Jeremy Kirk
@jkirk.bsky.social
Threat intel @ Intel 471 (@intel471.bsky.social). Personal account. Interests: Cybercrime, cyber threat intelligence, OSINT, data breaches, photography. Also produce Intel 471's "Cybercrime Exposed" podcast. #Australia
Pinned
Jeremy Kirk
@jkirk.bsky.social
· Aug 20
A new episode of @intel471.bsky.social's Cybercrime Exposed podcast is out! DukeEugene is a Russian Android malware dev who has a big problem, and he puts everything on the line to solve it. Link to pod here: www.intel471.com/resources/po...
Lost iPhones can display a phone number or email of the owner, and thieves are now leveraging that to phish Apple ID credentials from the hapless owner and remove the Activation Lock. #infosec www.ncsc.admin.ch/ncsc/en/home...
Week 44: Lost iPhone – the phishing trap that follows
04.11.2025 - The NCSC has received reports of cases where iPhone owners have received a text message claiming that their lost or stolen device has been found abroad, months after it went missing. Whil...
www.ncsc.admin.ch
November 12, 2025 at 5:08 AM
Lost iPhones can display a phone number or email of the owner, and thieves are now leveraging that to phish Apple ID credentials from the hapless owner and remove the Activation Lock. #infosec www.ncsc.admin.ch/ncsc/en/home...
Famed Russian spy hunter Christo Grozev claimed on this podcast four months ago that North Korea hacked the Democratic National Committee in 2016 and passed the info to Russia, which in exchange divulged access to Bangladesh Bank. 🤔 #infosec Passage at 13m 31s:
www.youtube.com/watch?v=dimh...
www.youtube.com/watch?v=dimh...
November 6, 2025 at 9:11 PM
Famed Russian spy hunter Christo Grozev claimed on this podcast four months ago that North Korea hacked the Democratic National Committee in 2016 and passed the info to Russia, which in exchange divulged access to Bangladesh Bank. 🤔 #infosec Passage at 13m 31s:
www.youtube.com/watch?v=dimh...
www.youtube.com/watch?v=dimh...
Accused ALPHV/BlackCat ransomware affiliate Ryan Goldberg made US$214,000 a year working in incident response for Sygnia but told the FBI he was in debt as the reason for getting involved in ransomware, according to court documents. He initially denied involvement in the attacks. #infosec
November 5, 2025 at 11:09 PM
Accused ALPHV/BlackCat ransomware affiliate Ryan Goldberg made US$214,000 a year working in incident response for Sygnia but told the FBI he was in debt as the reason for getting involved in ransomware, according to court documents. He initially denied involvement in the attacks. #infosec
Winnie wanted to lay on the keyboard so I guess this is the second-best position. 😀
November 3, 2025 at 11:30 PM
Winnie wanted to lay on the keyboard so I guess this is the second-best position. 😀
@daveaitel.bsky.social One question that popped into my head re: AIs finding bugs is what happens when adversaries start using them to find bugs and develop exploits at scale. Is it going to be mayhem?
November 3, 2025 at 9:32 PM
@daveaitel.bsky.social One question that popped into my head re: AIs finding bugs is what happens when adversaries start using them to find bugs and develop exploits at scale. Is it going to be mayhem?
Three U.S. nationals who worked in incident response and ransomware negotiations allegedly became ALPHV/Black Cat affiliates and conducted at least five attacks over two years. #infosec cyberscoop.com/incident-res...
Prosecutors allege incident response pros used ALPHV/BlackCat to commit string of ransomware attacks
The alleged cybersecurity turncoats attacked at least five U.S. companies while working for their respective employers, officials said.
cyberscoop.com
November 3, 2025 at 9:25 PM
Three U.S. nationals who worked in incident response and ransomware negotiations allegedly became ALPHV/Black Cat affiliates and conducted at least five attacks over two years. #infosec cyberscoop.com/incident-res...
Terrific discussion with OpenAI's @daveaitel.bsky.social on @ryanaraine.bsky.social's Three Buddy Problem podcast about Aardvark, which is OpenAI's new agentic bug-hunting tool. It's a must listen if you're in security. #infosec www.youtube.com/watch?v=EwMJ...
OpenAI’s Dave Aitel talks Aardvark, economics of bug-hunting with LLMs
YouTube video by Three Buddy Problem
www.youtube.com
November 2, 2025 at 8:18 AM
Terrific discussion with OpenAI's @daveaitel.bsky.social on @ryanaraine.bsky.social's Three Buddy Problem podcast about Aardvark, which is OpenAI's new agentic bug-hunting tool. It's a must listen if you're in security. #infosec www.youtube.com/watch?v=EwMJ...
Here's an analysis from @intel471.bsky.social of the delicate dynamics in play regarding a secret U.S. FBI task force
called Group 78 that European law enforcement officials say used covert tactics to disrupt the Black Basta ransomware group. #infosec www.intel471.com/blog/the-fbi...
called Group 78 that European law enforcement officials say used covert tactics to disrupt the Black Basta ransomware group. #infosec www.intel471.com/blog/the-fbi...
The FBI’s Group 78: Covertly fighting ransomware?
European law enforcement officials say a secret U.S. FBI task force called Group 78 used covert tactics to disrupt the Black Basta ransomware group, but it has caused tension. Intel 471 analyzes the d...
www.intel471.com
October 23, 2025 at 12:43 AM
Here's an analysis from @intel471.bsky.social of the delicate dynamics in play regarding a secret U.S. FBI task force
called Group 78 that European law enforcement officials say used covert tactics to disrupt the Black Basta ransomware group. #infosec www.intel471.com/blog/the-fbi...
called Group 78 that European law enforcement officials say used covert tactics to disrupt the Black Basta ransomware group. #infosec www.intel471.com/blog/the-fbi...
A Romanian prisoner hacked a prison management platform, changing permissions to allow inmates to view porn and padding their commissary accounts by increasing their balances. Great story by @campuscodi.risky.biz in Risky Business News. #infosec news.risky.biz/risky-bullet...
Prisoner hacks his prison IT system, goes wild!
In other news: Hackers leak ICE employee data; John Bolton hacked and extorted; giant SIM farm seized in Latvia.
news.risky.biz
October 21, 2025 at 9:05 PM
A Romanian prisoner hacked a prison management platform, changing permissions to allow inmates to view porn and padding their commissary accounts by increasing their balances. Great story by @campuscodi.risky.biz in Risky Business News. #infosec news.risky.biz/risky-bullet...
Bruce Schneier on how security may be impossible for web-enabled LLMs: "We built a system that trusts everything, and now we hope for a semantic firewall to keep it safe. The adversary isn’t inside the loop by accident; it’s there by architecture." #infosec www.schneier.com/blog/archive...
Agentic AI’s OODA Loop Problem - Schneier on Security
The OODA loop—for observe, orient, decide, act—is a framework to understand decision-making in adversarial situations. We apply the same framework to artificial intelligence agents, who have to make t...
www.schneier.com
October 21, 2025 at 3:18 AM
Bruce Schneier on how security may be impossible for web-enabled LLMs: "We built a system that trusts everything, and now we hope for a semantic firewall to keep it safe. The adversary isn’t inside the loop by accident; it’s there by architecture." #infosec www.schneier.com/blog/archive...
Le Monde reports of a secret FBI unit called Group 78 tasked with using covert tactics to disrupt Russian ransomware groups. The Europeans were not happy about it. #infosec
Scoop : révélations sur le "Group 78", l'unité secrète du FBI chargée de faire la guerre aux cybercriminels, quitte à utiliser des méthodes illégales et au risque de faire dérailler les enquêtes judiciaires européennes (avec @flrnd.bsky.social et @kaibiermann.bsky.social). Thread ⤵️
Révélations sur le « Group 78 », une unité secrète américaine chargée de la lutte contre les cybercriminels
En novembre 2024, la présentation de cette task force par le FBI à des policiers et des magistrats européens a choqué certains enquêteurs. Ils craignent notamment pour l’intégrité de leurs investigati...
www.lemonde.fr
October 20, 2025 at 11:12 AM
Le Monde reports of a secret FBI unit called Group 78 tasked with using covert tactics to disrupt Russian ransomware groups. The Europeans were not happy about it. #infosec
Very interesting research into a very serious Microsoft Entra bug (CVE-2025-55241).
dirkjanm.io/obtaining-gl...
dirkjanm.io/obtaining-gl...
One Token to rule them all - obtaining Global Admin in every Entra ID tenant via Actor tokens
While preparing for my Black Hat and DEF CON talks in July of this year, I found the most impactful Entra ID vulnerability that I will probably ever find. One that could have allowed me to compromise ...
dirkjanm.io
September 18, 2025 at 11:22 AM
Very interesting research into a very serious Microsoft Entra bug (CVE-2025-55241).
dirkjanm.io/obtaining-gl...
dirkjanm.io/obtaining-gl...
The Register reports Microsoft has cut off Chinese vendors from its MAPP program, which gives advanced warning of pending patches so vendors can prepare. #infosec www.theregister.com/2025/08/21/m...
www.theregister.com
August 22, 2025 at 5:40 AM
The Register reports Microsoft has cut off Chinese vendors from its MAPP program, which gives advanced warning of pending patches so vendors can prepare. #infosec www.theregister.com/2025/08/21/m...
A new episode of @intel471.bsky.social's Cybercrime Exposed podcast is out! DukeEugene is a Russian Android malware dev who has a big problem, and he puts everything on the line to solve it. Link to pod here: www.intel471.com/resources/po...
August 20, 2025 at 3:10 AM
A new episode of @intel471.bsky.social's Cybercrime Exposed podcast is out! DukeEugene is a Russian Android malware dev who has a big problem, and he puts everything on the line to solve it. Link to pod here: www.intel471.com/resources/po...
Trail of Bits has open-sourced its Buttercup Cyber Reasoning System, an AI tool that can find vulnerabilities in open source repositories and then patch them using a multi-agent AI patcher. #infosec Project here: github.com/trailofbits/...
GitHub - trailofbits/buttercup
Contribute to trailofbits/buttercup development by creating an account on GitHub.
github.com
August 19, 2025 at 11:26 PM
Trail of Bits has open-sourced its Buttercup Cyber Reasoning System, an AI tool that can find vulnerabilities in open source repositories and then patch them using a multi-agent AI patcher. #infosec Project here: github.com/trailofbits/...
Reposted by Jeremy Kirk
Phrack turns 40.
The digital drop is live.
Download it. Archive it. Pass it on.
💾 www.phrack.org
#phrackat40 #phrack72
The digital drop is live.
Download it. Archive it. Pass it on.
💾 www.phrack.org
#phrackat40 #phrack72
August 19, 2025 at 5:08 AM
Phrack turns 40.
The digital drop is live.
Download it. Archive it. Pass it on.
💾 www.phrack.org
#phrackat40 #phrack72
The digital drop is live.
Download it. Archive it. Pass it on.
💾 www.phrack.org
#phrackat40 #phrack72
Onery Apple decided to comply with right-to-repair laws by making spare parts available but for massively, makes-no-sense prices. A $20 charge port is being sold for $250. Outrageous. By @404media.co. www.404media.co/apple-is-sel...
Apple Is Selling iPad Repair Parts for Astronomical Prices
“I believe Apple is charging this because they know if the price is high enough no one will buy it."
www.404media.co
August 2, 2025 at 2:18 AM
Onery Apple decided to comply with right-to-repair laws by making spare parts available but for massively, makes-no-sense prices. A $20 charge port is being sold for $250. Outrageous. By @404media.co. www.404media.co/apple-is-sel...
Well, if this is accurate so be it - fair, scoped play. At least US spies didn't try to exploit every vulnerable one it found on the internet, like (ahem). #infosec www.theregister.com/2025/08/01/c...
China: US spies used Microsoft Exchange 0-day to steal info
: Spy vs. spy
www.theregister.com
August 2, 2025 at 2:15 AM
Well, if this is accurate so be it - fair, scoped play. At least US spies didn't try to exploit every vulnerable one it found on the internet, like (ahem). #infosec www.theregister.com/2025/08/01/c...
Some 110,000 ChatGPT conversations that were (inadvertently?) allowed by users to become discoverable via search engines were picked up in the Wayback Machine. www.digitaldigging.org/p/chatgpt-co... #infosec
ChatGPT Confessions gone? They are not !
OpenAI closes gap, but another opens of 110.000 chats
www.digitaldigging.org
August 2, 2025 at 2:12 AM
Some 110,000 ChatGPT conversations that were (inadvertently?) allowed by users to become discoverable via search engines were picked up in the Wayback Machine. www.digitaldigging.org/p/chatgpt-co... #infosec
Reposted by Jeremy Kirk
Holy shit, they did it. They wrote the headline.
July 30, 2025 at 1:10 AM
Holy shit, they did it. They wrote the headline.
@campuscodi.risky.biz Coming off the SharePoint flaw mess, I found this line in the Risky Bulletin hilarious 🤣.
July 25, 2025 at 5:32 AM
@campuscodi.risky.biz Coming off the SharePoint flaw mess, I found this line in the Risky Bulletin hilarious 🤣.
Microsoft has introduced linkable token identifiers, which allow for greater precision when tracking the use of compromised credentials by differentiating between valid and malicious sessions. #infosec techcommunity.microsoft.com/blog/microso...
Strengthen identity threat detection and response with linkable token identifiers
Linkable token identifiers now GA to trace user sessions across multiple Microsoft 365 and Microsoft Graph workloads to improve security investigations.
techcommunity.microsoft.com
July 25, 2025 at 5:21 AM
Microsoft has introduced linkable token identifiers, which allow for greater precision when tracking the use of compromised credentials by differentiating between valid and malicious sessions. #infosec techcommunity.microsoft.com/blog/microso...
Jacob Larsen is an #infosec pro who was involuntarily pulled into the dark world of doxing. I spoke with him about doxing's effects, how sites like Doxbin use legal loopholes and how to defend against being doxed. Latest Studio 471 podcast from @intel471.bsky.social
www.youtube.com/watch?v=y5AO...
www.youtube.com/watch?v=y5AO...
Defending against doxing ft. Jacob Larsen, Threat Researcher, Offensive Security Lead, CyberCX
YouTube video by Intel 471
www.youtube.com
July 24, 2025 at 6:32 AM
Jacob Larsen is an #infosec pro who was involuntarily pulled into the dark world of doxing. I spoke with him about doxing's effects, how sites like Doxbin use legal loopholes and how to defend against being doxed. Latest Studio 471 podcast from @intel471.bsky.social
www.youtube.com/watch?v=y5AO...
www.youtube.com/watch?v=y5AO...
The administrator of the XSS cybercrime forum has been arrested in Kyiv. #infosec
www.europol.europa.eu/media-press/...
www.europol.europa.eu/media-press/...
Key figure behind major Russian-speaking cybercrime forum targeted in Ukraine – Suspected forum administrator with nearly 20 years in cybercrime made over EUR 7 million facilitating illegal activities...
Suspected forum administrator with nearly 20 years in cybercrime made over EUR 7 million facilitating illegal activities. A long-running investigation led by the French authorities, in close cooperati...
www.europol.europa.eu
July 23, 2025 at 11:43 PM
The administrator of the XSS cybercrime forum has been arrested in Kyiv. #infosec
www.europol.europa.eu/media-press/...
www.europol.europa.eu/media-press/...