Vertigosint
@vertigosint.bsky.social
Threat Intelligence Leader at a software company
Blog: https://threatchronicles.com
Blog: https://threatchronicles.com
Reposted by Vertigosint
Next.js dropped a CVSS 9.1 authentication bypass vulnerability (CVE-2025-29927) over the weekend. This flaw is trivially exploitable by sending the header `x-middleware-subrequest: true`. Over 300k hits in Shodan, find more at:
How to find Next.js on your network
How to find Next.js on your network
www.runzero.com
March 23, 2025 at 2:42 AM
Next.js dropped a CVSS 9.1 authentication bypass vulnerability (CVE-2025-29927) over the weekend. This flaw is trivially exploitable by sending the header `x-middleware-subrequest: true`. Over 300k hits in Shodan, find more at:
Reposted by Vertigosint
⚠️🧵 RL researchers have found 2 malicious #VSCode extensions, "ahban.shiba" & "ahban.cychelloworld," that deliver #ransomware in development to it's users. #Dev #SoftwareSupplyChainSecurity
March 19, 2025 at 1:46 PM
⚠️🧵 RL researchers have found 2 malicious #VSCode extensions, "ahban.shiba" & "ahban.cychelloworld," that deliver #ransomware in development to it's users. #Dev #SoftwareSupplyChainSecurity
Reposted by Vertigosint
If you haven't heard, there was a fairly impactful breach of the tj-actions/changed-files github action. If you use it, you should definitely remove it and rotate all the secrets your actions have access to.
FYI run this
user:passcod tj-actions/changed-files path:.github/workflows/
in github search
and then this
org:orgname tj-actions/changed-files path:.github/workflows/
for each of your organisations
user:passcod tj-actions/changed-files path:.github/workflows/
in github search
and then this
org:orgname tj-actions/changed-files path:.github/workflows/
for each of your organisations
March 15, 2025 at 1:12 PM
If you haven't heard, there was a fairly impactful breach of the tj-actions/changed-files github action. If you use it, you should definitely remove it and rotate all the secrets your actions have access to.
Reposted by Vertigosint
🇨🇳 Salt Typhoon 🇨🇳
“…eight telecommunications giants in the U.S. were breached…”
“The campaign ‘has been underway … likely one to two years’ and has compromised telecoms in the Indo-Pacific region, Europe and elsewhere.”
(via @therecordmedia.bsky.social)
h/t: therecord.media/eight-telcos...
“…eight telecommunications giants in the U.S. were breached…”
“The campaign ‘has been underway … likely one to two years’ and has compromised telecoms in the Indo-Pacific region, Europe and elsewhere.”
(via @therecordmedia.bsky.social)
h/t: therecord.media/eight-telcos...
At least 8 US telcos, dozens of countries impacted by Salt Typhoon breaches, White House says
Senators briefed on the wide-ranging breaches by Chinese hackers called for action on Wednesday to protect the country's telecommunications networks.
therecord.media
December 5, 2024 at 12:32 AM
🇨🇳 Salt Typhoon 🇨🇳
“…eight telecommunications giants in the U.S. were breached…”
“The campaign ‘has been underway … likely one to two years’ and has compromised telecoms in the Indo-Pacific region, Europe and elsewhere.”
(via @therecordmedia.bsky.social)
h/t: therecord.media/eight-telcos...
“…eight telecommunications giants in the U.S. were breached…”
“The campaign ‘has been underway … likely one to two years’ and has compromised telecoms in the Indo-Pacific region, Europe and elsewhere.”
(via @therecordmedia.bsky.social)
h/t: therecord.media/eight-telcos...
Reposted by Vertigosint
Japanese cryptocurrency exchange DMM Bitcoin is shutting down operations after getting hacked for $305 million in May.
This is the 8th largest hack in history. Unclear what happens to the promised reimbursements.
bitcoin.dmm.com/news/2024120...
This is the 8th largest hack in history. Unclear what happens to the promised reimbursements.
bitcoin.dmm.com/news/2024120...
【重要】口座及び預かり資産のSBI VCトレードへの移管に向けた基本合意について - DMMビットコイン(2024/12/02)
bitcoin.dmm.com
December 3, 2024 at 1:05 PM
Japanese cryptocurrency exchange DMM Bitcoin is shutting down operations after getting hacked for $305 million in May.
This is the 8th largest hack in history. Unclear what happens to the promised reimbursements.
bitcoin.dmm.com/news/2024120...
This is the 8th largest hack in history. Unclear what happens to the promised reimbursements.
bitcoin.dmm.com/news/2024120...
Reposted by Vertigosint
Here's T-Mobile's updated statement on that attempted Salt Typhoon breach
-source of the breach was a connected wireline provider
-claims provider may still be compromised
-no T-Mobile customer data compromised
archive.ph/PWyR8
-source of the breach was a connected wireline provider
-claims provider may still be compromised
-no T-Mobile customer data compromised
archive.ph/PWyR8
archive.ph
November 28, 2024 at 2:57 PM
Here's T-Mobile's updated statement on that attempted Salt Typhoon breach
-source of the breach was a connected wireline provider
-claims provider may still be compromised
-no T-Mobile customer data compromised
archive.ph/PWyR8
-source of the breach was a connected wireline provider
-claims provider may still be compromised
-no T-Mobile customer data compromised
archive.ph/PWyR8
Reposted by Vertigosint
Podcast: risky.biz/RBNEWS367/
Newsletter: news.risky.biz/risky-biz-ne...
-Microsoft’s thanksgiving treat: an FTC investigation
-Tor needs 200 new bridges to avoid Russian censorship
-US court overturns Tornado Cash sanctions
-ESET finds first Ubuntu UEFI bootkit
-Unpatched Windows LPE
Newsletter: news.risky.biz/risky-biz-ne...
-Microsoft’s thanksgiving treat: an FTC investigation
-Tor needs 200 new bridges to avoid Russian censorship
-US court overturns Tornado Cash sanctions
-ESET finds first Ubuntu UEFI bootkit
-Unpatched Windows LPE
Tor Project urgently needs 200 new bridges to avoid Russian censorship
In other news: FTC opens Microsoft antitrust probe; US court overturns Tornado Cash sanctions; ESET finds first Ubuntu UEFI bootkit.
news.risky.biz
November 29, 2024 at 7:12 AM
Podcast: risky.biz/RBNEWS367/
Newsletter: news.risky.biz/risky-biz-ne...
-Microsoft’s thanksgiving treat: an FTC investigation
-Tor needs 200 new bridges to avoid Russian censorship
-US court overturns Tornado Cash sanctions
-ESET finds first Ubuntu UEFI bootkit
-Unpatched Windows LPE
Newsletter: news.risky.biz/risky-biz-ne...
-Microsoft’s thanksgiving treat: an FTC investigation
-Tor needs 200 new bridges to avoid Russian censorship
-US court overturns Tornado Cash sanctions
-ESET finds first Ubuntu UEFI bootkit
-Unpatched Windows LPE
Reposted by Vertigosint
Hunters International could have been using this tool for decentralized stolen data storage since... their first victim.
This decentralization comes with availability issues.
So, let's look into the availability of the data of Hunters's early victims, right? 🧐
This decentralization comes with availability issues.
So, let's look into the availability of the data of Hunters's early victims, right? 🧐
💡Did you know that #Hunters International provides a tool to their affiliates that allows them to leak stolen data on the brand storefront *without* uploading it anywhere and keeping it on their own servers? #Ransomware
November 25, 2024 at 10:02 AM
Hunters International could have been using this tool for decentralized stolen data storage since... their first victim.
This decentralization comes with availability issues.
So, let's look into the availability of the data of Hunters's early victims, right? 🧐
This decentralization comes with availability issues.
So, let's look into the availability of the data of Hunters's early victims, right? 🧐