Gracias a tod@s por acercarse ayer, por la participación y las risas 🤣! El debate post charla estuvo muy bueno. Para el que se lo perdió, expuse sobre la célula procariota. Nuevamente gracias ❤️⚔️

🚨 BREAKING: More than 400 Arch Linux User Repository packages have been compromised with infostealer malware and a rootkit. Attacker posed as a trusted maintainer and "adopted" orphaned packages. Arch maintainers are purging infected packages now. Audit your AUR installs.

NEW: malware developers added nuclear & biological weapons text to to their spyware. Goal? To trigger LLM safety refusals... so that their spyware wouldn't be analyzed by an AI security scanner. Cleanest practical example I can think of for why over-indexing on first order safety alignment is risky. When closed (and open) models ship with aggressive refusals, they will be sprinkled with second-order blindspots that attackers will discover...and exploit. We are only in the earliest days of attackers leveraging these features, and it wouldn't surprise me if users systems that need to handle complex cybersecurity issues demand that models be less safety-blunted. In the weeds: @SocketSecurity's post also shows why intention matters in how you design a malware analysis pipeline to avoid prompt manipulation. H/T to colleagues that shared this with me socket.dev/blog/mini-shai-hu…

#Phishing "Warrior Filtragem" OAuth Consent Phishing 🇧🇷 Geofenced: Apuntando a 🇦🇷🇪🇸🇲🇽🇮🇹🇪🇨🇵🇪🇧🇴🇵🇹 Actor malicioso: posiblemente de 🇧🇷 Scopes solicitados: MailRead, MailSend, ContactsRead, UserRead, offlineaccess IOC 1cf27bed-8279-4045-b217-8d2a5c68ad4a 160[.]153[.]181[.]176

It’s a trap

Stop paying $20 per month for Claude Code. McDonald’s AI bot is FREE. Someone asked a McDonald’s support assistant how to reverse a linked list in Python. It answered correctly. Actual code. We’re definitely at peak AI now.

Today Instagram had this massive exploit where hackers were just stealing rare handles left and right. Hundreds of accounts gone. People losing handles they’ve owned since 2010, some worth hundreds of thousands. I own a few rare ones so I was actually stressed watching this happen in real time, which I haven’t been in years. Obama White House account got hit. These aren’t some random new accounts, these are verified, locked down accounts and they still got compromised. The thing is the exploit is so simple it’s almost funny. Attacker goes to Forgot Password, says their account is hacked, turns on a VPN to match the target’s location (which now you can find on the about section of the page). Instagram’s AI support flow asks them to verify with a selfie. They grab a photo from the target’s profile, run it through an AI video generator to make an animation of the person’s face moving around, upload that to Meta’s AI as proof. And Meta’s AI just accepts it because it can’t tell the difference between a real selfie and an AI-generated video of someone’s face . Once verified they change the email to theirs. Password reset link goes to their email. They own it now. 2FA gets bypassed somehow in the process but honestly I don’t know exactly how, just that it did. Point is even locked down accounts went down. Then you try to recover your account and you’re talking to a chatbot that has zero ability to help. You can’t escalate to a human. You’re just stuck. Your asset is gone and there’s no one to call. The whole thing just highlighted how stupid it is to automate account security without any human in the loop. One AI fooling another AI while there’s literally no person anywhere to catch it. Meta took hours to even acknowledge it while accounts were getting stolen every minute. Now thankfully it’s patched but I don’t think it will be the last one. Stay safe!

We detected indirect prompt injection on a fake Excel template store. Hidden via white text, the prompt uses social engineering to manipulate AI agents into boosting SEO, aiming to funnel users to a malicious Chrome extension. Details at bit.ly/3RCl2s2

⚠️🇦🇷 La aplicación argentina Bexo Wallet confirmó a Criptonoticias el robo de BTC de cuentas de usuarios, sin precisar el monto robado ni la cantidad de cuentas afectadas. Recomiendan importar las 12 palabras semilla en Metamask o Trust Wallet y crear nueva dirección.

Unfortunately, a few hours ago, at least 297 wallets were drained across EVM chains. The funds were consolidated at the following address: 0x43D49AeF7aAf0Dcf015b20057C5364E092D66615 and were later distributed via @FixedFloat. Nearly $500k was stolen. I suspect a massive private key leak associated with a wallet provider.

Dutch investigators from the FIOD have taken down the bulletproof server hosting provider Stark Industries Authorities seized 800 servers and arrested two men, a 57-year-old who ran the company and a 39-year-old behind a separate firm that handled internet connectivity Just last year, Stark Industries was sanctioned by the United Kingdom for enabling Russian state-sponsored operations, disinformation campaigns, and other cybercrime activities Shortly after the EU sanctions, Stark rebranded as "THEHosting" under a new Dutch organization (WorkTitans B.V.), allowing it to maintain its operations

people are too busy in exploring chrome, kernel and other oss CVEs, meanwhile a DOMPurify bypass was silently dropped 👀 github.com/cure53/DOMPurify/…

🚨 CAYERON "LOS PRESTACARAS": LA BANDA QUE CLONABA IDENTIDADES CON AYUDA DEL CORREO Se trata de una organización que se dedicaba a robar tarjetas de crédito antes que llegasen a sus dueños. El modus operandi: 🔹 El entregador: Un empleado infiel del correo Andreani "marcaba" los envíos. Avisaba el día exacto de la entrega, el nombre del titular y el domicilio. 🔹 El artesano: Con esa información, un falsificador armaba DNI truchos con los datos de las víctimas pero con el rostro de los delincuentes. 🔹 La entrega: Iban hasta el domicilio y esperaban en la vereda. Cuando llegaba el distribuidor, se hacían pasar por los dueños, mostraban el documento falso y se quedaban con la tarjeta plástica original. 🔹 El fletero: Una vez con el plástico en mano, compraban electrodomésticos a mansalva y retiraban efectivo. Un fletero de la banda se encargaba de mover la mercadería robada y revenderla. Fue una investigación de la jueza federal Alicia Vence y la Superintendencia de Investigaciones Federales de la PFA, la banda fue desarticulada. Los 15 detenidos serán indagados en los próximos días.

We are investigating unauthorized access to GitHub’s internal repositories. While we currently have no evidence of impact to customer information stored outside of GitHub’s internal repositories (such as our customers’ enterprises, organizations, and repositories), we are closely monitoring our infrastructure for follow-on activity.

🚨 CYBERINTEL ALERT: NATIONAL SECURITY INTRUSION - BRAZIL 🇧🇷 ⚠️ THREAT ACTOR "1877 TEAM" RELEASES 46 ULTRA-SECRET WEAPONRY AND STRATEGIC INTELLIGENCE DOCUMENTS [STATUS: UNDER INVESTIGATION / MILITARY INTELLECTUAL PROPERTY LEAK / UNCONFIRMED] The threat actor group known as "1877 Team" has announced the execution of a high-severity cyber intrusion as part of the "OpBrazil" hacktivist campaign. The attackers claim to have breached the Strategic Weapons Research Division of Brazil's Ministry of Defense (MD / Ministério da Defesa), successfully exfiltrating and publishing a batch of 46 technical documents classified at the highest level of secrecy (Level 5 - Ultra-Secret). 🎯 Affected Entity: Ministry of Defense of Brazil (eb.mil.br / defesa.gov.br). 👤 Threat Actor: 1877 Team. 📂 Batch Contents: 46 confidential PDF files containing technical blueprints, digital signatures, and cryptographic configurations. ⚠️ Verification Status: TECHNICALLY CONFIRMED. Visual samples display official letterheads reading "Ministério da Defesa - Relatório Confidencial" (Ministry of Defense - Confidential Report), the group's watermarks, and a structured file listing detailing proprietary defense technologies. 📂 ANALYSIS OF EXFILTRATED MILITARY DOCUMENTS The list of PDF files visible on the attacker's backend compromises the strategic and technological advantage of the armed forces in advanced domains: 1. Advanced Weapon Systems and Strategic Projects Drones_Kamikazes.pdf and Drones_Subaquaticos.pdf: Blueprints and specifications for unmanned tactical strike and underwater systems. Submarinos_Nucleares.pdf: Documentation regarding the nuclear submarine development and propulsion program. Energia_Direcionada.pdf and Blindados_Autonomos.pdf: Research on directed-energy weapons (laser/microwave) and autonomous armored vehicles. Misseis_de_Curto_Alcance.pdf and Lancamento_Foguetes.pdf: Data on ballistics, missile systems, and launches. 2. Cyber ​​Warfare and Intelligence Technologies IA_Tatica_Avancada.pdf: Artificial intelligence protocols applied to tactical military operations. Guerra_Eletronica.pdf and Radares_Quanticos.pdf: Manuals on radio-electronic combat and the experimental development of quantum radars. Satellites_de_Espionagem.pdf: Coverage, capabilities, and processing orbits of military reconnaissance satellites. Comunicacoes_Criptografia.pdf: Configuration of sensor networks (Redes_de_Sensores.pdf) and secure communication channels. 🛡️ URGENT TECHNICAL MITIGATIONS AND RECOMMENDATIONS 🛑 Urgent Revocation of Digital Certificates: The Brazilian Cyber ​​Defense Command (ComDCiber) is urged to immediately revoke all digital signatures belonging to the commanders and researchers listed in the leaked samples, thereby invalidating their use for signing new memorandums or government contracts. 🔒 Cryptographic Key Rotation: Initiate an emergency rotation process for the exposed encryption schemes (AES) used in perimeter tactical communication channels to prevent passive data interception. ⚠️ Isolation of Research Networks: Completely isolate the logical servers of the Strategic Weapons Research Division from general internet access and conduct a deep forensic audit to identify the presence of persistent backdoors installed by the group. 🔍 Takedown of Public Samples: File military-related abuse reports with the hosting providers where the group is hosting the batch of 46 files in order to limit their mass dissemination. ⚡ MONITORING AND EVALUATION 🌐 Intelligence System: analyzer.vecert.io 🛡️ Quickly assess your website's security with: monitor.vecert.io/ #CyberSecurity #Brazil #OpBrazil #MinisterioDaDefesa #MilitaryLeak #QuantumRadar #NuclearSubmarine #1877Team #ThreatIntelligence #CiberAlerta #VECERT #Infosec #TopSecret

Jajajaja wtf en qué momento escaló esto

For my Brazilian ThreaHunting/DFIR friends: Been reversing a malware called “#CNABHunter” (NUikita), and this thing is way more interesting than a regular banking trojan. At first I had to figure out what “CNAB240/400” even was — apparently it’s a financial file standard heavily used by Brazilian ERP/banking integrations. The malware hunts for those files in environments running TOTVS, SAP, RM, Senior, Sankhya, etc., extracts transaction data, and waits for remote commands to modify payments. Most interesting part: it doesn’t do dumb string replacement. The malware appears to rebuild the entire financial record using the correct field positions to keep the file structurally valid for banking processing. Maybe my interpretation of this behavior is wrong, but that’s what I’ve understood so far from reversing it. C2: 104.245.245[.]50:5000

Live #Phishing Un actor malicioso está desplegando LivePhishings contra distintas entidades financieras 🇦🇷 Posiblemente vibecodeado Site Actual hxxps://digitales-net.online/

💥 Introducing "Dirty Frag" A universal Linux LPE chaining two vulns in xfrm-ESP and RxRPC. A successor class to Dirty Pipe & Copy Fail. No race, no panic on failure, fully deterministic. ~9 years latent. Ubuntu / RHEL / Fedora / openSUSE / CentOS / AlmaLinux, and more. Even if you've applied the "Copy Fail" mitigation, your Linux is still vulnerable to "Dirty Frag". Apply the Dirty Frag mitigation. Details: dirtyfrag.io