I’ll See You at @hopeconf - Hackers on Planet Earth 2025 Aug 15, 16, 17
Tickets are still available! 👉 https://hope.net
#HOPE2025 is an incredible gathering of people who care about #cybersecurity, #privacy and free speech online.
VexTrio's origins come from two distinct groups: an Italian group we can date back to 2004 and a Russian-speaking Eastern European group. The Italians were quite successful early on, with a dating app that was among the fastest growing on Facebook in 2012. But our guess is that their profits slid in the years that followed. In 2020, there is an merger-acquisition which leaves the Eastern Europeans in charge. They gain the trademarks, knowledge in spam distribution, and who knows what else.
While developers remain in eastern Europe, VexTrio created business headquarters in Lugano, Switzerland. Including the existing AdsPro, which developed the Los Pollos, Taco Loco, and Adtrafico traffic distribution systems (TDS) through their software company HolaCode. (ok it's more complicated than that, but this is the cliffsnotes version). We have identified nearly 100 businesses associated with 8 key figures in many industries, including construction, energy, and advertising.
So in the end, what is VexTrio? It's hard to say. We originally used it to refer to the TDS. Nice clean lines... but now, for us it is all the people and their labyrinth of companies.
We spoke at BlackHat last week so if you have a briefings pass you can listen to that. Otherwise, find our research online and start your own investigation.
#dns #threatintel #scam #cybercrime #vextrio #infoblox #cybersecurity #infosec #malware #tds
🤖 Most people still treat AI chatbots like a private confessional, but they aren’t. 😳 Every question is logged, stored, and potentially discoverable, sometimes even after you’ve deleted it. OpenAI, Google, and Anthropic all retain user prompts by default, often under the guise of “memory” or “service improvement.”
And here’s the kicker: a federal court order now forces OpenAI to preserve all ChatGPT conversations, including “Temporary” ones users assumed were erased. So the notion of ephemeral chats is gone. That should change how people think about what they type into these systems.
The bigger issue is that the line between “helpful personalization” and “permanent surveillance record” is blurring fast. What looks convenient today could look like an exposure tomorrow.
TL;DR
⚠️ AI queries are logged
🔐 Deleted chats still saved
🧠 “Memory” is default setting
📂 Court orders enforce retention
https://www.theregister.com/2025/08/18/opinion_column_ai_surveillance/
#AI #Privacy #DataSecurity #Surveillance #FRCP #EDRM #security #privacy #cloud #infosec #cybersecurity #LegalHold
Come join us at the Open Security Conference!
🗓️ Dates: 2025, October 2-5
📍 Location: Rückersbach, close to Frankfurt am Main, Germany
🌐 Website: https://opensecurityconference.org/
❓ FAQ: https://opensecurityconference.org/faq/
➡️ Register: https://register.opensecurityconference.org/
#osco #osco25 #CyberSecurity #Security #InfoSec #AppSec #ProductSecurity #OTsecurity #OpenSpace [lisi]
Our devotion to privacy and security has led to these two noticeable features in iOS:
1. Permission prompt to access the clipboard (iOS 14)
2. Option to disable downloading icons in Passwords (iOS 26)
We have contributed to several bug fixes under the hood, but these two features are special because they surface in the UI. We are very proud that millions of users see the result of our work on their devices.
#Apple #privacy #security #infosec #cybersecurity
1/4
...🧵
Security researchers from Palo Alto Networks' Unit 42 have discovered the key to getting large language model (LLM) chatbots to ignore their guardrails, and it's quite simple.
You just have to ensure that your prompt uses terrible grammar and is one massive run-on sentence like this one which includes all the information before any full stop which would give the guardrails a chance to kick in before the jailbreak can take effect and guide the model into providing a "toxic" or otherwise verboten response the developers had hoped would be filtered out.
https://www.theregister.com/2025/08/26/breaking_llms_for_fun/
I’m excited to share my latest article, published in Forbes: Deepfakes And Social Engineering: A Growing Threat To Everyone.
This piece is personal to me because I’ve seen how quickly deepfake technology is moving from novelty to real-world attacks. It’s not just companies at risk—families are being targeted with AI-cloned voices and fake video calls.
In the article, I break down the real cases we’re seeing, why multifactor authentication (MFA) is essential, and what both organizations and individuals like you and me can do to protect ourselves.
In the piece, I cover:
🔍 Real-world scams driven by AI voice and video
🔐 Why multifactor authentication (MFA) is essential
📱 How both organizations and families can verify smarter
🧠 The mindset shift from trusting appearances to verifying identities
Deepfakes aren’t a future problem. They’re here. And the time to prepare is now.
https://www.forbes.com/councils/forbestechcouncil/2025/08/25/deepfakes-and-social-engineering-a-growing-threat-to-everyone/
#Forbes #cybersecurity #deepfakes #MFA #security #privacy #cloud #infosec #AI #leadership
@forbes @Forbes@newsie.social @forbestechcncl
Ukraine says it hacked Russia's Ministry of Defense
https://t.me/DIUkraine/3545 #infosec #cybersecurity #security
Hello Fediverse! I’m @cyberseckyle 👋
Formerly @beardedtechguy. Same human, new handle that fits the work I live and breathe. I’m still very much a tech guy and the beard is staying 🧔♂️💻
What to expect here: practical security tips, MSP life behind the scenes, blue-team playbooks, lab tinkering, tool breakdowns, and no FUD. If you like clear, actionable posts with a little humor, you’re in the right place.
Let’s swap ideas and make the internet a little less weird and a lot more secure. 🛡️
#Cybersecurity #InfoSec
Google Authenticator still syncs two-factor authentication secrets without E2EE. If you enable cloud syncing, this means:
1️⃣ Google can read the secrets and generate one-time passwords for your accounts
2️⃣ Google knows the services you use
3️⃣ #Google knows your usernames
4️⃣ Given a court order, Google is obliged to hand over this data to law enforcement
#Privacy #privacymatters #CyberSecurity #infosec
https://defcon.social/@mysk/110262313275622023
Texas hack may be first disruption of U.S. water system by Russia
Via @nakashimae Ellen Nakashima
#CyberCivilDefense #cybersecurity
https://wapo.st/4aSNeLq
some people were saying #linux is insecure, even less than Windows
where do these claims come from? are they true? what can we users do? #security #cybersecurity
Coming to #RSAC? Please join us at the Cyber Nonprofits Reception Tuesday, May 7th 6PM-7:30PM to chat with us and others on the role nonprofits play in making the Internet more secure for everyone. All are welcome! #RSAC2024 #cybersecurity
A hacker group has claimed responsibility for a cyberattack that targeted auction house Christie’s earlier this month.
The attack took place just before the start of its high-profile spring sales event involving more than $850 million worth of art. Online bidding was suspended, but the group claims it has accessed sensitive information about wealthy art collectors around the world, and is threatening to release it unless “an agreement” is reached. Digital Trends has more.
We need deeper public-private partnerships & more investment to make #infrastructure more resilient. Join @AspenDigital 6/10, 11-12 ET, for "Managing Your Worst Digital Day" to hear from @cdurkovich, @vishaal_h, @pueshkumar & @philvenables: https://www.aspendigital.org/event/managing-your-worst-digital-day/ #cybersecurity
This is very much for real!
NEW: Details of people's therapy sessions—including reports, video and audio recordings—have been exposed by a healthcare company.
These included people mentioning sexual abuse and highly sensitive subjects. The exposed database has now been closed down
https://www.wired.com/story/confidant-health-therapy-records-database-exposure/ #cybersecurity #privacy #news #technology
We need to protect water supplies and other vulnerable infrastructure from cyber security related attacks
Memory safety problems are a huge #cybersecurity problem for the Internet, but it doesn’t have to be.
Make a transition to memory safety part of your #CyberCivilDefense plan.
Read about orgs doing that today: https://www.memorysafety.org/blog/rustls-adoption-grows/
Some news...I’ll be spending $100M to make us safer online and to protect our infrastructure, like water and power supplies.
A big part will be a PSA campaign - online and in old-fashioned ways. We all got a role to play, like everyone did in WW2, including my Dad and Mom.
I’ll start by putting my money where my mouth is. Folks can check it out here: https://pausetake9.org.
#CyberCivilDefense #cybersecurity
It's time for a re- #introduction since this instance has changed a lot since being launched.
This instance was set up for testing and playing with Internationalized Domain Names. That experiment has mostly been a success and I've now migrated away from my once-main instance.
I'm a former software developer of over 20 years, working primarily in #opensource and #telephony. I now do #cybersecurity as a profession, after starting to do cybersecurity research as a hobby about a year ago.
In the last year, I've found and disclosed several dozen #vulnerabilities in #govtech platforms like #court and #voter registration systems, which have gotten a not insignificant amount of press coverage. Those disclosures can all be seen at https://govtech.cc
Beyond my #infosec postings, you'll typically find nonsense that I find funny; sometimes I might even say stuff that other people find amusing.
I once self-published a book that I've never read called The Consequences of Being Right (ISBN 979-8880045068). It was entirely written by ChatGPT and was published because I thought it was stupid and funny. Miraculously, I've managed to sell two copies, neither of which have been returned.
I'm #ActuallyAutistic and #ADHD, which is sometimes apparent.
All of my other links and socials can be found at https://linktr.ee/northantara
Collaborations between @hackclub and @girlswhocode leads to more opportunities for young women, in technology areas including
#CyberCivilDefense #cybersecurity like Reem featured here
https://www.instagram.com/reel/DBPKpcMSZY-/?igsh=bzhocWkxbDVjcTgy
pausetake9.org
The New Oil is not slowing down in 2025, and you can help us keep going!
Our team at @censys has studied Internet exposure of #ICS for the better part of a year, learning more about the products, protocols, and nuances of this space.
Today I'm excited to share our third annual ✨State of the Internet Report detailing what we've learned! A few highlights:
🛜 Most ICS protocols and HMIs we've observed run on 5G/LTE (e.g., Verizon) or SOHO/business-grade ISPs (e.g., Comcast). We initially observed this in the U.S. and in this most recent research found that it's a global phenomenon. This surprised me initially, but industrial devices often need to run in places where a wired connection might not be available. While great for connectivity, use of such networks makes it often impossible to determine who owns or operates a given service, as the host metadata points back to the telco itself.
💧 Analysis of over 200 C-More human-machine interfaces (HMIs) revealed over a third appear to be related to water and wastewater systems (WWS). WWS has seen increased targeting over the last ~year, and these exposures suggest still more work is needed to adequately protect and defend this sector.
⛔️ We found nearly 200 hosts globally running HMIs alongside products banned by U.S. NDAA Section 889. While this act applies only to a specific set of operators within the U.S. federal government, it's interesting to note what technologies operators implement alongside potentially critical services.
You can find a copy of the report with all the details here! 👇
