Pacific Security Labs
@pacificseclabs.bsky.social
A cybersecurity research firm based in the Pacific North West. Featuring cybersecurity news, updates & information.
2/2: Its high-profile founder, “Pompompurin” (Conor Brian Fitzpatrick), drew headlines even before his 2023 arrest, and the site endured seizures and copycats before his September 2025 resentencing to three years in prison.
September 18, 2025 at 10:42 PM
2/2: Its high-profile founder, “Pompompurin” (Conor Brian Fitzpatrick), drew headlines even before his 2023 arrest, and the site endured seizures and copycats before his September 2025 resentencing to three years in prison.
2/2: Volt Typhoon embeds in specific U.S. infrastructure providers with built-in tools and stolen credentials, learning how systems operate and positioning for potential disruption during a crisis.
September 13, 2025 at 7:14 PM
2/2: Volt Typhoon embeds in specific U.S. infrastructure providers with built-in tools and stolen credentials, learning how systems operate and positioning for potential disruption during a crisis.
Read more here: marektoth.com/blog/dom-bas...
DOM-based Extension Clickjacking: Your Password Manager Data at Risk
I described a new attack technique that I used against 11 password managers. The result was that stored data of tens of millions of users could be at risk.
marektoth.com
August 22, 2025 at 5:00 AM
Read more here: marektoth.com/blog/dom-bas...
4/4: Kamens also criticized DOGE’s efforts to centralize gov data, warning that it could increase security risks and potential abuse. The VA insists that operations remain unaffected despite the loss of personnel, but Kamens argues his role was critical and not easily replaced.
February 26, 2025 at 9:49 PM
4/4: Kamens also criticized DOGE’s efforts to centralize gov data, warning that it could increase security risks and potential abuse. The VA insists that operations remain unaffected despite the loss of personnel, but Kamens argues his role was critical and not easily replaced.
3/4: He expressed concerns that DOGE, led by Elon Musk, could gain unauthorized access to veterans' financial and health records without undergoing proper background checks.
February 26, 2025 at 9:49 PM
3/4: He expressed concerns that DOGE, led by Elon Musk, could gain unauthorized access to veterans' financial and health records without undergoing proper background checks.
2/4: Kamens, who was recently fired as part of DOGE's government-wide job cuts, argues that the VA website is now vulnerable due to a lack of oversight.
February 26, 2025 at 9:49 PM
2/4: Kamens, who was recently fired as part of DOGE's government-wide job cuts, argues that the VA website is now vulnerable due to a lack of oversight.
3/3: Despite the breach, Bybit assured users that client funds remain secure, withdrawals are processing normally, and its reserves remain fully backed.
Blockchain intelligence firms Elliptic and Arkham Intelligence have linked the attack to North Korea’s Lazarus Group.
Blockchain intelligence firms Elliptic and Arkham Intelligence have linked the attack to North Korea’s Lazarus Group.
February 22, 2025 at 9:56 AM
3/3: Despite the breach, Bybit assured users that client funds remain secure, withdrawals are processing normally, and its reserves remain fully backed.
Blockchain intelligence firms Elliptic and Arkham Intelligence have linked the attack to North Korea’s Lazarus Group.
Blockchain intelligence firms Elliptic and Arkham Intelligence have linked the attack to North Korea’s Lazarus Group.
2/3: The attack occurred during a routine transfer from Bybit’s ETH multisig cold wallet to its hot wallet, where hackers exploited vulnerabilities in the signing interface to manipulate the smart contract logic.
February 22, 2025 at 9:56 AM
2/3: The attack occurred during a routine transfer from Bybit’s ETH multisig cold wallet to its hot wallet, where hackers exploited vulnerabilities in the signing interface to manipulate the smart contract logic.
Read more here: www.washingtonpost.com/technology/2...
U.K. orders Apple to let it spy on users’ encrypted accounts
Secret order requires blanket access to protected cloud backups around the world, which if implemented would undermine Apple’s privacy pledge to its users.
www.washingtonpost.com
February 11, 2025 at 4:51 AM
Read more here: www.washingtonpost.com/technology/2...
2/2: The demand, issued under the UK's Investigatory Powers Act (often called the "Snoopers’ Charter"), is unprecedented among major democracies. Rather than comply, Apple may disable its Advanced Data Protection feature in the UK but remains opposed to weakening encryption globally.
February 11, 2025 at 4:48 AM
2/2: The demand, issued under the UK's Investigatory Powers Act (often called the "Snoopers’ Charter"), is unprecedented among major democracies. Rather than comply, Apple may disable its Advanced Data Protection feature in the UK but remains opposed to weakening encryption globally.
Read more here: www.chainalysis.com/blog/crypto-...
Crypto Ransomware 2025: 35.82% YoY Decrease in Ransomware Payments
Crypto ransomware experienced significant changes in 2024 with total ransom payments decreasing 35.82% YoY. Learn more in the 2025 Crypto Crime Report.
www.chainalysis.com
February 7, 2025 at 7:31 AM
Read more here: www.chainalysis.com/blog/crypto-...
4/4: Cybercriminals have responded by shifting tactics—rebranding existing strains, adopting ransomware-as-a-service models, and targeting smaller enterprises—signaling a more fragmented and adaptive threat landscape.
February 7, 2025 at 7:31 AM
4/4: Cybercriminals have responded by shifting tactics—rebranding existing strains, adopting ransomware-as-a-service models, and targeting smaller enterprises—signaling a more fragmented and adaptive threat landscape.
3/4: Despite a rise in the number of reported attacks and data leak site listings, on-chain analyses reveal fewer actual payments as organizations increasingly opt for alternative recovery methods, like restoring from backups.
February 7, 2025 at 7:31 AM
3/4: Despite a rise in the number of reported attacks and data leak site listings, on-chain analyses reveal fewer actual payments as organizations increasingly opt for alternative recovery methods, like restoring from backups.
2/4: Although early 2024 saw a modest increase in payments—including high-profile incidents like Dark Angels’ $75 million ransom—subsequent months experienced a sharp slowdown, notably with groups such as LockBit seeing a dramatic revenue drop after targeted crackdowns.
February 7, 2025 at 7:31 AM
2/4: Although early 2024 saw a modest increase in payments—including high-profile incidents like Dark Angels’ $75 million ransom—subsequent months experienced a sharp slowdown, notably with groups such as LockBit seeing a dramatic revenue drop after targeted crackdowns.
Read more here: www.boston25news.com/news/local/2...
25 Investigates: Sutton man turned to credit bureau for credit protection, it led to identity theft
A Sutton man called 25 Investigates saying he took the right steps after learning he was a victim of identity fraud. But he says doing the right thing made led to an even bigger headache.
www.boston25news.com
February 5, 2025 at 10:06 PM
Read more here: www.boston25news.com/news/local/2...
2/2: Hackers took over his Experian account, locking him out while using his stolen data to open a digital checking account in his name. Despite endless calls, Experian’s only solution was to send sensitive documents through insecure channels—until a news station intervened and forced them to act.
February 5, 2025 at 10:06 PM
2/2: Hackers took over his Experian account, locking him out while using his stolen data to open a digital checking account in his name. Despite endless calls, Experian’s only solution was to send sensitive documents through insecure channels—until a news station intervened and forced them to act.