Catalin Cimpanu
@campuscodi.risky.biz
The European Court of Human Rights has dismissed a case brought by Catalan opposition figures over the CatalanGate 2022 spyware scandal due to a lack of evidence
www.politico.eu/article/cata...
www.politico.eu/article/cata...
Catalan opposition regroups after spyware case thrown out by human rights court
Key case from CatalanGate hits dead end at European Court of Human Rights.
www.politico.eu
November 18, 2025 at 10:32 PM
The European Court of Human Rights has dismissed a case brought by Catalan opposition figures over the CatalanGate 2022 spyware scandal due to a lack of evidence
www.politico.eu/article/cata...
www.politico.eu/article/cata...
Danish officials have found a new way to push for the Chat Control encryption-breaking legislation without the proposed law going through a public debate
www.patrick-breyer.de/en/posts/cha...
www.patrick-breyer.de/en/posts/cha...
Chat Control: The EU's CSAM scanner proposal
🇫🇷 French: Traduction du dossier Chat Control 2.0, stopchatcontrol.fr🇸🇪 Swedish: Chat Control 2.0🇩🇰 Danish: chatcontrol.dk🇳🇱 Dutch: Chatcontrole
The End of the Privacy of Digital Cor...
www.patrick-breyer.de
November 18, 2025 at 4:38 PM
Danish officials have found a new way to push for the Chat Control encryption-breaking legislation without the proposed law going through a public debate
www.patrick-breyer.de/en/posts/cha...
www.patrick-breyer.de/en/posts/cha...
Reposted by Catalin Cimpanu
There's a Russian disinformation network operating from Mastodon to push content into BlueSky, it's a few hundred active accounts (they also exist directly on BlueSky natively too).
It probably costs more to run than the value it provides to whoever runs it, tbh.
cyberplace.social/@GossiTheDog...
It probably costs more to run than the value it provides to whoever runs it, tbh.
cyberplace.social/@GossiTheDog...
Kevin Beaumont (@GossiTheDog@cyberplace.social)
I dunno if anybody has done a write up of it but there’s a pretty big Russian disinformation operation that runs on the Fediverse
If you search on Mastodon for t.me/RussianBaZa you’ll find some of i...
cyberplace.social
November 15, 2025 at 11:46 AM
There's a Russian disinformation network operating from Mastodon to push content into BlueSky, it's a few hundred active accounts (they also exist directly on BlueSky natively too).
It probably costs more to run than the value it provides to whoever runs it, tbh.
cyberplace.social/@GossiTheDog...
It probably costs more to run than the value it provides to whoever runs it, tbh.
cyberplace.social/@GossiTheDog...
Reposted by Catalin Cimpanu
Microsoft is adding Sysmon directly into Windows. The Sysinternals utility will make it easier for security teams to detect and respond to threats www.theverge.com/news/822023/...
Microsoft is adding Sysmon into Windows.
Sysmon was first released in 2014 as a utility for security analysis into the Windows Event Log. Built by Microsoft technical fellow Mark Russinovich with assistance from Thomas Garnier, Sysmon is now...
www.theverge.com
November 18, 2025 at 4:06 PM
Microsoft is adding Sysmon directly into Windows. The Sysinternals utility will make it easier for security teams to detect and respond to threats www.theverge.com/news/822023/...
Nozomi researchers have found a vulnerability in the Shelly Pro 4PM smart relay and power metering product that could cut power to smart homes
www.nozominetworks.com/blog/shelly-...
www.nozominetworks.com/blog/shelly-...
Lights Out: How One Tiny Message Can Crash Your Shelly Pro 4PM and Lock You Out of Your Smart Home
Nozomi Networks Labs analyzed the Shelly Pro 4PM and found vulnerabilities that could force the device to reboot.
www.nozominetworks.com
November 18, 2025 at 3:25 PM
Nozomi researchers have found a vulnerability in the Shelly Pro 4PM smart relay and power metering product that could cut power to smart homes
www.nozominetworks.com/blog/shelly-...
www.nozominetworks.com/blog/shelly-...
It was intentional. They fired all the people who worked on election security, and will hire loyalists on the freed up positions.
Scoop: CISA plans to embark on a hiring spree and change some workforce policies in an effort to rebuild its depleted ranks ahead of a possible conflict with China, according to a memo from its acting director that I obtained.
www.cybersecuritydive.com/news/cisa-hi...
www.cybersecuritydive.com/news/cisa-hi...
CISA, eyeing China, plans hiring spree to rebuild its depleted ranks
The agency will also change some of its workforce policies to avoid driving away talented staff.
www.cybersecuritydive.com
November 18, 2025 at 3:23 PM
It was intentional. They fired all the people who worked on election security, and will hire loyalists on the freed up positions.
Nothing on the internet is working again.... great job Cloudflare!
November 18, 2025 at 1:32 PM
Nothing on the internet is working again.... great job Cloudflare!
Reposted by Catalin Cimpanu
I currently have more followers on Mastodon than the new Executive Director of Mastodon, social media is weird.
November 18, 2025 at 12:43 PM
I currently have more followers on Mastodon than the new Executive Director of Mastodon, social media is weird.
Reposted by Catalin Cimpanu
Looking at @cloudflare.social's feed, looks like some disruptions were being reported in Spain. Definitely hitting the US now. Knocking out down detector in the process... Anything you can share, Cloudflare? cc @gate15.bsky.social @ajvicens.bsky.social @timstarks.bsky.social @campuscodi.risky.biz
you know it’s a bad Cloudflare outage when it even takes out down detector 😅
November 18, 2025 at 12:16 PM
Looking at @cloudflare.social's feed, looks like some disruptions were being reported in Spain. Definitely hitting the US now. Knocking out down detector in the process... Anything you can share, Cloudflare? cc @gate15.bsky.social @ajvicens.bsky.social @timstarks.bsky.social @campuscodi.risky.biz
Qurium has linked recent DDoS attacks against investigative news outlet iStories to Proxy[.]vn, a Vietnam-based proxy-for-hire network.
www.qurium.org/press-releas...
www.qurium.org/press-releas...
Proxy.vn’s hidden Tin-Roof datacenter fueling fake accounts behind the recent attack on iStories.media
Qurium has completed a forensic investigation into the DDoS attacks targeting the Russian investigative media iStories in early November 2025. The investigation links the attacks to Proxy.vn, a Vietna...
www.qurium.org
November 18, 2025 at 12:51 PM
Qurium has linked recent DDoS attacks against investigative news outlet iStories to Proxy[.]vn, a Vietnam-based proxy-for-hire network.
www.qurium.org/press-releas...
www.qurium.org/press-releas...
Reposted by Catalin Cimpanu
Forever plagued by the urge to just pick up a pigeon and take it home
November 16, 2025 at 5:55 PM
Forever plagued by the urge to just pick up a pigeon and take it home
Reposted by Catalin Cimpanu
CBA boss says repaying ‘excessive fees’ to low-income customers could be seen as taking shareholder money
CBA boss says repaying ‘excessive fees’ to low-income customers could be seen as taking shareholder money
The Commonwealth Bank – which reported a record cash profit of $10.3bn in the most recent financial year – charged $270m in ‘excessive fees’ over five years
The head of Australia’s biggest and most profitable bank says reimbursing hundreds of millions of dollars in fees to its lower income customers would be an “appropriation” of shareholder money.
The Commonwealth Bank’s chief executive, Mat Comyn, mounted a fierce defence of charging fees according to its terms and conditions during a parliamentary committee hearing in Canberra on Tuesday morning, Continue reading...
www.theguardian.com
November 18, 2025 at 6:51 AM
A Dutch man has been sentenced to 120 hours of community service for deploying cryptominer equipment on the wind farm's network.
uitspraken.rechtspraak.nl/details?id=E...
uitspraken.rechtspraak.nl/details?id=E...
November 18, 2025 at 12:11 AM
A Dutch man has been sentenced to 120 hours of community service for deploying cryptominer equipment on the wind farm's network.
uitspraken.rechtspraak.nl/details?id=E...
uitspraken.rechtspraak.nl/details?id=E...
Dutch police have seized 250 servers linked to an unnamed bulletproof hosting provider
www.politie.nl/nieuws/2025/...
www.politie.nl/nieuws/2025/...
Duizenden servers in beslaggenomen in omvangrijk cybercrime onderzoek
In een onderzoek naar een malafide hostingbedrijf zijn door het team cybercrime Oost-Nederland duizenden servers in beslaggenomen. Het hostingbedrijf wordt volgens de politie enkel en alleen gebruikt ...
www.politie.nl
November 16, 2025 at 7:51 PM
Dutch police have seized 250 servers linked to an unnamed bulletproof hosting provider
www.politie.nl/nieuws/2025/...
www.politie.nl/nieuws/2025/...
Reposted by Catalin Cimpanu
And here is your latest edition of this.weekinsecurity.com, featuring stories including: Spyware maker NSO Group is now under U.S. ownership; EU considers weakening GDPR for AI; ClickFix attacks on the rise; U.S. agencies hacked via Cisco bugs, and much more.
🐈⬛ Plus a two-for-one cybercat special 🐈⬛
🐈⬛ Plus a two-for-one cybercat special 🐈⬛
this week in security — november 16 2025 edition
NSO Group now under U.S. ownership, EU considers weakening GDPR for AI, ClickFix attacks on the rise, U.S. agencies hacked via Cisco bugs, and more.
this.weekinsecurity.com
November 16, 2025 at 5:40 PM
And here is your latest edition of this.weekinsecurity.com, featuring stories including: Spyware maker NSO Group is now under U.S. ownership; EU considers weakening GDPR for AI; ClickFix attacks on the rise; U.S. agencies hacked via Cisco bugs, and much more.
🐈⬛ Plus a two-for-one cybercat special 🐈⬛
🐈⬛ Plus a two-for-one cybercat special 🐈⬛
Reposted by Catalin Cimpanu
The IETF/CFRG HPKE post-quantum hybrid KEMs ended up specified over four documents.
I found it difficult to chase down definitions, disambiguate overlapping terms, ignore irrelevant alternatives, and cut through abstraction layers, so I wrote a condensed spec.
It's 235 lines. filippo.io/hpke-pq
I found it difficult to chase down definitions, disambiguate overlapping terms, ignore irrelevant alternatives, and cut through abstraction layers, so I wrote a condensed spec.
It's 235 lines. filippo.io/hpke-pq
November 16, 2025 at 7:31 PM
The IETF/CFRG HPKE post-quantum hybrid KEMs ended up specified over four documents.
I found it difficult to chase down definitions, disambiguate overlapping terms, ignore irrelevant alternatives, and cut through abstraction layers, so I wrote a condensed spec.
It's 235 lines. filippo.io/hpke-pq
I found it difficult to chase down definitions, disambiguate overlapping terms, ignore irrelevant alternatives, and cut through abstraction layers, so I wrote a condensed spec.
It's 235 lines. filippo.io/hpke-pq
Reposted by Catalin Cimpanu
Ah yes, the greatest reward for grinding in a game: a cropped ai-generated wet fart.
Thanks, Call of Duty :)
Thanks, Call of Duty :)
Call of Duty isn't even hiding the fact that loads of its calling cards and other unlockables are AI generated this year.
For one of the biggest video game franchises in the world this is pretty disgusting...
For one of the biggest video game franchises in the world this is pretty disgusting...
November 14, 2025 at 4:59 PM
Ah yes, the greatest reward for grinding in a game: a cropped ai-generated wet fart.
Thanks, Call of Duty :)
Thanks, Call of Duty :)
Reposted by Catalin Cimpanu
steam is apparently allowing "this game had AI in it that it didn't disclose" as a valid return statement, so if you or anyone you know actually paid $70 for slop, get that money back
Insulting to the players, insulting to the IP, insulting to the medium, the developers. And the craft itself. Fuck you executives who pushed this garbage.
frvr.com/blog/call-of...
frvr.com/blog/call-of...
Call of Duty: Black Ops 7 is littered with AI art slop, because your $70 means nothing anymore
Call of Duty: Black Ops 7 is littered with AI generated artwork which makes the $70 feel like a complete rip-off.
frvr.com
November 15, 2025 at 9:10 AM
steam is apparently allowing "this game had AI in it that it didn't disclose" as a valid return statement, so if you or anyone you know actually paid $70 for slop, get that money back
Reposted by Catalin Cimpanu
Our investigation into the suspicious pressure on Archive.today
https://adguard-dns.io/en/blog/archive-today-adguard-dns-block-demand.html
https://news.ycombinator.com/item?id=45936460
https://adguard-dns.io/en/blog/archive-today-adguard-dns-block-demand.html
https://news.ycombinator.com/item?id=45936460
Behind the complaints: Our investigation into the suspicious pressure on Archive.today
Some time ago, we were contacted by a group fighting against online CSAM, demanding that AdGuard DNS blocks the Archive.today website. This was only the beginning of a much larger story…
adguard-dns.io
November 15, 2025 at 12:30 PM
Our investigation into the suspicious pressure on Archive.today
https://adguard-dns.io/en/blog/archive-today-adguard-dns-block-demand.html
https://news.ycombinator.com/item?id=45936460
https://adguard-dns.io/en/blog/archive-today-adguard-dns-block-demand.html
https://news.ycombinator.com/item?id=45936460
Reposted by Catalin Cimpanu
Interesting, LAPSUS$ Scattered Hunters gets all the media attention, but I agree with @mattkapko.com's reporting in @cyberscoop.bsky.social that Akira is among the worst, in fact LAPSUS$ Scattered Hunters doesn't even crack the top 5.
@mattkapko.com should I do a Casey Kasem inspired Top 10 😂?
@mattkapko.com should I do a Casey Kasem inspired Top 10 😂?
FBI calls Akira ‘top five’ ransomware variant out of 130 targeting US businesses
Officials shared indicators of compromise observed as recently as this month to help organizations hunt for and defend against the ransomware group, which has pocketed $244 million as of late Septembe...
cyberscoop.com
November 14, 2025 at 6:21 PM
Interesting, LAPSUS$ Scattered Hunters gets all the media attention, but I agree with @mattkapko.com's reporting in @cyberscoop.bsky.social that Akira is among the worst, in fact LAPSUS$ Scattered Hunters doesn't even crack the top 5.
@mattkapko.com should I do a Casey Kasem inspired Top 10 😂?
@mattkapko.com should I do a Casey Kasem inspired Top 10 😂?
Reposted by Catalin Cimpanu
NEW: @derekbjohnson.bsky.social spoke with @anthropic.com's threat intel team about Thursday's report. Lots in there, but one key takeaway: Despite being labeled as 'autonomous,' there was a tremendous amount of human effort needed to pull off the attacks. cyberscoop.com/anthropic-ai...
![However, Klein also made it clear that “most autonomous” is a relative term. There is plenty of evidence to indicate this hacking group devoted significant human and technical resources into the way it used Claude.
Namely, the automation detailed in Anthropic’s report performed by Claude was made possible through a frontend framework designed to orchestrate and support its operations. The framework handled tasks such as scripting, provisioning related servers, and significant backend development to ensure every step was followed correctly. Klein noted this development process was the most difficult — and, importantly, human-led — step in the operation.
“The first part that is not autonomous is building the framework, so you needed a human being to put this all together,” Klein said. “You had a human operator that would put in a target, they would click a button and then use this framework that was created [ahead of time]. The hardest part of this entire system was building this framework, that’s what was human intensive.”](https://cdn.bsky.app/img/feed_thumbnail/plain/did:plc:pz7u4quefs7ajp25ujbe4xhk/bafkreibabm4oal3ub5tr7o5hnr5lsvikpf22nbnuzvach7hcec6dmwt5eu@jpeg)
November 14, 2025 at 7:26 PM
NEW: @derekbjohnson.bsky.social spoke with @anthropic.com's threat intel team about Thursday's report. Lots in there, but one key takeaway: Despite being labeled as 'autonomous,' there was a tremendous amount of human effort needed to pull off the attacks. cyberscoop.com/anthropic-ai...
Reposted by Catalin Cimpanu
NEW: The US Department of Justice issued a warrant demanding SpaceX seize and disable Starlink devices and accounts being used at a scam compound in Myanmar.
At least 9 Starlink devices were linked to a crypto scam that stole $6 million people, an FBI affidavit says
Story with @lhn.bsky.social
At least 9 Starlink devices were linked to a crypto scam that stole $6 million people, an FBI affidavit says
Story with @lhn.bsky.social
DOJ Issued Seizure Warrant to Starlink Over Satellite Internet Systems Used at Scam Compound
A new US law enforcement initiative is aimed at crypto fraudsters targeting Americans—and now seeks to seize infrastructure it claims is crucial to notorious scam compounds.
www.wired.com
November 14, 2025 at 8:55 PM
NEW: The US Department of Justice issued a warrant demanding SpaceX seize and disable Starlink devices and accounts being used at a scam compound in Myanmar.
At least 9 Starlink devices were linked to a crypto scam that stole $6 million people, an FBI affidavit says
Story with @lhn.bsky.social
At least 9 Starlink devices were linked to a crypto scam that stole $6 million people, an FBI affidavit says
Story with @lhn.bsky.social
Reposted by Catalin Cimpanu
As an enthusiastic em-dasher, I really resent that this has come to be a sign of AI-generated copy.
OpenAI says ChatGPT will now ditch em dashes if users tell it to; em dashes have become telltale signs that supposedly signals text written by AI (Sarah Perez/TechCrunch)
Main Link | Techmeme Permalink
Main Link | Techmeme Permalink
November 14, 2025 at 10:09 PM
As an enthusiastic em-dasher, I really resent that this has come to be a sign of AI-generated copy.
Reposted by Catalin Cimpanu
A brand new unlisted extension with 100,000 users? 41 ratings? Must be really valuable.
Nope - completely manipulated stats and it doesn't even contain real code. It exists only to collect your searches and earn Bing Rewards.
Nope - completely manipulated stats and it doesn't even contain real code. It exists only to collect your searches and earn Bing Rewards.
November 14, 2025 at 5:14 PM
A brand new unlisted extension with 100,000 users? 41 ratings? Must be really valuable.
Nope - completely manipulated stats and it doesn't even contain real code. It exists only to collect your searches and earn Bing Rewards.
Nope - completely manipulated stats and it doesn't even contain real code. It exists only to collect your searches and earn Bing Rewards.