Alexandre Blanc Cyber Security
@tresronours.bsky.social
I'm mainly known on LinkedIn for covering cyber security topics, but I've been banned couple of times by their AI, therefore, I should exist on other platforms as well !
@tresronours on twitter
alexandre-blanc-cyber-security-88569022 on linkedin
@tresronours on twitter
alexandre-blanc-cyber-security-88569022 on linkedin
Reposted by Alexandre Blanc Cyber Security
Your electricity bill is going up because data centers are raising demand, not because your utility started scaling out some renewables. Pass it on.
September 5, 2025 at 2:34 AM
Your electricity bill is going up because data centers are raising demand, not because your utility started scaling out some renewables. Pass it on.
Acting for good, at all scale and any scale is the only thing that matters.
September 5, 2025 at 1:18 PM
Acting for good, at all scale and any scale is the only thing that matters.
Bill C-2 is anti-privacy, anti-rights, and anti-Canadian! We need your voice to stop it. ✊ Tell our leaders to scrap this dangerous bill NOW! #StopBillC2 @OpenMediaOrg openmedia.org/Stop-BillC2-bsky
Stop Carney’s Surveillance Plan: Stop Bill C–2!
Bill C-2 threatens our privacy, erodes our freedoms, and grants the government unchecked surveillance powers. Tell Mark Carney: surrendering to U.S. data demands isn’t leadership — it’s a betrayal of ...
openmedia.org
June 18, 2025 at 7:55 PM
Bill C-2 is anti-privacy, anti-rights, and anti-Canadian! We need your voice to stop it. ✊ Tell our leaders to scrap this dangerous bill NOW! #StopBillC2 @OpenMediaOrg openmedia.org/Stop-BillC2-bsky
Fun one for a Monday morning :
Pico-mac-nano Fits Working Macintosh on Barbie’s Desk !
hackaday.com/2025/05/26/p...
Pico-mac-nano Fits Working Macintosh on Barbie’s Desk !
hackaday.com/2025/05/26/p...
Pico-mac-nano Fits Working Macintosh On Barbie’s Desk
Have you ever looked in a doll house and said “I wish those dolls had a scale replica of a 1984 Macintosh 128K that could be operated by USB?” — well, us neither, but [Nick Gallar…
hackaday.com
May 26, 2025 at 1:32 PM
Fun one for a Monday morning :
Pico-mac-nano Fits Working Macintosh on Barbie’s Desk !
hackaday.com/2025/05/26/p...
Pico-mac-nano Fits Working Macintosh on Barbie’s Desk !
hackaday.com/2025/05/26/p...
Threat actors start by publishing legitimate packages to build trust, then
🔗 Dozens of malicious packages on NPM collect host and network data
These malicious packages collect :
▶️Hostname
▶️Internal IP address
▶️User home directory
▶️Current working directory
▶️Username
▶️System DNS servers
🔗 Dozens of malicious packages on NPM collect host and network data
These malicious packages collect :
▶️Hostname
▶️Internal IP address
▶️User home directory
▶️Current working directory
▶️Username
▶️System DNS servers
Dozens of malicious packages on NPM collect host and network data
60 packages have been discovered in the NPM index that attempt to collect sensitive host and network data and send it to a Discord webhook controlled by the threat actor.
www.bleepingcomputer.com
May 23, 2025 at 6:42 PM
Threat actors start by publishing legitimate packages to build trust, then
🔗 Dozens of malicious packages on NPM collect host and network data
These malicious packages collect :
▶️Hostname
▶️Internal IP address
▶️User home directory
▶️Current working directory
▶️Username
▶️System DNS servers
🔗 Dozens of malicious packages on NPM collect host and network data
These malicious packages collect :
▶️Hostname
▶️Internal IP address
▶️User home directory
▶️Current working directory
▶️Username
▶️System DNS servers
Better keep a close eye on your AD if you have at least one 2025 domain controller !
Unpatched Windows Server vulnerability allows full domain compromise
connected=hacked #windows #AD #windows2025
www.helpnetsecurity.com/2025/05/22/u...
Unpatched Windows Server vulnerability allows full domain compromise
connected=hacked #windows #AD #windows2025
www.helpnetsecurity.com/2025/05/22/u...
Unpatched Windows Server vulnerability allows full domain compromise - Help Net Security
A privilege escalation flaw in Windows Server 2025 can be leveraged to compromise any user in Active Directory, including Domain Admins.
www.helpnetsecurity.com
May 22, 2025 at 5:37 PM
Better keep a close eye on your AD if you have at least one 2025 domain controller !
Unpatched Windows Server vulnerability allows full domain compromise
connected=hacked #windows #AD #windows2025
www.helpnetsecurity.com/2025/05/22/u...
Unpatched Windows Server vulnerability allows full domain compromise
connected=hacked #windows #AD #windows2025
www.helpnetsecurity.com/2025/05/22/u...
Reposted by Alexandre Blanc Cyber Security
A theoretical model for deep-space coms using high-powered laser signals that exploit relativistic and gravitational phenomena named "The Great Loopback" has been verified by chatGPT.
The Theorem explores laser overcoming classical spacetime constraints.
www.thecomputerdudesinc.com/index.php
The Theorem explores laser overcoming classical spacetime constraints.
www.thecomputerdudesinc.com/index.php
The Computer Dudes Inc
Computer Dudes is a computer services, engineering, research, security and programming company that works with all Systems and Operating Systems. Computer Dudes was founded by Todd W. Byars in Tallah...
www.thecomputerdudesinc.com
May 17, 2025 at 2:41 PM
A theoretical model for deep-space coms using high-powered laser signals that exploit relativistic and gravitational phenomena named "The Great Loopback" has been verified by chatGPT.
The Theorem explores laser overcoming classical spacetime constraints.
www.thecomputerdudesinc.com/index.php
The Theorem explores laser overcoming classical spacetime constraints.
www.thecomputerdudesinc.com/index.php
It's only a matter of time and effort to hack systems. Pwn20wn is interesting in this, reminding that everything can be hacked.
Security is about to reduce the likelihood of an incident, but nothing is bullet proof.
connected=hacked
gbhackers.com/vmware-esxi-...
Security is about to reduce the likelihood of an incident, but nothing is bullet proof.
connected=hacked
gbhackers.com/vmware-esxi-...
VMware ESXi, Firefox, Red Hat Linux & SharePoint Hacked - Pwn2Own Day 2
Security researchers demonstrated their prowess on the second day of Pwn2Own Berlin 2025, discovering critical vulnerabilities.
gbhackers.com
May 17, 2025 at 3:34 PM
It's only a matter of time and effort to hack systems. Pwn20wn is interesting in this, reminding that everything can be hacked.
Security is about to reduce the likelihood of an incident, but nothing is bullet proof.
connected=hacked
gbhackers.com/vmware-esxi-...
Security is about to reduce the likelihood of an incident, but nothing is bullet proof.
connected=hacked
gbhackers.com/vmware-esxi-...
Printer Company Distributes Malicious Drivers Infected with XRed Malware
Procolored initially dismissed the antivirus alerts as false positives but removed the downloads from their website around May 8, 2025, after persistent concerns.
They have since provided clean software packages.
Procolored initially dismissed the antivirus alerts as false positives but removed the downloads from their website around May 8, 2025, after persistent concerns.
They have since provided clean software packages.
Printer Company Distributes Malicious Drivers Infected with XRed Malware
Procolored, a printer manufacturing company, has been found distributing software drivers infected with malicious code.
gbhackers.com
May 16, 2025 at 5:50 PM
Printer Company Distributes Malicious Drivers Infected with XRed Malware
Procolored initially dismissed the antivirus alerts as false positives but removed the downloads from their website around May 8, 2025, after persistent concerns.
They have since provided clean software packages.
Procolored initially dismissed the antivirus alerts as false positives but removed the downloads from their website around May 8, 2025, after persistent concerns.
They have since provided clean software packages.
New Ransomware Attack Targets Elon Musk Supporters Using PowerShell to Deploy Payloads
Multi-stage infection chain that begins with a deceptive PDF document titled “Pay Adjustment.” This document lures victims into downloading a malicious ZIP file hosted on Netlify, a popular web hosting platform.
Multi-stage infection chain that begins with a deceptive PDF document titled “Pay Adjustment.” This document lures victims into downloading a malicious ZIP file hosted on Netlify, a popular web hosting platform.
New Ransomware Attack Targets Elon Musk Supporters Using PowerShell to Deploy Payloads
A newly identified ransomware campaign has emerged, seemingly targeting supporters of Elon Musk through a highly sophisticated phishing-based attack.
gbhackers.com
May 16, 2025 at 5:47 PM
New Ransomware Attack Targets Elon Musk Supporters Using PowerShell to Deploy Payloads
Multi-stage infection chain that begins with a deceptive PDF document titled “Pay Adjustment.” This document lures victims into downloading a malicious ZIP file hosted on Netlify, a popular web hosting platform.
Multi-stage infection chain that begins with a deceptive PDF document titled “Pay Adjustment.” This document lures victims into downloading a malicious ZIP file hosted on Netlify, a popular web hosting platform.
A startling discovery in the npm ecosystem has revealed a highly sophisticated malware campaign embedded within the seemingly innocuous package os-info-checker-es6. First published on March 19, 2025, with initial versions appearing benign, the package rapidly evolved into a complex threat.
Sophisticated NPM Attack Leverages Google Calendar2 for Advanced Communication
A startling discovery in the npm ecosystem has revealed a highly sophisticated malware campaign embedded within the innocuous package.
gbhackers.com
May 16, 2025 at 5:44 PM
A startling discovery in the npm ecosystem has revealed a highly sophisticated malware campaign embedded within the seemingly innocuous package os-info-checker-es6. First published on March 19, 2025, with initial versions appearing benign, the package rapidly evolved into a complex threat.
gbhackers.com/critical-wor...
A serious security flaw affecting the Eventin plugin, a popular event management solution for WordPress, was recently discovered by Denver Jackson, a member of the Patchstack Alliance community.
A serious security flaw affecting the Eventin plugin, a popular event management solution for WordPress, was recently discovered by Denver Jackson, a member of the Patchstack Alliance community.
Critical WordPress Plugin Flaw Puts Over 10,000 Sites of Cyberattack
A serious security flaw affecting the Eventin plugin, a popular event management solution for WordPress, was recently discovered by Denver Jackson.
gbhackers.com
May 16, 2025 at 5:43 PM
gbhackers.com/critical-wor...
A serious security flaw affecting the Eventin plugin, a popular event management solution for WordPress, was recently discovered by Denver Jackson, a member of the Patchstack Alliance community.
A serious security flaw affecting the Eventin plugin, a popular event management solution for WordPress, was recently discovered by Denver Jackson, a member of the Patchstack Alliance community.
You can go for opensense, pfsense, and many other options, it can run on small PCs with 2 network cards, or in virtual machines if you have the setup.
Just don't keep outdated EOL firewalls and routers !
connected=hacked
#cybersecurity
thehackernews.com/2025/05/brea...
Just don't keep outdated EOL firewalls and routers !
connected=hacked
#cybersecurity
thehackernews.com/2025/05/brea...
BREAKING: 7,000-Device Proxy Botnet Using IoT, EoL Systems Dismantled in U.S. - Dutch Operation
Dutch and U.S. law enforcement have dismantled a long-running criminal proxy botnet powered by over 7,000 infected IoT and end-of-life (EoL) devices
thehackernews.com
May 9, 2025 at 8:43 PM
You can go for opensense, pfsense, and many other options, it can run on small PCs with 2 network cards, or in virtual machines if you have the setup.
Just don't keep outdated EOL firewalls and routers !
connected=hacked
#cybersecurity
thehackernews.com/2025/05/brea...
Just don't keep outdated EOL firewalls and routers !
connected=hacked
#cybersecurity
thehackernews.com/2025/05/brea...
The bigger an organization is, the bigger the challenge is to protect data.
🛬 Ascension says recent data breach affects over 430,000 patients
Zero day, third party vulnerable tools, and lack of visibility on complex tech stack kind of make it challenging to assess the impact.
connected=hacked
🛬 Ascension says recent data breach affects over 430,000 patients
Zero day, third party vulnerable tools, and lack of visibility on complex tech stack kind of make it challenging to assess the impact.
connected=hacked
Ascension says recent data breach affects over 430,000 patients
Ascension, one of the largest private healthcare systems in the United States, has revealed that the personal and healthcare information of over 430,000 patients was exposed in a data breach disclosed...
www.bleepingcomputer.com
May 9, 2025 at 8:41 PM
The bigger an organization is, the bigger the challenge is to protect data.
🛬 Ascension says recent data breach affects over 430,000 patients
Zero day, third party vulnerable tools, and lack of visibility on complex tech stack kind of make it challenging to assess the impact.
connected=hacked
🛬 Ascension says recent data breach affects over 430,000 patients
Zero day, third party vulnerable tools, and lack of visibility on complex tech stack kind of make it challenging to assess the impact.
connected=hacked
Hopefully you keep your apple stuff patched, because worms love to exploit Apple !
Especially wirelessly (made up word), especially without user interaction.
connected=hacked
#cybersecurity #apple #airplay
www.bleepingcomputer.com/news/securit...
Especially wirelessly (made up word), especially without user interaction.
connected=hacked
#cybersecurity #apple #airplay
www.bleepingcomputer.com/news/securit...
Apple 'AirBorne' flaws can lead to zero-click AirPlay RCE attacks
A set of security vulnerabilities in Apple's AirPlay Protocol and AirPlay Software Development Kit (SDK) exposed unpatched third-party and Apple devices to various attacks, including remote code exec...
www.bleepingcomputer.com
April 29, 2025 at 7:02 PM
Hopefully you keep your apple stuff patched, because worms love to exploit Apple !
Especially wirelessly (made up word), especially without user interaction.
connected=hacked
#cybersecurity #apple #airplay
www.bleepingcomputer.com/news/securit...
Especially wirelessly (made up word), especially without user interaction.
connected=hacked
#cybersecurity #apple #airplay
www.bleepingcomputer.com/news/securit...
With AI, you don't need much to hack the system, you just have to talk like a care salesman, and it will give it all !
Hopefully you run your local private GenAI stack, so as you limit the exposure of it. Yet, when hosting your own instance, be aware of the models you use. #cybersecurity #AI
Hopefully you run your local private GenAI stack, so as you limit the exposure of it. Yet, when hosting your own instance, be aware of the models you use. #cybersecurity #AI
New Reports Uncover Jailbreaks, Unsafe Code, and Data Theft Risks in Leading AI Systems
Multiple AI jailbreaks and tool poisoning flaws expose GenAI systems like GPT-4.1 and MCP to critical security risks.
thehackernews.com
April 29, 2025 at 7:00 PM
With AI, you don't need much to hack the system, you just have to talk like a care salesman, and it will give it all !
Hopefully you run your local private GenAI stack, so as you limit the exposure of it. Yet, when hosting your own instance, be aware of the models you use. #cybersecurity #AI
Hopefully you run your local private GenAI stack, so as you limit the exposure of it. Yet, when hosting your own instance, be aware of the models you use. #cybersecurity #AI
It makes sense to see more exploit targeting enterprise, as this is where transnational criminal organizations actually can take money.
💡 This is a good reminder for organization to make sure they keep their enterprise solutions patched, with best security practices in place.
#cybersecurity
💡 This is a good reminder for organization to make sure they keep their enterprise solutions patched, with best security practices in place.
#cybersecurity
44% of the zero-days exploited in 2024 were in enterprise solutions - Help Net Security
In 2024, threat actors exploited 75 zero-days - i.e., unknown vulnerabilities without an available patch - in a wide variety of attacks.
www.helpnetsecurity.com
April 29, 2025 at 6:54 PM
It makes sense to see more exploit targeting enterprise, as this is where transnational criminal organizations actually can take money.
💡 This is a good reminder for organization to make sure they keep their enterprise solutions patched, with best security practices in place.
#cybersecurity
💡 This is a good reminder for organization to make sure they keep their enterprise solutions patched, with best security practices in place.
#cybersecurity
What a revolution ! Staging just got invented...or maybe it was already there and this is just more BS by repackaging good practice in whipped cream ?
#cybersecurity
www.darkreading.com/endpoint-sec...
#cybersecurity
www.darkreading.com/endpoint-sec...
Digital Twins Bring Simulated Security to the Real World
By simulating business environments or running software, while incorporating real-time data from production systems, companies can model the impact of software updates, exploits, or disruptions.
www.darkreading.com
April 25, 2025 at 7:52 PM
What a revolution ! Staging just got invented...or maybe it was already there and this is just more BS by repackaging good practice in whipped cream ?
#cybersecurity
www.darkreading.com/endpoint-sec...
#cybersecurity
www.darkreading.com/endpoint-sec...
It's almost like a backdoor 😋
A critical remote code execution (RCE) vulnerability has been discovered in Cisco products using Erlang/OTP's SSH server.
🎯 The flaw, with a CVSS score of 10.0, allows unauthenticated attackers to execute arbitrary code on vulnerable devices.
#cybersecurity #cisco
A critical remote code execution (RCE) vulnerability has been discovered in Cisco products using Erlang/OTP's SSH server.
🎯 The flaw, with a CVSS score of 10.0, allows unauthenticated attackers to execute arbitrary code on vulnerable devices.
#cybersecurity #cisco
Multiple Cisco Tools at Risk from Erlang/OTP SSH Remote Code Execution Flaw
Cisco has issued a high-severity advisory (cisco-sa-erlang-otp-ssh-xyZZy) warning of a critical remote code execution (RCE) vulnerability in products using Erlang/OTP’s SSH server.
gbhackers.com
April 25, 2025 at 7:15 PM
It's almost like a backdoor 😋
A critical remote code execution (RCE) vulnerability has been discovered in Cisco products using Erlang/OTP's SSH server.
🎯 The flaw, with a CVSS score of 10.0, allows unauthenticated attackers to execute arbitrary code on vulnerable devices.
#cybersecurity #cisco
A critical remote code execution (RCE) vulnerability has been discovered in Cisco products using Erlang/OTP's SSH server.
🎯 The flaw, with a CVSS score of 10.0, allows unauthenticated attackers to execute arbitrary code on vulnerable devices.
#cybersecurity #cisco
🐧 Researchers have demonstrated a PoC rootkit dubbed Curing that leverages a Linux asynchronous I/O mechanism called io_uring to bypass traditional system call monitoring.
✔️ ARMO's analysis highlights the need for better detection mechanisms to address the vulnerabilities posed by io_uring.
✔️ ARMO's analysis highlights the need for better detection mechanisms to address the vulnerabilities posed by io_uring.
Linux io_uring PoC Rootkit Bypasses System Call-Based Threat Detection Tools
ARMO shows io_uring-based rootkits evade Falco, Tetragon, and Defender, risking Linux runtime security.
thehackernews.com
April 24, 2025 at 1:29 PM
🐧 Researchers have demonstrated a PoC rootkit dubbed Curing that leverages a Linux asynchronous I/O mechanism called io_uring to bypass traditional system call monitoring.
✔️ ARMO's analysis highlights the need for better detection mechanisms to address the vulnerabilities posed by io_uring.
✔️ ARMO's analysis highlights the need for better detection mechanisms to address the vulnerabilities posed by io_uring.
They finally patched it
Microsoft has resolved a known issue causing Remote Desktop sessions to freeze on Windows Server 2025 and Windows 11 24H2 devices.
#microsoft #RDP
www.bleepingcomputer.com/news/microso...
Microsoft has resolved a known issue causing Remote Desktop sessions to freeze on Windows Server 2025 and Windows 11 24H2 devices.
#microsoft #RDP
www.bleepingcomputer.com/news/microso...
Microsoft fixes Remote Desktop freezes caused by Windows updates
Microsoft has resolved a known issue causing Remote Desktop sessions to freeze on Windows Server 2025 and Windows 11 24H2 devices.
www.bleepingcomputer.com
April 23, 2025 at 8:16 PM
They finally patched it
Microsoft has resolved a known issue causing Remote Desktop sessions to freeze on Windows Server 2025 and Windows 11 24H2 devices.
#microsoft #RDP
www.bleepingcomputer.com/news/microso...
Microsoft has resolved a known issue causing Remote Desktop sessions to freeze on Windows Server 2025 and Windows 11 24H2 devices.
#microsoft #RDP
www.bleepingcomputer.com/news/microso...
➡️ A sophisticated malware campaign targets Docker, exploiting its popularity as a frequently attacked service.
🪤 The campaign uses intricate obfuscation techniques to conceal malicious payload within Python scripts, making it difficult for analysts to detect and reverse-engineer.
#cybersecurity
🪤 The campaign uses intricate obfuscation techniques to conceal malicious payload within Python scripts, making it difficult for analysts to detect and reverse-engineer.
#cybersecurity
New Malware Hijacks Docker Images Using Unique Obfuscation Technique
A recently uncovered malware campaign targeting Docker, one of the most frequently attacked services according to Darktrace's honeypot data.
gbhackers.com
April 23, 2025 at 8:15 PM
➡️ A sophisticated malware campaign targets Docker, exploiting its popularity as a frequently attacked service.
🪤 The campaign uses intricate obfuscation techniques to conceal malicious payload within Python scripts, making it difficult for analysts to detect and reverse-engineer.
#cybersecurity
🪤 The campaign uses intricate obfuscation techniques to conceal malicious payload within Python scripts, making it difficult for analysts to detect and reverse-engineer.
#cybersecurity
I mean, who calls a product "AiCloud" and not expect it to leak as hell ! 🤣 😂
⚠️ ASUS Confirms Critical Flaw in AiCloud Routers; Users Urged to Update Firmware
Patch it ! (see if you can rename this, likelihood of breach is highly reduced without Ai and Cloud in the product)
#cybersecurity #asus
⚠️ ASUS Confirms Critical Flaw in AiCloud Routers; Users Urged to Update Firmware
Patch it ! (see if you can rename this, likelihood of breach is highly reduced without Ai and Cloud in the product)
#cybersecurity #asus
ASUS Confirms Critical Flaw in AiCloud Routers; Users Urged to Update Firmware
CVE-2025-2492 flaw in ASUS AiCloud routers allows remote control; firmware fix issued for 4 versions.
thehackernews.com
April 19, 2025 at 7:18 PM
I mean, who calls a product "AiCloud" and not expect it to leak as hell ! 🤣 😂
⚠️ ASUS Confirms Critical Flaw in AiCloud Routers; Users Urged to Update Firmware
Patch it ! (see if you can rename this, likelihood of breach is highly reduced without Ai and Cloud in the product)
#cybersecurity #asus
⚠️ ASUS Confirms Critical Flaw in AiCloud Routers; Users Urged to Update Firmware
Patch it ! (see if you can rename this, likelihood of breach is highly reduced without Ai and Cloud in the product)
#cybersecurity #asus
⚠️ Immediate patching to the latest version is recommended, along with monitoring for unauthorized access attempts and implementing additional security measures.
connected=hacked
#cybersecurity #ivanti
gbhackers.com/hackers-expl...
connected=hacked
#cybersecurity #ivanti
gbhackers.com/hackers-expl...
gbhackers.com
April 19, 2025 at 7:13 PM
⚠️ Immediate patching to the latest version is recommended, along with monitoring for unauthorized access attempts and implementing additional security measures.
connected=hacked
#cybersecurity #ivanti
gbhackers.com/hackers-expl...
connected=hacked
#cybersecurity #ivanti
gbhackers.com/hackers-expl...