2/ i wrote a short-ish "note" over on The Blogging Site That Shall Not Be Named in an attempt to explain to the less technologically sophisticated people in the audience what just happened with the #nx / #npm supply chain attack.

* my simplified explanation: https://substack.com/profile/96801203-michel-de-cryptadamus/note/c-149738571
* for the trve heads with opinions on things like linux distros and the Rust programming language, Wiz wrote a much more thorough explanation: https://www.wiz.io/blog/s1ngularity-supply-chain-attack

#crypto #cryptocurrency #nodejs #node #threatintel #northkorea #lazarusgroup#DPRK #hackers #hacking #ethereum #claude #gemini

Japanese authorities have issued a joint advisory about Salt Typhoon, a Chinese government-backed hacker group, in a document prepared by the United States and signed by 13 countries including the U.K. and Canada. https://www.japantimes.co.jp/news/2025/08/28/japan/crime-legal/china-hacker-group-warning/?utm_medium=Social&utm_source=mastodon #japan #crimelegal #cybersecurity #hacking #japanesepolice

2/ i wrote a short-ish "note" over on The Blogging Site That Shall Not Be Named in an attempt to explain to the less technologically sophisticated people in the audience what just happened with the #nx / #npm supply chain attack.

* my simplified explanation: https://substack.com/profile/96801203-michel-de-cryptadamus/note/c-149738571
* for the trve heads with opinions on things like linux distros and the Rust programming language, Wiz wrote a much more thorough explanation: https://www.wiz.io/blog/s1ngularity-supply-chain-attack

#crypto #cryptocurrency #nodejs #node #threatintel #northkorea #lazarusgroup#DPRK #hackers #hacking #ethereum #claude #gemini

"Yes, The Book of PF, 4th Edition Is Coming Soon" https://nxdomain.no/~peter/yes_the_book_of_pf_4th_ed_is_coming.html (also https://bsdly.blogspot.com/2025/07/yes-book-of-pf-4th-edition-is-coming.html), title still true, actual publication date TBD, #bookofpf #pf #packetfilter #openbsd #freebsd #networking #security #trickery #hacking

"Yes, The Book of PF, 4th Edition Is Coming Soon" https://nxdomain.no/~peter/yes_the_book_of_pf_4th_ed_is_coming.html (also https://bsdly.blogspot.com/2025/07/yes-book-of-pf-4th-edition-is-coming.html), title still true, actual publication date TBD, #bookofpf #pf #packetfilter #openbsd #freebsd #networking #security #trickery #hacking

On BalCCon2k25, we want everyone to have an opportunity to speak! So we are soliciting short, but engaging 5 minute talks – Lightning Talks – from any and all attendees. More info at : https://2k25.balccon.org/news/
#balccon#BalCCon2k25 #cyber #hacking #lightningtalks

On BalCCon2k25, we want everyone to have an opportunity to speak! So we are soliciting short, but engaging 5 minute talks – Lightning Talks – from any and all attendees. More info at : https://2k25.balccon.org/news/
#balccon#BalCCon2k25 #cyber #hacking #lightningtalks

The latest BSD Weekly https://bsdweekly.com/issues/245 features "Eighteen Years of Greytrapping ..." (https://nxdomain.no/~peter/eighteen_years_of_greytrapping.html and https://bsdly.blogspot.com/2025/08/eighteen-years-of-greytrapping-is.html - a warmup to #bookofpf 4th ed https://nostarch.com/book-of-pf-4th-edition) #openbsd #freebsd #security #mail #spam #hacking #cybercrime @nostarch

The latest BSD Weekly https://bsdweekly.com/issues/245 features "Eighteen Years of Greytrapping ..." (https://nxdomain.no/~peter/eighteen_years_of_greytrapping.html and https://bsdly.blogspot.com/2025/08/eighteen-years-of-greytrapping-is.html - a warmup to #bookofpf 4th ed https://nostarch.com/book-of-pf-4th-edition) #openbsd #freebsd #security #mail #spam #hacking #cybercrime @nostarch

｢ Workday, a company that provides human resources technology to over 11,000 corporations and 70 million users worldwide, announced in a classic Friday news dump that it suffered a data breach ｣

https://gizmodo.com/hr-giant-workday-got-hacked-2000644474

#databreach #cybersecurity #hacking

🍔 Found huge security flaws in McDonald's - crew members could access sites reserved for corporate employees with internal functions, API keys exposed, and more. Had to call their HQ and pretend to know people just to report it 🤦

Technical details:

• Design Hub: Used to be client sided password, Registration endpoint exists and works even tho they dont want signups
• TRT portal: Crew accounts could enumerate/impersonate all employees from general manager to CEO
• GRS panel: Complete authentication bypass, arbitrary HTML injection
• Magicbell API keys/secrets exposed in client-side JS
• Algolia indexes listable with user PII
• CosMc's: Server-side validation missing for coupon redemption

They fixed it but fired my friend who helped find the OAuth vulnerabilities.

Full Technical Writeup: https://bobdahacker.com/blog/mcdonalds-security-vulnerabilities

#infosec #bugbountry #responsibledisclosure #security #cybersecurity #hacking #vulnerability

🍔 Found huge security flaws in McDonald's - crew members could access sites reserved for corporate employees with internal functions, API keys exposed, and more. Had to call their HQ and pretend to know people just to report it 🤦

Technical details:

• Design Hub: Used to be client sided password, Registration endpoint exists and works even tho they dont want signups
• TRT portal: Crew accounts could enumerate/impersonate all employees from general manager to CEO
• GRS panel: Complete authentication bypass, arbitrary HTML injection
• Magicbell API keys/secrets exposed in client-side JS
• Algolia indexes listable with user PII
• CosMc's: Server-side validation missing for coupon redemption

They fixed it but fired my friend who helped find the OAuth vulnerabilities.

Full Technical Writeup: https://bobdahacker.com/blog/mcdonalds-security-vulnerabilities

#infosec #bugbountry #responsibledisclosure #security #cybersecurity #hacking #vulnerability

Japan’s brokerage industry is aiming to identify accounts owned by phishing scammers after fraudulent trades worth more than $4 billion rattled the nation’s stock market. https://www.japantimes.co.jp/business/2025/08/15/brokerage-hackers/?utm_medium=Social&utm_source=mastodon #business #brokerages #hacking

Ça marcherait avec un Linky ?

#hacking

All the talks you can look back from #Why2025
https://media.ccc.de/c/WHY2025
#cybersecurity #hacking #hackers

For everyone who misses #why2025 already and want the feeling back, check out your local hackerspace near you. If there is no space near you could consider starting one, other spaces are always happy to help and advise you.
https://wiki.hackerspaces.org/List_of_Hacker_Spaces

#hackerspace #hacking

https://program.why2025.org/why2025/talk/JALJPD/

It should become available soonish: https://media.ccc.de/c/WHY2025

(❤️AV angels!)

#Hacking#Engineering#Art#DIY#Tech#Boat#Barge#WHY2025#Solar#Solarpunk

https://program.why2025.org/why2025/talk/JALJPD/

It should become available soonish: https://media.ccc.de/c/WHY2025

(❤️AV angels!)

#Hacking#Engineering#Art#DIY#Tech#Boat#Barge#WHY2025#Solar#Solarpunk

Pentesting Passkeys has been released on media.ccc.de and YouTube #why2025#Hacking#Brachium #why2025enghttps://media.ccc.de/v/why2025-65-pentesting-passkeyshttps://www.youtube.com/watch?v=5TKVtJLu_cghttps://program.why2025.org/why2025/talk/WD99DB/