Tom
@tom.wicked.design
CEO & founder of wicked.design ✌️,
lecturer at Swiss 🇨🇭 & Ukraine 🇺🇦 universities.
Cyber guy turned social scientist & system theorist 📚
🏳️🌈 (he/him) - vegan, cuz friends not food 🌱
lecturer at Swiss 🇨🇭 & Ukraine 🇺🇦 universities.
Cyber guy turned social scientist & system theorist 📚
🏳️🌈 (he/him) - vegan, cuz friends not food 🌱
#Scattered #LAPSUS$ #Hunters #SLH website shinyhunte[.]rs disapeared and is displaying a personal warning message. #ScatteredLAPSUS$Hunters #Cybercrime
October 20, 2025 at 9:08 PM
#Scattered #LAPSUS$ #Hunters #SLH website shinyhunte[.]rs disapeared and is displaying a personal warning message. #ScatteredLAPSUS$Hunters #Cybercrime
Deswegen bin ich auch sehr skeptisch ob der Selbsteinschätzung der Firmen im Wirtschaftsschutz
2025 Bericht der @bitkom.org.
Gerade im Mittelstand, aber auch in grossen Orgs, sehen wir noch immer einen IT Fokus.
Kaum jemand verfügt über die CISO Rolle, und wenn dann meist wieder nur in der IT.
2025 Bericht der @bitkom.org.
Gerade im Mittelstand, aber auch in grossen Orgs, sehen wir noch immer einen IT Fokus.
Kaum jemand verfügt über die CISO Rolle, und wenn dann meist wieder nur in der IT.
October 15, 2025 at 10:47 AM
Deswegen bin ich auch sehr skeptisch ob der Selbsteinschätzung der Firmen im Wirtschaftsschutz
2025 Bericht der @bitkom.org.
Gerade im Mittelstand, aber auch in grossen Orgs, sehen wir noch immer einen IT Fokus.
Kaum jemand verfügt über die CISO Rolle, und wenn dann meist wieder nur in der IT.
2025 Bericht der @bitkom.org.
Gerade im Mittelstand, aber auch in grossen Orgs, sehen wir noch immer einen IT Fokus.
Kaum jemand verfügt über die CISO Rolle, und wenn dann meist wieder nur in der IT.
#Cyber ist so lange ein IT Thema bis im Betrieb nichts mehr geht.
IMHO einer der wichtigsten Punkte im neuen Bericht des @ncsc.gov.uk - und etwas was in den meisten Organisationen noch immer nicht angekommen ist.
#Cybersecurity ist #Business!
IMHO einer der wichtigsten Punkte im neuen Bericht des @ncsc.gov.uk - und etwas was in den meisten Organisationen noch immer nicht angekommen ist.
#Cybersecurity ist #Business!
October 15, 2025 at 10:47 AM
#Cyber ist so lange ein IT Thema bis im Betrieb nichts mehr geht.
IMHO einer der wichtigsten Punkte im neuen Bericht des @ncsc.gov.uk - und etwas was in den meisten Organisationen noch immer nicht angekommen ist.
#Cybersecurity ist #Business!
IMHO einer der wichtigsten Punkte im neuen Bericht des @ncsc.gov.uk - und etwas was in den meisten Organisationen noch immer nicht angekommen ist.
#Cybersecurity ist #Business!
#StreetParade, #MobileDeviceManagement und #Risiken - warum ein #MDM alleine nicht reicht 📲
>800k Leute feierten an der weltgrössten Techno Parade in Züri.
Darunter auch einige Diebe mit Fokus Mobiltelefone.
Den Geräten wurde direkt die SIM-Karte entfernt und sie in Alufolie gewickelt.
>800k Leute feierten an der weltgrössten Techno Parade in Züri.
Darunter auch einige Diebe mit Fokus Mobiltelefone.
Den Geräten wurde direkt die SIM-Karte entfernt und sie in Alufolie gewickelt.
August 13, 2025 at 11:49 AM
#StreetParade, #MobileDeviceManagement und #Risiken - warum ein #MDM alleine nicht reicht 📲
>800k Leute feierten an der weltgrössten Techno Parade in Züri.
Darunter auch einige Diebe mit Fokus Mobiltelefone.
Den Geräten wurde direkt die SIM-Karte entfernt und sie in Alufolie gewickelt.
>800k Leute feierten an der weltgrössten Techno Parade in Züri.
Darunter auch einige Diebe mit Fokus Mobiltelefone.
Den Geräten wurde direkt die SIM-Karte entfernt und sie in Alufolie gewickelt.
Seems like quite some internal systems were infected by InfoStealers.
Quite the irony given the fact that #infostealer like #Lumma, #RedLine, #Raccoon, #Vidar are russion developed and operated #CybercrimeAsaService platforms.
Quite the irony given the fact that #infostealer like #Lumma, #RedLine, #Raccoon, #Vidar are russion developed and operated #CybercrimeAsaService platforms.
July 28, 2025 at 1:58 PM
Seems like quite some internal systems were infected by InfoStealers.
Quite the irony given the fact that #infostealer like #Lumma, #RedLine, #Raccoon, #Vidar are russion developed and operated #CybercrimeAsaService platforms.
Quite the irony given the fact that #infostealer like #Lumma, #RedLine, #Raccoon, #Vidar are russion developed and operated #CybercrimeAsaService platforms.
#Aeroflot airline got hacked by two pro-ukranian groups, #SilentCrow and #Cyberpartisans. 🛫🚫
🚩 7`000 servers — physical & virtual — destroyed.
🚩 Compromise of 122 hypervisors, 43 installations of ZVIRT virtualization, ~100 iLO interfaces, & 4 Proxmox clusters.
#Ukraine 🇺🇦
🚩 7`000 servers — physical & virtual — destroyed.
🚩 Compromise of 122 hypervisors, 43 installations of ZVIRT virtualization, ~100 iLO interfaces, & 4 Proxmox clusters.
#Ukraine 🇺🇦
July 28, 2025 at 1:48 PM
#Aeroflot airline got hacked by two pro-ukranian groups, #SilentCrow and #Cyberpartisans. 🛫🚫
🚩 7`000 servers — physical & virtual — destroyed.
🚩 Compromise of 122 hypervisors, 43 installations of ZVIRT virtualization, ~100 iLO interfaces, & 4 Proxmox clusters.
#Ukraine 🇺🇦
🚩 7`000 servers — physical & virtual — destroyed.
🚩 Compromise of 122 hypervisors, 43 installations of ZVIRT virtualization, ~100 iLO interfaces, & 4 Proxmox clusters.
#Ukraine 🇺🇦
Lockbit confirmed:
"On 7 May, someone hacked the light panel with auto registration for all comers, stole the database, but not a single decryptor and not a single company's stolen data were compromised. I'm investigating how they managed to hack it and rebuilding it now. 1/2
"On 7 May, someone hacked the light panel with auto registration for all comers, stole the database, but not a single decryptor and not a single company's stolen data were compromised. I'm investigating how they managed to hack it and rebuilding it now. 1/2
May 8, 2025 at 3:26 PM
Lockbit confirmed:
"On 7 May, someone hacked the light panel with auto registration for all comers, stole the database, but not a single decryptor and not a single company's stolen data were compromised. I'm investigating how they managed to hack it and rebuilding it now. 1/2
"On 7 May, someone hacked the light panel with auto registration for all comers, stole the database, but not a single decryptor and not a single company's stolen data were compromised. I'm investigating how they managed to hack it and rebuilding it now. 1/2
It reveals the brutal reality of ransomware attacks. They are even attacking #schools: "Dude, we’re #non-profit, educating children,".
Another victim begs: "Dear, $40k is my 6-year salary... Don't spoil my life."
Just remember when #ALPHV / #BlackCat ransomed a breast cancer clinc.
Another victim begs: "Dear, $40k is my 6-year salary... Don't spoil my life."
Just remember when #ALPHV / #BlackCat ransomed a breast cancer clinc.
May 8, 2025 at 3:26 PM
It reveals the brutal reality of ransomware attacks. They are even attacking #schools: "Dude, we’re #non-profit, educating children,".
Another victim begs: "Dear, $40k is my 6-year salary... Don't spoil my life."
Just remember when #ALPHV / #BlackCat ransomed a breast cancer clinc.
Another victim begs: "Dear, $40k is my 6-year salary... Don't spoil my life."
Just remember when #ALPHV / #BlackCat ransomed a breast cancer clinc.
#LockBit #ransomware got breached and leaked tonight. A hacker called "kho-kho" (allegedly from Prague 🇨🇿) breached their panel & leaked a 30MB SQL dump containing:
💶 ~ 60K BTC addresses
💬 Negotiation chats with their victims
🛠️ Build info (dating back to Dec 2024)
📈 Client lists, etc.
💶 ~ 60K BTC addresses
💬 Negotiation chats with their victims
🛠️ Build info (dating back to Dec 2024)
📈 Client lists, etc.
May 8, 2025 at 3:26 PM
#LockBit #ransomware got breached and leaked tonight. A hacker called "kho-kho" (allegedly from Prague 🇨🇿) breached their panel & leaked a 30MB SQL dump containing:
💶 ~ 60K BTC addresses
💬 Negotiation chats with their victims
🛠️ Build info (dating back to Dec 2024)
📈 Client lists, etc.
💶 ~ 60K BTC addresses
💬 Negotiation chats with their victims
🛠️ Build info (dating back to Dec 2024)
📈 Client lists, etc.
After some analysis the campaign appears to use Tycoon2FA Phishing Kit.
The website is loading O365 assets from oktacdn[.]com
This domain has been attributed to Tycoon before.
Any.Run: any.run/cybersecurit...
Others like JoeSandbox or Hybrid Analysis currently label it as clean
The website is loading O365 assets from oktacdn[.]com
This domain has been attributed to Tycoon before.
Any.Run: any.run/cybersecurit...
Others like JoeSandbox or Hybrid Analysis currently label it as clean
February 26, 2025 at 11:02 AM
After some analysis the campaign appears to use Tycoon2FA Phishing Kit.
The website is loading O365 assets from oktacdn[.]com
This domain has been attributed to Tycoon before.
Any.Run: any.run/cybersecurit...
Others like JoeSandbox or Hybrid Analysis currently label it as clean
The website is loading O365 assets from oktacdn[.]com
This domain has been attributed to Tycoon before.
Any.Run: any.run/cybersecurit...
Others like JoeSandbox or Hybrid Analysis currently label it as clean
We currently see an uprising in Adobe QR code based phishing for MS O365 creds 🎣
Recipiens are named, TA apparently did some intel:
▶️ Company name
▶️ Employee names (First and Last)
#Phishing #Adobe #O365 #Microsoft #Cybersecurity #Awareness
Recipiens are named, TA apparently did some intel:
▶️ Company name
▶️ Employee names (First and Last)
#Phishing #Adobe #O365 #Microsoft #Cybersecurity #Awareness
February 26, 2025 at 10:24 AM
We currently see an uprising in Adobe QR code based phishing for MS O365 creds 🎣
Recipiens are named, TA apparently did some intel:
▶️ Company name
▶️ Employee names (First and Last)
#Phishing #Adobe #O365 #Microsoft #Cybersecurity #Awareness
Recipiens are named, TA apparently did some intel:
▶️ Company name
▶️ Employee names (First and Last)
#Phishing #Adobe #O365 #Microsoft #Cybersecurity #Awareness
Ich war in Bucha🇺🇦, habe mit den Menschen dort gesprochen, gesehen was die Russen verbrochen haben. Menschen haben mir von den Verbrechen erzählt. Und in der sicheren 🇨🇭sitzen Handlanger der Kriegsverbrecher wie Köppel.
#SlavaUkraini #Ukraine
#SlavaUkraini #Ukraine
January 19, 2025 at 12:18 PM
Ich war in Bucha🇺🇦, habe mit den Menschen dort gesprochen, gesehen was die Russen verbrochen haben. Menschen haben mir von den Verbrechen erzählt. Und in der sicheren 🇨🇭sitzen Handlanger der Kriegsverbrecher wie Köppel.
#SlavaUkraini #Ukraine
#SlavaUkraini #Ukraine
Genau das!
Traurigstes Beispiel ist der institutionelle Rassismus in CH.
www.edi.admin.ch/edi/de/home/...
Traurigstes Beispiel ist der institutionelle Rassismus in CH.
www.edi.admin.ch/edi/de/home/...
January 18, 2025 at 6:52 PM
Genau das!
Traurigstes Beispiel ist der institutionelle Rassismus in CH.
www.edi.admin.ch/edi/de/home/...
Traurigstes Beispiel ist der institutionelle Rassismus in CH.
www.edi.admin.ch/edi/de/home/...
Apparent threat actor: agricamex[.]com 🎣
We observed this domain cloning #MS #Azure #Entra ID websites of our clients.
Domain fronted by #Cloudflare, registered by #GoDaddy.
Cert transparency logs shows activiy since around 2025-01-12. Inc. #Okta, #ADFS, #SCP, #outlook and #O365
We observed this domain cloning #MS #Azure #Entra ID websites of our clients.
Domain fronted by #Cloudflare, registered by #GoDaddy.
Cert transparency logs shows activiy since around 2025-01-12. Inc. #Okta, #ADFS, #SCP, #outlook and #O365
January 18, 2025 at 6:14 PM
cat.exe stopped working.
Resource exhaustion.
Chilling after Christmas 🎄 🐈 #cat #catsofbsky #christmas #AdoptDontShop #AnimalRescue #tierschutz
Resource exhaustion.
Chilling after Christmas 🎄 🐈 #cat #catsofbsky #christmas #AdoptDontShop #AnimalRescue #tierschutz
December 29, 2024 at 7:12 PM
cat.exe stopped working.
Resource exhaustion.
Chilling after Christmas 🎄 🐈 #cat #catsofbsky #christmas #AdoptDontShop #AnimalRescue #tierschutz
Resource exhaustion.
Chilling after Christmas 🎄 🐈 #cat #catsofbsky #christmas #AdoptDontShop #AnimalRescue #tierschutz
It is this time of the year again - happy holidays 🎄, merry Christmas 🎅🏻 and a lovely festive season to all our friends, partners and clients!
We don’t print physical cards or send out fancy gifts, we make a donation to an amazing organisation 👉🏻 www.limon-vergessene-seelen.de
We don’t print physical cards or send out fancy gifts, we make a donation to an amazing organisation 👉🏻 www.limon-vergessene-seelen.de
December 20, 2024 at 10:15 AM
It is this time of the year again - happy holidays 🎄, merry Christmas 🎅🏻 and a lovely festive season to all our friends, partners and clients!
We don’t print physical cards or send out fancy gifts, we make a donation to an amazing organisation 👉🏻 www.limon-vergessene-seelen.de
We don’t print physical cards or send out fancy gifts, we make a donation to an amazing organisation 👉🏻 www.limon-vergessene-seelen.de
Der Besuch in Bucha war unglaublich bedrückend. Die Schilderungen über die wahllosen Morde, Misshandlungen und Zerstörungen.
Währenddessen erklären wir Menschen das sie doch einfach wieder gehen sollen.
Währenddessen erklären wir Menschen das sie doch einfach wieder gehen sollen.
December 14, 2024 at 12:43 PM
Der Besuch in Bucha war unglaublich bedrückend. Die Schilderungen über die wahllosen Morde, Misshandlungen und Zerstörungen.
Währenddessen erklären wir Menschen das sie doch einfach wieder gehen sollen.
Währenddessen erklären wir Menschen das sie doch einfach wieder gehen sollen.
Every time my students ask me why cyber-sec is more then just internal IT and protection of data.
#InfoSec #CyberSecurity #Academia #Students #Lecturing
#InfoSec #CyberSecurity #Academia #Students #Lecturing
December 11, 2024 at 1:45 PM
Every time my students ask me why cyber-sec is more then just internal IT and protection of data.
#InfoSec #CyberSecurity #Academia #Students #Lecturing
#InfoSec #CyberSecurity #Academia #Students #Lecturing
November 28, 2024 at 6:57 AM
Interesting first talks at @cyberwarcon.bsky.social 😎
November 22, 2024 at 3:44 PM
Interesting first talks at @cyberwarcon.bsky.social 😎
🤷 Ach naja, das mit diesem DMARC und co. ist ja auch nicht so wichtig.
November 22, 2024 at 7:26 AM
🤷 Ach naja, das mit diesem DMARC und co. ist ja auch nicht so wichtig.
For some of those mSpy clients you even get their account to darknet drug marketplaces 🤦
At least you get their BitDefender account as well 😂
At least you get their BitDefender account as well 😂
November 21, 2024 at 2:34 PM
For some of those mSpy clients you even get their account to darknet drug marketplaces 🤦
At least you get their BitDefender account as well 😂
At least you get their BitDefender account as well 😂
mSpy - #stalkerware for everyone. From parents to lovers and companies. Truly worrying documentation by Swiss television.
The thing is, the bad OpSec of those people exposes their victims to an even greater threat - #InfoStealer #malware.
For just $10 I can buy access to peoples #mSpy account.
The thing is, the bad OpSec of those people exposes their victims to an even greater threat - #InfoStealer #malware.
For just $10 I can buy access to peoples #mSpy account.
November 21, 2024 at 2:34 PM
mSpy - #stalkerware for everyone. From parents to lovers and companies. Truly worrying documentation by Swiss television.
The thing is, the bad OpSec of those people exposes their victims to an even greater threat - #InfoStealer #malware.
For just $10 I can buy access to peoples #mSpy account.
The thing is, the bad OpSec of those people exposes their victims to an even greater threat - #InfoStealer #malware.
For just $10 I can buy access to peoples #mSpy account.
December 5, 2023 at 11:43 AM
A cyber-attack on a German municipality IT serivce provider now affects more than 100 cities, municipalities and districts
kommunaler-notbetrieb.de/2023/10/30/e...
kommunaler-notbetrieb.de/2023/10/30/e...
November 6, 2023 at 2:19 PM
A cyber-attack on a German municipality IT serivce provider now affects more than 100 cities, municipalities and districts
kommunaler-notbetrieb.de/2023/10/30/e...
kommunaler-notbetrieb.de/2023/10/30/e...