Heyo! Scrolls volume nineteen is out! There's all the usual awesome #IndieWeb, #Fediverse and #Infosec / #Cybersecurity goodness inside. Check it out!

https://shellsharks.com/scrolls/scroll/2025-06-27

The usual shoutout to everyone who's content and things-shared made it into this week's issue. Y'all make scrolling my feeds the joy that it is each week! 📜

@SJHoodlet@daemon_nova @sudorandom @axxuy @fyr @32x33 @adam @sainthood @MissConstrue @arunkumargovinda @abnv @b3s @cyd @ross @eclecticpassions @nelhage @jaz @tchambers@takimakou @kellay @tinimalina @exocomics

Watch Brenno De Winter’s talk from OrangeCon 2024 on making penetration tests auditable again.
Watch here: https://www.youtube.com/watch?v=Rv0otVFKrkk
#OrangeCon2024#Pentesting#Cybersecurity#Infosec

Paraguay hit by catastrophic data breach as hacktivists leak personal data of entire population

Paraguay suffered one of the most devastating national data breaches in history when hackers leaked personal information of approximately 7.4 million citizens (essentially the entire population) on June 13, 2025, after the government refused to pay a $7.4 million ransom demand from "Brigada Cyber PMC." The attack began with Redline infostealer malware compromising government employee credentials at the Ministry of Public Health and Social Welfare, enabling hackers to slowly exfiltrate data.

Infostealers are extremely dangerous. Especially on government system accounts.
#cybersecurity #infosec #incident #databreach
https://beyondmachines.net/event_details/paraguay-hit-by-catastrophic-data-breach-as-hacktivists-leak-personal-data-of-entire-population-0-p-p-d-m/gD2P6Ple2L

Hello! It's a Scrolls back-to-back day! Volume eighteen has just been published (as I promised yesterday). It features the best of my #IndieWeb, #Fediverse and #Cybersecurity / #infosec discoveries from LAST week 😁. Consider this the final "catch-up" issue, with a regularly scheduled issue set to come out in another 2 days (Friday) 🤗.

https://shellsharks.com/scrolls/scroll/2025-06-25

A big thanks to everyone below. Each of them (and more not represented below) are featured in this special edition of the Scrolls newsletter. Thank you! 🧡

@ifixcoinops @birdibirdson @fedihost @RedTeamPentesting @CodeRush @axxuy@daemon_nova @nsmsn @bt @wezm @readbeanicecream @daj @janTeko @web_goddess @angrybunnyman @anubiarts @tchambers

are you in the UK? are you looking for an infosec job? have you ever done a security assessment in an industrial environment, including industrial infrastructure and/or HMI middleware appsec? if so, I know of a place that's hiring and is open to remote (but UK only) full-time, part-time, or contract positions. they've got a ton of industrial work coming in and minimal internal resources to handle it.

drop me a DM and I can pass your details on.

#infosec #getfedihired #FediHire

scammers are using cyrillic letters to trick people into visiting look-alike domains, i.e., “citibank.com” vs “citibаnk.com”.

they are indistinguishable when rendered in UTF-8, but when you put them in your browser’s address bar, one will resolve predictably as “http://citibank.com/”, and the other will resolve as “http://xn--citibnk-6fg.com/”

perhaps a new tool in the anti-phishing arsenal might be to copy the URL in an email, and paste it into a text editor to check for unicode.

#infosec