Jo @LidlUS @lidl @LidlGB, didn't knew you now also host fake versions of the New-York Times:
hxxps[:]//baustandards-qs[.]lidl[.]com
Seems a solid subdomain takeover?
Pointing to AWS: 72.144.31[.]24
Gi7w0rm
Threat Intelligence Analyst | Interested in everything Malware 😎
| Huge fan of http://unpac.me
So this just happend to me:
https://gamerhorizon.com/2015/01/28/psa-dont-let-elder-scrolls-online-delete-files-folders/
800 Gigs of Data gone. Years of work. Because the installer for @Bethesda @Elderscrolls Online decided to wipe the complete disk upon uninstall.
The website of the "Deutsche Vereinigung für internationales Recht" (dvir[.]de) is currently compromised and spreading #Lumma #Stealer via #FakeCaptcha attack.
Compromised webfile is:
hxxp[://]www[.]dvir[.]de/wp-content/themes/Dummy/assets/js/main[.]min[.]js?ver=1[.]0
On December 31,2024 @sourcedefense released an article about a #webskimming threat, that used extensive google redirecting to load the fake payment page.
https://securityboulevard.com/2024/12/critical-alert-sophisticated-google-domain-exploitation-chain-unleashed/
I entered a @ThinkstCanary CC token.
April 09, 2025 morning I woke up to 6 payment attempts from Australia!
Attempts to pay @eBay and @uber.
Message of the day:
Not every North Korean Cyber Threat is #Lazarus or related to Lazarus.
Please get this into your heads...
Homeoffice starting in 4 days, so after roughly 10+ years I upgraded my office desk.
Now the proud owner of an hight-adjustable desk.
Looking pretty neat!
Hope my back will thank me in some years...
Small Bugfix in https://gi7w0rm.github.io/ArrayThisClone/
The name field can now be empty. Previous coding prevented the user from deleting the complete input field content. Using this as a short reminder that this tool is still out there for if you ever need to convert multi-line content to an array while coding.
Have just been notified that I am featured in:
https://www.darkreading.com/cyberattacks-data-breaches/why-hard-stop-rising-malicious-tds-traffic
Thank you for the honor @DarkReading ❤️
Happy to share that I have signed a work contract at a CTI company.
Also, today was my last work day at my old employer, since I took the remaining vacation days. Looking forward to 2 weeks of rest to prepare for whats to come.
Cheers all ❤️
Seems someone just tried to pay an Uber with my @ThinkstCanary token CreditCard which I entered into a #webskimmer.
I bet it didn't go well ^^
Please excuse the lack of content in the last weeks.
I am overhelmed by current political developments and additionally working on some topics that I can't publicly disclose. No capacity for free research :/ Hope this will get better in some months.
Cheers to all my friends and followers.❤️
Looking good on the #jobhunt. Hope to sign a contract by the end of next week.
Currently decluttering my workdesk to be prepared for a fresh start. Highly motivated for whats to come 😊 💪
Happy to have received recognition for being a #TopContributor to the @abuse_ch project in #2024. Currently ranking place 4 in the leaderboard of global #IoC sharing via #Threatfox.
Definetly planning to keep up that rank in the next years.
Cheers to the Team @abuse_ch and @spamhaus!
P.S. The hoodie has an amazing quality!
Damn, what an awesome feeling to improve the speed of your code.
From 1k documents to 16k per second using some simple coding techniques and #CursorAI.
Amazing 🔥
Released my new blogpost: "A beginner(s) guide to hunting web-based credit card skimmers"
My experience on how to detect and analyze skimming campaigns using free tools like Validin, URLscan and FoFa. Includes WebSocket analysis and new IOCs!
https://gi7w0rm.medium.com/a-beginner-s-guide-to-hunting-web-based-credit-card-skimmers-c820aeee87d6
I have seen so much compromise, if someone sends me a list of 200 backdoored Wordpress sites I am actually starting to contemplate if it is worth to act.
What does this say about the state of our cybersecurity?
At least its a job with a future ^^
Update pushed to Teletoken.info
1. Added about page
- Added About section
- Added HowTo section
- Added advanced features list
- Added disclaimer/ToS
- Added Contact details
2. Added security.txt
Client Info
Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst