this part is brutal.

Tea App, the recent trending app which allowed women to anonymously rate or discuss men, has been compromised. The application stored photos and identification in a public facing firebase storage bucket It's all going down on 4chan (as is tradition).

Update 6: We’ve been working with Mandiant (part of Google Cloud) to perform a comprehensive investigation of the incident. Their deep expertise in cybersecurity and Google Cloud infrastructure makes them the ideal partner as we work to protect performance and security for our traders.

The 12th Annual Flare-On Challenge kicks off Sept 26 at 8PM EST! Reverse engineering pros, from Windows to Web3 (with a YARA twist), it's your time to shine. 🏆 Get ready → bit.ly/4ofb5g8 #FlareOn12

BleepingComputer has learned that a wave of data breaches impacting companies like Qantas, Allianz Life, LVMH, and Adidas has been linked to the ShinyHunters extortion group. The threat actors have been using voice phishing attacks to steal data from Salesforce CRM instances.

Something interesting happened. The United Kingdom Ministry of Justice (UK MoJ) e-mailed UNC6040 (ShinyHunters and/or UNC3944), the individual(s) believed to be responsible for the compromise(s) of Salesforce, United Kingdom Legal Aid Agency, PowerSchool, Oracle Cloud, and

UNC3944 is deploying ransomware directly from VMware hypervisors, bypassing traditional defenses. Here’s an expert-led webinar that breaks down their tactics and how to defend against them. 🔗 goo.gle/3H8lucK

🚨New Telegram Group Linked to “Scattered Spider” Sparks Data Leak Chaos Targeting Luxury Brands and Governments A new Telegram group claiming ties to “Scattered Spider” has surfaced, stirring up a storm by mixing the tactics of Scattered Spider, LAPSUS$, and ShinyHunters.

It used to be good operations security to not draw the full attention of your opponent. Be uninteresting and take advantage of the reality that everyone has tradeoffs and competing priorities. Certainly, summoning the full weight of your opponent is seen as a really fucking

It's always difficult to explain to victims why their EDR didn't stop ransomware from detonating. Most frustrating is when they're just sure "tamper protection" would stop a kernel mode EDR killer. theregister.com/2025/08/14/edr…

🚨 Final reminder that RooCon25 CFP closes August 22, 2025! 🎟️ Details on guest registration is coming next week so stay tuned for updates! 🦘 🔗 Submit Your RooCon25 Talk at: rsvp.withgoogle.com/events/roocon2…

This is an interesting case study because it concretely shows that you have to go further than allowlisting known/trusted executables, they also need runtime memory integrity protection/guarantees: cloud.google.com/blog/topics/th… Ideally, page-level integrity like iOS in your vm impl.

I'm impressed they went from C -> PHP/JS for an implant

New Mandiant (part of Google Cloud) research: Financially motivated actor #UNC5518 is using ClickFix (fake CAPTCHA) lures on compromised websites to provide initial access-as-a-service. This access is leveraged by partner group #UNC5774 to deploy the CORNFLAKE.V3 backdoor. cloud.google.com/blog/topics/th…

It seems like there is not enough of a policy response to the fact that, with 57M miles of data, Waymo’s autonomous vehicles experience 85% less serious injuries & 79% less injuries overall than cars with human drivers. 2.4 million are injured & 40k killed in US accidents a year

New GTIG blog just dropped! 🥸🇨🇳🌐💼 ”Deception in Depth: PRC-Nexus Espionage Campaign Hijacks Web Traffic to Target Diplomats"! We're analyzing an operation that has it all; AitM, social engineering, signed malware, and more! Get the full breakdown here: cloud.google.com/blog/topics/th…

it's interesting to see how far the investment in loaders will go to protect expensive/custom backdoors 🐼🪆

An actor we are tracking as UNC6395 is targeting Salesforce customer instances through compromised OAuth tokens associated with the Salesloft Drift third-party application. This is ongoing and widespread. cloud.google.com/blog/topics/th…