piyokango
LightNews LightNews
piyokango.bsky.social
piyokango
@piyokango.bsky.social
1.1K followers 2 following 1.1K posts
セキュリティインコです🐣 Blueskyでは海外のセキュリティ関連記事を中心につぶやきます。気の向くままブログ(piyolog)も書いてます📝Podcast #セキュリティのアレ も参加中です🎤よろしくお願いします~🐦
プロフィール画像はアレティさんに描いて頂きました😃
Posts Replies Media Videos
piyokango.bsky.social
SMSフィッシング詐欺師はポイント、税金、偽の小売業者に狙いを定める
#CybersecurityNews
krebsonsecurity.com/2025/12/sms-...
SMS Phishers Pivot to Points, Taxes, Fake Retailers
China-based phishing groups blamed for non-stop scam SMS messages about a supposed wayward package or unpaid toll fee are promoting a new offering, just in time for the holiday shopping season: Phishi...
krebsonsecurity.com
December 5, 2025 at 4:56 AM
piyokango.bsky.social
ハッカーがArrayOS AGのVPNの脆弱性を悪用、ウェブシェルを仕掛けている
#CybersecurityNews
www.bleepingcomputer.com/news/securit...
Hackers are exploiting ArrayOS AG VPN flaw to plant webshells
Threat actors have been exploiting a command injection vulnerability in Array AG Series VPN devices to plant webshells and create rogue users.
www.bleepingcomputer.com
December 5, 2025 at 4:55 AM
piyokango.bsky.social
NCSCの「プロアクティブ通知」は、公開されたデバイスの欠陥について組織に警告
#CybersecurityNews

www.bleepingcomputer.com/news/securit...
NCSC's ‘Proactive Notifications’ warns orgs of flaws in exposed devices
The UK's National Cyber Security Center (NCSC) announced the testing phase of a new service called Proactive Notifications, designed to inform organizations in the country of vulnerabilities present i...
www.bleepingcomputer.com
December 5, 2025 at 4:52 AM
piyokango.bsky.social
LummaC2、Bybit強盗に関連する北朝鮮ハッカーのデバイスに感染
#CybersecurityNews
hackread.com/north-korean...
LummaC2 Infects North Korean Hacker Device Linked to Bybit Heist
Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread
hackread.com
December 5, 2025 at 4:48 AM
piyokango.bsky.social
CISA、VMwareサーバーへの中国による「BrickStorm」マルウェア攻撃を警告
#CybersecurityNews
www.bleepingcomputer.com/news/securit...
CISA warns of Chinese "BrickStorm" malware attacks on VMware servers
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned network defenders of Chinese hackers backdooring VMware vSphere servers with Brickstorm malware.
www.bleepingcomputer.com
December 5, 2025 at 4:42 AM
piyokango.bsky.social
7-ZipのRCE脆弱性の積極的な悪用は、手動パッチ適用がもはや選択肢にないことを示している
#CybersecurityNews
blog.qualys.com/product-tech...
Active Exploitation of 7-Zip RCE Vulnerability Shows Why Manual Patching is No Longer an Option | Qualys
A critical remote code execution (RCE) vulnerability in 7-Zip (CVE-2025-11001) is now being actively exploited. The issue stems from improper handling of symbolic links within crafted ZIP files.
blog.qualys.com
December 5, 2025 at 4:40 AM
piyokango.bsky.social
新しいGhostFrameフィッシングフレームワーク、100万件以上の攻撃を検知
#CybersecurityNews
www.infosecurity-magazine.com/news/ghostfr...
New GhostFrame Phishing Framework Hits Over One Million Attacks
The GhostFrame phishing framework, using stealthy iframes, was linked to over 1 million attacks
www.infosecurity-magazine.com
December 5, 2025 at 4:38 AM
piyokango.bsky.social
制裁下でもスパイ活動は続く:Intellexa のゼロデイ攻撃は多発中
#CybeersecurityNews
cloud.google.com/blog/topics/...
Intellexa’s Prolific Zero-Day Exploits Continue | Google Cloud Blog
Commercial surveillance vendor Intellexa continues to thrive and exploit mobile zero-day vulnerabilities.
cloud.google.com
December 5, 2025 at 4:35 AM
piyokango.bsky.social
「エンドツーエンド暗号化」のスマートトイレカメラは実際にはエンドツーエンド暗号化されていない
#CybersecurityNews
techcrunch.com/2025/12/03/e...
‘End-to-end encrypted’ smart toilet camera is not actually end-to-end encrypted | TechCrunch
Kohler, the makers of a smart toilet camera, can access customers' data stored on its servers, and can use customers’ bowl pictures to train AI.
techcrunch.com
December 5, 2025 at 4:12 AM
piyokango.bsky.social
偽情報とサイバー脅威は世界の経営幹部にとって最大の懸念事項
#CybersecurityNews
www.infosecurity-magazine.com/news/disinfo...
Disinformation and Cyber-Threats Top Global Exec Concerns
A new WEF report reveals that AI-powered threats like disinformation are among executives’ biggest concerns
www.infosecurity-magazine.com
December 3, 2025 at 2:22 PM
piyokango.bsky.social
証明書の有効期間を45日間に短縮
#CybersecurityNews
letsencrypt.org/2025/12/02/f...
Decreasing Certificate Lifetimes to 45 Days
Let’s Encrypt will be reducing the validity period of the certificates we issue. We currently issue certificates valid for 90 days, which will be cut in half to 45 days by 2028. This change is being m...
letsencrypt.org
December 3, 2025 at 2:21 PM
piyokango.bsky.social
ShadyPandaのブラウザ拡張機能、悪質キャンペーンで430万回インストール
#CybersecurityNews
www.bleepingcomputer.com/news/securit...
ShadyPanda browser extensions amass 4.3M installs in malicious campaign
A long-running malware operation known as "ShadyPanda" has amassed over 4.3 million installations of seemingly legitimate Chrome and Edge browser extensions that evolved into malware.
www.bleepingcomputer.com
December 3, 2025 at 2:20 PM
piyokango.bsky.social
史上最大のおとり捜査の内幕(マイケル・ボビット氏と)
#CybersecurityNews
www.404media.co/inside-the-b...
Inside the Biggest Sting Operation Ever (with Michael Bobbitt)
Joseph talks to a former FBI official about how the FBI secretly ran an encrypted phone for organized criminals, sweeping up tens of millions of messages.
www.404media.co
December 3, 2025 at 2:19 PM
piyokango.bsky.social
オーストラリア人男性が「悪魔の双子」Wi-Fiを運営した罪で懲役7年の判決
#CybersecurityNews
www.infosecurity-magazine.com/news/austral...
Australian Man Gets Seven Years for Running “Evil Twin” Wi-Fi
A Western Australia man will spend seven years behind bars after stealing intimate data via Wi-Fi
www.infosecurity-magazine.com
December 3, 2025 at 2:18 PM
piyokango.bsky.social
北朝鮮の感染性インタビュー npm攻撃を支えるGitHubインフラの内幕
#CybersecurityNews
socket.dev/blog/north-k...
Inside the GitHub Infrastructure Powering North Korea’s Cont...
Socket Threat Research maps a rare inside look at OtterCookie’s npm-Vercel-GitHub chain, adding 197 malicious packages and evidence of North Korean op...
socket.dev
December 3, 2025 at 2:15 PM
piyokango.bsky.social
HashJack攻撃はURL「#」を使ってAIブラウザの挙動を制御する
#CybersecurityNews
hackread.com/hashjack-att...
HashJack Attack Uses URL ‘#’ to Control AI Browser Behavior
Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread
hackread.com
December 3, 2025 at 2:12 PM
piyokango.bsky.social
カレンダー購読の隠れた危険性:400万台のデバイスが危険にさらされている
#CybersecurityNews
www.bitsight.com/blog/hidden-...
The Hidden Cyber Threats of Calendar Subscriptions | Bitsight
Did you know expired domains associated with Calendar subscriptions can be leveraged to create malicious events on devices? Read new Bitsight TRACE data now.
www.bitsight.com
December 3, 2025 at 2:11 PM
piyokango.bsky.social
GreyNoise、ボットネットに感染していないか確認できる無料スキャナーをリリース
#CybersecurityNews
www.bleepingcomputer.com/news/securit...
GreyNoise launches free scanner to check if you're part of a botnet
GreyNoise Labs has launched a free tool called GreyNoise IP Check that lets users check if their IP address has been observed in malicious scanning operations, like botnet and residential proxy networ...
www.bleepingcomputer.com
December 3, 2025 at 2:10 PM
piyokango.bsky.social
黄金の秤:望まれざる贈り物の季節
#CybersecurityNews
unit42.paloaltonetworks.com/new-shinysp1...
The Golden Scale: 'Tis the Season for Unwanted Gifts
Unit 42 shares further updates of cybercrime group Scattered LAPSUS$ Hunters. Secure your organization this holiday season.
unit42.paloaltonetworks.com
November 27, 2025 at 4:38 AM
piyokango.bsky.social
ランサムウェア攻撃により全米の地域緊急警報システムが混乱
#CybersecurityNews
www.securityweek.com/ransomware-a...
Ransomware Attack Disrupts Local Emergency Alert System Across US
A ransomware attack targeting a third-party emergency alert system used across the US has resulted in a data breach and disruptions.
www.securityweek.com
November 27, 2025 at 4:36 AM
piyokango.bsky.social
「Scattered Lapsus$ Hunters」の管理者、Reyをご紹介
#CybersecurityNews
krebsonsecurity.com/2025/11/meet...
Meet Rey, the Admin of ‘Scattered Lapsus$ Hunters’
A prolific cybercriminal group that calls itself "Scattered LAPSUS$ Hunters" made headlines regularly this year by stealing data from and publicly mass extorting dozens of major corporations. But the ...
krebsonsecurity.com
November 27, 2025 at 4:36 AM
piyokango.bsky.social
AWSの障害をテストの機会として利用した新しいShadowV2ボットネットマルウェア
#CybersecurityNews
www.bleepingcomputer.com/news/securit...
New ShadowV2 botnet malware used AWS outage as a test opportunity
A new Mirai-based botnet malware named 'ShadowV2' has been observed targeting IoT devices from D-Link, TP-Link, and other vendors with exploits for known vulnerabilities.
www.bleepingcomputer.com
November 27, 2025 at 4:33 AM
piyokango.bsky.social
WormGPT 4とKawaiiGPT:新たなダークLLMがサイバー犯罪の自動化を促進
#CybersecurityNews
www.securityweek.com/wormgpt-4-an...
WormGPT 4 and KawaiiGPT: New Dark LLMs Boost Cybercrime Automation
Palo Alto Networks researchers have conducted an analysis of two recently launched dark LLMs: WormGPT 4 and KawaiiGPT.
www.securityweek.com
November 26, 2025 at 3:14 AM
piyokango.bsky.social
UNC5174グループのDiscord Botバックドアマルウェア
#CybersecurityNews
asec.ahnlab.com/ko/91228/
UNC5174 그룹의 Discord Bot 백도어 악성코드 - ASEC
UNC5174 그룹의 Discord Bot 백도어 악성코드 ASEC
asec.ahnlab.com
November 26, 2025 at 3:13 AM
piyokango.bsky.social
FBIが警告、サイバー犯罪者が銀行サポートチームになりすまして2億6200万ドルを窃盗
#CybersecurityNews
www.bleepingcomputer.com/news/securit...
FBI: Cybercriminals stole $262M by impersonating bank support teams
The FBI warns of a surge in account takeover (ATO) fraud schemes and says that cybercriminals impersonating various financial institutions have stolen over $262 million in ATO attacks since the start ...
www.bleepingcomputer.com
November 26, 2025 at 3:13 AM