Peter Girnus
@gothburz.bsky.social
Sr. Threat Researcher @theZDI 🥷🏻🛡️👨🏼💻Hunts for 0-days and #security threats in the wild 🎯 News 📰 Memes 😏 Books 📚 Games 👾 opinions my own 💭 #infosec
Pinned
Peter Girnus
@gothburz.bsky.social
· Feb 4
We identified a new zero-day vulnerability affecting 7-Zip (CVE-2025-0411) being exploited in-the-wild on September 25th, 2024. Russian groups utilized this vulnerability, deploying SmokeLoader for espionage operations targeting #Ukraine during the Russo-Ukrainian War. #infosec #cybersecurity 🔗👇
Justi autem in perpetuum vivent et apud Dominum est merces eorum — Wisdom 5:16
June 4, 2025 at 2:30 AM
Justi autem in perpetuum vivent et apud Dominum est merces eorum — Wisdom 5:16
"It is evening in the soul... when the light of this world fades and a man is indrawn and rests" — Meister Eckhart, Sermon 38
April 19, 2025 at 5:31 PM
"It is evening in the soul... when the light of this world fades and a man is indrawn and rests" — Meister Eckhart, Sermon 38
🚨Patch up your Kubernetes installs.
⚠️ Affected @kubernetesio versions:
< v1.11.0
v1.11.0 - 1.11.4
v1.12.0
🦠Vulnerabilities
CVE-2025-1974
CVE-2025-1097
CVE-2025-1098
CVE-2025-24514
CVE-2025-24513
⚠️ Affected @kubernetesio versions:
< v1.11.0
v1.11.0 - 1.11.4
v1.12.0
🦠Vulnerabilities
CVE-2025-1974
CVE-2025-1097
CVE-2025-1098
CVE-2025-24514
CVE-2025-24513
March 25, 2025 at 4:03 PM
🚨Patch up your Kubernetes installs.
⚠️ Affected @kubernetesio versions:
< v1.11.0
v1.11.0 - 1.11.4
v1.12.0
🦠Vulnerabilities
CVE-2025-1974
CVE-2025-1097
CVE-2025-1098
CVE-2025-24514
CVE-2025-24513
⚠️ Affected @kubernetesio versions:
< v1.11.0
v1.11.0 - 1.11.4
v1.12.0
🦠Vulnerabilities
CVE-2025-1974
CVE-2025-1097
CVE-2025-1098
CVE-2025-24514
CVE-2025-24513
Rare urgent advisory from @Meta 🚨⚠️ CVE-2025-27363: FreeType flaw risks millions. Remote code execution possible on major platforms. Patch urged as exploitation rises. Severity: 8.2/10. Affects versions pre-2.13.3. Update now!
www.facebook.com
March 13, 2025 at 1:04 PM
Rare urgent advisory from @Meta 🚨⚠️ CVE-2025-27363: FreeType flaw risks millions. Remote code execution possible on major platforms. Patch urged as exploitation rises. Severity: 8.2/10. Affects versions pre-2.13.3. Update now!
Snack makers are shifting away from artificial colors in processed foods. PepsiCo's new Simply Ruffles product uses natural ingredients like tomato powder. This change aligns with a trend following the FDA's ban on Red No. 3 due to health concerns.
March 9, 2025 at 12:30 AM
Snack makers are shifting away from artificial colors in processed foods. PepsiCo's new Simply Ruffles product uses natural ingredients like tomato powder. This change aligns with a trend following the FDA's ban on Red No. 3 due to health concerns.
The iPhone 16e: the priciest budget phone! 💸 It boasts a solid display, performance, and battery life but ditches fun features like MagSafe and Dynamic Island. 🏖️ Apple’s strategy? Hike prices while streamlining production. Great for profits📱😬 @arstechnica
March 8, 2025 at 2:45 AM
The iPhone 16e: the priciest budget phone! 💸 It boasts a solid display, performance, and battery life but ditches fun features like MagSafe and Dynamic Island. 🏖️ Apple’s strategy? Hike prices while streamlining production. Great for profits📱😬 @arstechnica
🚨Medusa #ransomware claims 40+ victims in 2025, including a US healthcare org hit in Jan. @Symantec reports nearly 400 victims since 2023, with ransom demands up to $15M. True victim count likely higher. From @InfosecurityMag 👉
Medusa Ransomware Claims 40+ Victims in 2025
Symantec found that Medusa has listed almost 400 victims on its data leaks site since early 2023, demanding ransom payments as high as $15m
www.infosecurity-magazine.com
March 7, 2025 at 11:46 AM
🚨Medusa #ransomware claims 40+ victims in 2025, including a US healthcare org hit in Jan. @Symantec reports nearly 400 victims since 2023, with ransom demands up to $15M. True victim count likely higher. From @InfosecurityMag 👉
🚨Akira ransomware gang used an unsecured webcam to deploy a Linux encryptor, bypassing EDR and encrypting network shares via SMB 🤯. Highlights need for broader device monitoring beyond Windows endpoints. From @BleepinComputer
March 7, 2025 at 10:45 AM
🚨Akira ransomware gang used an unsecured webcam to deploy a Linux encryptor, bypassing EDR and encrypting network shares via SMB 🤯. Highlights need for broader device monitoring beyond Windows endpoints. From @BleepinComputer
🚨@BleepinComputer: @Ethereum key stealer hits PyPI as "set-utils", downloaded 1K+ times! @billtoulas
warns blockchain devs to stay vigilant. #crypto
warns blockchain devs to stay vigilant. #crypto
Ethereum private key stealer on PyPI downloaded over 1,000 times
A malicious Python Package Index (PyPI) package named "set-utils" has been stealing Ethereum private keys through intercepted wallet creation functions and exfiltrating them via the Polygon blockchain.
www.bleepingcomputer.com
March 6, 2025 at 11:31 PM
🚨@BleepinComputer: @Ethereum key stealer hits PyPI as "set-utils", downloaded 1K+ times! @billtoulas
warns blockchain devs to stay vigilant. #crypto
warns blockchain devs to stay vigilant. #crypto
🚨 Akira ransomware exploited an unsecured webcam (yes this is an initial security vector and one reason why #Pwn2Own has IoT cameras as a target category) to encrypt a network, bypassing EDR. @BleepinComputer reports rapid attack from initial access to encryption in hours. 🤯 #Ransomware
March 6, 2025 at 11:01 PM
🚨 Akira ransomware exploited an unsecured webcam (yes this is an initial security vector and one reason why #Pwn2Own has IoT cameras as a target category) to encrypt a network, bypassing EDR. @BleepinComputer reports rapid attack from initial access to encryption in hours. 🤯 #Ransomware
@Microsoft takes down massive malvertising campaign hit ~1M PCs via GitHub repos. Malware stole system data & dropped payloads. Tracked as Storm-0408.💽🛡️ via @BleepingComputer
Microsoft says malvertising campaign impacted 1 million PCs
Microsoft has taken down an undisclosed number of GitHub repositories used in a massive malvertising campaign that impacted almost one million devices worldwide.
www.bleepingcomputer.com
March 6, 2025 at 10:06 PM
@Microsoft takes down massive malvertising campaign hit ~1M PCs via GitHub repos. Malware stole system data & dropped payloads. Tracked as Storm-0408.💽🛡️ via @BleepingComputer
@jenkinsci releases Jenkins Security Advisory 2025-03-05
Jenkins Security Advisory 2025-03-05
Jenkins – an open source automation server which enables developers around the world to reliably build, test, and deploy their software
www.jenkins.io
March 6, 2025 at 8:31 PM
@jenkinsci releases Jenkins Security Advisory 2025-03-05
🩹SMR-MAR-2025: @SamsungMobile releases patches for flagship model phones 📱 make sure to apply the latest patch in order to secure your @Samsung devices.
https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=03
https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=03
March 6, 2025 at 6:02 PM
🩹SMR-MAR-2025: @SamsungMobile releases patches for flagship model phones 📱 make sure to apply the latest patch in order to secure your @Samsung devices.
https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=03
https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=03
Over 37,000 VMware ESXi servers are vulnerable to a critical flaw (CVE-2025-22224) that is being actively exploited, prompting urgent updates and mitigation efforts from affected organizations. From @BleepinComputer @billtoulas
March 6, 2025 at 5:30 PM
Over 37,000 VMware ESXi servers are vulnerable to a critical flaw (CVE-2025-22224) that is being actively exploited, prompting urgent updates and mitigation efforts from affected organizations. From @BleepinComputer @billtoulas
A sophisticated cyber-intrusion campaign 🥷 has been reported, targeting various Japanese sectors 🇯🇵🎯 by exploiting a remote code execution flaw to gain access, deploying Cobalt Strike 🦠for persistent control, while engaging in credential theft and lateral movement
March 6, 2025 at 5:05 PM
A sophisticated cyber-intrusion campaign 🥷 has been reported, targeting various Japanese sectors 🇯🇵🎯 by exploiting a remote code execution flaw to gain access, deploying Cobalt Strike 🦠for persistent control, while engaging in credential theft and lateral movement
🚨@BleepinComputer: BadBox malware 🦠 disrupted on 500K Android devices! @billtoulas reports.
March 5, 2025 at 5:45 PM
🚨@BleepinComputer: BadBox malware 🦠 disrupted on 500K Android devices! @billtoulas reports.
🔬🚀@NVIDIA & @Broadcom are testing chips with @Intel's 18A process, showing confidence in Intel's manufacturing comeback. Details from @Reuters 👉
Exclusive: Nvidia and Broadcom testing chips on Intel manufacturing process, sources say
Chip designers Nvidia and Broadcom are running manufacturing tests with Intel , two sources familiar with the matter told Reuters, demonstrating early confidence in the struggling company's advanced production techniques.
www.reuters.com
March 4, 2025 at 8:03 PM
🔬🚀@NVIDIA & @Broadcom are testing chips with @Intel's 18A process, showing confidence in Intel's manufacturing comeback. Details from @Reuters 👉
So many security advisories going out! 🤯 Including VMWare, HUAWEI, Paragon, and Mozilla. Here is what the vulnerability landscape looks like. Lots of Injection and Memory Corruption issues across all of these advisories.
March 4, 2025 at 6:30 PM
So many security advisories going out! 🤯 Including VMWare, HUAWEI, Paragon, and Mozilla. Here is what the vulnerability landscape looks like. Lots of Injection and Memory Corruption issues across all of these advisories.
Microsoft finalizes EU Data Boundary, keeping EU customer data local per regulations. Some still wary of US vendor ties. @TheRegister reports. 🔒🇪🇺
Microsoft unveils finalized EU Data Boundary
Some may have second thoughts about going all-in with an American vendor, no matter where their data is stored
www.theregister.com
March 3, 2025 at 10:02 PM
Microsoft finalizes EU Data Boundary, keeping EU customer data local per regulations. Some still wary of US vendor ties. @TheRegister reports. 🔒🇪🇺
Polish Space Agency (@POLSA_GOV_PL) hit by cyberattack, systems secured. Officials probe culprits amid tensions with Moscow. @TheRegister reports. 🚀🔒
Polish space agency confirms cyberattack
Officials vow to uncover who was behind it
www.theregister.com
March 3, 2025 at 7:02 PM
Polish Space Agency (@POLSA_GOV_PL) hit by cyberattack, systems secured. Officials probe culprits amid tensions with Moscow. @TheRegister reports. 🚀🔒
Hackers exploit ClickFix to deploy NetSupport RAT via fake CAPTCHAs, tricking users into running malicious PowerShell. @TheHackersNews 🐀🚨💻 https://thehackernews.com/2025/03/hackers-use-clickfix-trick-to-deploy.html
March 3, 2025 at 6:03 PM
Hackers exploit ClickFix to deploy NetSupport RAT via fake CAPTCHAs, tricking users into running malicious PowerShell. @TheHackersNews 🐀🚨💻 https://thehackernews.com/2025/03/hackers-use-clickfix-trick-to-deploy.html
🔎@Unit42_Intel dives into malware obfuscation tricks & automating unpacking. Static analysis in sandboxes can extract key configs from samples. See how at
Uncovering .NET Malware Obfuscated by Encryption and Virtualization
Malware authors use AES encryption and code virtualization to evade sandbox static analysis. We explore how this facilitates spread of Agent Tesla, XWorm and more. Malware authors use AES encryption and code virtualization to evade sandbox static analysis. We explore how this facilitates spread of Agent Tesla, XWorm and more.
unit42.paloaltonetworks.com
March 3, 2025 at 1:03 PM
🔎@Unit42_Intel dives into malware obfuscation tricks & automating unpacking. Static analysis in sandboxes can extract key configs from samples. See how at