Lightnews — Scholar-powered news

Reposted by Julian-Ferdinand Vögele

Brad @malware-traffic-analysis.net · 30m

2025-10-08 (Wednesday): #Kongtuke campaign fake CAPTCHA page with #ClickFix instructions. Got a full infection chain, this time. A 205MB zip download makes the #pcap take a while to load in Wireshark. Some IOCs and associated malware/artifacts at www.malware-traffic-analysis.net/2025/10/08/i...

Traffic from the infection filtered in Wireshark.

Page from a compromised site with injected Kongtuke script.

Fake CAPTCHA page, courtesy of the Kongtuke campaign.

Following instructions from the Kongtuke campaign's fake CAPTCHA page.

1 1

Reposted by Julian-Ferdinand Vögele

Sean Lyngaas @snlyngaas.bsky.social · 11h

Prominent American law firms continue to be breached by suspected Chinese intelligence operatives: www.cnn.com/2025/10/08/p...

US law firm with major political clients hacked in spying spree linked to China | CNN Politics

Suspected Chinese government-backed hackers have breached computer systems of US law firm Williams & Connolly, which has represented some of America’s most powerful politicians, as part of a larger sp...

www.cnn.com

1 1

Reposted by Julian-Ferdinand Vögele

Alexander Martin @alexmartin.bsky.social · 16h

Russia is behind a campaign of cyberattacks, sabotage and provocation across Europe, according to the president of the European Commission, who warned on Wednesday morning: “It is time to call it by its name. This is hybrid warfare, and we have to take it very seriously.”

Russia is at ‘hybrid war’ with Europe, warns EU chief, calling for members ‘to take it very seriously’

European Commission President Ursula Von der Leyen urged the EU to “urgently equip itself with a strategic capacity to respond” to Russian hybrid warfare.

therecord.media

1 6 17

Reposted by Julian-Ferdinand Vögele

BrianKrebs @briankrebs.infosec.exchange.ap.brid.gy · 16h

New, by me: A cybercriminal group that used voice phishing attacks to siphon more than a billion records from Salesforce customers earlier this year has launched a website that threatens to publish data stolen from dozens of Fortune 500 firms if they refuse […]

[Original post on infosec.exchange]

A screenshot of a scan of the trojan at virustotal.com shows 11 of the 72 security tools detected it as malicious. The malicious indicators are marked in red.

1 15 37

Reposted by Julian-Ferdinand Vögele

Catalin Cimpanu @campuscodi.risky.biz · 21h

-Redis vulnerability impacts all versions released in the last 13 years
-Oracle zero-day used in recent extortion campaign
-New MSS front company discovered
-North Korean hackers have stolen $2 billion this year

Podcast: risky.biz/RBNEWS488/
Newsletter: news.risky.biz/risky-bullet...

1 5 15

Reposted by Julian-Ferdinand Vögele

Andy Greenberg @agreenberg.bsky.social · 7d

A source shares some screenshots of the Lapsus ransomware gang celebrating the government shutdown as a disruption to the FBI investigations tracking them.

They also refer to Trump as "my king."

2 21 31

Julian-Ferdinand Vögele @julianferdinand.bsky.social · 1d

Recorded Future just published a report diving into the Beijing Institute of Electronics Technology and Application (BIETA), which is almost certainly a front for China’s MSS, developing technologies to support intelligence and military missions. Full report: www.recordedfuture.com/research/bie...

BIETA: A Technology Enablement Front for China's MSS

Discover how China's Ministry of State Security (MSS) almost certainly operates BIETA and its subsidiary CIII as public fronts for cyber-espionage, covert communications, and technology acquisition. C...

www.recordedfuture.com

13 16

Reposted by Julian-Ferdinand Vögele

LGBTQ Nation @lgbtqnation.com · 1d

Gavin Newsom vetoes gender education bill, declines to sign other trans protections - buff.ly/MTUAV85

340 460 1.2K

Reposted by Julian-Ferdinand Vögele

Simon Kenin @k3yp0d.bsky.social · 3d

1/4
PDQ which downloads ScreenConnect, the "one weird" RMM trick combo move threat actors don't want you to find out...

1 1 1

Reposted by Julian-Ferdinand Vögele

Catalin Cimpanu @campuscodi.risky.biz · 3d

A network of at least 50 Twitter accounts engaged in an influence operation designed to incite a revolt against the Iranian regime.

CitizenLab believes an Israeli intelligence agency or one of its contractors is behind the operation.

citizenlab.ca/2025/10/ai-e...

4 22

Reposted by Julian-Ferdinand Vögele

Hexacorn @hexacorn.bsky.social · 4d

Using .LNK files as lolbins

www.hexacorn.com/blog/2025/10...

1 3 7

Reposted by Julian-Ferdinand Vögele

Mark Kelly @mkyo.bsky.social · 4d

Good piece covering a big burst of TA416 activity targeting European governments last week!

StrikeReady Labs @strikereadylabs.com · 5d

Quite a bit of CN APT activity in europe in the past week

strikeready.com/blog/cn-apt-...

As always, if you're interested in tuning your skills, download the samples here github.com/StrikeReady-...

CN APT targets Serbian Government

Mustang Panda continues targeting European governments

strikeready.com

2 3

Reposted by Julian-Ferdinand Vögele

Ollie Whitehouse @ollieatnowhere.bsky.social · 4d

Weekly summary is out..

ctoatncsc.substack.com/p/cto-at-ncs...

CTO at NCSC Summary: week ending October 5th

Welcome to the weekly highlights and analysis of the blueteamsec Lemmy (and my wider reading).

ctoatncsc.substack.com

2 4

Reposted by Julian-Ferdinand Vögele

Signal @signal.org · 5d

We are alarmed by reports that Germany is on the verge of a catastrophic about-face, reversing its longstanding and principled opposition to the EU’s Chat Control proposal which, if passed, could spell the end of the right to privacy in Europe. signal.org/blog/pdfs/ge...

signal.org

40 2.4K 3.9K

Reposted by Julian-Ferdinand Vögele

Ryan Naraine @ryanaraine.bsky.social · 5d

We're streaming live to YouTube in ~20 mins. Come hang out with us www.youtube.com/watch?v=zjdh...

Three Buddy Problem (Episode 66)

YouTube video by Three Buddy Problem

www.youtube.com

5 5

Reposted by Julian-Ferdinand Vögele

Shashank Joshi @shashj.bsky.social · 5d

Our cover this week.

6 32 210

Reposted by Julian-Ferdinand Vögele

Florian Flade @florianflade.bsky.social · 5d

Abfangrate bei nur sechs Prozent: #Russland ist es offenbar gelungen, seine Raketen so zu optimieren, dass sie die ukrainische Flugabwehr umgehen können.

www.n-tv.de/politik/Russ...

Russlands optimierte Raketen umgehen Kiews Patriot-Systeme

Russland rüstet seine Raketen offenbar technisch auf und stellt damit die ukrainische Luftabwehr vor enorme Herausforderungen. Innerhalb eines Monats fällt die Erfolgsquote der Abfangsysteme von 77 au...

www.n-tv.de

3 2 16

Reposted by Julian-Ferdinand Vögele

Catalin Cimpanu @campuscodi.risky.biz · 5d

-Scam compound operators sentenced to death in China
-Red Hat got hacked and extorted
-UK makes new request for Apple user data
-Signal threatens to leave EU
-APT35 has another leak
-Microsoft launches a Security Store

Newsletter: news.risky.biz/risky-bullet...
Podcast: risky.biz/RBNEWS486/

1 10 20

Reposted by Julian-Ferdinand Vögele

PIVOTcon @pivotcon.bsky.social · 6d

📣 🔥 🛋️ SAVE THE DATE 🛋️ 🔥 📣
The next #PIVOTcon will be on 6-8 May 2026, in Malaga, ES!!!

You favorite ;) #ThreatResearch conference is coming back and we are planning to bring you the usual experience and content of utmost quality. Follow us + #StayTuned for more info
#CTI #ThreatIntel #PIVOTcon26

10 16

Reposted by Julian-Ferdinand Vögele

Greg Lesnewich @greg-l.bsky.social · 8d

HI @invisig0th.bsky.social been enjoying your recent media appearances with KZ and TBP!

Was wondering two things

1. You’re obviously the lead singer of the APT1 report “band” - Without burning names, can you talk about the make up of the team (skills, backgrounds, etc) +
& what made it special?

1 2 15

Reposted by Julian-Ferdinand Vögele

Lukasz Olejnik @lukaszolejnik.bsky.social · 6d

💣 Suspected Russian GRU plot to stage diversionary operations was uncovered by a Lithuanian–Polish counterintelligence: a Telegram-recruited courier dug up food-tin canisters from a cemetery and moved them to Poland. Services found ≈2.8 kg of high explosive in identical cans; two are still missing.

3 19 46

Reposted by Julian-Ferdinand Vögele

ESET Research @esetresearch.bsky.social · 6d

#ESETresearch has identified two campaigns targeting Android users in the 🇦🇪. The campaigns, which are still ongoing, distribute previously undocumented spyware impersonating #Signal and #ToTok via deceptive websites. www.welivesecurity.com/en/eset-rese... 1/6

New spyware campaigns target privacy-conscious Android users in the UAE

ESET researchers have discovered campaigns distributing spyware disguised as Android Signal and ToTok apps, targeting users in the United Arab Emirates.

www.welivesecurity.com

1 9 6

Reposted by Julian-Ferdinand Vögele

Virtual Routes @virtualroutes.bsky.social · 7d

👋 Don't miss the first Colloquium session tomorrow!

📌 Mythical Beasts and Where to Find Them: Diving into the Depths of the Global Spyware Market
💡 Jen Roberts (@cyberstatecraft.bsky.social) & @julianferdinand.bsky.social (Recorded Future)
🗓️ October 2, 2025
🕓 16:00 – 17:00 CET

1 3 3

Reposted by Julian-Ferdinand Vögele

Catalin Cimpanu @campuscodi.risky.biz · 7d

-Routers abused to send SMS spam
-CISA reveals new collaboration model for state govts
-2/3 of CISA workers could be furloughed
-South Korea raises cyber threat level after data center fire
-Tile devices leak their location

Newsletter: news.risky.biz/risky-bullet...
Podcast: risky.biz/RBNEWS485/

1 10 19

Reposted by Julian-Ferdinand Vögele

Drew Harwell @drewharwell.com · 8d

OpenAI employees are very excited about how well their new AI tool can create fake videos of people doing crimes and have definitely thought through all the implications of this

220 3.3K 11K