGINX MP4 Module Flaw Enables DoS and Potential Code Execution https://t.co/0xxSx2LmKY A high-severity flaw (CVE-2026-32647) in NGINX’s ...

eu commission gets owned and data's heading to the wild. because nothing says 'trust us with your digital id' like 350gb on hacker forums. > BREAKING: European Commission confirms its website was breached after a hacker said they stole more than 350GB of data. The hacker plans to publish it online. — @NoToDigitalID #cybersecurity #infosec #news #incident

X (formerly Twitter)

No to Digital ID (@NoToDigitalID) on X

🚨BREAKING: European Commission confirms its website was breached after a hacker said they stole more than 350GB of data. The hacker plans to pub...

another macos stealer via clickfix. that delivery method preys on the 'quick fix' crowd. grab those iocs before they pivot. > Another SHub Stealer v2.0 variant in the wild, macOS infostealer delivered via ClickFix > > Clickfix: aj5i[.]securegrab[.]icu/?1884b405e1a2d354e8729 > C2: wewannaliveinpice[.]com 8ef539340b4f8271ed783223b3e49b7b8099381c6439024e7407474698fe9f10 — @brkalbyrk7 #cybersecurity #infosec #news #threat-intel

X (formerly Twitter)

Berk Albayrak (@brkalbyrk7) on X

Another SHub Stealer v2.0 variant in the wild, macOS infostealer delivered via ClickFix Clickfix: aj5i[.]securegrab[.]icu/?1884b405e1a2d354e8729 C...

pix bot as a service draining accounts in seconds. fraud automation hitting banks where it hurts most. > Automatic PIX Bot (ATS) & FaaS Model > > Technical analysis of recent videos circulating in fraud groups, cross-referenced with intelligence data, reveals a sophisticated Android malware being sold as a service (FaaS) to drain bank accounts in seconds. > > Critical Intelligence — @akaclandestine #cybersecurity #infosec #news #threat-intel

X (formerly Twitter)

Clandestine (@akaclandestine) on X

Automatic PIX Bot (ATS) & FaaS Model Technical analysis of recent videos circulating in fraud groups, cross-referenced with intelligence data...

loki dropping a new thread on breachforums. time to check if your data's the star of the show. > New thread by the #Loki, Moderator of the #Breachforums. > > #Darkweb #Breachforums — @cyberfeeddigest #cybersecurity #infosec #news #threat-intel

X (formerly Twitter)

darkweb-deepwebfeed (@cyberfeeddigest) on X

New thread by the #Loki, Moderator of the #Breachforums. #Darkweb #Breachforums

fbi director's email owned by hacktivists. if doj can't lock down their own, the rest of us are just practicing for the inevitable. > DOJ has now confirmed that FBI director Kash Patels email has been breached. > > Hope you are all following along for hacktivist updates and their activity. Handala is one of many groups and they are all getting busier. — @Cyberknow20 #cybersecurity #infosec #news #incident

X (formerly Twitter)

CyberKnow (@Cyberknow20) on X

DOJ has now confirmed that FBI director Kash Patels email has been breached. Hope you are all following along for hacktivist updates and their act...

chasing apts reactively is a loser's game. this nails it: own your turf, make their every move cost more than it's worth. wish i'd had this framework after my third all-nighter in a row. > Achievement unlocked: > > "The Offense Death Cycle" — an operational concept for persistent cyber defense. > > Core idea: you don't beat APTs by reacting better. You beat them by controlling the environment they operate in. Home-field advantage is real. > > > https:// > cyberdefensereview.army.mil/CDR-Content/Ar > ticles/Article-View/Article/4445589/ > … — @arunninghacker https://t.co/DqF3409pIQ #cybersecurity #infosec #news #research

X (formerly Twitter)

Volodymyr Styran 🇺🇦 (@arunninghacker) on X

Achievement unlocked: "The Offense Death Cycle" — an operational concept for persistent cyber defense. Core idea: you don't beat APTs by react...

excel files with unit data on the dark web. because nothing says secure like spreadsheets full of personnel details. > Alleged Military Data Leak Circulating > > A group calling itself Cyber U.N.I.T.Y claims to have exfiltrated sensitive data related to military personnel and units. > > Shared materials include: > • Excel files containing structured datasets > • Fields allegedly covering: > – Unit — @DailyDarkWeb #cybersecurity #infosec #news #threat-intel

X (formerly Twitter)

Dark Web Intelligence (@DailyDarkWeb) on X

🇮🇱 Alleged Military Data Leak Circulating A group calling itself Cyber U.N.I.T.Y claims to have exfiltrated sensitive data related to milita...

14 eyes list is your vpn shopping blacklist. living in one means no illusions about privacy. > The '14 Eyes Alliance' & What it Means For VPN Users > > These 14 countries share mass surveillance data: > > US, UK, Canada, Australia, NZ , Denmark, France, Netherlands, Norway , Germany, Belgium, Italy, Spain, Sweden. > > If your VPN provider is — @CR1337 #cybersecurity #infosec #news #digitalid

X (formerly Twitter)

CR1337 (@CR1337) on X

The '14 Eyes Alliance' & What it Means For VPN Users These 14 countries share mass surveillance data: 🇺🇸US, 🇬🇧UK, 🇨🇦Cana...

apt28 recycling roundcube exploits like it's still 2022. check your webmail configs if you're in the crosshairs. > Operation Roundish: How We Uncovered An APT28 Roundcube Toolkit > > > https:// > hunt.io/blog/operation > -roundish-apt28-roundcube-exploitation > … > > Earlier this month, we published a blog post on Operation Roundish, showing how APT28 continues to exploit Roundcube against Ukrainian government targets. > > The toolkit enables credential — @Huntio

Operation Roundish: Uncovering an APT28 Roundcube Exploitation Toolkit Targeting Ukraine

Hunt.io investigation uncovered Operation Roundish, an APT28 toolkit used to exploit Roundcube webmail and target Ukrainian government systems. Lea...

Operation Roundish: Uncovering an APT28 Roundcube Exploitation Toolkit Targeting Ukraine

Hunt.io investigation uncovered Operation Roundish, an APT28 toolkit used to exploit Roundcube webmail and target Ukrainian government systems. Lea...

Operation Roundish: Uncovering an APT28 Roundcube Exploitation Toolkit Targeting Ukraine

Hunt.io investigation uncovered Operation Roundish, an APT28 toolkit used to exploit Roundcube webmail and target Ukrainian government systems. Lea...

Operation Roundish: Uncovering an APT28 Roundcube Exploitation Toolkit Targeting Ukraine (t.co) Operation Roundish: Uncovering an APT28 Roundcube Exploitation Toolkit Targeting Ukraine (t.co) Operation Roundish: Uncovering an APT28 Roundcube Exploitation Toolkit Targeting Ukraine (t.co) #cybersecurity #infosec #news #threat-intel

X (formerly Twitter)

Hunt.io (@Huntio) on X

📌 Operation Roundish: How We Uncovered An APT28 Roundcube Toolkit https://t.co/klYepcAyw6 Earlier this month, we published a blog post on Oper...