🚨 DPRK 🇰🇵 campaign against security researchers - new from Google TAGs Maddie Stone clem1 Adam on new 0day ITW and potential infection through a tool aimed at helping the research community. as wu said protect ya neck kids 🦇 blog.google/threat-analysi…

Great thread from Bill (and Kaspersky) about the realities of capturing a modern day exploit chain.

Microsoft has discovered exploitation of a 0-day vulnerability in the SysAid IT support software in limited attacks by Lace Tempest, a threat actor that distributes Clop ransomware. Microsoft notified SysAid about the issue (CVE-2023-47246), which they immediately patched.

Would you realise if java.exe spawning something dodgy was a 0-day? OG and team did, patch your on-prem SysAid instances

Be prepared to lose your kernel pointers! Windows will soon start restricting KASLR leaks to non-admins: windows-internals.com/kaslr-leaks-re… (mentioned this here before but figured it's worth a blog post)

I have nothing technical to add so I made a meme instead (1/2)

Are you a bit of a cyber whiz? Do you like putting shrimp on the barbie? If so, MSTIC are hiring!

Announcing the latest report from Threat Analysis Group documents the rise of commercial surveillance vendors and the industry that threatens free speech, the free press and the open internet blog.google/threat-analysi… Some highlights below. 🧵

1/11 Today, we’re releasing details of a small but interesting mobile #vulnerability called MMS Fingerprint, reportedly used by #NSOGroup. How this might work, and how we found it, is a bit unusual. enea.com/insights/dusti… Enea AB Joseph Cox Ryan Gallagher Catalin Cimpanu Lorenzo Franceschi-Bicchierai

🚨NEW - iSoon & the Chinese cyber mercenary ecosystem 🚨 Going back to my roots with some good old fashioned China cyber analysis Margin Research. How is iSoon related to cyber mercenaries, and the Chinese offensive ecosystem? 🧵/ 5 findings: margin.re/2024/02/same-s…

Great read on 0-days I hadn't seen shared before. Lots of good references as well. Maybe a tad too much emphasis on the US Vuln Equities Process for a paper on spyware, I'm not convinced the US VEP affects the spyware or 0-day markets hugely, nor could it even with changes.

#ESETresearch has analyzed a single-click exploit for WPS Office for Windows being used in the wild by threat actor #APT-C-60. Analysis of the vendor’s silently released patch led to the discovery of another #vulnerability. 1/8 welivesecurity.com/en/eset-resear…

Great blog from TAG on Russian ops being enabled by private sector offensive actor(s).

For 5 years, Sophos has been engaged in defensive and counter-offensive operations against China-based #NationState adversaries targeting perimeter devices like #firewalls for surveillance and sabotage.

Whoa: NSO Group allegedly rolled a WhatsApp exploit to implant #Pegasus spyware even after WhatsApp sued them. This previously-unrevealed "Erised" vector was later disabled by #WhatsApp. These un-redacted filings are quite the read. Even some footnotes have scoops. 1/

🚨 BREAKING: Amnesty’s latest report on digital surveillance in Serbia: new *NoviSpy* spyware discovered; zero days identified and patched; and first evidence showing use of Cellebrite UFED forensic products to unlock phones to then infect with spyware. 🧵

Security Advisory: Ivanti Connect Secure, Policy Secure & ZTA Gateways 1️⃣ CVE-2025-0282 CVSS 9.0 (Critical) ⚠️ Exploited in-the-wild A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons

🚨 UPDATE YOUR DEVICES 🚨: Amnesty International uncovers sophisticated zero-day exploit affecting billions of Android devices. Cellebrite's Linux USB exploit was used to unlock the phone of a Serbian youth activist, targeted in December 2024 **after** previous reports abuses

🚨NEW REPORT: first forensic confirmation of #Paragon mercenary spyware infections in #Italy... Known targets: Activists & journalists. We also found deployments around the world. Including ...Canada? And a lot more... Thread on our The Citizen Lab investigation 1/

Microsoft has discovered post-compromise exploitation of CVE 2025-29824, a zero-day elevation of privilege vulnerability in Windows Common Log File System (CLFS), against a small number of targets. msft.it/6019qIVV9