I’ll See You at @hopeconf - Hackers on Planet Earth 2025 Aug 15, 16, 17
Tickets are still available! 👉 https://hope.net
#HOPE2025 is an incredible gathering of people who care about #cybersecurity, #privacy and free speech online.
VexTrio's origins come from two distinct groups: an Italian group we can date back to 2004 and a Russian-speaking Eastern European group. The Italians were quite successful early on, with a dating app that was among the fastest growing on Facebook in 2012. But our guess is that their profits slid in the years that followed. In 2020, there is an merger-acquisition which leaves the Eastern Europeans in charge. They gain the trademarks, knowledge in spam distribution, and who knows what else.
While developers remain in eastern Europe, VexTrio created business headquarters in Lugano, Switzerland. Including the existing AdsPro, which developed the Los Pollos, Taco Loco, and Adtrafico traffic distribution systems (TDS) through their software company HolaCode. (ok it's more complicated than that, but this is the cliffsnotes version). We have identified nearly 100 businesses associated with 8 key figures in many industries, including construction, energy, and advertising.
So in the end, what is VexTrio? It's hard to say. We originally used it to refer to the TDS. Nice clean lines... but now, for us it is all the people and their labyrinth of companies.
We spoke at BlackHat last week so if you have a briefings pass you can listen to that. Otherwise, find our research online and start your own investigation.
#dns #threatintel #scam #cybercrime #vextrio #infoblox #cybersecurity #infosec #malware #tds
🤖 Most people still treat AI chatbots like a private confessional, but they aren’t. 😳 Every question is logged, stored, and potentially discoverable, sometimes even after you’ve deleted it. OpenAI, Google, and Anthropic all retain user prompts by default, often under the guise of “memory” or “service improvement.”
And here’s the kicker: a federal court order now forces OpenAI to preserve all ChatGPT conversations, including “Temporary” ones users assumed were erased. So the notion of ephemeral chats is gone. That should change how people think about what they type into these systems.
The bigger issue is that the line between “helpful personalization” and “permanent surveillance record” is blurring fast. What looks convenient today could look like an exposure tomorrow.
TL;DR
⚠️ AI queries are logged
🔐 Deleted chats still saved
🧠 “Memory” is default setting
📂 Court orders enforce retention
https://www.theregister.com/2025/08/18/opinion_column_ai_surveillance/
#AI #Privacy #DataSecurity #Surveillance #FRCP #EDRM #security #privacy #cloud #infosec #cybersecurity #LegalHold
Come join us at the Open Security Conference!
🗓️ Dates: 2025, October 2-5
📍 Location: Rückersbach, close to Frankfurt am Main, Germany
🌐 Website: https://opensecurityconference.org/
❓ FAQ: https://opensecurityconference.org/faq/
➡️ Register: https://register.opensecurityconference.org/
#osco #osco25 #CyberSecurity #Security #InfoSec #AppSec #ProductSecurity #OTsecurity #OpenSpace [lisi]
Our devotion to privacy and security has led to these two noticeable features in iOS:
1. Permission prompt to access the clipboard (iOS 14)
2. Option to disable downloading icons in Passwords (iOS 26)
We have contributed to several bug fixes under the hood, but these two features are special because they surface in the UI. We are very proud that millions of users see the result of our work on their devices.
#Apple #privacy #security #infosec #cybersecurity
1/4
...🧵
Security researchers from Palo Alto Networks' Unit 42 have discovered the key to getting large language model (LLM) chatbots to ignore their guardrails, and it's quite simple.
You just have to ensure that your prompt uses terrible grammar and is one massive run-on sentence like this one which includes all the information before any full stop which would give the guardrails a chance to kick in before the jailbreak can take effect and guide the model into providing a "toxic" or otherwise verboten response the developers had hoped would be filtered out.
https://www.theregister.com/2025/08/26/breaking_llms_for_fun/
I’m excited to share my latest article, published in Forbes: Deepfakes And Social Engineering: A Growing Threat To Everyone.
This piece is personal to me because I’ve seen how quickly deepfake technology is moving from novelty to real-world attacks. It’s not just companies at risk—families are being targeted with AI-cloned voices and fake video calls.
In the article, I break down the real cases we’re seeing, why multifactor authentication (MFA) is essential, and what both organizations and individuals like you and me can do to protect ourselves.
In the piece, I cover:
🔍 Real-world scams driven by AI voice and video
🔐 Why multifactor authentication (MFA) is essential
📱 How both organizations and families can verify smarter
🧠 The mindset shift from trusting appearances to verifying identities
Deepfakes aren’t a future problem. They’re here. And the time to prepare is now.
https://www.forbes.com/councils/forbestechcouncil/2025/08/25/deepfakes-and-social-engineering-a-growing-threat-to-everyone/
#Forbes #cybersecurity #deepfakes #MFA #security #privacy #cloud #infosec #AI #leadership
@forbes @Forbes@newsie.social @forbestechcncl
Ukraine says it hacked Russia's Ministry of Defense
https://t.me/DIUkraine/3545 #infosec #cybersecurity #security
Hello Fediverse! I’m @cyberseckyle 👋
Formerly @beardedtechguy. Same human, new handle that fits the work I live and breathe. I’m still very much a tech guy and the beard is staying 🧔♂️💻
What to expect here: practical security tips, MSP life behind the scenes, blue-team playbooks, lab tinkering, tool breakdowns, and no FUD. If you like clear, actionable posts with a little humor, you’re in the right place.
Let’s swap ideas and make the internet a little less weird and a lot more secure. 🛡️
#Cybersecurity #InfoSec
Google Authenticator still syncs two-factor authentication secrets without E2EE. If you enable cloud syncing, this means:
1️⃣ Google can read the secrets and generate one-time passwords for your accounts
2️⃣ Google knows the services you use
3️⃣ #Google knows your usernames
4️⃣ Given a court order, Google is obliged to hand over this data to law enforcement
#Privacy #privacymatters #CyberSecurity #infosec
https://defcon.social/@mysk/110262313275622023
Hackers can steal 2FA codes and private messages from Android phones. The "Pixnapping" attack is a really clever piece of research. It shows that the theoretical wall between apps on your phone isn't as solid as we'd like to believe. By exploiting a GPU side channel, a malicious app with zero permissions can effectively screenshot other apps, one pixel at a time. It's a reminder that security is a stack, and a vulnerability at the hardware level can undermine everything built on top of it.
TL;DR
👾 A new attack called "Pixnapping" can read visual data from other apps on Android devices.
🔑 It exploits a GPU side-channel leak to steal sensitive info like 2FA codes and messages, pixel by pixel.
⚠️ The scary part: the malicious app required for the attack needs zero special permissions to be granted.
🧠 While complex to pull off, this is a serious proof of concept that challenges the core idea of OS app sandboxing.
https://arstechnica.com/security/2025/10/no-fix-yet-for-attack-that-lets-hackers-pluck-2fa-codes-from-android-phones/
#Android #Cybersecurity #SideChannelAttack #2FA #security #privacy #cloud #infosec
Texas hack may be first disruption of U.S. water system by Russia
Via @nakashimae Ellen Nakashima
#CyberCivilDefense #cybersecurity
https://wapo.st/4aSNeLq
some people were saying #linux is insecure, even less than Windows
where do these claims come from? are they true? what can we users do? #security #cybersecurity
Thinking of this classic* @smbccomics during 'Cybersecurity Awareness Month'
*From 2012 (!?)
Coming to #RSAC? Please join us at the Cyber Nonprofits Reception Tuesday, May 7th 6PM-7:30PM to chat with us and others on the role nonprofits play in making the Internet more secure for everyone. All are welcome! #RSAC2024 #cybersecurity
A hacker group has claimed responsibility for a cyberattack that targeted auction house Christie’s earlier this month.
The attack took place just before the start of its high-profile spring sales event involving more than $850 million worth of art. Online bidding was suspended, but the group claims it has accessed sensitive information about wealthy art collectors around the world, and is threatening to release it unless “an agreement” is reached. Digital Trends has more.
Phishing targets LastPass & Bitwarden users with fake breach alerts, pushing malware that installs remote access tools 🔐
LastPass confirms no hack; attackers exploit social engineering and outdated app fears ⚠️
Users should verify alerts on official sites and avoid unsolicited downloads. 🛡️
Syncro MSP platform abused, but not compromised 🤔
#TechNews #Cybersecurity #Phishing #DataSecurity #PasswordManager #Privacy #UserSafety #Infosec #OnlineSecurity #SecurityAwareness
We need deeper public-private partnerships & more investment to make #infrastructure more resilient. Join @AspenDigital 6/10, 11-12 ET, for "Managing Your Worst Digital Day" to hear from @cdurkovich, @vishaal_h, @pueshkumar & @philvenables: https://www.aspendigital.org/event/managing-your-worst-digital-day/ #cybersecurity
This is very much for real!
NEW: Details of people's therapy sessions—including reports, video and audio recordings—have been exposed by a healthcare company.
These included people mentioning sexual abuse and highly sensitive subjects. The exposed database has now been closed down
https://www.wired.com/story/confidant-health-therapy-records-database-exposure/ #cybersecurity #privacy #news #technology
We need to protect water supplies and other vulnerable infrastructure from cyber security related attacks
Memory safety problems are a huge #cybersecurity problem for the Internet, but it doesn’t have to be.
Make a transition to memory safety part of your #CyberCivilDefense plan.
Read about orgs doing that today: https://www.memorysafety.org/blog/rustls-adoption-grows/
