
I think a whole bunch of orgs probably need to start rotating certificates and such. #threatintel
#Tag
I think a whole bunch of orgs probably need to start rotating certificates and such. #threatintel
I think a whole bunch of orgs probably need to start rotating certificates and such. #threatintel
The Red Hat Consulting LAPSUS$ saga continues - in the past hour they've released a 2.2gb ZIP file.
The Scattered Lapsus$ Hunters portal has 25 victim orgs posted so far, they're an average of about one every 10 minutes.
I've talked to one of the victim orgs - their sample data is indeed from their Salesforce instance. Gonna be a long weekend for a bunch of orgs. Each org also has sample downloads up too.
The Scattered Lapsus$ Hunters portal has 25 victim orgs posted so far, they're an average of about one every 10 minutes.
I've talked to one of the victim orgs - their sample data is indeed from their Salesforce instance. Gonna be a long weekend for a bunch of orgs. Each org also has sample downloads up too.
Crimson Collective are trying to extort Redhat
They've stolen about ~1tb of data related to corporate customers. File list:
Crimson Collective are trying to extort Redhat
They've stolen about ~1tb of data related to corporate customers. File list:
Crimson Collective are trying to extort Redhat
They've stolen about ~1tb of data related to corporate customers. File list:
New configuration detected for DDosia. Hosts:
* helsinki.chamber.fi
* www.sdp.fi
* www.ktpkom.fi
* vasemmisto.fi
* galleria.defmin.fi
* jannehakkarainen.fi
* intermin.fi
* valtioneuvosto.fi
* www.autotuojat.fi
* www.kokoomus.fi
* www.stat.fi
* www.vihreat.fi
* keskusta.fi
* korkeinoikeus.fi
* alampila.fi
* www.defmin.fi
* oma.perussuomalaiset.fi
* julkaisut.valtioneuvosto.fi #ThreatIntel #Ddosia #NoName
* https://witha.name/data/2025-09-23_08-05-10_DDoSia-target-list-full.json
*
New configuration detected for DDosia. Hosts:
* helsinki.chamber.fi
* www.sdp.fi
* www.ktpkom.fi
* vasemmisto.fi
* galleria.defmin.fi
* jannehakkarainen.fi
* intermin.fi
* valtioneuvosto.fi
* www.autotuojat.fi
* www.kokoomus.fi
* www.stat.fi
* www.vihreat.fi
* keskusta.fi
* korkeinoikeus.fi
* alampila.fi
* www.defmin.fi
* oma.perussuomalaiset.fi
* julkaisut.valtioneuvosto.fi #ThreatIntel #Ddosia #NoName
* https://witha.name/data/2025-09-23_08-05-10_DDoSia-target-list-full.json
*
A bunch of packages published by qix in NPM just got backdoored it looks like. Obfuscated code was added like two hours ago. #threatintel #npm
For example: https://www.npmjs.com/package/is-arrayish?activeTab=code
I think quite a few packages are impacted, potentially some very high volume ones. I gotta hop on a subway to make a plane though so it’s going to be hard for me to keep digging.
A bunch of packages published by qix in NPM just got backdoored it looks like. Obfuscated code was added like two hours ago. #threatintel #npm
Interesting write-up coming out of Lab52 where #APT28 (aka Fancy Bear) appear to be using a backdoor communicating through MAPI and Outlook, ie. using email as a C2-channel with base64 encoded instructions etc.
https://lab52.io/blog/analyzing-notdoor-inside-apt28s-expanding-arsenal/
2/ i wrote a short-ish "note" over on The Blogging Site That Shall Not Be Named in an attempt to explain to the less technologically sophisticated people in the audience what just happened with the #nx / #npm supply chain attack.
* my simplified explanation: https://substack.com/profile/96801203-michel-de-cryptadamus/note/c-149738571
* for the trve heads with opinions on things like linux distros and the Rust programming language, Wiz wrote a much more thorough explanation: https://www.wiz.io/blog/s1ngularity-supply-chain-attack
#crypto #cryptocurrency #nodejs #node #threatintel #northkorea #lazarusgroup#DPRK #hackers #hacking #ethereum #claude #gemini
everyone calm down, the enormous #NPM supply chain attack of the incredibly popular (27,000 #github stars) #nx#AI build tool thingamajig is probably aimed solely at crypto bros. if you don't have any crypto you (hopefully) don't have anything to worry about.
my fact free, completely unsupported by evidence hunch is that we will find this came from #NorthKorea (because if it's a well orchestrated attempt to steal a bunch of crypto it's pretty much always north korea).
https://universeodon.com/@cryptadamist/115102035321832152
#crypto #cryptocurrency #ethereum #npm #nodejs #node #js#javascript#webdev#DPRK#LazarusGroup #cybersecurity #infosec #threatintel #claude #gemini
Seeing an influx of spam from a few big Mastodon servers, perfect timing for FediThreat to ship along with the big Stories release!
It's going to be a busy and fun weekend 🚀
Seeing an influx of spam from a few big Mastodon servers, perfect timing for FediThreat to ship along with the big Stories release!
It's going to be a busy and fun weekend 🚀
everyone calm down, the enormous #NPM supply chain attack of the incredibly popular (27,000 #github stars) #nx#AI build tool thingamajig is probably aimed solely at crypto bros. if you don't have any crypto you (hopefully) don't have anything to worry about.
my fact free, completely unsupported by evidence hunch is that we will find this came from #NorthKorea (because if it's a well orchestrated attempt to steal a bunch of crypto it's pretty much always north korea).
https://universeodon.com/@cryptadamist/115102035321832152
#crypto #cryptocurrency #ethereum #npm #nodejs #node #js#javascript#webdev#DPRK#LazarusGroup #cybersecurity #infosec #threatintel #claude #gemini
2/ i wrote a short-ish "note" over on The Blogging Site That Shall Not Be Named in an attempt to explain to the less technologically sophisticated people in the audience what just happened with the #nx / #npm supply chain attack.
* my simplified explanation: https://substack.com/profile/96801203-michel-de-cryptadamus/note/c-149738571
* for the trve heads with opinions on things like linux distros and the Rust programming language, Wiz wrote a much more thorough explanation: https://www.wiz.io/blog/s1ngularity-supply-chain-attack
#crypto #cryptocurrency #nodejs #node #threatintel #northkorea #lazarusgroup#DPRK #hackers #hacking #ethereum #claude #gemini
everyone calm down, the enormous #NPM supply chain attack of the incredibly popular (27,000 #github stars) #nx#AI build tool thingamajig is probably aimed solely at crypto bros. if you don't have any crypto you (hopefully) don't have anything to worry about.
my fact free, completely unsupported by evidence hunch is that we will find this came from #NorthKorea (because if it's a well orchestrated attempt to steal a bunch of crypto it's pretty much always north korea).
https://universeodon.com/@cryptadamist/115102035321832152
#crypto #cryptocurrency #ethereum #npm #nodejs #node #js#javascript#webdev#DPRK#LazarusGroup #cybersecurity #infosec #threatintel #claude #gemini
A space for Bonfire maintainers and contributors to communicate