Cedric Pernet
@cedricpernet.bsky.social
Senior Threat Researcher @ Proofpoint.
Cybercrime / Cyberespionage aficionado.
Has worked in several CSIRTs/CERTs.
Metal & Rock dude, never enough guitars.
Motorcycles fan.
Wrote a book in French language on cyberespionage.
Ex-Law Enforcement Officer
Cybercrime / Cyberespionage aficionado.
Has worked in several CSIRTs/CERTs.
Metal & Rock dude, never enough guitars.
Motorcycles fan.
Wrote a book in French language on cyberespionage.
Ex-Law Enforcement Officer
Reposted by Cedric Pernet
Incroyable histoire dévoilé par @theguardian.com : "Rise of the ‘porno-trolls’: how one porn platform made millions suing its viewers" www.theguardian.com/society/ng-i...
Rise of the ‘porno-trolls’: how one porn platform made millions suing its viewers
A company called Strike 3, owner of Vixen and Tushy, has clogged US courts with lawsuits, mostly against porn watchers who feel shamed into settling privately
www.theguardian.com
November 5, 2025 at 9:04 AM
Incroyable histoire dévoilé par @theguardian.com : "Rise of the ‘porno-trolls’: how one porn platform made millions suing its viewers" www.theguardian.com/society/ng-i...
My thought of the day: all registrars should rethink their registration processes, so that automatic registration cannot be done that easily by cybercriminals. Some of them register hundreds of domains every day... #fightautomation #cybercrime
November 5, 2025 at 8:41 AM
My thought of the day: all registrars should rethink their registration processes, so that automatic registration cannot be done that easily by cybercriminals. Some of them register hundreds of domains every day... #fightautomation #cybercrime
Well some people here asked me where the hell I have been. To make it short: lot of good work (not public), and getting separated from my wife. So, quite a hot-cold situation. Will try to come more often here and start spreading cybercrime/APT stuff again.
November 5, 2025 at 8:22 AM
Well some people here asked me where the hell I have been. To make it short: lot of good work (not public), and getting separated from my wife. So, quite a hot-cold situation. Will try to come more often here and start spreading cybercrime/APT stuff again.
Infamous BreachForums Is Back Online With All Old Accounts and Posts Restored - cybersecuritynews.com/breachforums...
#cybercrime
#cybercrime
July 27, 2025 at 8:41 AM
Infamous BreachForums Is Back Online With All Old Accounts and Posts Restored - cybersecuritynews.com/breachforums...
#cybercrime
#cybercrime
Reposted by Cedric Pernet
NEW: Data broker sites were allegedly used by the Minnesota shooting suspect, authorities claim, highlighting the danger of an industry that freely sells your personal information. @lhn.bsky.social reports www.wired.com/story/minnes...
Minnesota Shooting Suspect Allegedly Used Data Broker Sites to Find Targets' Addresses
The Minnesota shooter allegedly researched several “people search” sites in an attempt to target his victims, highlighting the potential dangers of widely available personal data.
www.wired.com
June 17, 2025 at 2:25 AM
NEW: Data broker sites were allegedly used by the Minnesota shooting suspect, authorities claim, highlighting the danger of an industry that freely sells your personal information. @lhn.bsky.social reports www.wired.com/story/minnes...
Reposted by Cedric Pernet
We recently discovered an infostealer in our data that we originally dubbed "Aurotun," named for a misspelling of "autorun" in its strings.
After collab w/ @intel471.bsky.social, @malwareindepth.com & others, we believe this malware is actually MonsterV2, a newer version of an existing infostealer.
After collab w/ @intel471.bsky.social, @malwareindepth.com & others, we believe this malware is actually MonsterV2, a newer version of an existing infostealer.
June 5, 2025 at 9:07 PM
We recently discovered an infostealer in our data that we originally dubbed "Aurotun," named for a misspelling of "autorun" in its strings.
After collab w/ @intel471.bsky.social, @malwareindepth.com & others, we believe this malware is actually MonsterV2, a newer version of an existing infostealer.
After collab w/ @intel471.bsky.social, @malwareindepth.com & others, we believe this malware is actually MonsterV2, a newer version of an existing infostealer.
Reposted by Cedric Pernet
Tu envoies des e-mails de phishing usurpant Le Monde ?
@flrnd.bsky.social et @okami.bsky.social retrouvent ton adresse e-mail.
@flrnd.bsky.social et @okami.bsky.social retrouvent ton adresse e-mail.
Qui organise les campagnes d’hameçonnage visant les abonnés du « Monde » et de « Télérama » ?
Des tentatives d’arnaques avec des messages piégés ont ciblé, ces dernières semaines, les abonnés de plusieurs grands journaux, dont « Le Figaro » ou « Le Monde ». La trace des pirates mène en France.
www.lemonde.fr
April 30, 2025 at 8:04 AM
Tu envoies des e-mails de phishing usurpant Le Monde ?
@flrnd.bsky.social et @okami.bsky.social retrouvent ton adresse e-mail.
@flrnd.bsky.social et @okami.bsky.social retrouvent ton adresse e-mail.
Very happy and proud that one of my "weekend research" has been exposed in an article from Le Monde.
I had spent some time during my short unemployed period to dig into #Traffyque infrastructure.
www.lemonde.fr/pixels/artic...
#cybercrime #lemonde
I had spent some time during my short unemployed period to dig into #Traffyque infrastructure.
www.lemonde.fr/pixels/artic...
#cybercrime #lemonde
April 30, 2025 at 8:00 AM
Very happy and proud that one of my "weekend research" has been exposed in an article from Le Monde.
I had spent some time during my short unemployed period to dig into #Traffyque infrastructure.
www.lemonde.fr/pixels/artic...
#cybercrime #lemonde
I had spent some time during my short unemployed period to dig into #Traffyque infrastructure.
www.lemonde.fr/pixels/artic...
#cybercrime #lemonde
Reposted by Cedric Pernet
New from 404 Media: the age of realtime deepfake fraud is here. Scammers in Nigeria are using realtime deepfakes to change their race, facial hair, gender, more to appear as someone else on video calls. Results very realistic now. Also tricking verification systems www.404media.co/the-age-of-r...
The Age of Realtime Deepfake Fraud Is Here
Fraudsters are able to change their race, facial hair, voice, and more during live video calls with very little effort. Scammers are already fooling the elderly and verification systems.
www.404media.co
April 28, 2025 at 1:03 PM
New from 404 Media: the age of realtime deepfake fraud is here. Scammers in Nigeria are using realtime deepfakes to change their race, facial hair, gender, more to appear as someone else on video calls. Results very realistic now. Also tricking verification systems www.404media.co/the-age-of-r...
Reposted by Cedric Pernet
Spyware-infected apps are being used to target individuals and organizations worldwide who are tied to Uyghur, Tibetan and Taiwanese activities “considered by the Chinese state to pose a threat to its stability,” @suzannesmalley.bsky.social reports this morning.
NCSC shares technical details of spyware targeting Uyghur, Tibetan and Taiwanese groups
The U.K.’s National Cyber Security Centre and international cybersecurity and intelligence agencies on Wednesday said hackers are deploying two forms of previously identified spyware to snoop on Uyghu...
therecord.media
April 9, 2025 at 6:22 AM
Spyware-infected apps are being used to target individuals and organizations worldwide who are tied to Uyghur, Tibetan and Taiwanese activities “considered by the Chinese state to pose a threat to its stability,” @suzannesmalley.bsky.social reports this morning.
Reposted by Cedric Pernet
From firmware dumps to wireless exploration — check out our latest dive into DVB receiver analysis and the hidden attack surface it exposes!
www.synacktiv.com/en/publicati...
www.synacktiv.com/en/publicati...
Hack the channel: A Deep Dive into DVB Receiver Security
Introduction During a garage cleaning, we found a DVB receiver and thought it would be a great target for vulnerability research.
www.synacktiv.com
April 9, 2025 at 6:36 AM
From firmware dumps to wireless exploration — check out our latest dive into DVB receiver analysis and the hidden attack surface it exposes!
www.synacktiv.com/en/publicati...
www.synacktiv.com/en/publicati...
Weaver Ant, the Web Shell Whisperer: Tracking a Live China-nexus Operation - www.sygnia.co/threat-repor... #APT #longpersistence
March 29, 2025 at 11:48 PM
Weaver Ant, the Web Shell Whisperer: Tracking a Live China-nexus Operation - www.sygnia.co/threat-repor... #APT #longpersistence
Reposted by Cedric Pernet
The Grandoreiro malware operation is back up and running after some of its members were detained last year.
Forcepoint has detected new large-scale phishing operations spreading the banking trojan to users in Europe and Latin America
www.forcepoint.com/blog/x-labs/...
Forcepoint has detected new large-scale phishing operations spreading the banking trojan to users in Europe and Latin America
www.forcepoint.com/blog/x-labs/...
Grandoreiro Trojan Distributed via Contabo-Hosted Servers in Phishing Campaigns
Cybercriminals are spreading the Grandoreiro banking trojan in Mexico, Argentina and Spain through phishing emails impersonating a tax agency.
www.forcepoint.com
March 29, 2025 at 7:28 PM
The Grandoreiro malware operation is back up and running after some of its members were detained last year.
Forcepoint has detected new large-scale phishing operations spreading the banking trojan to users in Europe and Latin America
www.forcepoint.com/blog/x-labs/...
Forcepoint has detected new large-scale phishing operations spreading the banking trojan to users in Europe and Latin America
www.forcepoint.com/blog/x-labs/...
Pulling the Threads on the Phish of Troy Hunt - www.validin.com/blog/pulling... #cybercrime #phishing
March 29, 2025 at 11:30 PM
Pulling the Threads on the Phish of Troy Hunt - www.validin.com/blog/pulling... #cybercrime #phishing
Reposted by Cedric Pernet
Zscaler has spotted a new malware loader named CoffeeLoader, used in the wild since September of last year. The malware was used together and appears to bear similarities with SmokeLoader.
www.zscaler.com/blogs/securi...
www.zscaler.com/blogs/securi...
CoffeeLoader: A Brew of Stealthy Techniques | ThreatLabz
CoffeeLoader is a new malware loader that employs stealthy techniques including call stack spoofing, sleep obfuscation, and Windows fibers to evade detection.
www.zscaler.com
March 29, 2025 at 10:13 PM
Zscaler has spotted a new malware loader named CoffeeLoader, used in the wild since September of last year. The malware was used together and appears to bear similarities with SmokeLoader.
www.zscaler.com/blogs/securi...
www.zscaler.com/blogs/securi...
Following the discreet layoffs at Trend Micro at the end of last year, I am now incredibly proud to announce that I just joined the powerful forces of @proofpoint.com ! I feel very gifted and honored to start working with such an amazing team of researchers !
March 10, 2025 at 10:23 PM
Following the discreet layoffs at Trend Micro at the end of last year, I am now incredibly proud to announce that I just joined the powerful forces of @proofpoint.com ! I feel very gifted and honored to start working with such an amazing team of researchers !
Reposted by Cedric Pernet
L'Assemblée nationale entame aujourd'hui l'examen de la loi narcotrafic et de ses backdoors. La mesure serait au mieux inefficace, au pire dangereuse, mais Bruno Retailleau s'y accroche, affirmant contre les évidences qu'il ne s'agit pas ni d'une backdoor, ni d'un affaiblissement du chiffrement.
Loi contre le narcotrafic : Bruno Retailleau confirme son soutien à une disposition controversée visant le chiffrement des messages
Le ministre de l’intérieur a tenté de rassurer sur l’encadrement de ces « backdoors », qui permettraient aux forces de l’ordre d’accéder aux échanges chiffrés. Il s’est cependant dit « sans illusion »...
www.lemonde.fr
March 5, 2025 at 8:10 AM
L'Assemblée nationale entame aujourd'hui l'examen de la loi narcotrafic et de ses backdoors. La mesure serait au mieux inefficace, au pire dangereuse, mais Bruno Retailleau s'y accroche, affirmant contre les évidences qu'il ne s'agit pas ni d'une backdoor, ni d'un affaiblissement du chiffrement.
Reposted by Cedric Pernet
Interesting read on new technics used by cybercriminals to scam people and cash out stolen money - How Phished Data Turns into Apple & Google Wallets - krebsonsecurity.com/2025/02/how-... #cybercrime #scam #China #mobile
February 25, 2025 at 3:36 PM
Interesting read on new technics used by cybercriminals to scam people and cash out stolen money - How Phished Data Turns into Apple & Google Wallets - krebsonsecurity.com/2025/02/how-... #cybercrime #scam #China #mobile
Reposted by Cedric Pernet
@shodanhq.bsky.social Awesome! Shodan History is back in the UI. Nice!!! Thank you.
But I have a question regarding trends.shodan.io. all trends I do are stopping at October 2024. Why? Please make them to the current data again. I love it and need it. :)
But I have a question regarding trends.shodan.io. all trends I do are stopping at October 2024. Why? Please make them to the current data again. I love it and need it. :)
Shodan
Shodan Trends - Discover how the Internet has changed over time.
trends.shodan.io
February 24, 2025 at 9:34 PM
@shodanhq.bsky.social Awesome! Shodan History is back in the UI. Nice!!! Thank you.
But I have a question regarding trends.shodan.io. all trends I do are stopping at October 2024. Why? Please make them to the current data again. I love it and need it. :)
But I have a question regarding trends.shodan.io. all trends I do are stopping at October 2024. Why? Please make them to the current data again. I love it and need it. :)
Reposted by Cedric Pernet
Ukrainian hackers hit Gazprom contractor, crippling Russian energy infrastructure
newsukraine.rbc.ua/news/ukraini...
newsukraine.rbc.ua/news/ukraini...
Ukrainian hackers hit Gazprom contractor, crippling Russian energy infrastructure
Read more
newsukraine.rbc.ua
February 14, 2025 at 4:43 PM
Ukrainian hackers hit Gazprom contractor, crippling Russian energy infrastructure
newsukraine.rbc.ua/news/ukraini...
newsukraine.rbc.ua/news/ukraini...
Reposted by Cedric Pernet
This is really interesting and good work by Volexity. I'm not sure how many places are looking for this kind of abuse or have outright prevented it. As a provider finding this kind of abuse has got to be difficult too.
We have been tracking multiple Russian APT groups aggressively targeting organizations with Microsoft Device Code authentication phishing. The attackers got creative with tricking users into granting them access to their accounts. Have a look at our blog for all the details!
@volexity.com recently identified multiple Russian threat actors targeting users via #socialengineering + #spearphishing campaigns with Microsoft 365 Device Code authentication (a well-known technique) with alarming success: www.volexity.com/blog/2025/02...
#dfir #threatintel #m365security
#dfir #threatintel #m365security
February 14, 2025 at 3:20 AM
This is really interesting and good work by Volexity. I'm not sure how many places are looking for this kind of abuse or have outright prevented it. As a provider finding this kind of abuse has got to be difficult too.
A lire absolument, pour ceux qui souhaitent comprendre l'ampleur de ce que les #databrokers obtiennent comme info sur les internautes.
#adint #cybercriminalité #sensibilisation
Merci #LeMonde pour cet excellent article.
www.lemonde.fr/pixels/artic...
#adint #cybercriminalité #sensibilisation
Merci #LeMonde pour cet excellent article.
www.lemonde.fr/pixels/artic...
February 12, 2025 at 4:45 PM
A lire absolument, pour ceux qui souhaitent comprendre l'ampleur de ce que les #databrokers obtiennent comme info sur les internautes.
#adint #cybercriminalité #sensibilisation
Merci #LeMonde pour cet excellent article.
www.lemonde.fr/pixels/artic...
#adint #cybercriminalité #sensibilisation
Merci #LeMonde pour cet excellent article.
www.lemonde.fr/pixels/artic...