Jeremy Kirk
@jkirk.bsky.social
Threat intel @ Intel 471 (@intel471.bsky.social). Personal account. Interests: Cybercrime, cyber threat intelligence, OSINT, data breaches, photography. Also produce Intel 471's "Cybercrime Exposed" podcast. #Australia
Pinned
Malicious hackers often get caught. But here's the story of a Russian man involved in cybercrime from the Angler exploit kit through today who slipped away. Audio preview of @intel471.bsky.social's Cybercrime Exposed podcast👇. Episode on Spotify and Apple. #infosec www.intel471.com/resources/po...
Malicious hackers often get caught. But here's the story of a Russian man involved in cybercrime from the Angler exploit kit through today who slipped away. Audio preview of @intel471.bsky.social's Cybercrime Exposed podcast👇. Episode on Spotify and Apple. #infosec www.intel471.com/resources/po...
December 17, 2025 at 12:54 AM
Malicious hackers often get caught. But here's the story of a Russian man involved in cybercrime from the Angler exploit kit through today who slipped away. Audio preview of @intel471.bsky.social's Cybercrime Exposed podcast👇. Episode on Spotify and Apple. #infosec www.intel471.com/resources/po...
The age verification industry is booming with the new regulations in the U.K. and Australia. In the UK, the @openrightsgroup.org is calling for stronger security standards since online platforms may opt for the cheapest, less vigilant vendors, www.openrightsgroup.org/press-releas... #infosec
Online Safety Act: Age assurance industry must be regulated
Open Rights Group has written to the Secretary of State for Science, Innovation and Technology, Liz Kendall MP calling for regulation of age assurance providers operating under the Online Safety Act.
www.openrightsgroup.org
December 13, 2025 at 11:51 PM
The age verification industry is booming with the new regulations in the U.K. and Australia. In the UK, the @openrightsgroup.org is calling for stronger security standards since online platforms may opt for the cheapest, less vigilant vendors, www.openrightsgroup.org/press-releas... #infosec
Hats off to @404media.co for creating a public library beat. I worked at two public libraries in the past, and access to information has never been more fraught and delicate than now. 👏 This latest one about AV collections from @clurrese.bsky.social a great read: www.404media.co/the-last-vid...
The Last Video Rental Store Is Your Public Library
Audio-visual librarians are quietly amassing large physical media collections amid the IP disputes threatening select availability.
www.404media.co
December 5, 2025 at 10:41 PM
Hats off to @404media.co for creating a public library beat. I worked at two public libraries in the past, and access to information has never been more fraught and delicate than now. 👏 This latest one about AV collections from @clurrese.bsky.social a great read: www.404media.co/the-last-vid...
Reposted by Jeremy Kirk
Developer attempts to replicate "Liquid Glass" in CSS, and once finished realizes what she'd actually created is an exploit for a fundamental, previously unknown, and rather serious browser vulnerability
lyra.horse/blog/2025/12...
"CSS hack accidentally becomes regular hack"
lyra.horse/blog/2025/12...
"CSS hack accidentally becomes regular hack"
SVG Filters - Clickjacking 2.0
A novel and powerful twist on an old classic.
lyra.horse
December 5, 2025 at 2:03 AM
Developer attempts to replicate "Liquid Glass" in CSS, and once finished realizes what she'd actually created is an exploit for a fundamental, previously unknown, and rather serious browser vulnerability
lyra.horse/blog/2025/12...
"CSS hack accidentally becomes regular hack"
lyra.horse/blog/2025/12...
"CSS hack accidentally becomes regular hack"
Anthropic's AI cyberespionage report feels as odd as the last one. Just 13 pages, it has none of the traditional components of a usual threat intel report (IoCs, payload hashes, etc.) and it seems to bury the lead re: technical sophistication. I wonder if a target will come forward. #infosec
November 14, 2025 at 7:40 AM
Anthropic's AI cyberespionage report feels as odd as the last one. Just 13 pages, it has none of the traditional components of a usual threat intel report (IoCs, payload hashes, etc.) and it seems to bury the lead re: technical sophistication. I wonder if a target will come forward. #infosec
Lost iPhones can display a phone number or email of the owner, and thieves are now leveraging that to phish Apple ID credentials from the hapless owner and remove the Activation Lock. #infosec www.ncsc.admin.ch/ncsc/en/home...
Week 44: Lost iPhone – the phishing trap that follows
04.11.2025 - The NCSC has received reports of cases where iPhone owners have received a text message claiming that their lost or stolen device has been found abroad, months after it went missing. Whil...
www.ncsc.admin.ch
November 12, 2025 at 5:08 AM
Lost iPhones can display a phone number or email of the owner, and thieves are now leveraging that to phish Apple ID credentials from the hapless owner and remove the Activation Lock. #infosec www.ncsc.admin.ch/ncsc/en/home...
Famed Russian spy hunter Christo Grozev claimed on this podcast four months ago that North Korea hacked the Democratic National Committee in 2016 and passed the info to Russia, which in exchange divulged access to Bangladesh Bank. 🤔 #infosec Passage at 13m 31s:
www.youtube.com/watch?v=dimh...
www.youtube.com/watch?v=dimh...
November 6, 2025 at 9:11 PM
Famed Russian spy hunter Christo Grozev claimed on this podcast four months ago that North Korea hacked the Democratic National Committee in 2016 and passed the info to Russia, which in exchange divulged access to Bangladesh Bank. 🤔 #infosec Passage at 13m 31s:
www.youtube.com/watch?v=dimh...
www.youtube.com/watch?v=dimh...
Accused ALPHV/BlackCat ransomware affiliate Ryan Goldberg made US$214,000 a year working in incident response for Sygnia but told the FBI he was in debt as the reason for getting involved in ransomware, according to court documents. He initially denied involvement in the attacks. #infosec
November 5, 2025 at 11:09 PM
Accused ALPHV/BlackCat ransomware affiliate Ryan Goldberg made US$214,000 a year working in incident response for Sygnia but told the FBI he was in debt as the reason for getting involved in ransomware, according to court documents. He initially denied involvement in the attacks. #infosec
Winnie wanted to lay on the keyboard so I guess this is the second-best position. 😀
November 3, 2025 at 11:30 PM
Winnie wanted to lay on the keyboard so I guess this is the second-best position. 😀
@daveaitel.bsky.social One question that popped into my head re: AIs finding bugs is what happens when adversaries start using them to find bugs and develop exploits at scale. Is it going to be mayhem?
November 3, 2025 at 9:32 PM
@daveaitel.bsky.social One question that popped into my head re: AIs finding bugs is what happens when adversaries start using them to find bugs and develop exploits at scale. Is it going to be mayhem?
Three U.S. nationals who worked in incident response and ransomware negotiations allegedly became ALPHV/Black Cat affiliates and conducted at least five attacks over two years. #infosec cyberscoop.com/incident-res...
Prosecutors allege incident response pros used ALPHV/BlackCat to commit string of ransomware attacks
The alleged cybersecurity turncoats attacked at least five U.S. companies while working for their respective employers, officials said.
cyberscoop.com
November 3, 2025 at 9:25 PM
Three U.S. nationals who worked in incident response and ransomware negotiations allegedly became ALPHV/Black Cat affiliates and conducted at least five attacks over two years. #infosec cyberscoop.com/incident-res...
Terrific discussion with OpenAI's @daveaitel.bsky.social on @ryanaraine.bsky.social's Three Buddy Problem podcast about Aardvark, which is OpenAI's new agentic bug-hunting tool. It's a must listen if you're in security. #infosec www.youtube.com/watch?v=EwMJ...
OpenAI’s Dave Aitel talks Aardvark, economics of bug-hunting with LLMs
YouTube video by Three Buddy Problem
www.youtube.com
November 2, 2025 at 8:18 AM
Terrific discussion with OpenAI's @daveaitel.bsky.social on @ryanaraine.bsky.social's Three Buddy Problem podcast about Aardvark, which is OpenAI's new agentic bug-hunting tool. It's a must listen if you're in security. #infosec www.youtube.com/watch?v=EwMJ...
Here's an analysis from @intel471.bsky.social of the delicate dynamics in play regarding a secret U.S. FBI task force
called Group 78 that European law enforcement officials say used covert tactics to disrupt the Black Basta ransomware group. #infosec www.intel471.com/blog/the-fbi...
called Group 78 that European law enforcement officials say used covert tactics to disrupt the Black Basta ransomware group. #infosec www.intel471.com/blog/the-fbi...
The FBI’s Group 78: Covertly fighting ransomware?
European law enforcement officials say a secret U.S. FBI task force called Group 78 used covert tactics to disrupt the Black Basta ransomware group, but it has caused tension. Intel 471 analyzes the d...
www.intel471.com
October 23, 2025 at 12:43 AM
Here's an analysis from @intel471.bsky.social of the delicate dynamics in play regarding a secret U.S. FBI task force
called Group 78 that European law enforcement officials say used covert tactics to disrupt the Black Basta ransomware group. #infosec www.intel471.com/blog/the-fbi...
called Group 78 that European law enforcement officials say used covert tactics to disrupt the Black Basta ransomware group. #infosec www.intel471.com/blog/the-fbi...
A Romanian prisoner hacked a prison management platform, changing permissions to allow inmates to view porn and padding their commissary accounts by increasing their balances. Great story by @campuscodi.risky.biz in Risky Business News. #infosec news.risky.biz/risky-bullet...
Prisoner hacks his prison IT system, goes wild!
In other news: Hackers leak ICE employee data; John Bolton hacked and extorted; giant SIM farm seized in Latvia.
news.risky.biz
October 21, 2025 at 9:05 PM
A Romanian prisoner hacked a prison management platform, changing permissions to allow inmates to view porn and padding their commissary accounts by increasing their balances. Great story by @campuscodi.risky.biz in Risky Business News. #infosec news.risky.biz/risky-bullet...
Bruce Schneier on how security may be impossible for web-enabled LLMs: "We built a system that trusts everything, and now we hope for a semantic firewall to keep it safe. The adversary isn’t inside the loop by accident; it’s there by architecture." #infosec www.schneier.com/blog/archive...
Agentic AI’s OODA Loop Problem - Schneier on Security
The OODA loop—for observe, orient, decide, act—is a framework to understand decision-making in adversarial situations. We apply the same framework to artificial intelligence agents, who have to make t...
www.schneier.com
October 21, 2025 at 3:18 AM
Bruce Schneier on how security may be impossible for web-enabled LLMs: "We built a system that trusts everything, and now we hope for a semantic firewall to keep it safe. The adversary isn’t inside the loop by accident; it’s there by architecture." #infosec www.schneier.com/blog/archive...
Le Monde reports of a secret FBI unit called Group 78 tasked with using covert tactics to disrupt Russian ransomware groups. The Europeans were not happy about it. #infosec
Scoop : révélations sur le "Group 78", l'unité secrète du FBI chargée de faire la guerre aux cybercriminels, quitte à utiliser des méthodes illégales et au risque de faire dérailler les enquêtes judiciaires européennes (avec @flrnd.bsky.social et @kaibiermann.bsky.social). Thread ⤵️
Révélations sur le « Group 78 », une unité secrète américaine chargée de la lutte contre les cybercriminels
En novembre 2024, la présentation de cette task force par le FBI à des policiers et des magistrats européens a choqué certains enquêteurs. Ils craignent notamment pour l’intégrité de leurs investigati...
www.lemonde.fr
October 20, 2025 at 11:12 AM
Le Monde reports of a secret FBI unit called Group 78 tasked with using covert tactics to disrupt Russian ransomware groups. The Europeans were not happy about it. #infosec
Very interesting research into a very serious Microsoft Entra bug (CVE-2025-55241).
dirkjanm.io/obtaining-gl...
dirkjanm.io/obtaining-gl...
One Token to rule them all - obtaining Global Admin in every Entra ID tenant via Actor tokens
While preparing for my Black Hat and DEF CON talks in July of this year, I found the most impactful Entra ID vulnerability that I will probably ever find. One that could have allowed me to compromise ...
dirkjanm.io
September 18, 2025 at 11:22 AM
Very interesting research into a very serious Microsoft Entra bug (CVE-2025-55241).
dirkjanm.io/obtaining-gl...
dirkjanm.io/obtaining-gl...
The Register reports Microsoft has cut off Chinese vendors from its MAPP program, which gives advanced warning of pending patches so vendors can prepare. #infosec www.theregister.com/2025/08/21/m...
www.theregister.com
August 22, 2025 at 5:40 AM
The Register reports Microsoft has cut off Chinese vendors from its MAPP program, which gives advanced warning of pending patches so vendors can prepare. #infosec www.theregister.com/2025/08/21/m...
A new episode of @intel471.bsky.social's Cybercrime Exposed podcast is out! DukeEugene is a Russian Android malware dev who has a big problem, and he puts everything on the line to solve it. Link to pod here: www.intel471.com/resources/po...
August 20, 2025 at 3:10 AM
A new episode of @intel471.bsky.social's Cybercrime Exposed podcast is out! DukeEugene is a Russian Android malware dev who has a big problem, and he puts everything on the line to solve it. Link to pod here: www.intel471.com/resources/po...
Trail of Bits has open-sourced its Buttercup Cyber Reasoning System, an AI tool that can find vulnerabilities in open source repositories and then patch them using a multi-agent AI patcher. #infosec Project here: github.com/trailofbits/...
GitHub - trailofbits/buttercup
Contribute to trailofbits/buttercup development by creating an account on GitHub.
github.com
August 19, 2025 at 11:26 PM
Trail of Bits has open-sourced its Buttercup Cyber Reasoning System, an AI tool that can find vulnerabilities in open source repositories and then patch them using a multi-agent AI patcher. #infosec Project here: github.com/trailofbits/...
Reposted by Jeremy Kirk
Phrack turns 40.
The digital drop is live.
Download it. Archive it. Pass it on.
💾 www.phrack.org
#phrackat40 #phrack72
The digital drop is live.
Download it. Archive it. Pass it on.
💾 www.phrack.org
#phrackat40 #phrack72
August 19, 2025 at 5:08 AM
Phrack turns 40.
The digital drop is live.
Download it. Archive it. Pass it on.
💾 www.phrack.org
#phrackat40 #phrack72
The digital drop is live.
Download it. Archive it. Pass it on.
💾 www.phrack.org
#phrackat40 #phrack72
Onery Apple decided to comply with right-to-repair laws by making spare parts available but for massively, makes-no-sense prices. A $20 charge port is being sold for $250. Outrageous. By @404media.co. www.404media.co/apple-is-sel...
Apple Is Selling iPad Repair Parts for Astronomical Prices
“I believe Apple is charging this because they know if the price is high enough no one will buy it."
www.404media.co
August 2, 2025 at 2:18 AM
Onery Apple decided to comply with right-to-repair laws by making spare parts available but for massively, makes-no-sense prices. A $20 charge port is being sold for $250. Outrageous. By @404media.co. www.404media.co/apple-is-sel...
Well, if this is accurate so be it - fair, scoped play. At least US spies didn't try to exploit every vulnerable one it found on the internet, like (ahem). #infosec www.theregister.com/2025/08/01/c...
China: US spies used Microsoft Exchange 0-day to steal info
: Spy vs. spy
www.theregister.com
August 2, 2025 at 2:15 AM
Well, if this is accurate so be it - fair, scoped play. At least US spies didn't try to exploit every vulnerable one it found on the internet, like (ahem). #infosec www.theregister.com/2025/08/01/c...
Some 110,000 ChatGPT conversations that were (inadvertently?) allowed by users to become discoverable via search engines were picked up in the Wayback Machine. www.digitaldigging.org/p/chatgpt-co... #infosec
ChatGPT Confessions gone? They are not !
OpenAI closes gap, but another opens of 110.000 chats
www.digitaldigging.org
August 2, 2025 at 2:12 AM
Some 110,000 ChatGPT conversations that were (inadvertently?) allowed by users to become discoverable via search engines were picked up in the Wayback Machine. www.digitaldigging.org/p/chatgpt-co... #infosec
Reposted by Jeremy Kirk
Holy shit, they did it. They wrote the headline.
July 30, 2025 at 1:10 AM
Holy shit, they did it. They wrote the headline.