Julie Webgirl<p>Well this one is new. </p><p>Got a SPAM email. (That part's not new). And at the end of it it says: </p><p>"Important:<br>This email comes to you via a secondary domain to secure the core domain system of Claymore Capital’s primary domain..."</p><p>The email domain it's coming from is @withdfai.com</p><p>Company name is DealFlow...</p><p>Ohhhh Nice way to tuck the fucking "AI" in where nobody notices. </p><p>So you're securing your domain from your ai?</p><p><a href="https://mstdn.social/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a></p>
eupolicy.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
This Mastodon server is a friendly and respectful discussion space for people working in areas related to EU policy. When you request to create an account, please tell us something about you.
Administered by:
Server stats:
202active users
eupolicy.social: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.3
#infosec
211 posts · 124 participants · 23 posts today
doboprobodyne<p><span class="h-card" translate="no"><a href="https://mastodon.social/@EricAlper" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>EricAlper</span></a></span> <br>I have so much time for cheap [more] ethical diamonds.<br><a href="https://www.zeeman.com/nl-nl/campagnes/diamant" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">zeeman.com/nl-nl/campagnes/dia</span><span class="invisible">mant</span></a><br>I wonder how small a NFC FIDO2 2FA chip could be shrunk for a necklace? Would look natty.<br><a href="https://www.token2.com/shop/product/t2f2-pin-release3-typec" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">token2.com/shop/product/t2f2-p</span><span class="invisible">in-release3-typec</span></a><br><a href="https://mathstodon.xyz/tags/diamond" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>diamond</span></a> <a href="https://mathstodon.xyz/tags/diamonds" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>diamonds</span></a> <a href="https://mathstodon.xyz/tags/token2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>token2</span></a> <a href="https://mathstodon.xyz/tags/zeeman" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>zeeman</span></a> <a href="https://mathstodon.xyz/tags/jewellery" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>jewellery</span></a> <a href="https://mathstodon.xyz/tags/art" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>art</span></a> <a href="https://mathstodon.xyz/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a></p>
AAKL<p>"Scammers are now using 'SMS blasters' to send out up to 100,000 texts per hour to phones that are tricked into thinking the devices are cell towers."</p><p>Wired: Cybercriminals Have a Weird New Way to Target You With Scam Texts <a href="https://www.wired.com/story/sms-blasters-scam-texts/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">wired.com/story/sms-blasters-s</span><span class="invisible">cam-texts/</span></a> <span class="h-card" translate="no"><a href="https://flipboard.com/@WIRED" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>WIRED</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@mattburgess" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>mattburgess</span></a></span> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a></p>
Matthias Schulze<p>US investors in spyware firms nearly tripled in 2024: report <a href="https://therecord.media/us-investors-in-spyware-tripled-in-2024" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">therecord.media/us-investors-i</span><span class="invisible">n-spyware-tripled-in-2024</span></a> <a href="https://ioc.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://ioc.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a></p>
AAKL<p>If you missed this.</p><p>Zscaler: Malicious PyPI Packages Deliver SilentSync RAT <a href="https://www.zscaler.com/blogs/security-research/malicious-pypi-packages-deliver-silentsync-rat" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">zscaler.com/blogs/security-res</span><span class="invisible">earch/malicious-pypi-packages-deliver-silentsync-rat</span></a> <a href="https://infosec.exchange/tags/Python" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Python</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a></p>
The Servitor<p>This week on The Servitor, looking at "Villager", the highly sus AI pen-testing package that uploaded to PyPi in July. ... Don't use this thing. It has hardcoded Chinese C2 and proxies all its traffic through them.</p><p><a href="https://theservitor.com/it-takes-a-village-r-to-raise-a-dark-gpt-wielding-script-kiddie/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">theservitor.com/it-takes-a-vil</span><span class="invisible">lage-r-to-raise-a-dark-gpt-wielding-script-kiddie/</span></a></p><p><a href="https://sigmoid.social/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AI</span></a> <a href="https://sigmoid.social/tags/LLM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LLM</span></a> <a href="https://sigmoid.social/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://sigmoid.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://sigmoid.social/tags/hacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hacking</span></a> <a href="https://sigmoid.social/tags/Python" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Python</span></a></p>
Neil Craig<p>One of the "joys" for my team at work is manually reviewing TLS cert requests (yeah, in 2025).<br>Obv we have automated what we can inc. a "check the CSR" script.</p><p>Every single time a request comes in with a SHA1 signature algo, the CSR has been generated on Windows. No exceptions.</p><p>Is SHA1 still the default sig algo on Windows? Seems kind of archaic...</p><p><a href="https://mastodon.social/tags/TLS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TLS</span></a> <a href="https://mastodon.social/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://mastodon.social/tags/Windows" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Windows</span></a></p>
Matthias Schulze<p>Wyden calls on FTC to investigate Microsoft for ‘gross cybersecurity negligence’ in protecting critical infrastructure <a href="https://cyberscoop.com/ron-wyden-ftc-microsoft-default-security-flaws-rc4-kerberoasting-ascension-ransomware/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">cyberscoop.com/ron-wyden-ftc-m</span><span class="invisible">icrosoft-default-security-flaws-rc4-kerberoasting-ascension-ransomware/</span></a> <a href="https://ioc.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://ioc.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a></p>
Dumb Password Rules<p>This dumb password rule is from Craigslist.</p><p>No minimum character limit meaning you can go as low as 5 characters for a password</p><p><a href="https://dumbpasswordrules.com/sites/craigslist/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">dumbpasswordrules.com/sites/cr</span><span class="invisible">aigslist/</span></a></p><p><a href="https://infosec.exchange/tags/password" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>password</span></a> <a href="https://infosec.exchange/tags/passwords" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passwords</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/dumbpasswordrules" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dumbpasswordrules</span></a></p>
Anonymous 🐈️🐾☕🍵🏴🇵🇸 :af:<p>Two fake Python packages just dropped a powerful RAT on Windows.</p><p>“sisaws” & “secmeasure” secretly install SilentSync — capable of stealing browser passwords, files, and screenshots. <a href="https://kolektiva.social/tags/Python" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Python</span></a> <a href="https://kolektiva.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://kolektiva.social/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <br><a href="https://thehackernews.com/2025/09/silentsync-rat-delivered-via-two.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">thehackernews.com/2025/09/sile</span><span class="invisible">ntsync-rat-delivered-via-two.html</span></a></p>
Scott Wilson<p>More about the npm “worm”, from Palo Alto’s Unit 42 threat intelligence team: </p><p>“Assume that any secret present on a developer's machine may have been compromised.”</p><p>That’s a big deal. </p><p><a href="https://infosec.exchange/tags/npm" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>npm</span></a> <a href="https://infosec.exchange/tags/nodejs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>nodejs</span></a> <a href="https://infosec.exchange/tags/SBOM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SBOM</span></a> <a href="https://infosec.exchange/tags/software" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>software</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a></p><p><a href="https://unit42.paloaltonetworks.com/npm-supply-chain-attack/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">unit42.paloaltonetworks.com/np</span><span class="invisible">m-supply-chain-attack/</span></a></p>
Scott Wilson<p>Lots of people are asking why the npm and Node.js thing are so dangerous… </p><p>There are “over 3.1 million packages are available in the main npm registry”, and there’s no mechanism to review or approve the packages. 🤔</p><p><a href="https://infosec.exchange/tags/javascript" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>javascript</span></a> <a href="https://infosec.exchange/tags/nodejs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>nodejs</span></a> <a href="https://infosec.exchange/tags/npm" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>npm</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/software" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>software</span></a> <a href="https://infosec.exchange/tags/SBOM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SBOM</span></a></p>
BeyondMachines :verified:<p>Google releases Chrome emergency update; patches four vulnerabilities, one actively exploited</p><p>Google released an emergency Chrome update on September 17, 2025, patching four high-severity vulnerabilities including an actively exploited zero-day (CVE-2025-10585) in the V8 JavaScript engine that enables arbitrary code execution through malicious websites.</p><p>**Once again - an urgent patch for Chrome - Google is patching an actively exploited flaw in Chrome, and exploitation is just a visit to a malicious site. DONT WAIT! Update all your Chrome and Chromium browsers (Edge, Opera, Brave, Vivaldi...). Updating the browser is easy, all your tabs reopen after the patch.**<br><a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/advisory" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>advisory</span></a> <a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerability</span></a><br><a href="https://beyondmachines.net/event_details/google-releases-chrome-emergency-update-patches-four-bulnerabilities-one-actively-exploited-r-p-2-s-v/gD2P6Ple2L" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">beyondmachines.net/event_detai</span><span class="invisible">ls/google-releases-chrome-emergency-update-patches-four-bulnerabilities-one-actively-exploited-r-p-2-s-v/gD2P6Ple2L</span></a></p>
BeyondMachines :verified:<p>York County Email account breach exposes sensitive personal information</p><p>York County, Pennsylvania disclosed a data breach involving unauthorized access to a county employee email account on September 20, 2024, potentially exposing sensitive information. The investigators could not confirm data was actually stolen.</p><p>****<br><a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/incident" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>incident</span></a> <a href="https://infosec.exchange/tags/databreach" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>databreach</span></a><br><a href="https://beyondmachines.net/event_details/york-county-email-account-breach-exposes-sensitive-personal-information-l-b-p-7-g/gD2P6Ple2L" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">beyondmachines.net/event_detai</span><span class="invisible">ls/york-county-email-account-breach-exposes-sensitive-personal-information-l-b-p-7-g/gD2P6Ple2L</span></a></p>
✴️ Łącze 🔻<p>𝐀𝐜𝐜𝐫𝐞𝐬𝐜𝐞𝐧𝐭 is a novel Android app store focused on security, privacy, and usability. We’ve been building Accrescent since 2021 to improve the security and freedom of everyday Android users by providing an alternative to Google Play which doesn’t compromise on technical excellence and protecting our users. Aligned with this mission, over 42,000 people worldwide trust Accrescent to deliver their apps safely. Now, we need your help to continue.<br><br>Accrescent has always been free to use because we believe security shouldn’t have to come at a price. We also understand we’re trusted by our users to secure a sensitive and significant portion of their lives — the apps they use — so we’ve built Accrescent transparently, making our code open source so others can run and inspect it as they please.<br><br>From the beginning, we’ve been funded purely by donations from generous users who want to sponsor Accrescent’s development and ensure its long-term viability. This approach has so far been successful; incoming donations completely cover Accrescent’s server costs while I (Accrescent’s lead developer) work on Accrescent in my spare time (usually out of my own pocket). However, this model cannot sustain forever: 𝐢𝐧 𝟑 𝐦𝐨𝐧𝐭𝐡𝐬, 𝐰𝐞 𝐰𝐢𝐥𝐥 𝐧𝐨 𝐥𝐨𝐧𝐠𝐞𝐫 𝐡𝐚𝐯𝐞 𝐞𝐧𝐨𝐮𝐠𝐡 𝐫𝐞𝐬𝐨𝐮𝐫𝐜𝐞𝐬 𝐭𝐨 𝐜𝐨𝐧𝐭𝐢𝐧𝐮𝐞 𝐨𝐧𝐠𝐨𝐢𝐧𝐠 𝐟𝐞𝐚𝐭𝐮𝐫𝐞 𝐝𝐞𝐯𝐞𝐥𝐨𝐩𝐦𝐞𝐧𝐭 𝐰𝐢𝐭𝐡𝐨𝐮𝐭 𝐚𝐝𝐝𝐢𝐭𝐢𝐨𝐧𝐚𝐥 𝐟𝐮𝐧𝐝𝐢𝐧𝐠. 𝖡𝗎𝗍 𝗍𝗁𝖾𝗋𝖾 𝗂𝗌 𝖺 𝗐𝖺𝗒 𝖿𝗈𝗋𝗐𝖺𝗋𝖽...<a href="https://blog.accrescent.app/posts/the-future-of-accrescent/#where-were-at" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blog.accrescent.app/posts/the-</span><span class="invisible">future-of-accrescent/#where-were-at</span></a></p><p>_____<br><a href="https://hear-me.social/tags/opensource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>opensource</span></a> <a href="https://hear-me.social/tags/freesoftware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>freesoftware</span></a> <a href="https://hear-me.social/tags/android" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>android</span></a> <a href="https://hear-me.social/tags/grapheneos" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>grapheneos</span></a> <a href="https://hear-me.social/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://hear-me.social/tags/linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>linux</span></a> <a href="https://hear-me.social/tags/apps" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>apps</span></a> <a href="https://hear-me.social/tags/Google" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Google</span></a> <a href="https://hear-me.social/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>privacy</span></a> <a href="https://hear-me.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://hear-me.social/tags/monero" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>monero</span></a> <a href="https://hear-me.social/tags/donate" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>donate</span></a> <a href="https://hear-me.social/tags/ethereum" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ethereum</span></a> <a href="https://hear-me.social/tags/bitcoin" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bitcoin</span></a> <a href="https://hear-me.social/tags/crypto" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>crypto</span></a> <a href="https://hear-me.social/tags/money" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>money</span></a> <a href="https://hear-me.social/tags/fdroid" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fdroid</span></a> <a href="https://hear-me.social/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Security</span></a> <a href="https://hear-me.social/tags/internet" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>internet</span></a></p>
BeyondMachines :verified:<p>WatchGuard Firebox vulnerability allows remote code execution</p><p>WatchGuard Technologies patched a critical unauthenticated remote code execution vulnerability (CVE-2025-9242) in its Firebox firewall appliances that allows attackers to compromise systems by sending crafted data to the IKE protocol handler used for VPN connections. The flaw affects multiple Firebox models running various Fireware OS versions.</p><p>**If you're using WatchGuard Firebox firewalls, immediately upgrade to the latest patched versions (2025.1.1, 12.11.4, or appropriate version for your model) because your firewall has a vulnerability that can be attacked remotely. Isolating doesn't really help since these devices are designed to face the internet. If you're running unsupported 11.x versions, either migrate to supported firmware immediately or shut down these devices since no patches are available.**<br><a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/advisory" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>advisory</span></a> <a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerability</span></a><br><a href="https://beyondmachines.net/event_details/watchguard-firebox-vulnerability-allows-remote-code-execution-2-e-5-s-k/gD2P6Ple2L" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">beyondmachines.net/event_detai</span><span class="invisible">ls/watchguard-firebox-vulnerability-allows-remote-code-execution-2-e-5-s-k/gD2P6Ple2L</span></a></p>
abadidea<p>To be frank, I’ve become extremely frustrated since the acquisition because now the environment combines the worst aspects of a make-it-up-as-you-go small company with the worst aspects of a faceless corporate overlord. I love my coworkers, I don’t love the general approach to projects and customers. </p><p>I live in the Netherlands, I have a skilled worker visa as well as a Dutch marriage, I’m transitioning to citizenship in a year. I need a primarily WFH job but I can hybrid in Amsterdam. I have broad general infosec skills, with the most experience in C source code review but I am familiar with reverse engineering and interested in threat intel. I can provide unlimited access to Mastodon’s most popular dog for morale. <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/FediHire" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FediHire</span></a> <a href="https://infosec.exchange/tags/jobs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>jobs</span></a> <a href="https://infosec.exchange/tags/jobsearch" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>jobsearch</span></a></p>
BeyondMachines :verified:<p>SonicWall MySonicWall platform breached, firewall config files exposed</p><p>SonicWall disclosed a data breach of its MySonicWall cloud platform caused by coordinated brute-force attacks that exposed sensitive firewall configuration files containing network topology, VPN credentials, API keys, and security rules from multiple organizations.</p><p>**If you're using SonicWall firewalls with MySonicWall cloud backup, log into your MySonicWall account to check if your devices are flagged as affected. If yes, reset all passwords, API keys, and shared secrets in your firewall configurations. You'll also need to update credentials with all external services that use the compromised data, like your ISP, Dynamic DNS providers, email providers, VPN peers, and LDAP/RADIUS servers.**<br><a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/incident" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>incident</span></a> <a href="https://infosec.exchange/tags/ransomware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ransomware</span></a><br><a href="https://beyondmachines.net/event_details/sonicwall-mysonicwall-platform-breached-firewall-config-files-exposed-w-p-x-o-r/gD2P6Ple2L" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">beyondmachines.net/event_detai</span><span class="invisible">ls/sonicwall-mysonicwall-platform-breached-firewall-config-files-exposed-w-p-x-o-r/gD2P6Ple2L</span></a></p>
Blue Ghost<p>CryptPad will not support post-quantum cryptography in the near future.</p><p>Source: <a href="https://blog.cryptpad.org/2025/09/05/status-2025-08" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blog.cryptpad.org/2025/09/05/s</span><span class="invisible">tatus-2025-08</span></a></p><p><a href="https://mastodon.online/tags/CryptPad" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CryptPad</span></a> <a href="https://mastodon.online/tags/PQC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PQC</span></a> <a href="https://mastodon.online/tags/Encryption" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Encryption</span></a> <a href="https://mastodon.online/tags/Privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Privacy</span></a> <a href="https://mastodon.online/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://mastodon.online/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://mastodon.online/tags/FreeSoftware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FreeSoftware</span></a> <a href="https://mastodon.online/tags/OpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSource</span></a> <a href="https://mastodon.online/tags/FOSS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FOSS</span></a> <a href="https://mastodon.online/tags/E2EE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>E2EE</span></a> <a href="https://mastodon.online/tags/PostQuantum" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PostQuantum</span></a></p>
Matthias Schulze<p>Beijing went to 'EggStreme' lengths to attack Philippines military, researchers say <a href="https://go.theregister.com/feed/www.theregister.com/2025/09/11/eggstreme_malware_china_philippines/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">go.theregister.com/feed/www.th</span><span class="invisible">eregister.com/2025/09/11/eggstreme_malware_china_philippines/</span></a> <a href="https://ioc.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://ioc.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a></p>
TrendingLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload