1.CodeBreakers emerges, hacking Sepah bank. 2.They demand $42M for ransom, 3. Release the most valuable chunks of records for free, while hardly pushing sponsored PR! 4.They disappear and the tg. group is gone 5.Predatory Sparrows drops in and nuke the Sepah bank. 2+2=3.14?

Predatory Sparrow’s past cyber attacks on Iranian steel plants and gas stations have demonstrated tangible effects in Iran. Disrupting the availability of this bank’s funds, or triggering a broader collapse of trust in Iranian banks, could have major impacts there.

MeteorExpress (aka Predatory Sparrow, Gonjeshke Darande, Adelat Ali, Indra, CodeBreakers, etc) represents the most significant effort at cyber signaling and force projection in nearly a decade. #NoRegerts sentinelone.com/labs/meteorexp…

🚨NEW REPORT: exposing a new hacking tactic. 🇷🇺Russian state-backed hackers used an App-Specific Password attack against prominent Russia expert Keir Giles & others. It's like they know what we all expect from them...and then did the opposite 1/ By us The Citizen Lab & @google's

New The DFIR Report Hide Your RDP: Password Spray Leads to RansomHub Deployment thedfirreport.com/2025/06/30/hid…

Dudes... please enable Detailed File Share auditing in your environment. All these attackers who switched over to the Impacket suite still run the default configs and it takes like 2 seconds to find them.

Russia’s military intelligence agency (GRU) is targeting Western logistics and technology companies, the US Department of Defense warned in May. cepa.org/article/russia… CEPA

Mandiant has observed an increasing number of attacks targeting VMware vSphere in recent years, notably for deploying ransomware. Dive deep into what specifically is fueling this trend and get actionable guidance to defend your VMware vSphere estate in our latest blog posts. 👇

Two yrs ago when researchers found backdoor in encryption algo used to secure radio comms for police/military/intel agencies, the org behind algo told users to deploy end-to-end encryption on top of it. Now researchers found security prob with the E2E too wired.com/story/encrypti…

Microsoft isn’t disclosing this so: M365 Copilot allowed users to access files without producing an audit log. All you had to do was ask Copilot to not link to the file. You don’t even have to ask; it sometimes just happens. If your org uses Copilot your audit log is likely wrong

Right now, the media is hyping up a story that a SECRET HACKER FIRMWARE FOR FLIPPER ZERO HAS APPEARED ON THE DARKNET THAT CAN HACK ANY CAR!!!11 WE’RE ALL IN DANGER. Let’s break it down and see if that’s actually true (spoiler: it’s not): blog.flipper.net/can-flipper-ze…

*turns on loudspeaker at 5,000 person venue* "Hey Meta, text my ex and say I miss her"

The vast majority of hacking is just credentials. There are four basic ways to get creds: STAB Steal: using malware, etc. Try: brute force, guessing, etc. Ask: social engineering, etc. Buy: infostealer logs, etc. Steal. Try. Ask. Buy. A collab with mRr3b00t

Let me explain where this incredible vulnerability in Notepad++ comes from... my blog post from 3w ago. The problem is there's no vuln. I described this as sneaky init access. You might as well do binary patching of any PE file in the world. #infosec print3m.github.io/blog/dll-sidel…

GRU's Spy Airbnb: check out our latest video investigation into Unit 29155, and the "Czech" spy couple they used to help them plant explosives in weapons depots. youtu.be/tRqcJV0Z55c?si…

At NCSC UK we have just released guidance on using Privileged Access Workstations (PAWs) in Operational Technology (OT) environments.. ncsc.gov.uk/collection/ope…

This is simply an amazing talk. Except the subject itself and the REALLY GOOD explanations, Some really interesting research and detection methods hide in this post. BTW, I used the same methods in some of my researches lately, and found similar insights. knowing I'm in the

A new wiper attack has been identified by ClearSky Cyber Security affecting Ukraine. We named this wiper "GamaWiper" (VBS-based wiper). The intrusion chain begins with the exploitation of a vulnerable WinRAR version (CVE-2025-80880). We assess with moderate confidence that this

DOJ confirms our earlier assessment of ties between hacktivist front Cyber Army of Russia Reborn (CARR) and Russia’s military intelligence service, the GRU. CARR carried out cyberattacks on US and European critical infrastructure but hid behind this false persona.

US charges and extradites 33-year-old Ukrainian woman for her alleged role in pro-Russia hacking group that caused spillage at a Texas water plant and an ammonia leak at a meat processing plant in LA. cnn.com/2025/12/10/pol…