1/ A pro-Hamas persona is making noise from recent airport “hacks”, including broadcast system defacements in 🇨🇦 Kelowna & 🇺🇸 Harrisburg. But digging deeper, their actions remain low-impact and opportunistic. Lets take a deeper look..🧵

👇

DPRK APTs continue to innovate in ways few other state actors do. Their creativity might be malicious, but it’s definitely impressive.

#ElasticSecurityLabs joins forces with Texas A&M System and discloses TOLLBOOTH, an IIS module used for SEO abuse that relies on publicly exposed ASP. NET machine keys: go.es.io/3L68p57

🔥New research release PhantomCaptcha: A short-lived, multi-stage PowerShell + WebSocket RAT operation targeting Ukraine-linked humanitarian & gov entities. Full report: s1.ai/pcapt

🚨 SentinelLaboratories, together with the Digital Security Lab of Ukraine, has uncovered a coordinated spearphishing campaign targeting members of the Red Cross, Norwegian Refugee Council, UNICEF, and other NGOs supporting Ukraine, as well as regional government officials.

If you’re reversing domains or mapping infrastructure - check out Validin. DNS intelligence, WHOIS, certificates, subdomains, host responses - all in one place. Check it out here: validin.com

Tough choices in the new 2025 robot vacuum battle.. 1. US based Matic Robots doing local processing, with stronger security & privacy by design. 2. DJI Romo, uploading your home layout, location, and usage details straight to China and sharing with a few friendly third parties.

Excited for a special episode of the Three Buddy Problem, as Dave Aitel join us to talk about the announcement of OpenAI fabled bug finding security agent 'Aardvark' along with our usual security news roundup. Livestream in ~30m (11:30am ET): youtube.com/watch?v=7IkmOX…

Images of docs listed for sale are alarming, including details of critical information infrastructure in Taiwan.