Mastodon

14 posts13 participants0 posts today

Lenin alevski 🕵️💻New Open-Source Tool Spotlight 🚨🚨🚨VISTA is a Python-based AI chatbot built using OpenAI GPT and LangChain. It integrates with Pinecone for vector databases, focusing on semantic search and managing context. Looks like a good starting point if you're exploring AI chatbot frameworks. <a href="https://infosec.exchange/tags/AI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AI</a> <a href="https://infosec.exchange/tags/Chatbots" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Chatbots</a>🔗 Project link on <a href="https://infosec.exchange/tags/GitHub" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#GitHub</a> 👉 <a href="https://github.com/RitikaVerma7/VISTA" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://github.com/RitikaVerma7/VISTA</a><a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Infosec</a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cybersecurity</a> <a href="https://infosec.exchange/tags/Software" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Software</a> <a href="https://infosec.exchange/tags/Technology" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Technology</a> <a href="https://infosec.exchange/tags/News" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#News</a> <a href="https://infosec.exchange/tags/CTF" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CTF</a> <a href="https://infosec.exchange/tags/Cybersecuritycareer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cybersecuritycareer</a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#hacking</a> <a href="https://infosec.exchange/tags/redteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#redteam</a> <a href="https://infosec.exchange/tags/blueteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#blueteam</a> <a href="https://infosec.exchange/tags/purpleteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#purpleteam</a> <a href="https://infosec.exchange/tags/tips" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#tips</a> <a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#opensource</a> <a href="https://infosec.exchange/tags/cloudsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cloudsecurity</a>— ✨ 🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

NetzpalaverStand der Cloud- und SaaS-Sicherheit<a href="https://social.tchncs.de/tags/CloudSecurity" class="mention hashtag" rel="tag">#CloudSecurity</a> <a href="https://social.tchncs.de/tags/CloudSicherheit" class="mention hashtag" rel="tag">#CloudSicherheit</a> <a href="https://social.tchncs.de/tags/Container" class="mention hashtag" rel="tag">#Container</a> <a href="https://social.tchncs.de/tags/Cybersecurity" class="mention hashtag" rel="tag">#Cybersecurity</a> <a href="https://social.tchncs.de/tags/Datenpanne" class="mention hashtag" rel="tag">#Datenpanne</a> <a href="https://social.tchncs.de/tags/Fehlkonfiguration" class="mention hashtag" rel="tag">#Fehlkonfiguration</a> <a href="https://social.tchncs.de/tags/IncidentResponse" class="mention hashtag" rel="tag">#IncidentResponse</a> @Qualys <a href="https://social.tchncs.de/tags/SaaSSicherheit" class="mention hashtag" rel="tag">#SaaSSicherheit</a> <a href="https://social.tchncs.de/tags/Sicherheitsl%C3%BCcke" class="mention hashtag" rel="tag">#Sicherheitslücke</a><a href="https://netzpalaver.de/2025/04/07/stand-der-cloud-und-saas-sicherheit/" target="_blank" rel="nofollow noopener noreferrer" translate="no">https://netzpalaver.de/2025/04/07/stand-der-cloud-und-saas-sicherheit/</a>

PUPUWEB Blog⚠️ VMware’s new token update policy is here! Starting April 2025, admins must manually generate tokens for product downloads and updates—no more automated access! Get ahead of the change with this comprehensive guide. 🔑 <a href="https://mastodon.social/tags/VMware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#VMware</a> <a href="https://mastodon.social/tags/TechAdmins" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TechAdmins</a> <a href="https://mastodon.social/tags/CloudSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CloudSecurity</a><a href="https://pupuweb.com/how-to-handle-vmwares-token-update-policy/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://pupuweb.com/how-to-handle-vmwares-token-update-policy/</a>

Opalsec :verified:Our latest post is out, check it out for the full details here 👉 <a href="https://opalsec.io/daily-news-update-saturday-april-5-2025-australia-melbourne/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://opalsec.io/daily-news-update-saturday-april-5-2025-australia-melbourne/</a>If you're short on time, here's a quick rundown of the key stories:🇦🇺 Australian Pension Funds Under Attack: A significant credential stuffing campaign hit multiple Aussie superannuation funds (Australian Super, REST, Hostplus, Insignia, ART) over the March 29-30 weekend. Attackers used stolen creds, likely targeting web portals and mobile apps, accessing accounts and unfortunately stealing funds in some cases (reports mention ~AU$500k from four Australian Super members alone). ASFA is coordinating the response. A stark reminder about password reuse and MFA effectiveness, especially during off-hours!🏛️ Shake-up at NSA/Cyber Command: Big news out of the US – Gen. Timothy Haugh has been fired from his dual-hat role leading the NSA and USCYBERCOM after just over a year. Deputy Director Wendy Noble is also reportedly out. Reasons are murky, but speculation points towards political motivations (linked to Laura Loomer's visit with President Trump). This raises questions about stability, the ongoing 'Cybercom 2.0' review, and the future of the dual-hat structure, especially with ongoing nation-state threats.⏱️ Incident Response Speed vs. Backups: An interesting debate highlighted recently – while backups are vital for recovery, is rapid IR potentially even more critical? It’s a tough balancing act: contain fast (risking tipping off attackers/losing evidence) or investigate thoroughly while the breach continues? Emphasises the need for skilled responders and adequate tooling, not just relying on backups as a silver bullet.⚠️ Critical RCE in Apache Parquet (CVE-2025-30065): Heads up, data folks! A CVSS 10.0 RCE vulnerability has been found in the widely used Apache Parquet columnar storage format (up to v1.15.0). Given its use in Hadoop, AWS, Azure, GCP, and by major tech companies, the potential impact is huge. Patch to version 1.15.1 ASAP!📱 Pentagon Probes Defense Secretary's Signal Use: The DoD's Inspector General is investigating Defense Secretary Pete Hegseth's use of Signal for official business. This follows a report where a journalist was accidentally added to a Signal chat discussing sensitive airstrike details (targets, timing). Raises concerns about classified info on unclassified apps, need-to-know, and record-keeping compliance.The full blog post dives deeper into each of these stories and much more. Don't forget to sign up to our newsletter so you can get this daily wrap-up straight to your inbox!📨 <a href="https://opalsec.io/daily-news-update-saturday-april-5-2025-australia-melbourne/#/portal/signup" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://opalsec.io/daily-news-update-saturday-april-5-2025-australia-melbourne/#/portal/signup</a>What are your biggest takeaways from this week's news? Let's discuss below!<a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfoSec</a> <a href="https://infosec.exchange/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ThreatIntel</a> <a href="https://infosec.exchange/tags/DataBreach" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DataBreach</a> <a href="https://infosec.exchange/tags/CredentialStuffing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CredentialStuffing</a> <a href="https://infosec.exchange/tags/Ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Ransomware</a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Phishing</a> <a href="https://infosec.exchange/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Vulnerability</a> <a href="https://infosec.exchange/tags/ApacheParquet" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ApacheParquet</a> <a href="https://infosec.exchange/tags/NSA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NSA</a> <a href="https://infosec.exchange/tags/CyberCommand" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberCommand</a> <a href="https://infosec.exchange/tags/IncidentResponse" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#IncidentResponse</a> <a href="https://infosec.exchange/tags/CloudSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CloudSecurity</a> <a href="https://infosec.exchange/tags/NationalSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NationalSecurity</a> <a href="https://infosec.exchange/tags/Espionage" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Espionage</a> <a href="https://infosec.exchange/tags/Privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Privacy</a>

Lenin alevski 🕵️💻New Open-Source Tool Spotlight 🚨🚨🚨SharPersist is a tool for creating persistence mechanisms on Windows, leveraging C#. It supports methods like registry runs, WMI event subscriptions, and scheduled tasks. Designed for red teams but publicly available. <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://infosec.exchange/tags/Windows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Windows</a>🔗 Project link on <a href="https://infosec.exchange/tags/GitHub" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#GitHub</a> 👉 <a href="https://github.com/mandiant/SharPersist" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://github.com/mandiant/SharPersist</a><a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Infosec</a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cybersecurity</a> <a href="https://infosec.exchange/tags/Software" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Software</a> <a href="https://infosec.exchange/tags/Technology" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Technology</a> <a href="https://infosec.exchange/tags/News" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#News</a> <a href="https://infosec.exchange/tags/CTF" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CTF</a> <a href="https://infosec.exchange/tags/Cybersecuritycareer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cybersecuritycareer</a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#hacking</a> <a href="https://infosec.exchange/tags/redteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#redteam</a> <a href="https://infosec.exchange/tags/blueteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#blueteam</a> <a href="https://infosec.exchange/tags/purpleteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#purpleteam</a> <a href="https://infosec.exchange/tags/tips" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#tips</a> <a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#opensource</a> <a href="https://infosec.exchange/tags/cloudsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cloudsecurity</a>— ✨ 🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

paulThe 1-15 December 2024 <a href="https://infosec.exchange/tags/cyberattacks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cyberattacks</a> timeline is out with 115 events and a <a href="https://infosec.exchange/tags/threat" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threat</a> landscape dominated by <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#malware</a>. <a href="https://infosec.exchange/tags/Cybercrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cybercrime</a> continues to be the main motivation, and <a href="https://infosec.exchange/tags/phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#phishing</a> the main initial access vector.<a href="https://www.hackmageddon.com/2025/04/04/1-15-december-2024-cyber-attacks-timeline/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.hackmageddon.com/2025/04/04/1-15-december-2024-cyber-attacks-timeline/</a><a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://infosec.exchange/tags/Cloudsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cloudsecurity</a> <a href="https://infosec.exchange/tags/InfoSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfoSecurity</a>

Pyrzout :vm:AutonomyAI Emerges from Stealth with $4M Pre-Seed Funding to Transform Front-End Development with Autonomous AI Agents – Source:hackread.com <a href="https://ciso2ciso.com/autonomyai-emerges-from-stealth-with-4m-pre-seed-funding-to-transform-front-end-development-with-autonomous-ai-agents-sourcehackread-com/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://ciso2ciso.com/autonomyai-emerges-from-stealth-with-4m-pre-seed-funding-to-transform-front-end-development-with-autonomous-ai-agents-sourcehackread-com/</a> <a href="https://social.skynetcloud.site/tags/1CyberSecurityNewsPost" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#1CyberSecurityNewsPost</a> <a href="https://social.skynetcloud.site/tags/CyberSecurityNews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurityNews</a> <a href="https://social.skynetcloud.site/tags/cloudsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cloudsecurity</a> <a href="https://social.skynetcloud.site/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://social.skynetcloud.site/tags/PressRelease" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PressRelease</a> <a href="https://social.skynetcloud.site/tags/AutonomyAI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AutonomyAI</a> <a href="https://social.skynetcloud.site/tags/Technology" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Technology</a> <a href="https://social.skynetcloud.site/tags/Hackread" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Hackread</a> <a href="https://social.skynetcloud.site/tags/AI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AI</a>

Opalsec :verified:Grab your beverage of choice ☕, because there's a LOT to recap from the last 24 hours. Check it out here 👉 <a href="https://opalsec.io/daily-news-update-friday-april-4-2025-australia-melbourne/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://opalsec.io/daily-news-update-friday-april-4-2025-australia-melbourne/</a>There's a lot to digest, so if you're running between meetings or scoffing down a quick lunch before the next - here's the TL;DR on the key points:🚨 Urgent Ivanti Patch Alert: A critical RCE zero-day is being actively exploited by suspected China-nexus group UNC5221, who are deploying new malware (TRAILBLAZE, BRUSHFIRE). 🌐 Fast Flux is Back in the Spotlight: Five Eyes agencies dropped a joint advisory on the increased use of this evasion technique by sophisticated actors (ransomware gangs, state-sponsored groups). It makes tracking C2s & phishing sites a real headache by rapidly changing IPs/nameservers. 🔗 GitHub Supply Chain Attack Deep Dive: Remember that complex attack targeting Coinbase via GitHub Actions? Unit 42 traced its origin back to a single leaked SpotBugs Personal Access Token from late 2024! A huge reminder about token hygiene, the risks of mutable tags, and those cascading dependency threats. Rotate secrets if you use SpotBugs, Reviewdog, or tj-actions!🤔 Oracle's Cloud Breach Saga Continues...: Oracle reportedly admitted a breach to customers, framing it as a "legacy" (pre-2017) environment issue, yet, the actor leaked data allegedly from late 2024/2025. The focus on "Oracle Cloud Classic" vs. OCI feels like damage control over transparency. As I put it in the blog, their handling doesn't exactly inspire confidence – trust is earned, folks.🔄 Rethinking Disaster Recovery in the Ransomware Era: DR is way more than just backups now. With hybrid environments sprawling and ransomware the top threat, recovery is Incident Response (detect, isolate, wipe, reinstall, restore). Homogeneity might simplify recovery, but beware of single points of failure (hello, CrowdStrike outage!). 📡 Mass Scanning Alert: Seeing increased probes against Juniper devices (looking for default 't128' creds - change 'em!) and Palo Alto GlobalProtect portals. Motives are unclear – could be recon, botnet building, or sniffing for vulnerabilities. Keep those edge devices patched and hardened!🇺🇦 New Malware 'Wrecksteel' Hits Ukraine: CERT-UA warns of a new espionage malware targeting state agencies and critical infrastructure via phishing. Deployed by UAC-0219, Wrecksteel exfiltrates documents and takes screenshots. ⚖️ INC Ransomware Claims State Bar of Texas: The second-largest US bar association confirmed a data breach after INC ransomware listed them on their leak site. Stay informed, stay vigilant, and let me know your thoughts in the comments! What's catching your eye this week?<a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfoSec</a> <a href="https://infosec.exchange/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ThreatIntel</a> <a href="https://infosec.exchange/tags/VulnerabilityManagement" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#VulnerabilityManagement</a> <a href="https://infosec.exchange/tags/ZeroDay" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ZeroDay</a> <a href="https://infosec.exchange/tags/Ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Ransomware</a> <a href="https://infosec.exchange/tags/DataBreach" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DataBreach</a> <a href="https://infosec.exchange/tags/CloudSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CloudSecurity</a> <a href="https://infosec.exchange/tags/SupplyChainSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SupplyChainSecurity</a> <a href="https://infosec.exchange/tags/DNS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DNS</a> <a href="https://infosec.exchange/tags/MalwareAnalysis" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MalwareAnalysis</a> <a href="https://infosec.exchange/tags/IncidentResponse" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#IncidentResponse</a> <a href="https://infosec.exchange/tags/CyberAttack" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberAttack</a> <a href="https://infosec.exchange/tags/CyberDefense" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberDefense</a> <a href="https://infosec.exchange/tags/CISA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CISA</a> <a href="https://infosec.exchange/tags/Ivanti" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Ivanti</a> <a href="https://infosec.exchange/tags/GitHub" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#GitHub</a> <a href="https://infosec.exchange/tags/Oracle" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Oracle</a> <a href="https://infosec.exchange/tags/Ukraine" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Ukraine</a> <a href="https://infosec.exchange/tags/AIinCyber" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AIinCyber</a> <a href="https://infosec.exchange/tags/Privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Privacy</a> <a href="https://infosec.exchange/tags/CyberNews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberNews</a>

Lenin alevski 🕵️💻New Open-Source Tool Spotlight 🚨🚨🚨Seatbelt is a post-exploitation tool designed for Windows environments. It collects detailed system information to help identify potential privilege escalation paths or misconfigurations. It's lightweight, written in C#, and can be run on live systems without requiring installation. Used responsibly, tools like this can help secure your environment by simulating attacker tactics. <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfoSec</a>🔗 Project link on <a href="https://infosec.exchange/tags/GitHub" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#GitHub</a> 👉 <a href="https://github.com/GhostPack/Seatbelt" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://github.com/GhostPack/Seatbelt</a><a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Infosec</a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cybersecurity</a> <a href="https://infosec.exchange/tags/Software" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Software</a> <a href="https://infosec.exchange/tags/Technology" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Technology</a> <a href="https://infosec.exchange/tags/News" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#News</a> <a href="https://infosec.exchange/tags/CTF" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CTF</a> <a href="https://infosec.exchange/tags/Cybersecuritycareer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cybersecuritycareer</a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#hacking</a> <a href="https://infosec.exchange/tags/redteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#redteam</a> <a href="https://infosec.exchange/tags/blueteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#blueteam</a> <a href="https://infosec.exchange/tags/purpleteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#purpleteam</a> <a href="https://infosec.exchange/tags/tips" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#tips</a> <a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#opensource</a> <a href="https://infosec.exchange/tags/cloudsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cloudsecurity</a>— ✨ 🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

Opalsec :verified:Staying ahead means staying informed, right? Here's our latest wrap of the day's Cyber News:🗞️ <a href="https://opalsec.io/daily-news-update-thursday-april-3-2025-australia-melbourne/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://opalsec.io/daily-news-update-thursday-april-3-2025-australia-melbourne/</a>If you're short on time, here’s a quick whip-around of the top 3 stories of note:🕵️‍♂️ Hunters Ransomware Rethink: Is the heat getting too much? Hunters International leadership reportedly told affiliates ransomware is now too "risky," planning a shift to pure data theft/extortion under a "World Leaks" banner. While their current status is murky, this potential pivot away from encryption echoes moves by other groups and highlights how defensive pressures are forcing attacker evolution – something we all need to track.📧 White House OpSec Woes: Remember that recent White House Signal mishap? Well, now the same National Security Adviser is reportedly facing heat for using personal Gmail for sensitive (if unclassified) government discussions, raising serious OpSec and compliance alarms. It's a potent reminder for us all: even seemingly benign comms on personal platforms can create significant risks, and basic security hygiene is non-negotiable, especially when sensitive info is involved.📞 Verizon API Call Log Leak: Here’s a worrying find: a simple API flaw in Verizon's Call Filter app exposed the incoming call history of potentially all their wireless customers to each other. Technically, it was a textbook case of broken object-level authorization – the API didn't check if the user's token matched the phone number whose logs were requested in a header. This highlights the critical need for robust API authorization checks and the significant privacy impact even call metadata can have.Have a read of the full newsletter, and sign up to get all the details straight to your inbox each day:📨 <a href="https://opalsec.io/daily-news-update-thursday-april-3-2025-australia-melbourne/#/portal/signup" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://opalsec.io/daily-news-update-thursday-april-3-2025-australia-melbourne/#/portal/signup</a><a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfoSec</a> <a href="https://infosec.exchange/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ThreatIntel</a> <a href="https://infosec.exchange/tags/Ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Ransomware</a> <a href="https://infosec.exchange/tags/DataBreach" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DataBreach</a> <a href="https://infosec.exchange/tags/DataLeak" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DataLeak</a> <a href="https://infosec.exchange/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Vulnerability</a> <a href="https://infosec.exchange/tags/APIsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#APIsecurity</a> <a href="https://infosec.exchange/tags/CloudSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CloudSecurity</a> <a href="https://infosec.exchange/tags/SupplyChainSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SupplyChainSecurity</a> <a href="https://infosec.exchange/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Malware</a> <a href="https://infosec.exchange/tags/Privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Privacy</a> <a href="https://infosec.exchange/tags/CyberAttack" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberAttack</a> <a href="https://infosec.exchange/tags/InfoSecNews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfoSecNews</a> <a href="https://infosec.exchange/tags/ThreatHunting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ThreatHunting</a> <a href="https://infosec.exchange/tags/CISCO" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CISCO</a> <a href="https://infosec.exchange/tags/Verizon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Verizon</a> <a href="https://infosec.exchange/tags/GitHub" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#GitHub</a> <a href="https://infosec.exchange/tags/NationalSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NationalSecurity</a> <a href="https://infosec.exchange/tags/AndroidSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AndroidSecurity</a> <a href="https://infosec.exchange/tags/EDR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#EDR</a> <a href="https://infosec.exchange/tags/CyberAwareness" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberAwareness</a>

Lenin alevski 🕵️💻How is a clean, legitimate program helping hackers steal data from Ukraine? 🕵️🇺🇦Researchers at Cisco Talos have uncovered an ongoing spear-phishing campaign by the Russia-linked group Gamaredon, also known as Armageddon or ACTINIUM. Active since November 2024, the attacks specifically target Ukrainian users with lures tied to military activity, such as troop-related documents.The group distributes phishing emails that include ZIP archives or links to them. Inside those ZIPs are malicious shortcut (LNK) files made to look like Office documents. Once opened, these LNKs execute obfuscated PowerShell scripts that download a second-stage payload—Remcos RAT—using geo-fenced servers located in Russia and Germany. These servers often only respond to IP addresses originating from Ukraine, returning HTTP 403 errors to others.Delivery of the Remcos malware follows a DLL sideloading technique. A notable example includes the use of "TivoDiag.exe," a legitimate executable bundled with a malicious DLL named "mindclient.dll." When the clean executable runs, it inadvertently loads and executes the malicious DLL, which decrypts and launches the Remcos backdoor hidden in the same ZIP file. This method helps bypass basic antivirus detection.Remcos gives remote attackers full control over infected machines. Its use, combined with selective geo-targeting and deceptive file naming, points to a focused cyber-espionage effort against Ukrainian entities.Talos provided indicators of compromise and detection rules to help defenders spot this activity. While Gamaredon has long relied on custom tools, their adoption of commercially available backdoors like Remcos reflects a shift toward more flexible, quickly deployable payloads suited for fast-moving espionage operations.<a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Infosec</a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cybersecurity</a> <a href="https://infosec.exchange/tags/Software" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Software</a> <a href="https://infosec.exchange/tags/Technology" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Technology</a> <a href="https://infosec.exchange/tags/News" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#News</a> <a href="https://infosec.exchange/tags/CTF" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CTF</a> <a href="https://infosec.exchange/tags/Cybersecuritycareer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cybersecuritycareer</a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#hacking</a> <a href="https://infosec.exchange/tags/redteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#redteam</a> <a href="https://infosec.exchange/tags/blueteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#blueteam</a> <a href="https://infosec.exchange/tags/purpleteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#purpleteam</a> <a href="https://infosec.exchange/tags/tips" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#tips</a> <a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#opensource</a> <a href="https://infosec.exchange/tags/cloudsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cloudsecurity</a>— ✨ 🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

Lenin alevski 🕵️💻New Open-Source Tool Spotlight 🚨🚨🚨Loki is an open-source malware scanner designed for threat detection. It uses YARA rules, IOC pattern matching, and file system anomaly detection to identify malicious files and artifacts. Ideal for quick triage, not full AV replacement. <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#malware</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a>🔗 Project link on <a href="https://infosec.exchange/tags/GitHub" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#GitHub</a> 👉 <a href="https://github.com/Neo23x0/Loki" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://github.com/Neo23x0/Loki</a><a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Infosec</a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cybersecurity</a> <a href="https://infosec.exchange/tags/Software" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Software</a> <a href="https://infosec.exchange/tags/Technology" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Technology</a> <a href="https://infosec.exchange/tags/News" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#News</a> <a href="https://infosec.exchange/tags/CTF" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CTF</a> <a href="https://infosec.exchange/tags/Cybersecuritycareer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cybersecuritycareer</a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#hacking</a> <a href="https://infosec.exchange/tags/redteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#redteam</a> <a href="https://infosec.exchange/tags/blueteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#blueteam</a> <a href="https://infosec.exchange/tags/purpleteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#purpleteam</a> <a href="https://infosec.exchange/tags/tips" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#tips</a> <a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#opensource</a> <a href="https://infosec.exchange/tags/cloudsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cloudsecurity</a>— ✨ 🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

InfoQGitGuardian has released a new report highlighting the significant escalation of "secrets sprawl”. Their analysis shows a 25% surge in unintentionally exposed credentials (API keys, passwords) within public <a href="https://techhub.social/tags/GitHub" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#GitHub</a> repositories during 2024 compared to the previous year.Learn more: <a href="https://bit.ly/4j82B6Y" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://bit.ly/4j82B6Y</a> <a href="https://techhub.social/tags/CloudSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CloudSecurity</a> <a href="https://techhub.social/tags/DevOps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DevOps</a> <a href="https://techhub.social/tags/SoftwareDevelopment" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SoftwareDevelopment</a>

Lenin alevski 🕵️💻New Open-Source Tool Spotlight 🚨🚨🚨GhidraMCP is an Model Context Protocol server for allowing LLMs to autonomously reverse engineer applications. It exposes numerous tools from core Ghidra functionality to MCP clients.<a href="https://infosec.exchange/tags/ReverseEngineering" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ReverseEngineering</a> <a href="https://infosec.exchange/tags/Ghidra" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Ghidra</a>🔗 Project link on <a href="https://infosec.exchange/tags/GitHub" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#GitHub</a> 👉 <a href="https://lnkd.in/gRUrYpMx" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://lnkd.in/gRUrYpMx</a><a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Infosec</a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cybersecurity</a> <a href="https://infosec.exchange/tags/Software" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Software</a> <a href="https://infosec.exchange/tags/Technology" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Technology</a> <a href="https://infosec.exchange/tags/News" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#News</a> <a href="https://infosec.exchange/tags/CTF" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CTF</a> <a href="https://infosec.exchange/tags/Cybersecuritycareer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cybersecuritycareer</a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#hacking</a> <a href="https://infosec.exchange/tags/redteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#redteam</a> <a href="https://infosec.exchange/tags/blueteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#blueteam</a> <a href="https://infosec.exchange/tags/purpleteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#purpleteam</a> <a href="https://infosec.exchange/tags/tips" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#tips</a> <a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#opensource</a> <a href="https://infosec.exchange/tags/cloudsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cloudsecurity</a>— ✨ 🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

Pyrzout :vm:Happy 21st Birthday, Gmail! Google’s Present to Enterprise Gmail Users: End-to-End Encryption – Source: www.techrepublic.com <a href="https://ciso2ciso.com/happy-21st-birthday-gmail-googles-present-to-enterprise-gmail-users-end-to-end-encryption-source-www-techrepublic-com/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://ciso2ciso.com/happy-21st-birthday-gmail-googles-present-to-enterprise-gmail-users-end-to-end-encryption-source-www-techrepublic-com/</a> <a href="https://social.skynetcloud.site/tags/rssfeedpostgeneratorecho" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#rssfeedpostgeneratorecho</a> <a href="https://social.skynetcloud.site/tags/SecurityonTechRepublic" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SecurityonTechRepublic</a> <a href="https://social.skynetcloud.site/tags/SecurityTechRepublic" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SecurityTechRepublic</a> <a href="https://social.skynetcloud.site/tags/CyberSecurityNews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurityNews</a> <a href="https://social.skynetcloud.site/tags/CloudSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CloudSecurity</a> <a href="https://social.skynetcloud.site/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cybersecurity</a> <a href="https://social.skynetcloud.site/tags/Encryption" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Encryption</a> <a href="https://social.skynetcloud.site/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Security</a> <a href="https://social.skynetcloud.site/tags/Google" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Google</a> <a href="https://social.skynetcloud.site/tags/Gmail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Gmail</a> <a href="https://social.skynetcloud.site/tags/News" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#News</a>

Lenin alevski 🕵️💻How can a DNS mail record be used to trick you into giving up your login credentials? 📨😕Researchers at Infoblox have identified a phishing-as-a-service (PhaaS) platform called Morphing Meerkat that’s been quietly operating for over five years. What makes it notable is its use of DNS MX (Mail Exchange) records in ways rarely reported before. Instead of the usual static phishing page setups, Morphing Meerkat queries the victim’s email provider’s MX record—using DNS-over-HTTPS via Google or Cloudflare—to tailor the phishing page dynamically. This means victims are shown spoofed login interfaces that mimic the exact service they use, complete with matching branding and pre-filled email fields.The platform supports more than 114 brand templates and uses obfuscated JavaScript to evade detection. It also includes built-in translation capabilities based on browser profile or geolocation, making the fake login pages appear native to the user's language. Earlier versions began in 2020 targeting just five email services (Gmail, Outlook, Yahoo, AOL, Office 365). By mid-2023, they could generate phishing pages dynamically using MX records and now operate in over a dozen languages.Morphing Meerkat campaigns rely on a set of centralized email servers, primarily hosted by UK ISP iomart and US-based HostPapa, indicating a coordinated infrastructure rather than a loose network of attackers. The phishing emails often impersonate trusted services—banks, shipping companies, etc.—and are distributed using compromised WordPress sites, open redirects from platforms like Google’s DoubleClick, and embedded links in shortened URLs.Once a user submits credentials, the system may display a fake “Invalid Password” error to lure them into re-entering data, after which they are redirected to the real login page. This not only reduces suspicion but also increases the chance of capturing correct credentials. Stolen data is sent back via AJAX, PHP scripts, or Telegram bots, sometimes with evidence removed in real-time.This operation shows a deep understanding of modern security blind spots—including how content delivery and DNS infrastructure can be turned against end users.<a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Infosec</a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cybersecurity</a> <a href="https://infosec.exchange/tags/Software" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Software</a> <a href="https://infosec.exchange/tags/Technology" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Technology</a> <a href="https://infosec.exchange/tags/News" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#News</a> <a href="https://infosec.exchange/tags/CTF" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CTF</a> <a href="https://infosec.exchange/tags/Cybersecuritycareer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cybersecuritycareer</a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#hacking</a> <a href="https://infosec.exchange/tags/redteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#redteam</a> <a href="https://infosec.exchange/tags/blueteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#blueteam</a> <a href="https://infosec.exchange/tags/purpleteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#purpleteam</a> <a href="https://infosec.exchange/tags/tips" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#tips</a> <a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#opensource</a> <a href="https://infosec.exchange/tags/cloudsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cloudsecurity</a>— ✨ 🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

PUPUWEB BlogAfter a March 21 report on a possible breach of Oracle Cloud, Oracle's unclear communication has left customers uncertain about the impact. Transparency is key! 🔒 <a href="https://mastodon.social/tags/OracleCloud" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OracleCloud</a> <a href="https://mastodon.social/tags/DataBreach" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DataBreach</a> <a href="https://mastodon.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://mastodon.social/tags/CloudSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CloudSecurity</a> <a href="https://mastodon.social/tags/TechNews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TechNews</a> <a href="https://mastodon.social/tags/Oracle" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Oracle</a> <a href="https://mastodon.social/tags/CustomerTrust" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CustomerTrust</a> <a href="https://mastodon.social/tags/Privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Privacy</a>

Lenin alevski 🕵️💻New Open-Source Tool Spotlight 🚨🚨🚨TheHive is an open-source incident response platform designed to help teams investigate and manage cybersecurity incidents efficiently. It integrates with tools like MISP for threat intelligence sharing and supports automation through APIs. <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://infosec.exchange/tags/IncidentResponse" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#IncidentResponse</a>🔗 Project link on <a href="https://infosec.exchange/tags/GitHub" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#GitHub</a> 👉 <a href="https://github.com/TheHive-Project/TheHive" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://github.com/TheHive-Project/TheHive</a><a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Infosec</a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cybersecurity</a> <a href="https://infosec.exchange/tags/Software" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Software</a> <a href="https://infosec.exchange/tags/Technology" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Technology</a> <a href="https://infosec.exchange/tags/News" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#News</a> <a href="https://infosec.exchange/tags/CTF" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CTF</a> <a href="https://infosec.exchange/tags/Cybersecuritycareer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cybersecuritycareer</a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#hacking</a> <a href="https://infosec.exchange/tags/redteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#redteam</a> <a href="https://infosec.exchange/tags/blueteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#blueteam</a> <a href="https://infosec.exchange/tags/purpleteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#purpleteam</a> <a href="https://infosec.exchange/tags/tips" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#tips</a> <a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#opensource</a> <a href="https://infosec.exchange/tags/cloudsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cloudsecurity</a>— ✨ 🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

TechnoTenshi :verified_trans: :Fire_Lesbian:Oracle accused of downplaying a breach impacting its Oracle Classic SaaS platform. Leaked data and internal recordings suggest unauthorized access to systems handling customer data, despite public denials. Incident highlights growing concerns over transparency.<a href="https://doublepulsar.com/oracle-attempt-to-hide-serious-cybersecurity-incident-from-customers-in-oracle-saas-service-9231c8daff4a" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://doublepulsar.com/oracle-attempt-to-hide-serious-cybersecurity-incident-from-customers-in-oracle-saas-service-9231c8daff4a</a><a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://infosec.exchange/tags/CloudSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CloudSecurity</a> <a href="https://infosec.exchange/tags/Oracle" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Oracle</a> <a href="https://infosec.exchange/tags/DataBreach" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DataBreach</a>

Paco Hope #resistSome of my colleagues at <a href="https://infosec.exchange/tags/AWS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AWS</a> have created an open-source <a href="https://github.com/awslabs/threat-designer" rel="nofollow noopener noreferrer" target="_blank">serverless #AI assisted #threatmodel solution</a>. You upload architecture diagrams to it, and it uses Claude Sonnet via Amazon Bedrock to analyze it.I'm not too impressed with the threats it comes up with. But I am very impressed with the amount of typing it saves. Given nothing more than a picture and about 2 minutes of computation, it spits out a very good list of what is depicted in the diagram and the flows between them. To the extent that the diagram is accurate/well-labeled, this solution seems to do a very good job writing out what is depicted.I deployed this "Threat Designer" app. Then I took the architecture image from <a href="https://medium.com/serverless-transformation/what-a-typical-100-serverless-architecture-looks-like-in-aws-40f252cd0ecb" rel="nofollow noopener noreferrer" target="_blank">this blog post</a> and dropped that picture into it. The image analysis produced some of the list of things you see attached.This is a specialized, context-aware kind of OCR. I was impressed at boundaries, flows, and assets pulled from a graphic. Could save a lot of typing time. I was not impressed with the threats it identifies. Having said that, it did identify a handful of things I hadn't thought of before, like EventBridge event injection. But the majority of the threats are low value.I suspect this app is not cheap to run. So caveat deployor. <a href="https://infosec.exchange/tags/cloud" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cloud</a> <a href="https://infosec.exchange/tags/cloudsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cloudsecurity</a> <a href="https://infosec.exchange/tags/appsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#appsec</a> <a href="https://infosec.exchange/tags/threatmodeling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatmodeling</a>

Recent searches

Search options

Administered by:

Server stats:

#cloudsecurity