North Korean hackers have used ChatGPT to help forge deepfake identification document for use in a phishing target in South Korea, according to cybersecurity researchers. https://www.japantimes.co.jp/news/2025/09/15/asia-pacific/crime-legal/north-korean-hackers-chatgpt-deepfake/?utm_medium=Social&utm_source=mastodon #asiapacific #crimelegal #northkorea #hacking #ai #chatgpt #deepfakes #southkorea
A total of 58 information systems at 12 Japanese government institutions have been found vulnerable to cyberattacks, a survey according to the Board of Audit of Japan. https://www.japantimes.co.jp/news/2025/09/14/japan/japan-agencies-cyberattacks/?utm_medium=Social&utm_source=mastodon #japan #cybersecurity #surveys #hacking
Pour les bricoleurs : maintenir l'alimentation électrique de son réseau pendant une coupure de courant (ici, en se fondant sur une expérience ukrainienne). https://labs.ripe.net/author/YuriyVyknevych/keeping-network-sites-online-during-blackouts/
Suspected cyberattackers linked to the Chinese Communist Party impersonated the Republican chair of the House Select Committee on China, attempting to steal sensitive data on trade negotiations, the panel has said. https://www.japantimes.co.jp/news/2025/09/09/world/politics/chinese-hackers-republican-lawmaker/?utm_medium=Social&utm_source=mastodon #worldnews #politics #china #hacking #us #republicans
MacLemon
boosted
Get ready for BalCCon2k25– happening from 19th till 21st September in Novi Sad! 🎉You don’t want to miss:
✨ Sandra Bardon
✨ Philippe Laulheret
✨ @gannimo
✨ Ali Abdollahi
✨ @joegrand
✨ @iceman
✨ @Hetti
✨ @MacLemon
✨ Travis Goodspead
✨ Zoz
✨ Alex....
🔥 This is your chance to learn, connect & be inspired with the best in the community.
🎟️ Snag your ticket NOW before they’re gone! → https://2k25.balccon.org/tickets/
#BalCCon2k25#Hacking#Cybersecurity#Networking #community
Get ready for BalCCon2k25– happening from 19th till 21st September in Novi Sad! 🎉You don’t want to miss:
✨ Sandra Bardon
✨ Philippe Laulheret
✨ @gannimo
✨ Ali Abdollahi
✨ @joegrand
✨ @iceman
✨ @Hetti
✨ @MacLemon
✨ Travis Goodspead
✨ Zoz
✨ Alex....
🔥 This is your chance to learn, connect & be inspired with the best in the community.
🎟️ Snag your ticket NOW before they’re gone! → https://2k25.balccon.org/tickets/
#BalCCon2k25#Hacking#Cybersecurity#Networking #community
Stefano Marinelli
boosted
Preliminary support for Raspberry Pi 5 https://www.undeadly.org/cgi?action=article;sid=20250903064251 #openbsd #arm64 #rpi #rpi5 #raspberrypi #raspberrypi5 #development #pisupport #freesoftware #libresoftware #hacking
Preliminary support for Raspberry Pi 5 https://www.undeadly.org/cgi?action=article;sid=20250903064251 #openbsd #arm64 #rpi #rpi5 #raspberrypi #raspberrypi5 #development #pisupport #freesoftware #libresoftware #hacking
David Gerard
boosted
2/ i wrote a short-ish "note" over on The Blogging Site That Shall Not Be Named in an attempt to explain to the less technologically sophisticated people in the audience what just happened with the #nx / #npm supply chain attack.
* my simplified explanation: https://substack.com/profile/96801203-michel-de-cryptadamus/note/c-149738571
* for the trve heads with opinions on things like linux distros and the Rust programming language, Wiz wrote a much more thorough explanation: https://www.wiz.io/blog/s1ngularity-supply-chain-attack
#crypto #cryptocurrency #nodejs #node #threatintel #northkorea #lazarusgroup#DPRK #hackers #hacking #ethereum #claude #gemini
Japanese authorities have issued a joint advisory about Salt Typhoon, a Chinese government-backed hacker group, in a document prepared by the United States and signed by 13 countries including the U.K. and Canada. https://www.japantimes.co.jp/news/2025/08/28/japan/crime-legal/china-hacker-group-warning/?utm_medium=Social&utm_source=mastodon #japan #crimelegal #cybersecurity #hacking #japanesepolice
everyone calm down, the enormous #NPM supply chain attack of the incredibly popular (27,000 #github stars) #nx#AI build tool thingamajig is probably aimed solely at crypto bros. if you don't have any crypto you (hopefully) don't have anything to worry about.
my fact free, completely unsupported by evidence hunch is that we will find this came from #NorthKorea (because if it's a well orchestrated attempt to steal a bunch of crypto it's pretty much always north korea).
https://universeodon.com/@cryptadamist/115102035321832152
#crypto #cryptocurrency #ethereum #npm #nodejs #node #js#javascript#webdev#DPRK#LazarusGroup #cybersecurity #infosec #threatintel #claude #gemini
2/ i wrote a short-ish "note" over on The Blogging Site That Shall Not Be Named in an attempt to explain to the less technologically sophisticated people in the audience what just happened with the #nx / #npm supply chain attack.
* my simplified explanation: https://substack.com/profile/96801203-michel-de-cryptadamus/note/c-149738571
* for the trve heads with opinions on things like linux distros and the Rust programming language, Wiz wrote a much more thorough explanation: https://www.wiz.io/blog/s1ngularity-supply-chain-attack
#crypto #cryptocurrency #nodejs #node #threatintel #northkorea #lazarusgroup#DPRK #hackers #hacking #ethereum #claude #gemini
Stefano Marinelli
boosted
"Yes, The Book of PF, 4th Edition Is Coming Soon" https://nxdomain.no/~peter/yes_the_book_of_pf_4th_ed_is_coming.html (also https://bsdly.blogspot.com/2025/07/yes-book-of-pf-4th-edition-is-coming.html), title still true, actual publication date TBD, #bookofpf #pf #packetfilter #openbsd #freebsd #networking #security #trickery #hacking
"Yes, The Book of PF, 4th Edition Is Coming Soon" https://nxdomain.no/~peter/yes_the_book_of_pf_4th_ed_is_coming.html (also https://bsdly.blogspot.com/2025/07/yes-book-of-pf-4th-edition-is-coming.html), title still true, actual publication date TBD, #bookofpf #pf #packetfilter #openbsd #freebsd #networking #security #trickery #hacking
MacLemon
boosted
On BalCCon2k25, we want everyone to have an opportunity to speak! So we are soliciting short, but engaging 5 minute talks – Lightning Talks – from any and all attendees. More info at : https://2k25.balccon.org/news/
#balccon#BalCCon2k25 #cyber #hacking #lightningtalks
On BalCCon2k25, we want everyone to have an opportunity to speak! So we are soliciting short, but engaging 5 minute talks – Lightning Talks – from any and all attendees. More info at : https://2k25.balccon.org/news/
#balccon#BalCCon2k25 #cyber #hacking #lightningtalks
there's another reason for why i hate gemini other than it just being AI, whenever it (randomly!!) opens on my phone it turns off my headphones. It doesn't stop the video or plays a different sound, it doesn't simply disconnect the bluetooth, it somehow TURNS OFF my headphones.
whenever gemini does this i need to put the earbuds back in the case and take them out again. how is this a thing
@ErikUden
I wonder if gemini is why my ear buds are now randomly going to my phone when I'm using them with my computer. #bluetooth #technology #bugs#PixelBugs #hacking
I wonder if gemini is why my ear buds are now randomly going to my phone when I'm using them with my computer. #bluetooth #technology #bugs#PixelBugs #hacking
Stefano Marinelli
boosted
The latest BSD Weekly https://bsdweekly.com/issues/245 features "Eighteen Years of Greytrapping ..." (https://nxdomain.no/~peter/eighteen_years_of_greytrapping.html and https://bsdly.blogspot.com/2025/08/eighteen-years-of-greytrapping-is.html - a warmup to #bookofpf 4th ed https://nostarch.com/book-of-pf-4th-edition) #openbsd #freebsd #security #mail #spam #hacking #cybercrime @nostarch
The latest BSD Weekly https://bsdweekly.com/issues/245 features "Eighteen Years of Greytrapping ..." (https://nxdomain.no/~peter/eighteen_years_of_greytrapping.html and https://bsdly.blogspot.com/2025/08/eighteen-years-of-greytrapping-is.html - a warmup to #bookofpf 4th ed https://nostarch.com/book-of-pf-4th-edition) #openbsd #freebsd #security #mail #spam #hacking #cybercrime @nostarch
Roland
boosted
🍔 Found huge security flaws in McDonald's - crew members could access sites reserved for corporate employees with internal functions, API keys exposed, and more. Had to call their HQ and pretend to know people just to report it 🤦
Technical details:
- Design Hub: Used to be client sided password, Registration endpoint exists and works even tho they dont want signups
- TRT portal: Crew accounts could enumerate/impersonate all employees from general manager to CEO
- GRS panel: Complete authentication bypass, arbitrary HTML injection
- Magicbell API keys/secrets exposed in client-side JS
- Algolia indexes listable with user PII
- CosMc's: Server-side validation missing for coupon redemption
They fixed it but fired my friend who helped find the OAuth vulnerabilities.
Full Technical Writeup: https://bobdahacker.com/blog/mcdonalds-security-vulnerabilities
#infosec #bugbountry #responsibledisclosure #security #cybersecurity #hacking #vulnerability
🍔 Found huge security flaws in McDonald's - crew members could access sites reserved for corporate employees with internal functions, API keys exposed, and more. Had to call their HQ and pretend to know people just to report it 🤦
Technical details:
- Design Hub: Used to be client sided password, Registration endpoint exists and works even tho they dont want signups
- TRT portal: Crew accounts could enumerate/impersonate all employees from general manager to CEO
- GRS panel: Complete authentication bypass, arbitrary HTML injection
- Magicbell API keys/secrets exposed in client-side JS
- Algolia indexes listable with user PII
- CosMc's: Server-side validation missing for coupon redemption
They fixed it but fired my friend who helped find the OAuth vulnerabilities.
Full Technical Writeup: https://bobdahacker.com/blog/mcdonalds-security-vulnerabilities
#infosec #bugbountry #responsibledisclosure #security #cybersecurity #hacking #vulnerability