Julian-Ferdinand Vögele
@julianferdinand.bsky.social
Threat Research @ Recorded Future. Previously @ Security Research Labs. He/Him. 🏳️🌈
Reposted by Julian-Ferdinand Vögele
For Economist subscribers: a new episode of Inside Defence. I spoke to John Foreman, UK defence attaché in Moscow at the time of the invasion. We looked at the culture, strengths & weaknesses of Russia's armed forces, challenge of working in Moscow & much else www.economist.com/insider/insi...
How strong is the Russian army? | The Economist Insider
Shashank Joshi, The Economist’s defence editor, returns for the second edition of Inside Defence. This month he interviews a former navy captain who has been Britain’s military man in both Moscow and ...
share.google
November 11, 2025 at 9:10 PM
For Economist subscribers: a new episode of Inside Defence. I spoke to John Foreman, UK defence attaché in Moscow at the time of the invasion. We looked at the culture, strengths & weaknesses of Russia's armed forces, challenge of working in Moscow & much else www.economist.com/insider/insi...
Reposted by Julian-Ferdinand Vögele
Good analysis from @veracode.bsky.social on this typosquat GitHub actions package.
www.veracode.com/blog/malicio...
www.veracode.com/blog/malicio...
Malicious NPM Package Found Targeting GitHub By Typosquatting on GitHub Action Packages | Veracode
Application Security for the AI Era | Veracode
www.veracode.com
November 11, 2025 at 2:49 PM
Good analysis from @veracode.bsky.social on this typosquat GitHub actions package.
www.veracode.com/blog/malicio...
www.veracode.com/blog/malicio...
Reposted by Julian-Ferdinand Vögele
Breaking News: At least 12 people were killed and 27 others wounded in an explosion in Pakistan’s capital on Tuesday, officials said, a day after a similar incident in neighboring India killed at least eight people.
Explosion in Pakistan’s Capital Kills at Least 12
A military official accused the Pakistani Taliban of staging the attack, which took place near a courthouse in Islamabad.
nyti.ms
November 11, 2025 at 11:19 AM
Breaking News: At least 12 people were killed and 27 others wounded in an explosion in Pakistan’s capital on Tuesday, officials said, a day after a similar incident in neighboring India killed at least eight people.
Reposted by Julian-Ferdinand Vögele
This summer I obtained an internal document of Germany‘s domestic #intelligence service #BfV, written by the counter-espionage unit, dated August 1993. It is pretty interesting, dealing with the question: Will the new #Russia continue the KGB‘s „Illegals“ spy program? 🧵 ⬇️ #history #Verfassungsschutz
two men in trench coats are reading newspapers one of which has a headline which starts with the word ' berg '
ALT: two men in trench coats are reading newspapers one of which has a headline which starts with the word ' berg '
media.tenor.com
November 11, 2025 at 7:32 AM
This summer I obtained an internal document of Germany‘s domestic #intelligence service #BfV, written by the counter-espionage unit, dated August 1993. It is pretty interesting, dealing with the question: Will the new #Russia continue the KGB‘s „Illegals“ spy program? 🧵 ⬇️ #history #Verfassungsschutz
Reposted by Julian-Ferdinand Vögele
My latest for Journalist and Spy: Pablo González, Russian-Spanish journalist, alleged GRU agent. Wrote for EU + U.S. media, @drewhinshaw.bsky.social & Joe Parkinson say he began working for GRU in 2010. Arrested in Poland in '22, swapped with Russia in '24. www.journalistandspy.com/p/pablo-gonz...
Pablo González
Pablo González is a Russian-Spanish journalist and an alleged agent of the GRU, Russia’s military intelligence agency.
www.journalistandspy.com
November 10, 2025 at 3:57 PM
My latest for Journalist and Spy: Pablo González, Russian-Spanish journalist, alleged GRU agent. Wrote for EU + U.S. media, @drewhinshaw.bsky.social & Joe Parkinson say he began working for GRU in 2010. Arrested in Poland in '22, swapped with Russia in '24. www.journalistandspy.com/p/pablo-gonz...
Reposted by Julian-Ferdinand Vögele
Politico is reporting that the breach at the Congressional Budget Office is "ongoing."
“Do NOT click on any links in emails from CBO. Do NOT share sensitive information with CBO colleagues over email, Microsoft Teams, or Zoom at this time,” the email to CBO staff reads.
“Do NOT click on any links in emails from CBO. Do NOT share sensitive information with CBO colleagues over email, Microsoft Teams, or Zoom at this time,” the email to CBO staff reads.
Cybersecurity breach at Congressional Budget Office remains a live threat
Library of Congress employees were informed to take caution when emailing the office of the congressional scorekeeper.
www.politico.com
November 10, 2025 at 9:40 PM
Politico is reporting that the breach at the Congressional Budget Office is "ongoing."
“Do NOT click on any links in emails from CBO. Do NOT share sensitive information with CBO colleagues over email, Microsoft Teams, or Zoom at this time,” the email to CBO staff reads.
“Do NOT click on any links in emails from CBO. Do NOT share sensitive information with CBO colleagues over email, Microsoft Teams, or Zoom at this time,” the email to CBO staff reads.
Reposted by Julian-Ferdinand Vögele
NEW: I tried to explain why there are so many victims of spyware, despite the fact that its makers have been telling us for years that the tech is only intended to be used in limited cases.
There are several reasons, including how the spyware systems are designed, and how powerful they are.
There are several reasons, including how the spyware systems are designed, and how powerful they are.
Why a lot of people are getting hacked with government spyware | TechCrunch
Government surveillance vendors want us to believe their spyware products are only used in limited and targeted operations against terrorists and serious criminals. That claim is increasingly difficul...
techcrunch.com
November 10, 2025 at 2:16 PM
NEW: I tried to explain why there are so many victims of spyware, despite the fact that its makers have been telling us for years that the tech is only intended to be used in limited cases.
There are several reasons, including how the spyware systems are designed, and how powerful they are.
There are several reasons, including how the spyware systems are designed, and how powerful they are.
Reposted by Julian-Ferdinand Vögele
The spyware that is now in ICE's hands has been (by another government) against journalists and activists in Italy, as well as a top CEO, and a political consultant. Matteo Renzi, Italy's former prime minister, calls it the Italian Watergate. Now it's landed here: www.theguardian.com/technology/2...
Tech giants vow to defend users in US as spyware companies make inroads with Trump administration
Apple and WhatsApp say they will keep warning users if their phones are targeted by governments using hacking software against them
www.theguardian.com
November 10, 2025 at 6:22 PM
The spyware that is now in ICE's hands has been (by another government) against journalists and activists in Italy, as well as a top CEO, and a political consultant. Matteo Renzi, Italy's former prime minister, calls it the Italian Watergate. Now it's landed here: www.theguardian.com/technology/2...
Reposted by Julian-Ferdinand Vögele
Kyiv and other Ukrainian cities faced widespread internet and communication outages following one of Russia's largest missile and drone strikes on Ukraine's energy infrastructure since the start of the year therecord.media/russian-miss...
Russian missile barrage disrupts internet, customs databases in Ukraine
Emergency blackouts lasting up to 12 hours were introduced following the attack, with Kyiv and other regions facing widespread internet and communication outages, according to internet watchdog NetBlo...
therecord.media
November 10, 2025 at 3:16 PM
Kyiv and other Ukrainian cities faced widespread internet and communication outages following one of Russia's largest missile and drone strikes on Ukraine's energy infrastructure since the start of the year therecord.media/russian-miss...
Reposted by Julian-Ferdinand Vögele
Two weeks ago, there were weird reports online of explosions at KK Park, Myanmar's largest scam compound, and people fleeing the streets.
I thought some internal military groups were fighting for control, but it appears the junta is demolishing the park outright
www.irrawaddy.com/news/myanmar...
I thought some internal military groups were fighting for control, but it appears the junta is demolishing the park outright
www.irrawaddy.com/news/myanmar...
November 9, 2025 at 7:03 PM
Two weeks ago, there were weird reports online of explosions at KK Park, Myanmar's largest scam compound, and people fleeing the streets.
I thought some internal military groups were fighting for control, but it appears the junta is demolishing the park outright
www.irrawaddy.com/news/myanmar...
I thought some internal military groups were fighting for control, but it appears the junta is demolishing the park outright
www.irrawaddy.com/news/myanmar...
Reposted by Julian-Ferdinand Vögele
Bad news for human rights and national security, no matter how you spin it
NSO Group has a new executive chairman, David Friedman, who's a former U.S. ambassador to Israel and onetime bankruptcy lawyer for President Trump.
www.wsj.com/tech/israeli... via @WSJ
NSO Group has a new executive chairman, David Friedman, who's a former U.S. ambassador to Israel and onetime bankruptcy lawyer for President Trump.
www.wsj.com/tech/israeli... via @WSJ
Israeli Spyware Maker NSO Gets New Owners, Leadership and Seeks to Mend Reputation
Investors led by Hollywood producer Robert Simonds have taken a controlling stake in the company behind Pegasus, and former Trump official David Friedman has been named executive chairman.
www.wsj.com
November 9, 2025 at 5:56 PM
Bad news for human rights and national security, no matter how you spin it
NSO Group has a new executive chairman, David Friedman, who's a former U.S. ambassador to Israel and onetime bankruptcy lawyer for President Trump.
www.wsj.com/tech/israeli... via @WSJ
NSO Group has a new executive chairman, David Friedman, who's a former U.S. ambassador to Israel and onetime bankruptcy lawyer for President Trump.
www.wsj.com/tech/israeli... via @WSJ
Reposted by Julian-Ferdinand Vögele
Brilliant, essential thread from @doublepulsar.com on hype around AI cyber threats. My summary:
1. Google release a really honest paper saying some malware has used AI to morph into new capabilities but..
2. …goes on to point out that the capabilities are crap
3. Industry hype ignores part 2
1. Google release a really honest paper saying some malware has used AI to morph into new capabilities but..
2. …goes on to point out that the capabilities are crap
3. Industry hype ignores part 2
There's some really big caveats to this. A thread.
New: Google says it has discovered at least 5 malware families that use AI to rewrite their code and generate new capabilities on the fly, suggesting AI-powered malware is finally starting to take off. cloud.google.com/blog/topics/...
Report also has interesting stories about state actors' AI use.
Report also has interesting stories about state actors' AI use.
November 9, 2025 at 9:13 AM
Brilliant, essential thread from @doublepulsar.com on hype around AI cyber threats. My summary:
1. Google release a really honest paper saying some malware has used AI to morph into new capabilities but..
2. …goes on to point out that the capabilities are crap
3. Industry hype ignores part 2
1. Google release a really honest paper saying some malware has used AI to morph into new capabilities but..
2. …goes on to point out that the capabilities are crap
3. Industry hype ignores part 2
Reposted by Julian-Ferdinand Vögele
German ISP Aurologic GmbH has Become a Central Nexus for Hosting Malicious Infrastructure
German ISP Aurologic GmbH has Become a Central Nexus for Hosting Malicious Infrastructure
cybersecuritynews.com
November 8, 2025 at 12:41 AM
German ISP Aurologic GmbH has Become a Central Nexus for Hosting Malicious Infrastructure
Reposted by Julian-Ferdinand Vögele
Chinese state-backed hackers suspected in breach of Congressional Budget Office: www.cnn.com/2025/11/06/p...
Congressional Budget Office hacked, China suspected in breach | CNN Politics
The Congressional Budget Office has been hacked, potentially exposing its communications with the offices of lawmakers, according to an email sent to congressional staff this week and obtained by CNN.
www.cnn.com
November 7, 2025 at 3:14 AM
Chinese state-backed hackers suspected in breach of Congressional Budget Office: www.cnn.com/2025/11/06/p...
Reposted by Julian-Ferdinand Vögele
What makes a satellite a legitimate military target? Fascinating ICRC analysis. "a particular location in the GEO belt may have strategic significance during an armed conflict, as GEO facilitates continuous coverage over a particular area on earth" international-review.icrc.org/articles/hum...
November 7, 2025 at 1:44 PM
What makes a satellite a legitimate military target? Fascinating ICRC analysis. "a particular location in the GEO belt may have strategic significance during an armed conflict, as GEO facilitates continuous coverage over a particular area on earth" international-review.icrc.org/articles/hum...
Reposted by Julian-Ferdinand Vögele
Senior German officials have accused the far-right Alternative for Germany (AfD) party of deliberately abusing parliamentary powers to collect and likely pass secret information about the country's military capabilities and the state of critical infrastructure to Russia.
Source: Der Spiegel
Source: Der Spiegel
November 6, 2025 at 4:31 PM
Senior German officials have accused the far-right Alternative for Germany (AfD) party of deliberately abusing parliamentary powers to collect and likely pass secret information about the country's military capabilities and the state of critical infrastructure to Russia.
Source: Der Spiegel
Source: Der Spiegel
Reposted by Julian-Ferdinand Vögele
The FBI is trying to unmask the owner of infamous archiving site Archive.is, according to a subpoena the site posted. No other information given, the site quietly posted the document a few days ago. FBI telling domain registrar to hand over all sorts of ID'ing info
www.404media.co/fbi-tries-to...
www.404media.co/fbi-tries-to...
FBI Tries to Unmask Owner of Infamous Archive.is Site
The FBI has subpoenaed the domain registrar of archive.today, demanding information about the owner.
www.404media.co
November 6, 2025 at 3:16 PM
The FBI is trying to unmask the owner of infamous archiving site Archive.is, according to a subpoena the site posted. No other information given, the site quietly posted the document a few days ago. FBI telling domain registrar to hand over all sorts of ID'ing info
www.404media.co/fbi-tries-to...
www.404media.co/fbi-tries-to...
Reposted by Julian-Ferdinand Vögele
Reposted by Julian-Ferdinand Vögele
#ESETresearch has released its latest APT Activity Report (Apr–Sep 2025): China-aligned groups targeted Latin America amid US-China tensions. Russia-aligned groups intensified ops against Ukraine & EU states. Full report: web-assets.esetstatic.com/wls/en/paper...
November 6, 2025 at 11:58 AM
#ESETresearch has released its latest APT Activity Report (Apr–Sep 2025): China-aligned groups targeted Latin America amid US-China tensions. Russia-aligned groups intensified ops against Ukraine & EU states. Full report: web-assets.esetstatic.com/wls/en/paper...
Reposted by Julian-Ferdinand Vögele
⚠️ @hennavirkkunen.bsky.social promises to submit a list of #spyware companies that received 🇪🇺EU funding following our @ftm.eu investigation.
💡All applications, she said, are reviewed by a “multidisciplinary team of ethical experts.”
🎥 WATCH: youtu.be/SjSndVxMNXU?...
Q: @danielfreund.bsky.social
💡All applications, she said, are reviewed by a “multidisciplinary team of ethical experts.”
🎥 WATCH: youtu.be/SjSndVxMNXU?...
Q: @danielfreund.bsky.social
November 6, 2025 at 12:17 PM
⚠️ @hennavirkkunen.bsky.social promises to submit a list of #spyware companies that received 🇪🇺EU funding following our @ftm.eu investigation.
💡All applications, she said, are reviewed by a “multidisciplinary team of ethical experts.”
🎥 WATCH: youtu.be/SjSndVxMNXU?...
Q: @danielfreund.bsky.social
💡All applications, she said, are reviewed by a “multidisciplinary team of ethical experts.”
🎥 WATCH: youtu.be/SjSndVxMNXU?...
Q: @danielfreund.bsky.social
Reposted by Julian-Ferdinand Vögele
8/ Femo IT Solutions was allocated a /24 prefix from a /17 network registered to the Iranian Research Organization for Science and Technology (IROST), the same origin seen in allocations to other TAEs such as Global Connectivity Solutions and Aeza Group.
November 6, 2025 at 11:33 AM
8/ Femo IT Solutions was allocated a /24 prefix from a /17 network registered to the Iranian Research Organization for Science and Technology (IROST), the same origin seen in allocations to other TAEs such as Global Connectivity Solutions and Aeza Group.
Reposted by Julian-Ferdinand Vögele
1/ New report from myself and @whoisnt.bsky.social: “Malicious Infrastructure Finds Stability with aurologic GmbH.”
We uncover how German ISP aurologic GmbH has become a central nexus for high-risk hosting networks, sustaining large concentrations of malicious infrastructure.
We uncover how German ISP aurologic GmbH has become a central nexus for high-risk hosting networks, sustaining large concentrations of malicious infrastructure.
November 6, 2025 at 11:30 AM
1/ New report from myself and @whoisnt.bsky.social: “Malicious Infrastructure Finds Stability with aurologic GmbH.”
We uncover how German ISP aurologic GmbH has become a central nexus for high-risk hosting networks, sustaining large concentrations of malicious infrastructure.
We uncover how German ISP aurologic GmbH has become a central nexus for high-risk hosting networks, sustaining large concentrations of malicious infrastructure.
Reposted by Julian-Ferdinand Vögele
We're still gathering applications for this job, if you haven't seen it and are interested.
Our VI team does a very wide range of work -- it's not all just conflict reporting (though we do plenty of that). A handful of recent stories for an idea of our range of coverage:
Our VI team does a very wide range of work -- it's not all just conflict reporting (though we do plenty of that). A handful of recent stories for an idea of our range of coverage:
November 4, 2025 at 6:31 PM
We're still gathering applications for this job, if you haven't seen it and are interested.
Our VI team does a very wide range of work -- it's not all just conflict reporting (though we do plenty of that). A handful of recent stories for an idea of our range of coverage:
Our VI team does a very wide range of work -- it's not all just conflict reporting (though we do plenty of that). A handful of recent stories for an idea of our range of coverage:
Reposted by Julian-Ferdinand Vögele
NEW: How former Trenchant boss Peter Williams stole zero-days worth millions of dollars, based on court documents and interviews with former colleagues.
A former Trenchant employee said “no one had any supervision over [Williams] at all. He was kind of allowed to do things the way he wanted to.”
A former Trenchant employee said “no one had any supervision over [Williams] at all. He was kind of allowed to do things the way he wanted to.”
How an ex-L3 Harris Trenchant boss stole and sold cyber exploits to Russia | TechCrunch
Peter Williams sold eight exploits to a Russian zero-day broker by smuggling them from his employer’s highly secured air-gapped network. A court document, plus exclusive reporting by TechCrunch and in...
techcrunch.com
November 3, 2025 at 9:45 PM
NEW: How former Trenchant boss Peter Williams stole zero-days worth millions of dollars, based on court documents and interviews with former colleagues.
A former Trenchant employee said “no one had any supervision over [Williams] at all. He was kind of allowed to do things the way he wanted to.”
A former Trenchant employee said “no one had any supervision over [Williams] at all. He was kind of allowed to do things the way he wanted to.”