CIRCLE WITH A DOT

24 hours of MIRE/C³; the latest stats (Runmode: Neutral 404, delay-only) 7,554 requests from 924 unique IPs Attacker bandwidth cost: 125.2MB Attacker total delay: 13h 16m server time Slowest response: 23.7s #MIREC3 #CyberSecurity #FightingBack

Possible Phishing on: ️hxxps[:]//docs[.]google[.]com/drawings/d/15eTnCeEu05wCd11EhC9UK6zSxBEbla6IDy4chW7ZySI/edit 🧬 Analysis at: https://urldna.io/scan/6a07bb3e3b7750000260523c#cybersecurity #phishing #infosec #urldna #scam #infosec

COPY FAIL CONTAINER ESCAPE RISK IN KUBERNETEShttps://www.youtube.com/shorts/KhBGeQnOER8##cybersecurity ##infosec ##cve #cybersecurity #infosec #hacking #cve #vulnerability #threatintel #security

@deepthoughts10 Hm. Hmmm.#fuckCloudflare

Siemens patched a high-severity heap overflow in Simcenter Femap’s Datakit library. The vulnerability allows remote code execution via crafted IPT files. #Cybersecurity #InfoSec https://deafnews.it/en/article/siemens-femap-heap-overflow-in-file-ipt-apre-a-rce

Possible Phishing on: ️hxxps[:]//wpxxxx[.]weebly[.]com 🧬 Analysis at: https://urldna.io/scan/6a070aea3b77500003b5319e#cybersecurity #phishing #infosec #urldna #scam #infosec

Possible Phishing on: ️hxxps[:]//wallet-magiceden-io[.]webflow[.]io 🧬 Analysis at: https://urldna.io/scan/6a07513c3b77500003b538ac#cybersecurity #phishing #infosec #urldna #scam #infosec

@evawolfangel @ctt Wer nicht vor Ort sein kann, kann im Stream schauen: https://streaming.media.ccc.de/tdf2026/bool — Oder später die Aufzeichnung auf media.ccc.de

(google.com) BlackFile Unmasked: Anatomy of a Vishing-Driven Extortion Campaign Targeting Cloud IdentitiesUNC6671 (BlackFile) conducts vishing-driven extortion via AiTM MFA bypass and cloud SaaS compromise, targeting Microsoft 365/Okta. Active since early 2026, the campaign impacts orgs in NA, AU, and UK with automated data theft and escalation tactics.In brief - A financially motivated threat actor uses voice phishing and adversary-in-the-middle attacks to bypass MFA, compromise SSO portals, and exfiltrate sensitive cloud data for extortion. The group employs aggressive follow-up tactics and operates a data leak site, though recent shutdowns suggest rebranding.Technically - UNC6671 initiates attacks via vishing calls directing victims to AiTM phishing pages (e.g., <org>.passkeyms[.]com) to harvest credentials and MFA tokens in real time. Post-compromise, the actor registers attacker-controlled MFA devices, moves laterally via SSO, and exfiltrates data using Python/PowerShell scripts that issue HTTP GET requests with valid session cookies (e.g., FedAuth). Exfiltration evades detection by generating FileAccessed events instead of FileDownloaded. Extortion leverages TOX/Session for encrypted comms and escalates to spam or swatting if ignored.Source: https://cloud.google.com/blog/topics/threat-intelligence/blackfile-vishing-extortion-operation/#Cybersecurity #ThreatIntel

(fortinet.com) Evolving Threat Landscape: PawsRunner Steganography Loader Delivers PureLogs Infostealer via Phishing CampaignsNew campaign leverages PawsRunner steganography loader to deploy PureLogs infostealer via phishing. Attack abuses environment variables, AES/RC4 encryption, and PNG-based steganography to evade detection.In brief - A sophisticated phishing campaign uses TXZ archives to deliver PawsRunner, a .NET loader that hides encrypted payloads in cat-themed PNGs via steganography. The final payload, PureLogs infostealer, exfiltrates data via AES-encrypted HTTP requests, demonstrating advanced evasion tactics.Technically - The attack begins with obfuscated JavaScript in environment variables, launching conhost.exe to execute PowerShell. PawsRunner dynamically loads payloads by decrypting RC4-encoded URLs, fetching PNGs with embedded data (iTXt/IEND chunks), and decrypting them to retrieve .NET executables. PureLogs uses AES-256-CBC and Gzip compression, harvesting data asynchronously and exfiltrating via HTTPS to multiple C2 endpoints. The loader bypasses ETW and Windows 11 (24H2) security features, employing reflection and fallback mechanisms.Source: https://www.fortinet.com/blog/threat-research/purelogs-delivery-via-pawsrunner-steganography#Cybersecurity #ThreatIntel

(0din.ai) 0DIN Public Disclosures: Weekly Versioned Dataset for AI Security Research and Threat Intelligence0DIN now releases weekly versioned JSONL datasets for AI security research, enabling real-time threat detection and response. The corpus includes structured vulnerability disclosures with metadata, exploit prompts, and detection signatures.In brief - The 0DIN dataset provides a weekly updated, versioned JSONL corpus of AI security disclosures, including vetted threat intelligence with exploit prompts, responses, and detection signatures to enhance AI model defenses.Technically - The dataset is split into general disclosures (metadata like vulnerability type, affected model, and risk summaries) and a vetted subset with actionable intelligence: triggering prompts, confirmed exploit responses, sector-specific variations, and detection signatures. Exports include typed schemas, timestamped manifests, and publisher git SHAs for reproducibility, supporting integration into security pipelines against threats like prompt injection (e.g., CWE-1324) and model exploitation.Source: https://0din.ai/blog/public-disclosures-corpus#Cybersecurity #ThreatIntel

Possible Phishing on: ️hxxps[:]//rewsdhjkkjfd[.]weebly[.]com 🧬 Analysis at: https://urldna.io/scan/6a06e0a43b77500004d9b284#cybersecurity #phishing #infosec #urldna #scam #infosec

Possible Phishing on: ️hxxps[:]//netflix-clone-omega-gules[.]vercel[.]app 🧬 Analysis at: https://urldna.io/scan/6a068c4c3b77500004d9ab08#cybersecurity #phishing #infosec #urldna #scam #infosec

24 hours of MIRE/C³; the latest stats (Runmode: Neutral 404, delay-only) 10,088 requests from 992 unique IPs Attacker bandwidth cost: 114.2MB Attacker total delay: 17h 11m server time Slowest response: 24.0s #MIREC3 #CyberSecurity #FightingBack

@harrysintonen That must have dropped in the last four hours or so. Thanks! Updating now.

This dumb password rule is from Parnassus Investments.A site responsible for protecting your investments limiting you to afour character range with a bunch of other stupid rules? Shocking.https://dumbpasswordrules.com/sites/parnassus-investments/#password #passwords #infosec #cybersecurity #dumbpasswordrules

Possible Phishing on: ️hxxps[:]//netcoinslogi-shop[.]webflow[.]io 🧬 Analysis at: https://urldna.io/scan/6a0654013b77500004d9a637#cybersecurity #phishing #infosec #urldna #scam #infosec

@ai6yr Good advice, and I’d also recommend confirming the recovery key actually works by using that instead of the paraphrase to unlock the drive at least one time before substantially using it.

Possible Phishing on: ️hxxps[:]//opayservicesupport[.]weebly[.]com 🧬 Analysis at: https://urldna.io/scan/6a05c1233b77500003a75dda#cybersecurity #phishing #infosec #urldna #scam #infosec

Deepfakes: Können wir noch Echt von Fake unterscheiden? - quarks.de https://www.quarks.de/technik/digitalisierung/deepfakes-erkennen-ki-fake/ #bot #cybersecurity #infosec