Azure FrontDoor now has a CAPTCHA https://techcommunity.microsoft.com/blog/azurenetworksecurityblog/general-availability-of-captcha-in-azure-front-door-waf/4464704 image
Avast has released a free decrypter to allow victims of the Midnight ransomware to recover their files without paying the ransom
Decrypted: Midnight Ransomware
Midnight ransomware echoes Babuk’s tactics but stumbles in its code. Gen researchers explain how those mistakes make decryption and recovery poss...
Fifteen individuals are expected to plead guilty this month in Italy to a complex hacking and extortion scheme. The individuals worked for Equalize, an Italian company that hacked government databases to create dossiers on the country's elite
How a hacking gang held Italy’s political elites to ransom  – POLITICO
lol
ChatGPT Atlas stores unencrypted oAuth tokens in SQLite | Pete Johnson posted on the topic | LinkedIn
It appears that ChatGPT Atlas is storing functional, unencrypted oAuth tokens in a SQLite database with 644 file permissions. I am hardly a securi...
Add the ISD to the growing list of orgs (four now) warning us about AI chatbots repeating Russian disinfo... or Russia intentionally poisoning these things... The other three are the American Sunlight Project, NewsGuard, and Open Measures.
ISD
Investigation | Talking Points: When chatbots surface Russian state media
As chatbots rival search engines as the go-to source for information, their vulnerability to state propaganda poses new risks for information integ...
"Out of the multiple vulnerabilities we reported, WSO2 addressed and assigned a CVE identifier to only one: the Siddhi RCE via SOAP administration services (CVE-2025-5717 ). The remaining vulnerabilities were not remediated, and no CVEs were assigned by WSO2" Le sigh...
Attacking WSO2 Products
<p>Uncovering bypasses, RCE, SSRF, CSRF, and account-takeover vulnerabilities in WSO2 products.</p>
Europol has asked governments to work together on measures to prevent caller ID spoofing. International traceback mechanisms are needed to track down and identify the origin of spoofed calls.
Europol
Fake number, real damage: Europol urges action against caller ID spoofing &ndash; Law enforcement highlights growing scams, technical gaps, and the need for harmonised anti-fraud measures | Europol
Europol is calling for a coordinated European response to tackle caller ID spoofing, an in increasingly common tool, used for online fraud and soci...
Ravin Academy, the private school that recruits and trains hackers for Iran's MOIS intelligence service , has been hacked and its data leaked
حمله سایبری به آکادمی راوین؛ نشت گسترده اطلاعات دانشجویان آموزشگاه وزارت اطلاعات
پایگاه داده جامع حاوی اطلاعات شخصی دانشجویان آکادمی راوین، آموزشگاه مخفی وزارت ...
Nariman Gharib Blog
Exclusive: Full Student Database of MOIS-Affiliated Ravin Academy Leaked
Based on the intelligence assessments from multiple government agencies, Ravin Academy functions as a MOIS-directed recruitment and training front ...
 Public searchable database: https://ravin-academy.com/ image
After Security Explorations had its Firebase database suspended by Google Cloud for "hosting malware" (actually some PoC code), the team found a way to bypass the suspension, which they argue could be abused and automated by attackers as well
Full Disclosure: Google Firebase hosting suspension / &quot;malware distribution&quot; bypass
More than a thousand individuals who were held at the KK Park scam compound have fled or have been moved to new locations over the past week, according to Cyber Scam Monitor. The park was sanctioned by the US and raided by the Myanmar military junta https://cyberscammonitor.substack.com/p/whats-happening-at-kk-park