piyokango
LightNews LightNews
piyokango.bsky.social
piyokango
@piyokango.bsky.social
1.2K followers 2 following 1.2K posts
セキュリティインコです🐣 Blueskyでは海外のセキュリティ関連記事を中心につぶやきます。気の向くままブログ(piyolog)も書いてます📝Podcast #セキュリティのアレ も参加中です🎤よろしくお願いします~🐦
プロフィール画像はアレティさんに描いて頂きました😃
Posts Replies Media Videos
piyokango.bsky.social
Sandwormハッカー、ポーランドのエネルギーシステムへの失敗したWiper攻撃に関与か
#CybersecurityNews
www.bleepingcomputer.com/news/securit...
Sandworm hackers linked to failed wiper attack on Poland’s energy systems
A cyberattack targeting Poland's power grid in late December 2025 has been linked to the Russian state-sponsored hacking group Sandworm, which attempted to deploy a new destructive data-wiping malware...
www.bleepingcomputer.com
January 26, 2026 at 2:23 AM
piyokango.bsky.social
1Passwordはフィッシングサイトの疑いがあるサイトに対してポップアップ警告を追加
#CybersecurityNews
www.bleepingcomputer.com/news/securit...
1Password adds pop-up warnings for suspected phishing sites
The 1Password digital vault and password manager has added built-in protection against phishing URLs to help users identify malicious pages and prevent them from sharing account credentials with threa...
www.bleepingcomputer.com
January 26, 2026 at 2:22 AM
piyokango.bsky.social
VS Codeをリモートアクセスに利用した韓国を標的とする攻撃を特定
#CybersecurityNews
www.darktrace.com/blog/darktra...
Darktrace Identifies Campaign Targeting South Korea Leveraging VS Code for Remote Access
Darktrace identified a DPRK‑linked campaign targeting South Korean users with JSE‑based spear‑phishing lures. The attackers used government‑themed decoy documents to deploy a VS Code tunnel, enabling ...
www.darktrace.com
January 26, 2026 at 2:20 AM
piyokango.bsky.social
フィッシングサイトやなりすましサイトは依然としてオリンピックの主要な侵入口
#CybersecurityNews
www.infosecurity-magazine.com/news/phishin...
Phishing and Spoofed Sites Remain Primary Entry Points For Olympics
Cyber risks for the Milano-Cortina 2026 Winter Games include phishing and spoofed websites as key threat vectors
www.infosecurity-magazine.com
January 24, 2026 at 3:32 PM
piyokango.bsky.social
2025年、ハクティビストはさらに危険になる
#CyberSecurityNews
thecyberexpress.com/hacktivists-...
Hacktivists Became More Dangerous in 2025
Hacktivists became significantly more dangerous in 2025, moving beyond their traditional DDoS attacks and website defacements to target critical infrastructure
thecyberexpress.com
January 24, 2026 at 3:31 PM
piyokango.bsky.social
EmEditorユーザーを標的とした水飲み場型マルウェアによる情報窃取攻撃
#CybersecurityNews
www.trendmicro.com/en_us/resear...
Watering Hole Attack Targets EmEditor Users With Information-Stealing Malware
TrendAI™ Research provides a technical analysis of a compromised EmEditor installer used to deliver multistage malware that performs a range of malicious actions.
www.trendmicro.com
January 24, 2026 at 3:31 PM
piyokango.bsky.social
ShinyHuntersは、Oktaの顧客が3つの組織のデータを侵害し漏洩したと主張
#CybersecurityNews
www.theregister.com/2026/01/23/s...
ShinyHunters claims Okta customer breaches, leaks data
: 'A lot more' victims to come, we're told
www.theregister.com
January 24, 2026 at 3:30 PM
piyokango.bsky.social
ロブロックス、TikTok、Netflix、仮想通貨ウォレットのログイン情報1億4900万件がオンラインで発見される
#CybersecurityNews
hackread.com/logins-roblo...
149M Logins from Roblox, TikTok, Netflix, Crypto Wallets Found Online
Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread
hackread.com
January 24, 2026 at 3:30 PM
piyokango.bsky.social
ハッカーがセキュリティテストアプリを悪用してフォーチュン500企業に侵入
#CybersecurityNews
www.bleepingcomputer.com/news/securit...
Hackers exploit security testing apps to breach Fortune 500 firms
Threat actors are exploiting misconfigured web applications used for security training and internal penetration testing, such as DVWA, OWASP Juice Shop, Hackazon, and bWAPP, to gain access to cloud en...
www.bleepingcomputer.com
January 24, 2026 at 3:28 PM
piyokango.bsky.social
StealCハッカーがハッキングされ、研究者がマルウェアコントロールパネルを乗っ取る
#CybersecurityNews
www.bleepingcomputer.com/news/securit...
StealC hackers hacked as researchers hijack malware control panels
A cross-site scripting (XSS) flaw in the web-based control panel used by operators of the StealC info-stealing malware allowed researchers to observe active sessions and gather intelligence on the att...
www.bleepingcomputer.com
January 24, 2026 at 3:28 PM
piyokango.bsky.social
偽の広告ブロッカー拡張機能がClickFix攻撃でブラウザをクラッシュさせる
#CybersecurityNews
www.bleepingcomputer.com/news/securit...
Fake ad blocker extension crashes the browser for ClickFix attacks
A malvertising campaign is using a fake ad-blocking Chrome and Edge extension named NexShield that intentionally crashes the browser in preparation for ClickFix attacks.
www.bleepingcomputer.com
January 24, 2026 at 3:27 PM
piyokango.bsky.social
84万回インストールされた悪質なGhostPosterブラウザ拡張機能が発見される
#CybersecurityNews
www.bleepingcomputer.com/news/securit...
Malicious GhostPoster browser extensions found with 840,000 installs
Another set of 17 malicious extensions linked to the GhostPoster campaign has been discovered in Chrome, Firefox, and Edge stores, where they accumulated a total of 840,000 installations.
www.bleepingcomputer.com
January 24, 2026 at 3:27 PM
piyokango.bsky.social
FortiSIEM の重大なコマンドインジェクション脆弱性を突くエクスプロイトコードが公開される
#CybersecurityNews
www.bleepingcomputer.com/news/securit...
Exploit code public for critical FortiSIEM command injection flaw
Technical details and a public exploit have been published for a critical vulnerability affecting Fortinet's Security Information and Event Management (SIEM) solution that could be leveraged by a remo...
www.bleepingcomputer.com
January 15, 2026 at 12:01 AM
piyokango.bsky.social
CrowdStrikeの障害に関する投資家訴訟が棄却
#CybersecurityNews
www.securityweek.com/investor-law...
Investor Lawsuit Over CrowdStrike Outage Dismissed
A judge has dismissed a securities class action lawsuit against CrowdStrike over the highly disruptive outage in July 2024.
www.securityweek.com
January 14, 2026 at 11:59 PM
piyokango.bsky.social
PLUGGYAPEマルウェア、SignalとWhatsAppを利用してウクライナ国防軍を標的に
#CybersecurityNews
thehackernews.com/2026/01/plug...
PLUGGYAPE Malware Uses Signal and WhatsApp to Target Ukrainian Defense Forces
CERT-UA reports PLUGGYAPE malware attacks targeting Ukrainian defense forces via Signal and WhatsApp, using phishing links and evolving backdoors.
thehackernews.com
January 14, 2026 at 11:59 PM
piyokango.bsky.social
Instagram、パスワードリセット要請にもかかわらず「侵害はない」と発表
#CybersecurityNews
techcrunch.com/2026/01/11/i...
Instagram says there’s been ‘no breach’ despite password reset requests | TechCrunch
Instagram says that although some users received suspicious-looking password reset requests, it has not been breached.
techcrunch.com
January 14, 2026 at 11:57 PM
piyokango.bsky.social
BreachForumsのハッキングフォーラムデータベース漏洩、324,000件のアカウントが公開
#CybersecurityNews
www.bleepingcomputer.com/news/securit...
BreachForums hacking forum database leaked, exposing 324,000 accounts
The latest incarnation of the notorious BreachForums hacking forum has suffered a data breach, with its user database table leaked online.
www.bleepingcomputer.com
January 14, 2026 at 11:57 PM
piyokango.bsky.social
2025年のAPTグループトップ10
#CybersecurityNews
socradar.io/blog/top-10-...
Top 10 APT Groups in 2025
Advanced Persistent Threats, known as APTs, represent some of the most capable cyber adversaries. APT groups are often state-backed...
socradar.io
January 14, 2026 at 11:55 PM
piyokango.bsky.social
ハッカーが有料のLLMサービスにアクセス目的に誤設定されたプロキシを標的
#CybersecurityNews
www.bleepingcomputer.com/news/securit...
Hackers target misconfigured proxies to access paid LLM services
Threat actors are systematically hunting for misconfigured proxy servers that could provide access to commercial large language model (LLM) services.
www.bleepingcomputer.com
January 14, 2026 at 11:54 PM
piyokango.bsky.social
米国CISA、サイバー緊急指令10件を廃止、異例の一括処理
#CybersecurityNews
www.bleepingcomputer.com/news/securit...
CISA retires 10 emergency cyber orders in rare bulk closure
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has retired 10 Emergency Directives issued between 2019 and 2024, saying that the required actions have been completed or are now cover...
www.bleepingcomputer.com
January 14, 2026 at 11:52 PM
piyokango.bsky.social
誤ったメールルーティング設定を悪用するフィッシング攻撃、Microsoft 365 ユーザーを標的
#CybersecurityNews
www.infosecurity-magazine.com/news/phishin...
Phishing attacks exploit misconfigured emails to target Microsoft 365
Misconfigurations abused to make phishing emails look like they come from within the organization
www.infosecurity-magazine.com
January 14, 2026 at 11:51 PM
piyokango.bsky.social
桃園空港のバス標識に統一を支持するスローガン、高速道路局がバックエンドサプライヤーが関与したハッキン​​グ事件が原因と発表
#CybersecurityNews
www.ithome.com.tw/news/173238
桃園機場巴士看板出現統戰標語,公路局表示是後端廠商遭駭所致
去年底傳出有客運的電子看板遭駭,被置入統戰口號引起社會關注,由於時間點與中國解放軍以演習名義在臺灣周邊滋擾巧合,讓人不禁聯想兩者可能有關
www.ithome.com.tw
January 14, 2026 at 11:50 PM
piyokango.bsky.social
Reprompt攻撃でMicrosoft Copilotセッションを乗っ取り、データを窃取
#CybersecurityNews
www.bleepingcomputer.com/news/securit...
Reprompt attack hijacked Microsoft Copilot sessions for data theft
Researchers identified an attack method dubbed "Reprompt" that could allow attackers to infiltrate a user's Microsoft Copilot session and issue commands to exfiltrate sensitive data.
www.bleepingcomputer.com
January 14, 2026 at 11:49 PM
piyokango.bsky.social
脅威概要: MongoDB の脆弱性 (CVE-2025-14847)
#CybersecurityNews
unit42.paloaltonetworks.com/mongobleed-c...
Threat Brief: MongoDB Vulnerability (CVE-2025-14847)
Database platform MongoDB disclosed CVE-2025-14847, called MongoBleed. This is an unauthenticated memory disclosure vulnerability with a CVSS score of 8.7.
unit42.paloaltonetworks.com
January 14, 2026 at 11:38 PM
piyokango.bsky.social
TrendAI Vision One™による2025年MITRE ATT&CK評価から得られたSHADOW-AETHER-015とEarth Pretaに関する重要な洞察
#CybersecurityNews
www.trendmicro.com/en_us/resear...
Key Insights on SHADOW-AETHER-015 and Earth Preta from the 2025 MITRE ATT&CK Evaluation with TrendAI Vision One™
This blog discusses notable modern TTPs observed from SHADOW-AETHER-015 and Earth Preta, from TrendAI Research™ monitoring and TrendAI Vision One™ intelligence. These findings support the performance ...
www.trendmicro.com
January 14, 2026 at 11:35 PM