You all are misreading the MITRE CVE situation. MITRE ran out of numbers and was not prepared to move to CVEv6.

Fraudsters have now started using EPC QR codes in fake invoices that can be opened by many banking apps. These codes already contain all the necessary transfer information for the app to start a simple transfer action for the victim. (1/3)

10x engineers really do exist You simply hire a single engineer and it’s actually 10 North Koreans

Normies on Twitter dot com arguing about if you need a VPN because “https” Meanwhile, your home network is behind an unpatched router with no firewall And never mind all the unpatched IoT on your flat home network and lack of any EDR for everything exposed to the internet

🚨 Europol and Microsoft have come together to disrupt Lumma Stealer — the world’s largest infostealer. Together with partners, we’ve cut off cybercriminals from over 394 000 infected devices and seized 1,300+ domains. Read more ⤵️ europol.europa.eu/media-press/ne…

LummaC2 / Lumma Stealer takedown 👊: "Microsoft identified over 394,000 Windows computers globally infected by the Luma malware. Working with law enforcement and industry partners, we have severed communications between the malicious tool and victims. Moreover, more than 1,300

Preparing some Popcorn for the next announcement (in 6h): operation-endgame.com

CIA secret backdoors confirmed

How the IR team is viewed at any given company.

💥 Ransomware kill chain broken – Operation Endgame strikes again 🔸 300 servers taken down 🔸 650 domains neutralised 🔸 €3.5M crypto seized 🔸 20 international arrest warrants Europol & partners deliver another blow to global cybercrime. More ⤵️ europol.europa.eu/media-press/ne…

So CIA does have a backdoor?

❣️

things that bother me about working in cybersecurity (in no specific order): - glorified burn out culture - the toxic mindset of “if you’re not spending your free time studying up on cyber, you aren’t working hard enough” - the toxic mindset of “i had to spend 5 years working on

I often am asked for pointers on building a VM for malware analysis. I wrote a 40+ page chapter on this in my book Evasive Malware. You can download this chapter from the book on my blog for free here: evasivemalware.com/EvasiveMalware… Thanks No Starch Press for allowing me to give it away 🤓

Wondering if a code-signing certificate has been reported? See it in one of your favorite tools: Cert Central's blocklist is now appears in MalwareBazaar! We've reported ~300 certs so far this year; it is on pace for a record. Keep an eye out and keep uploading. :)

It's tough being a mom.

🚨 ALERT: Cybercriminals are sending out fake Telekom invoices via phishing emails to deliver multiple malicious RAT payloads. The activity originates from an attack cluster tracked by Telekom Security under the name "Rodent Weed". 🧵1/6

My regular reminder whenever a vendor discloses a 0-day on an edge device: Patching it doesn’t fix the breach that already happened. If it was exposed for months, patching it is like changing the front door lock while the burglars are already in your living room.

Today I had a surprise video debate at an AI company apparently in a conference hall. Asked why I for decades said The Keepers Of The Status Quo at Wikipedia is really bad training to reach AGI. I played this James Burke video. It silenced the room!

We're bringing progress and ambition back to Europe: Spectrum’s stages for Flight 2 have arrived at our launch pad at Andøya Space , gearing up for pre-flight testing.