Julian-Ferdinand Vögele
@julianferdinand.bsky.social
1.2K followers 180 following 170 posts
Threat Research @ Recorded Future. Previously @ Security Research Labs. He/Him. 🏳️‍🌈
Posts Media Videos Starter Packs
Reposted by Julian-Ferdinand Vögele
lorenzofb.bsky.social
SCOOP: Spyware maker NSO Group confirmed to us that the company has been acquired by a U.S. investment group.

NSO's spokesperson said the group "has invested tens of millions of dollars in the company and has acquired controlling ownership," but declined to say who is behind the investment.
Spyware maker NSO Group confirms acquisition by US investors | TechCrunch
NSO Group confirmed to TechCrunch that an unnamed group of American investors has taken “controlling ownership” of the surveillance tech maker.
techcrunch.com
Reposted by Julian-Ferdinand Vögele
lhn.bsky.social
As Apple expands its bug bounty, I spoke with VP Ivan Krstić about the significance + recent big swings like Memory Integrity Enforcement. These steps protect all users, but particularly those targeted by spyware: “We feel a great moral obligation to defend those users” www.wired.com/story/apple-...
Apple Announces $2 Million Bug Bounty Reward for the Most Dangerous Exploits
With the mercenary spyware industry booming, Apple VP Ivan Krstić tells WIRED that the company is also offering bonuses that could bring the max total reward for iPhone exploits to $5 million.
www.wired.com
Reposted by Julian-Ferdinand Vögele
jsrailton.bsky.social
NEW: Pegasus spyware coming to America?

An ex-Adam Sandler producer with ties to China is trying to acquire NSO Group.

Again.

Simonds fronted this before in 2023 & failed. But the backers haven't given up. Why?

Where is the money coming from? 1/

www.globes.co.il/news/article...
Reposted by Julian-Ferdinand Vögele
campuscodi.risky.biz
-EU scraps Chat Control vote
-Ukraine establishes a Cyber Force
-CISA workers reassigned to immigration enforcement
-Teenagers arrested for Kido hack
-Salesforce will not pay the ransom
-US Court halts FCC data breach rules

Newsletter: news.risky.biz/risky-bullet...
Podcast: risky.biz/RBNEWS489/
Reposted by Julian-Ferdinand Vögele
theins.press
Germany’s AfD expels Hamburg lawmaker Robert Risch over participation in far-right congress in St. Petersburg

The Sept. 12 congress at the Mariinsky Palace brought together radical nationalists and neo-Nazis from 14 countries, from Hungary to Argentina.
Germany’s AfD expels Hamburg lawmaker Robert Risch over participation in far-right congress in St. Petersburg
Germany’s far-right Alternative for Germany (AfD) party has expelled Hamburg state lawmaker Robert Risch from its parliamentary group after he attended an international gathering of radical nationalis...
theins.press
Reposted by Julian-Ferdinand Vögele
campuscodi.risky.biz
The hack against software giant Red Hat is part of a larger campaign that is targeting AWS cloud accounts.

A group named the Crimson Collective is using compromised IAM accounts to access and pilfer corporate AWS environments.

www.rapid7.com/blog/post/tr...
Reposted by Julian-Ferdinand Vögele
Reposted by Julian-Ferdinand Vögele
vaspanagiotopoulos.com
According to reconstructions, in Dec 2024 the ☎️number used by Caltagirone was added to a WhatsApp chat with contacts known to him, within which a PDF file had been shared. Shortly afterwards, the chat & the PDF disappeared.

✍️ @faffa42.bsky.social & Gianluca Paolucci.
www.lastampa.it/economia/202...
Il caso Paragon si allarga agli imprenditori: anche Caltagirone spiato
Il telefono del finanziere romano tra i protagonisti del riassetto del sistema bancario sarebbe stato attaccato con lo spyware che ha colpito anche giornalisti…
www.lastampa.it
Reposted by Julian-Ferdinand Vögele
vaspanagiotopoulos.com
🚨 According to @irpimedia.eu & @lastampa.bsky.social, prominent 🇮🇹 Italian businessman Francesco Gaetano Caltagirone has been added to the list of people who last January received a message from WhatsApp informing them that they had been targeted with Paragon's Graphite #spyware.
Reposted by Julian-Ferdinand Vögele
malware-traffic-analysis.net
2025-10-08 (Wednesday): #Kongtuke campaign fake CAPTCHA page with #ClickFix instructions. Got a full infection chain, this time. A 205MB zip download makes the #pcap take a while to load in Wireshark. Some IOCs and associated malware/artifacts at www.malware-traffic-analysis.net/2025/10/08/i...
Traffic from the infection filtered in Wireshark. Page from a compromised site with injected Kongtuke script. Fake CAPTCHA page, courtesy of the Kongtuke campaign. Following instructions from the Kongtuke campaign's fake CAPTCHA page.
Reposted by Julian-Ferdinand Vögele
alexmartin.bsky.social
Russia is behind a campaign of cyberattacks, sabotage and provocation across Europe, according to the president of the European Commission, who warned on Wednesday morning: “It is time to call it by its name. This is hybrid warfare, and we have to take it very seriously.”
Russia is at ‘hybrid war’ with Europe, warns EU chief, calling for members ‘to take it very seriously’
European Commission President Ursula Von der Leyen urged the EU to “urgently equip itself with a strategic capacity to respond” to Russian hybrid warfare.
therecord.media
Reposted by Julian-Ferdinand Vögele
briankrebs.infosec.exchange.ap.brid.gy
New, by me: A cybercriminal group that used voice phishing attacks to siphon more than a billion records from Salesforce customers earlier this year has launched a website that threatens to publish data stolen from dozens of Fortune 500 firms if they refuse […]

[Original post on infosec.exchange]
A screenshot of a scan of the trojan at virustotal.com shows 11 of the 72 security tools detected it as malicious. The malicious indicators are marked in red.
Reposted by Julian-Ferdinand Vögele
campuscodi.risky.biz
-Redis vulnerability impacts all versions released in the last 13 years
-Oracle zero-day used in recent extortion campaign
-New MSS front company discovered
-North Korean hackers have stolen $2 billion this year

Podcast: risky.biz/RBNEWS488/
Newsletter: news.risky.biz/risky-bullet...
Reposted by Julian-Ferdinand Vögele
agreenberg.bsky.social
A source shares some screenshots of the Lapsus ransomware gang celebrating the government shutdown as a disruption to the FBI investigations tracking them.

They also refer to Trump as "my king."
julianferdinand.bsky.social
Recorded Future just published a report diving into the Beijing Institute of Electronics Technology and Application (BIETA), which is almost certainly a front for China’s MSS, developing technologies to support intelligence and military missions. Full report: www.recordedfuture.com/research/bie...
BIETA: A Technology Enablement Front for China's MSS
Discover how China's Ministry of State Security (MSS) almost certainly operates BIETA and its subsidiary CIII as public fronts for cyber-espionage, covert communications, and technology acquisition. C...
www.recordedfuture.com
Reposted by Julian-Ferdinand Vögele
lgbtqnation.com
Gavin Newsom vetoes gender education bill, declines to sign other trans protections - buff.ly/MTUAV85
Reposted by Julian-Ferdinand Vögele
k3yp0d.bsky.social
1/4
PDQ which downloads ScreenConnect, the "one weird" RMM trick combo move threat actors don't want you to find out...
Reposted by Julian-Ferdinand Vögele
campuscodi.risky.biz
A network of at least 50 Twitter accounts engaged in an influence operation designed to incite a revolt against the Iranian regime.

CitizenLab believes an Israeli intelligence agency or one of its contractors is behind the operation.

citizenlab.ca/2025/10/ai-e...
Reposted by Julian-Ferdinand Vögele
Reposted by Julian-Ferdinand Vögele
mkyo.bsky.social
Good piece covering a big burst of TA416 activity targeting European governments last week!
strikereadylabs.com
Quite a bit of CN APT activity in europe in the past week

strikeready.com/blog/cn-apt-...

As always, if you're interested in tuning your skills, download the samples here github.com/StrikeReady-...
CN APT targets Serbian Government
Mustang Panda continues targeting European governments
strikeready.com
Reposted by Julian-Ferdinand Vögele
signal.org
We are alarmed by reports that Germany is on the verge of a catastrophic about-face, reversing its longstanding and principled opposition to the EU’s Chat Control proposal which, if passed, could spell the end of the right to privacy in Europe. signal.org/blog/pdfs/ge...
signal.org
Reposted by Julian-Ferdinand Vögele
Reposted by Julian-Ferdinand Vögele