Tor Vigesdal
LightNews LightNews
banner
dotbatman.com
Tor Vigesdal
@dotbatman.com
48 followers 150 following 330 posts
Posts Replies Media Videos
Reposted by Tor Vigesdal
ninjaowl.ai
Man behind in-flight Evil Twin WiFi attacks gets 7 years in prison #cybersecurity #hacking #news #infosec #security #technology #privacy
Man behind in-flight Evil Twin WiFi attacks gets 7 years in prison
A 44-year-old man was sentenced to seven years and four months in prison for operating an "evil twin" WiFi network to steal the data of unsuspecting travelers at various airports across Australia.
www.bleepingcomputer.com
November 29, 2025 at 11:20 AM
Reposted by Tor Vigesdal
bagder.mastodon.social.ap.brid.gy
The European Union Agency for Cybersecurity (ENISA) is now a Root in the CVE Program

https://www.cve.org/PartnerInformation/ListofPartners/partner/ENISA
November 20, 2025 at 6:08 PM
Reposted by Tor Vigesdal
campuscodi.risky.biz
Two weeks ago, there were weird reports online of explosions at KK Park, Myanmar's largest scam compound, and people fleeing the streets.

I thought some internal military groups were fighting for control, but it appears the junta is demolishing the park outright

www.irrawaddy.com/news/myanmar...
November 9, 2025 at 7:03 PM
dotbatman.com
If you see this, post an album with a motor vehicle on it
Album Cover - Kaminsky - Outrun
November 8, 2025 at 11:41 AM
Reposted by Tor Vigesdal
ninjaowl.ai
QNAP fixes seven NAS zero-day flaws exploited at Pwn2Own #cybersecurity #hacking #news #infosec #security #technology #privacy
QNAP fixes seven NAS zero-day flaws exploited at Pwn2Own
QNAP has fixed seven zero-day vulnerabilities that security researchers exploited to hack QNAP network-attached storage (NAS) devices during the Pwn2Own Ireland 2025 competition.
www.bleepingcomputer.com
November 8, 2025 at 6:40 AM
Reposted by Tor Vigesdal
infosecsherpa.bsky.social
Ooooh, this is a useful tool! Click the link for a 4-page PDF that walks you through eight different points of security when handling help desk queries from users. Don't get fooled by imposters!

"Help Desk Identity Verification Checklist" by HYPR
cybersec.hypr.com/s/help-desk-...
cybersec.hypr.com
November 4, 2025 at 3:15 PM
dotbatman.com
Really, Microsoft?
doublepulsar.com Kevin Beaumont @doublepulsar.com · Oct 23
Microsoft are rolling out Gaming Copilot to Windows 11 PCs. Silently, enabled by default, screenshots enabled by default, model training enabled by default. doublepulsar.com/microsoft-bu...
Microsoft builds on Recall with Gaming Copilot — fails basic privacy tests
Gaming Copilot, rolling out now to Windows 11, adds a new attack surface to Windows.
doublepulsar.com
October 27, 2025 at 11:57 AM
Reposted by Tor Vigesdal
ninjaowl.ai
New 'CoPhish' technique wraps OAuth phishing in Microsoft Copilot #cybersecurity #hacking #news #infosec #security #technology #privacy
New CoPhish attack steals OAuth tokens via Copilot Studio agents
A new phishing technique dubbed 'CoPhish' weaponizes Microsoft Copilot Studio agents to deliver fraudulent OAuth consent requests via legitimate and trusted Microsoft domains.
www.bleepingcomputer.com
October 26, 2025 at 6:57 AM
Reposted by Tor Vigesdal
thezdi.bsky.social
$1,024,750 - 73 unique bugs - a week of amazing research on display. #Pwn2Own Ireland had it all. Success. Failure. Intrigue. You name it. Congratulations to the Master of Pwn winners @SummoningTeam! Their outstanding work earned them $187,500 and 22 point. See you in Tokyo for Pwn2Own Automotive.
October 24, 2025 at 10:49 AM
dotbatman.com
Wow, lots of great work done here - and hopefully some #4Sale bugs squashed as well. 🤞
thezdi.bsky.social Trend Zero Day Initiative @thezdi.bsky.social · Oct 22
Day 2 of #Pwn2Own Ireland is in the books. So far, we've awarded $792,750 or 56 unique 0-days. Tomorrow could be even better with more Samsung, a Meta Quest entry and that big WhatsApp entry still lingering. Here's the current Master of Pwn leader board. See you tomorrow!
October 22, 2025 at 6:58 PM
dotbatman.com
I’ll say it again, it’s not a stupid design - it’s more sinister than that. It’s subscriptions.
October 22, 2025 at 6:55 PM
Reposted by Tor Vigesdal
thezdi.bsky.social
All results from Day One of #Pwn2Own Ireland 2025 can be found at www.zerodayinitiative.com/blog/2025/10... - This will be updated throughout the day with results. #P2OIreland
Zero Day Initiative — Pwn2Own Ireland 2025: Day One Results
Welcome to Day One of Pwn2Own Ireland 2025! We have 17 attempts today with some exciting research on display. We’ll be posting results here as we have them, and follow us on Twitter , Mastodon , and...
www.zerodayinitiative.com
October 21, 2025 at 9:28 AM
Reposted by Tor Vigesdal
jameschalmers.bsky.social
This remains the funniest way to hear about an internet outage, though.
Denise C. @SpudBenBean · Follow A woman who rang ABC Sydney radio said she found out about the Optus outage from her cat. The cat has an automatic wi-fi feeder (connected to Optus) & when breakfast wasn't delivered at 6:10 am, the cat went to the bedroom to lodge a complaint with management.
October 20, 2025 at 8:41 AM
dotbatman.com
I am glad it needs to be activated through Settings. All bets are off on when that switch will flip…
October 17, 2025 at 3:51 AM
Reposted by Tor Vigesdal
ninjaowl.ai
F5 says hackers stole undisclosed BIG-IP flaws, source code #cybersecurity #hacking #news #infosec #security #technology #privacy
F5 says hackers stole undisclosed BIG-IP flaws, source code
U.S. cybersecurity company F5 disclosed that it suffered a cyberattack in early August, where suspected nation-state hackers breached its systems and stole undisclosed BIG-IP security vulnerabilities and source code.
www.bleepingcomputer.com
October 15, 2025 at 1:43 PM
Reposted by Tor Vigesdal
grahamcluley.com
The NCSC warns that the UK now faces four nationally significant cyberattacks every week.

Some headlines have claimed that firms are being urged to “go back to pen and paper,” but the full report tells a more practical story about resilience and preparedness.

www.fortra.com/blog/ncsc-wa...
Computer screens impacted by cyberattack
October 15, 2025 at 2:53 PM
dotbatman.com
Patches aquired. Apply.
blowdart.me Barry Dorrans @blowdart.me · Oct 14
It's Patch Tuesday and ASP.NET Core has a doozy, with a CVSS score of 9.9, our highest ever. Let's examine why.

The bug enables http request smuggling, which on its own for ASP.NET Core would be nowhere near that high, but that's not how we rate things...

* Thread- (1/7)
Microsoft Security Advisory CVE-2025-55315: .NET Security Feature Bypass Vulnerability · Issue #371 · dotnet/announcements
Microsoft Security Advisory CVE-2025-55315: .NET Security Feature Bypass Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability i...
github.com
October 15, 2025 at 4:15 AM
Reposted by Tor Vigesdal
nathanmcnulty.com
Intune now has dedicated security recommendations docs just like Entra 🔥

The Entra security docs are extremely popular, and I love seeing other teams publishing this kind of guidance

Thanks to my collegaue (Josh Gatewood) for pointing this out!

learn.microsoft.com/en-us/intune...
October 10, 2025 at 4:49 AM
Reposted by Tor Vigesdal
boblord.bsky.social
You can't improve what you don't measure. A world in which software is secure by design requires tools to measure progress. In this paper, we present some ideas to evolve the CVE program to meet current and emerging needs. 📜 🔐

securityandtechnology.org/virtual-libr...
CVE at a Crossroads: A Blueprint for the Next 25 Years
The Common Vulnerabilities and Exposures (CVE) Program is a critical public good, yet it is at a crossroads. Established by MITRE with support from the U.S. government, the index of software vulnerabi...
securityandtechnology.org
October 8, 2025 at 5:34 PM
dotbatman.com
.. now what are we going to do with all these Arduinos?! Asking for a friend.
October 7, 2025 at 4:37 PM
dotbatman.com
Tabletop Exercise: Could this happen to me / us?
zackwhittaker.com Zack Whittaker @zackwhittaker.com · Oct 7
The bug (known as an IDOR) was really easy to exploit, thanks to a lack of security checks. Anyone logged in to India's income tax dept's e-Filing system could've accessed the sensitive financial and personal information of anyone else.

The e-Filing system has over 135 million registered users. 🫠
Exclusive: Bug in India's income tax portal exposed taxpayers’ sensitive data
TechCrunch verified that the security bug in the Indian Income Tax Department's e-Filing portal exposed taxpayers' data to other users. The security researchers who found the flaw say the data leak is...
techcrunch.com
October 7, 2025 at 4:36 PM
Reposted by Tor Vigesdal
thespaceshipper.com
Shout! Studios has uploaded The Lawnmower Man (1992) in its entirety onto YouTube, meaning it’s now available to watch on that site for free. Thank you, @shoutstudios.bsky.social 🖖

I had seen it when I was too young, the subject interested me (of course!), but the film scared me. 😅
The Lawnmower Man | FULL MOVIE | Jeff Fahey, Pierce Brosnan, Stephen King | Sci-Fi Thriller
YouTube video by Shout! Studios
www.youtube.com
October 3, 2025 at 11:05 PM
Reposted by Tor Vigesdal
bsky.realhackhistory.org
Teenagers are hacking multinational corporations and we are meant to believe ChatGPT has found safety rails that will protect young people that can’t be circumvented with ease.
October 2, 2025 at 1:40 PM
Reposted by Tor Vigesdal
campuscodi.risky.biz
The German government has posted a guide on implementing passkey support server-side, so more companies move to supporting it as the preferred 2FA method.

www.bsi.bund.de/DE/Service-N...
September 30, 2025 at 7:01 PM