Cyber Corgi
@konakoffee.bsky.social
I post a lot of cyber, defense, and Intel stuff, and you should be impressed because I do that without opposable thumbs.
Reposted by Cyber Corgi
trying to switch off the AI bloatware that has been pinned to the top of every single menu in every single app
April 26, 2025 at 9:30 PM
trying to switch off the AI bloatware that has been pinned to the top of every single menu in every single app
Reposted by Cyber Corgi
Russian Hackers Create 4,300 Fake Travel Sites to Steal Hotel Guests’ Payment Data reconbee.com/russian-hack...
#Russia #russian #hackers #travelsite #payment #paymentdata #DataSecurity #cyberattack #hotels
#Russia #russian #hackers #travelsite #payment #paymentdata #DataSecurity #cyberattack #hotels
Russian Hackers Create 4300 Fake Travel Sites to Steal Hotel Guests' Payment Data
target's initial visit to the website read more about Russian Hackers Create 4300 Fake Travel Sites to Steal Hotel Guests' Payment Data
reconbee.com
November 14, 2025 at 11:52 AM
Russian Hackers Create 4,300 Fake Travel Sites to Steal Hotel Guests’ Payment Data reconbee.com/russian-hack...
#Russia #russian #hackers #travelsite #payment #paymentdata #DataSecurity #cyberattack #hotels
#Russia #russian #hackers #travelsite #payment #paymentdata #DataSecurity #cyberattack #hotels
Reposted by Cyber Corgi
In this week’s newsletter, Amy swaps Halloween candy for a crash course in satellite hacking, learning about the 2022 KA-SAT attack and the latest cybersecurity news: cs.co/633217njEL
November 13, 2025 at 7:04 PM
In this week’s newsletter, Amy swaps Halloween candy for a crash course in satellite hacking, learning about the 2022 KA-SAT attack and the latest cybersecurity news: cs.co/633217njEL
Reposted by Cyber Corgi
This is pretty wild. Checkout.com got hacked by a group that claims to be Shiny Hunters again. Checkout said in blog post that it would not be extorted by criminals.
"We will not pay this ransom.
Instead, we are turning this attack into an investment in security for our entire industry. We […]
"We will not pay this ransom.
Instead, we are turning this attack into an investment in security for our entire industry. We […]
Original post on infosec.exchange
infosec.exchange
November 13, 2025 at 7:27 PM
This is pretty wild. Checkout.com got hacked by a group that claims to be Shiny Hunters again. Checkout said in blog post that it would not be extorted by criminals.
"We will not pay this ransom.
Instead, we are turning this attack into an investment in security for our entire industry. We […]
"We will not pay this ransom.
Instead, we are turning this attack into an investment in security for our entire industry. We […]
Reposted by Cyber Corgi
Is there a term for the inverse productivity achieved when you have so many tabs open that you can no longer see any favicons? If not, I'm going to spend some CPU cycles coining one. I feel like I hit this pivotal point almost daily, even though I'm working on many screens at once. The problem […]
Original post on infosec.exchange
infosec.exchange
November 13, 2025 at 7:39 PM
Is there a term for the inverse productivity achieved when you have so many tabs open that you can no longer see any favicons? If not, I'm going to spend some CPU cycles coining one. I feel like I hit this pivotal point almost daily, even though I'm working on many screens at once. The problem […]
Reposted by Cyber Corgi
This is a popular tactic. Google recently said that Chinese hackers got vulnerability information from Gemini by posing as capture-the-flag participants. cloud.google.com/blog/topics/...
November 13, 2025 at 7:58 PM
This is a popular tactic. Google recently said that Chinese hackers got vulnerability information from Gemini by posing as capture-the-flag participants. cloud.google.com/blog/topics/...
Reposted by Cyber Corgi
"Claude didn’t always work perfectly. It occasionally hallucinated credentials or claimed to have extracted secret information that was in fact publicly-available. This remains an obstacle to fully autonomous cyberattacks."
Chinese gov hackers used Anthropic to fully automate recent cyberattacks against dozens of targets incl. tech firms, financial institutions, chemical facilities, and gov agencies. They tricked Claude into assisting them by breaking prompts into separate tasks and saying it was for defensive purposes
Exclusive | Chinese Hackers Used Anthropic’s AI to Automate Cyberattacks
The use of AI automation in hacks is a growing trend that gives hackers additional scale and speed
www.wsj.com
November 13, 2025 at 8:06 PM
"Claude didn’t always work perfectly. It occasionally hallucinated credentials or claimed to have extracted secret information that was in fact publicly-available. This remains an obstacle to fully autonomous cyberattacks."
Reposted by Cyber Corgi
New from me: Hackers broke into a company that does batch SMS messaging on Monday night and sent out hundreds of thousands of crappy scam messages to people who normally get alerts from New York State, a Catholic charity, a group that helped organize No Kings protest.
Hackers breach mass texting service used by New York state, send hundreds of thousands of scam texts
Hackers sent text messages to users from trusted SMS numbers, referencing nonexistent transactions and directing them to call a phone number.
www.nbcnews.com
November 13, 2025 at 8:56 PM
New from me: Hackers broke into a company that does batch SMS messaging on Monday night and sent out hundreds of thousands of crappy scam messages to people who normally get alerts from New York State, a Catholic charity, a group that helped organize No Kings protest.
Reposted by Cyber Corgi
Apple updates its App Store rules to restrict apps from sharing personal data with third-party AI without disclosure and explicit permission.
Apple's new App Review Guidelines clamp down on apps sharing personal data with 'third-party AI' | TechCrunch
Apple updates its App Store rules to restrict apps from sharing personal data with third-party AI without disclosure and explicit permission.
techcrunch.com
November 13, 2025 at 9:23 PM
Apple updates its App Store rules to restrict apps from sharing personal data with third-party AI without disclosure and explicit permission.
Reposted by Cyber Corgi
Public Citizen’s letter urges OpenAI to temporarily take Sora 2 offline and work with outside experts to prevent the spread of harmful deepfakes. via @derekbjohnson.bsky.social www.youtube.com/watch?v=WTgi... | cyberscoop.com/sora-2-deepf...
Advocacy group calls on OpenAI to address Sora 2’s deepfake risks
YouTube video by FedScoop
www.youtube.com
November 14, 2025 at 3:08 AM
Public Citizen’s letter urges OpenAI to temporarily take Sora 2 offline and work with outside experts to prevent the spread of harmful deepfakes. via @derekbjohnson.bsky.social www.youtube.com/watch?v=WTgi... | cyberscoop.com/sora-2-deepf...
Reposted by Cyber Corgi
SANS Stormcast Friday, November 14th, 2025: SmartApeSG and ClickFix; Formbook Obfuscation Tricks; Sudo-rs Vulnerabilities; SANS Holiday Hack Challenge
https://isc.sans.edu/podcastdetail/9700
https://isc.sans.edu/podcastdetail/9700
November 14, 2025 at 3:50 AM
SANS Stormcast Friday, November 14th, 2025: SmartApeSG and ClickFix; Formbook Obfuscation Tricks; Sudo-rs Vulnerabilities; SANS Holiday Hack Challenge
https://isc.sans.edu/podcastdetail/9700
https://isc.sans.edu/podcastdetail/9700
Reposted by Cyber Corgi
mad Respect for checkout.com CTO for holding out instead of paying the ransom.
Instead of paying a ransom demand after getting hit by extortionists last week, payment services provider Checkout.com donated the demanded amount to fund cybercrime research.
Ransomed CTO falls on sword, refuses to pay extortion demand
: Checkout.com will instead donate the amount to fund cybercrime research
www.theregister.com
November 14, 2025 at 6:16 AM
mad Respect for checkout.com CTO for holding out instead of paying the ransom.
Reposted by Cyber Corgi
Anthropic's AI cyberespionage report feels as odd as the last one. Just 13 pages, it has none of the traditional components of a usual threat intel report (IoCs, payload hashes, etc.) and it seems to bury the lead re: technical sophistication. I wonder if a target will come forward. #infosec
November 14, 2025 at 7:40 AM
Anthropic's AI cyberespionage report feels as odd as the last one. Just 13 pages, it has none of the traditional components of a usual threat intel report (IoCs, payload hashes, etc.) and it seems to bury the lead re: technical sophistication. I wonder if a target will come forward. #infosec
Reposted by Cyber Corgi
ASUS has released new firmware to patch a critical authentication bypass security flaw impacting several DSL series router models.
ASUS warns of critical auth bypass flaw in DSL series routers
ASUS has released new firmware to patch a critical authentication bypass security flaw impacting several DSL series router models.
www.bleepingcomputer.com
November 14, 2025 at 9:52 AM
ASUS has released new firmware to patch a critical authentication bypass security flaw impacting several DSL series router models.
Reposted by Cyber Corgi
Hyundai Data Breach May Have Leaked Drivers' Personal Information
https://yro.slashdot.org/story/25/11/14/0424237/hyundai-data-breach-may-have-leaked-drivers-personal-information?utm_source=rss1.0mainlinkanon&utm_medium=feed
Hyundai Data Breach May Have Leaked Drivers' Personal Information
According to Car and Driver, Hyundai has suffered a data breach that leaked the personal data of up to 2.7 million customers. The leak reportedly took place in February from Hyundai AutoEver, the company's IT affiliate. It includes customer names, driver's license numbers, and social security number...
yro.slashdot.org
November 14, 2025 at 10:12 AM
Hyundai Data Breach May Have Leaked Drivers' Personal Information
https://yro.slashdot.org/story/25/11/14/0424237/hyundai-data-breach-may-have-leaked-drivers-personal-information?utm_source=rss1.0mainlinkanon&utm_medium=feed
Reposted by Cyber Corgi
Google is backpedaling on its decision to introduce new identity verification rules for all developers, stating that it will also introduce accounts for limited app distribution and will allow users to install apps from unverified devs.
Google backpedals on new Android developer registration rules
Google is backpedaling on its decision to introduce new identity verification rules for all developers, stating that it will also introduce accounts for limited app distribution and will allow users to install apps from unverified devs.
www.bleepingcomputer.com
November 14, 2025 at 11:55 AM
Google is backpedaling on its decision to introduce new identity verification rules for all developers, stating that it will also introduce accounts for limited app distribution and will allow users to install apps from unverified devs.
Reposted by Cyber Corgi
Researchers warn that although exploitation of the zero-day is complex, a functional exploit exists in the wild. cyberscoop.com/microsoft-pa...
Microsoft Patch Tuesday addresses 63 defects, including one actively exploited zero-day
Researchers warn that although exploitation of the zero-day is complex, a functional exploit exists in the wild.
cyberscoop.com
November 12, 2025 at 4:27 PM
Researchers warn that although exploitation of the zero-day is complex, a functional exploit exists in the wild. cyberscoop.com/microsoft-pa...
Reposted by Cyber Corgi
A group of Democratic lawmakers asked governors in California, Colorado, and other states to block ICE from accessing their residents’ driver’s license data without their knowledge.
Lawmakers warn Democratic governors that states are sharing drivers' data with ICE | TechCrunch
A group of Democratic lawmakers asked governors in California, Colorado, and other states to block ICE from accessing their residents’ driver’s license data without their knowledge.
techcrunch.com
November 12, 2025 at 4:44 PM
A group of Democratic lawmakers asked governors in California, Colorado, and other states to block ICE from accessing their residents’ driver’s license data without their knowledge.
🫧
In a shift, the world will spend $40 billion more on new data centers this year than it will on finding new sources of oil.
Data centers now attract more investment than than finding new oil supplies | TechCrunch
In a shift, the world will spend $40 billion more on new data centers this year than it will on finding new sources of oil.
techcrunch.com
November 13, 2025 at 12:35 PM
🫧
Reposted by Cyber Corgi
These Rippling ads are pretty much everywhere in lower Manhattan. My one and only thought is: with all your eggs in one basket, that's gonna hurt real bad if/when they get hacked.
November 12, 2025 at 4:59 PM
These Rippling ads are pretty much everywhere in lower Manhattan. My one and only thought is: with all your eggs in one basket, that's gonna hurt real bad if/when they get hacked.
Reposted by Cyber Corgi
Google took legal action against a cybercriminal organization behind SMS scams — often claiming to come from USPS or toll agencies — that has been used to compromise millions of credit cards therecord.media/google-files...
Google files lawsuit to disrupt massive ‘Lighthouse’ smishing scheme
According to the tech giant, the accused criminals developed the “Lighthouse” phishing kit, which provides custom tools to scammers to deploy “smishing” — or SMS phishing — attacks and to build fraudu...
therecord.media
November 12, 2025 at 4:59 PM
Google took legal action against a cybercriminal organization behind SMS scams — often claiming to come from USPS or toll agencies — that has been used to compromise millions of credit cards therecord.media/google-files...
Reposted by Cyber Corgi
For 12 days and counting, Disney-owned channels like ESPN and ABC have been blacked out on YouTube TV.
YouTube TV's Disney blackout is ruining my life (I can't watch 'Jeopardy!') | TechCrunch
For 12 days and counting, Disney-owned channels like ESPN and ABC have been blacked out on YouTube TV.
techcrunch.com
November 12, 2025 at 5:24 PM
For 12 days and counting, Disney-owned channels like ESPN and ABC have been blacked out on YouTube TV.
Reposted by Cyber Corgi
A senior U.S. military officer with no digital warfare experience has emerged as a top contender to lead U.S. Cyber Command and the National Security Agency, Recorded Future News has learned.
✍️ @martinmatishak.bsky.social with the scoop
✍️ @martinmatishak.bsky.social with the scoop
Army officer with Indo-Pacific experience emerges as potential Cyber Command, NSA pick
Lt. Gen. Joshua Rudd, the No. 2 at U.S. Indo-Pacific Command, has emerged as a potential pick to lead U.S. Cyber Command and the National Security Agency, multiple people familiar with the search told...
therecord.media
November 12, 2025 at 6:29 PM
A senior U.S. military officer with no digital warfare experience has emerged as a top contender to lead U.S. Cyber Command and the National Security Agency, Recorded Future News has learned.
✍️ @martinmatishak.bsky.social with the scoop
✍️ @martinmatishak.bsky.social with the scoop
Reposted by Cyber Corgi
Looks like Elon Musk's X has royally borked its passkey and security key switchover. Users are reporting that they're getting stuck in endless loops in trying to re-roll, and, in some cases, are getting locked out of their accounts.
Elon Musk's X botched its security key switchover, locking users out | TechCrunch
As part of an effort to retire the old Twitter.com domain, X is requiring passkey and security key users to re-enroll — but are getting stuck in endless loops and unable to finish.
techcrunch.com
November 12, 2025 at 7:46 PM
Looks like Elon Musk's X has royally borked its passkey and security key switchover. Users are reporting that they're getting stuck in endless loops in trying to re-roll, and, in some cases, are getting locked out of their accounts.
Reposted by Cyber Corgi
Deepwatch’s CEO told TechCrunch that the layoffs allow the company to accelerate investments in “AI and automation.”
Cybersecurity firm Deepwatch lays off dozens, citing move to "accelerate" AI investment | TechCrunch
Deepwatch’s CEO told TechCrunch that the layoffs allow the company to accelerate investments in “AI and automation.”
techcrunch.com
November 12, 2025 at 8:10 PM
Deepwatch’s CEO told TechCrunch that the layoffs allow the company to accelerate investments in “AI and automation.”