@csongortamas.bsky.social
🦾 Two short blog posts from me, followups on Phantom Taurus 👻🐂 report by Unit42. Using our Kaibou Search Services (KSS) malware database of 780m files.
Phantom Taurus related samples - blog.ukatemi.com/blog/2025-10...
Analysis of .NET AMSI bypass assembly loaders - blog.ukatemi.com/blog/2025-10...
Phantom Taurus related samples - blog.ukatemi.com/blog/2025-10...
Analysis of .NET AMSI bypass assembly loaders - blog.ukatemi.com/blog/2025-10...
October 20, 2025 at 8:59 AM
🦾 Two short blog posts from me, followups on Phantom Taurus 👻🐂 report by Unit42. Using our Kaibou Search Services (KSS) malware database of 780m files.
Phantom Taurus related samples - blog.ukatemi.com/blog/2025-10...
Analysis of .NET AMSI bypass assembly loaders - blog.ukatemi.com/blog/2025-10...
Phantom Taurus related samples - blog.ukatemi.com/blog/2025-10...
Analysis of .NET AMSI bypass assembly loaders - blog.ukatemi.com/blog/2025-10...
Reposted
Google recently made incredibly misguided changes to Android security updates. Android security patches are almost entirely quarterly instead of monthly to make it easier for OEMs. They're giving OEMs 3-4 months of early access which we know for a fact is being widely leaked including to attackers.
September 7, 2025 at 5:26 PM
Google recently made incredibly misguided changes to Android security updates. Android security patches are almost entirely quarterly instead of monthly to make it easier for OEMs. They're giving OEMs 3-4 months of early access which we know for a fact is being widely leaked including to attackers.
Reposted
NEW: Mercenary spyware is coming to the US.
ICE just quietly unsuspended their contract with spyware maker #Paragon.
Remember them? Caught earlier this year being used to hack Italian journalists.
This is bad, let's talk about how we got here 1/
jackpoulson.substack.com/p/exclusive-...
ICE just quietly unsuspended their contract with spyware maker #Paragon.
Remember them? Caught earlier this year being used to hack Italian journalists.
This is bad, let's talk about how we got here 1/
jackpoulson.substack.com/p/exclusive-...
Exclusive: ICE reactivated its $2 million contract with Israeli spyware firm Paragon, following its acquisition by U.S. capital
The cyber division of ICE's Homeland Security Investigations on Saturday quietly lifted a stop-work order put into place by the Biden administration in October.
jackpoulson.substack.com
September 2, 2025 at 1:16 AM
NEW: Mercenary spyware is coming to the US.
ICE just quietly unsuspended their contract with spyware maker #Paragon.
Remember them? Caught earlier this year being used to hack Italian journalists.
This is bad, let's talk about how we got here 1/
jackpoulson.substack.com/p/exclusive-...
ICE just quietly unsuspended their contract with spyware maker #Paragon.
Remember them? Caught earlier this year being used to hack Italian journalists.
This is bad, let's talk about how we got here 1/
jackpoulson.substack.com/p/exclusive-...
Reposted
TL;DR I am launching my #startup and we are going to change how to evaluate,cluster and reason about #malware, delivering accurate,contextual intelligence on samples. Say Hi to RationalEdge
@rationaledge.bsky.social
rationaledge.io
#threatintel #threathunting #cti #reverseengineering #detection 1/9
@rationaledge.bsky.social
rationaledge.io
#threatintel #threathunting #cti #reverseengineering #detection 1/9
RationalEdge - Intelligence Meets Accuracy
Advanced malware analysis and threat intelligence solutions by RationalEdge
rationaledge.io
August 28, 2025 at 12:22 PM
TL;DR I am launching my #startup and we are going to change how to evaluate,cluster and reason about #malware, delivering accurate,contextual intelligence on samples. Say Hi to RationalEdge
@rationaledge.bsky.social
rationaledge.io
#threatintel #threathunting #cti #reverseengineering #detection 1/9
@rationaledge.bsky.social
rationaledge.io
#threatintel #threathunting #cti #reverseengineering #detection 1/9
Reposted
💥ICYMI: The Trump admin's top think tank, The Heritage Foundation, works with Hungary’s MCC and Poland’s Ordo Iuris on proposals to dismantle key EU institutions. Their “Great Reset” plan aligns with Orbán’s agenda—and hopes to receive Trump's backing.
Renaming the EU, Dismantling the Commission: Polish, Hungarian Illiberals Seek U.S. Backing - VSquare.org
The Trump administration's most influential think tank, The Heritage Foundation, is receiving proposals from illiberal forces in Poland and Hungary on how to shape the future of the European Union. The proposals, obtained by VSquare, include dismantling key EU institutions and renaming the entire bloc.
vsquare.org
August 21, 2025 at 5:30 PM
💥ICYMI: The Trump admin's top think tank, The Heritage Foundation, works with Hungary’s MCC and Poland’s Ordo Iuris on proposals to dismantle key EU institutions. Their “Great Reset” plan aligns with Orbán’s agenda—and hopes to receive Trump's backing.
Don't trust Microsoft to decide what you can boot! On Linux, remove ALL keys from Secure Boot DB, add your own, build and sign a UKI at every kernel update.
(maybe also forget GRUB and use systemd-boot)
github.com/Zedeldi/CVE-...
kb.igel.com/security-saf...
arstechnica.com/security/202...
(maybe also forget GRUB and use systemd-boot)
github.com/Zedeldi/CVE-...
kb.igel.com/security-saf...
arstechnica.com/security/202...
GitHub - Zedeldi/CVE-2025-47827: PoC and vulnerability report for CVE-2025-47827.
PoC and vulnerability report for CVE-2025-47827. Contribute to Zedeldi/CVE-2025-47827 development by creating an account on GitHub.
github.com
June 11, 2025 at 3:12 AM
Don't trust Microsoft to decide what you can boot! On Linux, remove ALL keys from Secure Boot DB, add your own, build and sign a UKI at every kernel update.
(maybe also forget GRUB and use systemd-boot)
github.com/Zedeldi/CVE-...
kb.igel.com/security-saf...
arstechnica.com/security/202...
(maybe also forget GRUB and use systemd-boot)
github.com/Zedeldi/CVE-...
kb.igel.com/security-saf...
arstechnica.com/security/202...
Reposted
‼️ Hidden Bear: The GRU hackers of Russia's most notorious kill squad
As The Insider discovered, Unit 29155, the Kremlin’s most notorious black ops squad, also fielded a team of hackers that tried to destabilize Ukraine before Russia’s full-scale invasion.
As The Insider discovered, Unit 29155, the Kremlin’s most notorious black ops squad, also fielded a team of hackers that tried to destabilize Ukraine before Russia’s full-scale invasion.
Hidden Bear: The GRU hackers of Russia’s most notorious kill squad
Russian GRU Unit 29155 is best known for its long list of murder and sabotage ops, which include the Salisbury poisonings in England, arms depot explosions in Czechia, and an attempted coup d’etat in ...
theins.press
May 31, 2025 at 5:11 PM
‼️ Hidden Bear: The GRU hackers of Russia's most notorious kill squad
As The Insider discovered, Unit 29155, the Kremlin’s most notorious black ops squad, also fielded a team of hackers that tried to destabilize Ukraine before Russia’s full-scale invasion.
As The Insider discovered, Unit 29155, the Kremlin’s most notorious black ops squad, also fielded a team of hackers that tried to destabilize Ukraine before Russia’s full-scale invasion.
Reposted
We need an Android OEM or someone working at one to provide us with early access to the Android 16 sources in order to have a smooth port this year. We need this before June. We requested it to help with this very difficult situation and still need it.
bsky.app/profile/grap...
bsky.app/profile/grap...
One of our two senior developers has been forcibly detained and conscripted to participate in a war. When they first went missing, we revoked their repository access as a precaution. We soon learned their disappearance was completely unrelated to GrapheneOS. Our priority has been keeping them safe.
May 6, 2025 at 4:23 PM
We need an Android OEM or someone working at one to provide us with early access to the Android 16 sources in order to have a smooth port this year. We need this before June. We requested it to help with this very difficult situation and still need it.
bsky.app/profile/grap...
bsky.app/profile/grap...
Reposted
A prominent computer scientist who has spent 20 years publishing academic papers on cryptography, privacy, and cybersecurity has gone incommunicado, had his professor profile removed by employer Indiana University, & had his homes raided by the FBI. No one knows why.
arstechnica.com/security/202...
arstechnica.com/security/202...
FBI raids home of prominent computer scientist who has gone incommunicado
Indiana University quietly removes profile of tenured professor and refuses to say why.
arstechnica.com
March 30, 2025 at 8:20 PM
A prominent computer scientist who has spent 20 years publishing academic papers on cryptography, privacy, and cybersecurity has gone incommunicado, had his professor profile removed by employer Indiana University, & had his homes raided by the FBI. No one knows why.
arstechnica.com/security/202...
arstechnica.com/security/202...
Reposted
❗“Let’s hire an ISIS suicide bomber to blow him up in the street!”: Europe’s most wanted man plotted my murder — and that of my colleague
After today’s verdict, @christogrozev.bsky.social reveals the plot to kidnap — and possibly kill — him and @dobrokhotov.bsky.social.
After today’s verdict, @christogrozev.bsky.social reveals the plot to kidnap — and possibly kill — him and @dobrokhotov.bsky.social.
“Let’s hire an ISIS suicide bomber to blow him up in the street!”: Europe’s most wanted man plotted my murder — and that of my colleague
A jury at the Old Bailey, London’s Central Criminal Court, has just found six of my compatriots — citizens of Bulgaria — guilty of conspiring with the Kremlin to kidnap and possibly murder me and my c...
theins.press
March 7, 2025 at 6:27 PM
❗“Let’s hire an ISIS suicide bomber to blow him up in the street!”: Europe’s most wanted man plotted my murder — and that of my colleague
After today’s verdict, @christogrozev.bsky.social reveals the plot to kidnap — and possibly kill — him and @dobrokhotov.bsky.social.
After today’s verdict, @christogrozev.bsky.social reveals the plot to kidnap — and possibly kill — him and @dobrokhotov.bsky.social.
Reposted
securitylab.amnesty.org/latest/2025/...
Amnesty International’s Security Lab has a post about 3 vulnerabilities exploited by Cellebrite to extract data from locked Android devices. GrapheneOS blocked exploiting these vulnerabilities in multiple different ways. We also patched them much earlier.
Amnesty International’s Security Lab has a post about 3 vulnerabilities exploited by Cellebrite to extract data from locked Android devices. GrapheneOS blocked exploiting these vulnerabilities in multiple different ways. We also patched them much earlier.
Cellebrite zero-day exploit used to target phone of Serbian student activist - Amnesty International Security Lab
Amnesty International’s Security Lab uncovers sophisticated Cellebrite zero-day exploit, impacting billions of Android devices.
securitylab.amnesty.org
February 28, 2025 at 1:30 PM
securitylab.amnesty.org/latest/2025/...
Amnesty International’s Security Lab has a post about 3 vulnerabilities exploited by Cellebrite to extract data from locked Android devices. GrapheneOS blocked exploiting these vulnerabilities in multiple different ways. We also patched them much earlier.
Amnesty International’s Security Lab has a post about 3 vulnerabilities exploited by Cellebrite to extract data from locked Android devices. GrapheneOS blocked exploiting these vulnerabilities in multiple different ways. We also patched them much earlier.
Reposted
Since this month's release of Android isn't available yet, we're currently building/testing an early March security update release providing the Android Security Bulletin backports of High/Critical severity patches. Android 15 QPR2 will be available in the near future though.
March 4, 2025 at 12:43 AM
Since this month's release of Android isn't available yet, we're currently building/testing an early March security update release providing the Android Security Bulletin backports of High/Critical severity patches. Android 15 QPR2 will be available in the near future though.