LightNews
piyokango.bsky.social
piyokango
@piyokango.bsky.social
1.1K followers 2 following 950 posts
セキュリティインコです🐣 Blueskyでは海外のセキュリティ関連記事を中心につぶやきます。気の向くままブログ(piyolog)も書いてます📝Podcast #セキュリティのアレ も参加中です🎤よろしくお願いします~🐦 プロフィール画像はアレティさんに描いて頂きました😃
Posts Media Videos Starter Packs
piyokango.bsky.social
piyokango @piyokango.bsky.social · 1d
ランサムウェア攻撃に利用されたヴェロキラプトル
#CybersecurityNews
blog.talosintelligence.com/velociraptor...
Velociraptor leveraged in ransomware attacks
Cisco Talos has confirmed that ransomware operators are leveraging Velociraptor, an open-source digital forensics and incident response (DFIR) tool.
blog.talosintelligence.com
1
piyokango.bsky.social
piyokango @piyokango.bsky.social · 1d
米国の大学を標的とした「給与海賊」攻撃の調査
#CybersecurityNews
www.microsoft.com/en-us/securi...
Investigating targeted “payroll pirate” attacks affecting US universities | Microsoft Security Blog
Microsoft Threat Intelligence has identified a financially motivated threat actor that we track as Storm-2657 compromising employee accounts to gain unauthorized access to employee profiles and divert...
www.microsoft.com
2
piyokango.bsky.social
piyokango @piyokango.bsky.social · 1d
サイバー情報共有法の改正はギャップに留意する必要があると上院議員が主張
#CybersecuriyNews
therecord.media/cisa-2015-re...
Renewal of cyber information-sharing law must mind the gap, senator says
Companies that are still sharing threat information with the government despite the lapse of the law known as CISA 2015 should be protected retroactively when Congress revives that authority, Sen. Gar...
therecord.media
2
piyokango.bsky.social
piyokango @piyokango.bsky.social · 1d
BreachForums が再び押収
#CybersecurityNews
databreaches.net/2025/10/09/b...
BreachForums Seized — Again! – DataBreaches.Net
As predicted  a few days ago, BreachForums was seized. The splash page is now up. It does not have any cute avatars with characters in handcuffs and no text abo
databreaches.net
1
piyokango.bsky.social
piyokango @piyokango.bsky.social · 1d
多機能なQilinランサムウェアのエミュレーション
#CybersecurityNews
www.attackiq.com/2025/10/02/e...
Emulating the Versatile Qilin Ransomware - AttackIQ
AttackIQ’s new attack graph emulates Qilin ransomware, a cross-platform threat active since 2022 targeting key sectors.
www.attackiq.com
2
piyokango.bsky.social
piyokango @piyokango.bsky.social · 1d
Discordのデータ侵害、少なくとも7万人のユーザーに影響
#CybersecurityNews
techcrunch.com/2025/10/09/d...
Discord data breach affects at least 70,000 users | TechCrunch
The platform said in a press release that hackers breached a third-party vendor that Discord uses for age-related appeals.
techcrunch.com
1
piyokango.bsky.social
piyokango @piyokango.bsky.social · 1d
新たなAndroidスパイウェアClayRatがWhatsApp、TikTok、YouTubeを模倣
#CybersecurityNews
www.bleepingcomputer.com/news/securit...
New Android spyware ClayRat imitates WhatsApp, TikTok, YouTube
A new Android spyware called ClayRat is luring potential victims by posing as popular apps and services like WhatsApp, Google Photos, TikTok, and YouTube.
www.bleepingcomputer.com
1
piyokango.bsky.social
piyokango @piyokango.bsky.social · 1d
RondoDoxボットネットは世界中で56のn-day脆弱性を狙った攻撃を仕掛けている
#CybersecurityNews
www.bleepingcomputer.com/news/securit...
RondoDox botnet targets 56 n-day flaws in worldwide attacks
A new large-scale botnet called RondoDox is targeting 56 vulnerabilities in more than 30 distinct devices, including flaws first disclosed during Pwn2Own hacking competitions.
www.bleepingcomputer.com
1
piyokango.bsky.social
piyokango @piyokango.bsky.social · 1d
Oracle E-Business Suiteのゼロデイ脆弱性、広範囲にわたる恐喝キャンペーンで悪用
#CybersecurityNews
cloud.google.com/blog/topics/...
Oracle E-Business Suite Zero-Day Exploited in Widespread Extortion Campaign | Google Cloud Blog
A financially motivated actor conducting a large-scale extortion campaign under the CL0P brand by exploiting a zero-day vulnerability in Oracle E-Business Suite to steal customer data.
cloud.google.com
1 2
piyokango.bsky.social
piyokango @piyokango.bsky.social · 1d
出荷通知がマルウェアドロッパーになる
#CybersecurityNews
hackread.com/your-shipmen...
Your Shipment Notification Is Now a Malware Dropper
Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread
hackread.com
1
piyokango.bsky.social
piyokango @piyokango.bsky.social · 1d
偽の Teams インストーラーが Oyster バックドア (別名 Broomstick) をドロップ
#CybersecurityNews
hackread.com/fake-teams-i...
Fake Teams Installers Dropping Oyster Backdoor (aka Broomstick)
Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread
hackread.com
1
piyokango.bsky.social
piyokango @piyokango.bsky.social · 1d
WordPressウェブサイトに潜むマルバタイジングキャンペーン
#CybersecurityNews
blog.sucuri.net/2025/10/malv...
Malvertising Campaign Hides in Plain Sight on WordPress Websites
Find out how to identify malvertising in your website and learn tips to safeguard your site from malicious attacks.
blog.sucuri.net
1
piyokango.bsky.social
piyokango @piyokango.bsky.social · 1d
RondoDox: Pwn2Ownの脆弱性を狙うことからショットガン攻撃によるエクスプロイトまで
#CybersecurityNews
www.trendmicro.com/en_us/resear...
RondoDox: From Targeting Pwn2Own Vulnerabilities to Shotgunning Exploits
The Trend Zero Day Initiative™ (ZDI) and Trend™ Research teams have identified a large-scale RondoDox botnet campaign exploiting over 50 vulnerabilities across more than 30 vendors, including flaws fi...
www.trendmicro.com
1
piyokango.bsky.social
piyokango @piyokango.bsky.social · 2d
セキュリティ会社が中国のサイバー作戦における北京研究所の役割を暴露
#CybersecurityNews
www.securityweek.com/security-fir...
Security Firm Exposes Role of Beijing Research Institute in China's Cyber Operations
Recorded Future uncovered ties between the Beijing Institute of Electronics Technology and Application and China’s Ministry of State Security.
www.securityweek.com
3
piyokango.bsky.social
piyokango @piyokango.bsky.social · 2d
ShinyHunters、広範囲にわたる企業恐喝行為を繰り返す
#CybersecurityNews
krebsonsecurity.com/2025/10/shin...
ShinyHunters Wage Broad Corporate Extortion Spree
A cybercriminal group that used voice phishing attacks to siphon more than a billion records from Salesforce customers earlier this year has launched a website that threatens to publish data stolen fr...
krebsonsecurity.com
1
piyokango.bsky.social
piyokango @piyokango.bsky.social · 2d
ClickFix Factory: IUAM ClickFix ジェネレーターの初公開
#CybersecurityNews
unit42.paloaltonetworks.com/clickfix-gen...
The ClickFix Factory: First Exposure of IUAM ClickFix Generator
Unit 42 discovers ClickFix phishing kits, commoditizing social engineering. This kit presents a lowered barrier for inexperienced cybercriminals.
unit42.paloaltonetworks.com
2
piyokango.bsky.social
piyokango @piyokango.bsky.social · 2d
ドイツ政府はEUの大規模スキャン提案に反対すると表明
#CybersecurityNews
cyberscoop.com/germany-oppo...
German government says it will oppose EU mass-scanning proposal
Despite fears from privacy advocates, officials from the ruling party said mass-scanning proposals like Chat Control should be “taboo in a constitutional state.”
cyberscoop.com
1 2
piyokango.bsky.social
piyokango @piyokango.bsky.social · 2d
新たなFileFix攻撃、キャッシュスマグリングを利用してセキュリティソフトウェアを回避
#CybersecurityNews
www.bleepingcomputer.com/news/securit...
New FileFix attack uses cache smuggling to evade security software
A new variant of the FileFix social engineering attack uses cache smuggling to secretly download a malicious ZIP archive onto a victim's system and bypassing security software.
www.bleepingcomputer.com
2
piyokango.bsky.social
piyokango @piyokango.bsky.social · 2d
LockBitがDragonForce、Qilinランサムウェアグループと提携
#CybersecurityNews
www.scworld.com/news/lockbit...
LockBit forms alliance with DragonForce, Qilin ransomware groups
LockBit ransomware gang joined forces with the Maze ransomware group in 2020.
www.scworld.com
2
piyokango.bsky.social
piyokango @piyokango.bsky.social · 2d
Discordの侵入により550万人のユーザーデータが漏洩したとハッカーが主張
#CybersecurityNews
www.bleepingcomputer.com/news/securit...
Hackers claim Discord breach exposed data of 5.5 million users
Discord says they will not be negotiating with threat actors who claim to have stolen the data of 5.5 million unique users from the company's Zendesk support system instance, including government IDs ...
www.bleepingcomputer.com
1
piyokango.bsky.social
piyokango @piyokango.bsky.social · 3d
Microsoft、Medusaランサムウェア攻撃でGoAnywhereの重大なバグが悪用と警告
#CybersecurityNews
www.infosecurity-magazine.com/news/microso...
Microsoft: Critical GoAnywhere Bug Exploited in Medusa Ransomware Camp
A critical GoAnywhere vulnerability is being exploited by the Medusa ransomware group, Microsoft warns
www.infosecurity-magazine.com
2
piyokango.bsky.social
piyokango @piyokango.bsky.social · 3d
中国のAPT、セルビア政府を標的に
#CybersecurityNews
strikeready.com/blog/cn-apt-...
CN APT targets Serbian Government
Mustang Panda continues targeting European governments
strikeready.com
3
piyokango.bsky.social
piyokango @piyokango.bsky.social · 3d
RedHatのデータ侵害が拡大、ShinyHuntersが恐喝に加わる
#CybersecurityNews
www.bleepingcomputer.com/news/securit...
Red Hat data breach escalates as ShinyHunters joins extortion
Enterprise software giant Red Hat is now being extorted by the ShinyHunters gang, with samples of stolen customer engagement reports (CERs) leaked on their data leak site.
www.bleepingcomputer.com
1
piyokango.bsky.social
piyokango @piyokango.bsky.social · 3d
ClopハッカーがOracleのゼロデイ脆弱性を悪用し、経営者の個人情報を盗む
#CybersecurityNews
techcrunch.com/2025/10/06/c...
Clop hackers caught exploiting Oracle zero-day bug to steal executives' personal data | TechCrunch
Oracle fixes another security flaw that Clop hackers were using to steal sensitive personal information about executives as part of a mass-extortion campaign.
techcrunch.com
3
piyokango.bsky.social
piyokango @piyokango.bsky.social · 3d
ランサムウェア集団「Trinity of Chaos」がデータ漏洩サイトを開設
#CybersecurityNews
www.infosecurity-magazine.com/news/trinity...
Ransomware Group “Trinity of Chaos” Launches Data Leak Site
A new TOR data leak site published by the Trinity of Chaos ransomware group unveils 39 firms’ data and threatens Salesforce litigation
www.infosecurity-magazine.com
1