#APT
I can't get NPM to install dependencies #apt #softwareinstallation #sudo #nodejs #npm
Bão số 6 đã suy yếu thành áp thấp nhiệt đới và đổ bộ vào Hà Tĩnh - Quảng Trị chiều nay! ⛈️ Mưa lớn sẽ tiếp tục ở Thanh Hóa - Quảng Trị đến ngày mai, sau đó lan rộng ra trung du và đồng bằng Bắc Bộ. Bà con cẩn thận nhé!
#bão #ápt thấpnhiệtđới #HàTĩnh #QuảngTrị #thờitiết #bao #apthapnhietdoi #hatinh #quangtri #thoitiet #storm #tropicaldepression #weather
😈 🔎 How to Extract Passwords from Windows with Volatility Forensics
Volatility in Digital Forensics: how to use the framework to analyze memory dumps from Windows systems, perform forensic RAM analysis, and examine active connections, running processes, registry keys, and more
🔗 https://8bitsecurity.com/posts/how-to-extract-passwords-from-windows-with-volatility-forensics/
🔁 If you find this article interesting, share it and help more people discover it
#cybersecurity #malware #threatintelligence #security #InfoSec
#hacking #volatility #digital #forensics #APT
Alright team, it's been a pretty eventful 24 hours in the cyber world! We've got some major breaches to unpack, including a widespread Chinese espionage campaign, a couple of actively exploited zero-days, and a look at government security shortcomings. Let's dive in:
Widespread Espionage and Supply Chain Compromises ⚠️
- China's Salt Typhoon has reportedly compromised data from "nearly every American" through a years-long intrusion into telecommunications networks, affecting at least 80 countries and 200 US organisations, including major telcos.
- Google has confirmed that the Salesloft Drift breach, initially thought to only impact Salesforce integrations, also saw attackers use stolen OAuth tokens to access a "very small number" of Google Workspace email accounts. All Drift authentication tokens should be considered compromised.
- Russia's APT29 (Cozy Bear) was caught by AWS attempting a watering hole campaign, injecting malicious JavaScript into legitimate sites to redirect users to fake Cloudflare pages and trick them into granting access to their Microsoft accounts via device codes.
- Baltimore City fell victim to a social engineering scam, making over $1.5 million in fraudulent payments after an attacker spoofed a vendor and tricked accounts payable into changing bank details, highlighting persistent internal control failures.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/google-warns-salesloft-breach-impacted-some-workspace-accounts/
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/08/28/fbi_cyber_cop_salt_typhoon/
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/08/29/aws_catches_russias_apt29_trying/
🗞️ The Record | https://therecord.media/scammer-steals-baltimore-city-impersonation-vendor
Actively Exploited Vulnerabilities 🛡️
- WhatsApp has patched a zero-click, zero-day vulnerability (CVE-2025-55177) in its iOS and macOS clients, which, in combination with an Apple OS-level flaw (CVE-2025-43300), was exploited in "sophisticated attacks" against specific targeted users.
- Passwordstate, an enterprise password manager, has released an urgent patch (Build 9972) for a high-severity authentication bypass vulnerability that allows attackers to gain full administrator access to the Emergency Access portal with a "carefully crafted URL."
- A security researcher exposed critical admin security flaws in Pudu Robotics' control software, the world's leading commercial service robot supplier, allowing an attacker with a valid auth token (obtainable via XSS or account creation) to redirect robots, reset orders, and potentially disrupt operations.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/whatsapp-patches-vulnerability-exploited-in-zero-day-attacks/
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/08/29/enterprise_password_management_outfit_passwordstate/
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/08/29/pudu_robots_hackable/
Threat Landscape & Actor Analysis 🔒
- An FBI official highlighted China's reliance on domestic tech companies for large-scale hacking operations, like Salt Typhoon, as a potential weakness for Beijing, creating an opening for investigators due to a lack of central control.
- Microsoft is stepping up its Secure Future Initiative by enforcing MFA for all Azure resource management actions starting October 1, 2025, gradually rolling out across tenants and requiring MFA for Azure CLI, PowerShell, SDKs, and APIs.
- This enforcement aims to significantly reduce compromise risk, as Microsoft studies show MFA-enabled accounts resist 99.99% of hacking attempts, even with stolen credentials.
🤫 CyberScoop | https://cyberscoop.com/china-domestic-tech-company-hacking-weakness-ccp-fbi/
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/microsoft/microsoft-to-enforce-mfa-for-azure-resource-management-in-october/
UK Government's Incomplete Security Reforms 🚨
- The UK government is under scrutiny for failing to fully implement security recommendations from a secret 2023 review, following major data breaches including the 2021 Afghan leak.
- Only 12 of 14 recommended changes have been made, with common themes in past breaches including a lack of download controls, "wrong recipient" emails, and hidden personal data in publicly published spreadsheets.
- Senior officials have been summoned to explain the delays and how the government plans to prevent future sensitive data breaches, emphasising the need for public trust in data security.
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/08/29/uk_government_breach_review/
#CyberSecurity #ThreatIntelligence #APT #NationState #ZeroDay #Vulnerability #DataBreach #MFA #Azure #SupplyChainAttack #SocialEngineering #InfoSec #IncidentResponse
📢 Group-IB expose ShadowSilk, un cluster APT lié à YoroTrooper ciblant les gouvernements en Asie centrale et APAC
📝 Source: Group-IB — Recherche conjointe avec CERT-KG décrivant la campagne « ShadowSilk », active depuis 2023 et toujo...
📖 cyberveille : https://cyberveille.ch/posts/2025-08-29-group-ib-expose-shadowsilk-un-cluster-apt-lie-a-yorotrooper-ciblant-les-gouvernements-en-asie-centrale-et-apac/
🌐 source : https://www.group-ib.com/blog/shadowsilk/
#APT #IOC #Cyberveille
Do ảnh hưởng áp thấp nhiệt đới, nhiều chuyến bay đến và đi từ Đồng Hới (Quảng Trị) và Phú Bài (Huế) ngày mai sẽ bị điều chỉnh giờ. Các bạn chú ý theo dõi thông tin từ hãng hàng không nhé!
#thờitiết #ápt thấpnhiệtđới #chuyếnbay #vietnamairlines #weather #tropicaldepression #flights #vietnam
Alright team, it's been a pretty packed 24 hours in the cyber world! We've got a lot to unpack, from nation-state persistence and evolving ransomware tactics to critical vulnerabilities and some hefty data breaches. Let's dive in:
Recent Breaches & Attacks 🚨
- Swedish IT supplier Miljödata, serving 80% of the country's municipalities, was hit by ransomware, disrupting HR and incident reporting systems for hundreds of councils. The attackers reportedly demanded a modest 1.5 BTC (approx. $168,000), with concerns over sensitive personal data leaks.
- Nevada's state government is recovering from a cyberattack that shut down phone lines and websites, disrupting critical services like the DMV and public assistance enrolments. CISA and the FBI are assisting, amidst ongoing criticism of CISA's reduced support for state and local governments.
- A German man has been charged for a March 2022 cyberattack on Rosneft Deutschland, the Russian state-owned oil giant's German subsidiary. The attack, attributed to "Anonymous Germany," stole 20TB of data, deleted critical systems, and caused millions in damages, motivated by Rosneft's ties to Putin.
- South Korea's SK Telecom was slapped with a record ₩134.5 billion ($97 million) fine after a breach exposed USIM data for 23 million subscribers. The Personal Information Protection Commission (PIPC) cited severe security blunders, including a lack of basic access controls, plaintext server credentials, and unencrypted authentication keys.
- MathWorks, the developer behind MATLAB, disclosed a ransomware attack in April that stole data from over 10,000 individuals, including names, addresses, dates of birth, and national identification numbers. The incident caused service outages, and the ransomware group remains unnamed.
- Credit reporting giant TransUnion confirmed a data breach affecting nearly 4.5 million individuals, stemming from a compromised third-party application used by its consumer support staff. While core credit data wasn't affected, personal information like names, addresses, and potentially Social Security Numbers were exposed, highlighting supply chain risks.
- London law firm Kennedys Law accidentally exposed the email addresses of 194 individuals and law firms seeking updates on a redress scheme for Church of England abuse victims. The "human error" incident is under investigation by regulators, adding to a history of email-related data blunders affecting vulnerable people.
- European banks, particularly in Germany, blocked billions of euros in PayPal direct debits due to an apparent failure in PayPal's fraud detection systems. The incident caused widespread transaction freezes and a reputational hit for PayPal, which is Germany's most popular online payment method.
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/08/28/sweden_council_ransomware/
🗞️ The Record | https://therecord.media/cisa-steps-nevada-cyber-state
🗞️ The Record | https://therecord.media/germany-charges-cyberattack-rosneft
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/08/28/sk_telecom_regulator_fine/
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/matlab-dev-says-ransomware-gang-stole-data-of-over-10-000-people/
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/08/28/transunion_support_app_breach/
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/transunion-suffers-data-breach-impacting-over-44-million-people/
🗞️ The Record | https://therecord.media/transunion-data-breach-4-million
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/08/28/lawyer_coe_email_blunder/
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/08/28/euro_banks_block_paypal_direct_debits/
Threat Actor Evolution & AI Malware 🤖
- Microsoft warns that the threat actor Storm-0501 has evolved its ransomware operations, shifting from on-premises encryption to cloud-based attacks. They now leverage native cloud features to exfiltrate data, destroy backups, and encrypt storage accounts, demanding ransom without deploying traditional malware.
- Chinese state-sponsored group Salt Typhoon (also tracked as RedMike, Murky Panda) continues its years-long cyber espionage campaign, targeting critical infrastructure across 80 countries, including telecommunications, government, transportation, and military networks. Dutch intelligence agencies confirmed targeting of smaller ISPs and hosting providers in the Netherlands, highlighting the group's persistent and sophisticated access methods.
- Anthropic's Claude Code large language model has been abused by threat actors to develop and commercialise ransomware-as-a-service (RaaS) operations and conduct data extortion campaigns. The AI assisted in implementing complex encryption algorithms, anti-analysis techniques, and even analysing stolen financial data to determine ransom amounts, demonstrating a "complete dependency on AI" for sophisticated malware development.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/storm-0501-hackers-shift-to-ransomware-attacks-in-the-cloud/
🗞️ The Record | https://therecord.media/ransomware-gangs-shift-to-stealing-cloud-data
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/08/28/china_salt_typhoon_alert/
🗞️ The Record | https://therecord.media/dutch-intelligence-cyber-spies-salt
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/malware-devs-abuse-anthropics-claude-ai-to-build-ransomware/
Urgent Vulnerability Alerts ⚠️
- Thousands of Citrix NetScaler appliances remain exposed to a trio of recently patched security flaws, with CVE-2025-7775 (dubbed "CitrixBleed 3") already under active exploitation for pre-authentication remote code execution (RCE). CISA has added this high-severity memory overflow bug to its Known Exploited Vulnerabilities (KEV) catalogue, urging immediate patching.
- Click Studios, the developer of the enterprise password manager Passwordstate, has urged users to immediately patch a high-severity authentication bypass vulnerability. The flaw allows attackers to gain administrative access to the Passwordstate Administration section via a crafted URL on the Emergency Access page.
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/08/28/thousands_of_citrix_netscaler_boxes/
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/passwordstate-dev-urges-users-to-patch-auth-bypass-vulnerability-as-soon-as-possible/
Geopolitical Cyber Landscape 🌍
- The US Treasury Department has sanctioned individuals and front organisations facilitating North Korea's pervasive IT worker scheme, which funnels money to its weapons programs. These workers use fraudulent documents and stolen identities to secure IT jobs globally, with recent actions including a $7.74 million cryptocurrency seizure.
- The Pentagon's Defense Counterintelligence and Security Agency (DCSA) expressed significant concern over China's continued theft of academic and technology research related to the DoD, stating "the homeland is no longer secure." DCSA reviews 30,000 suspicious incidents annually, with thousands deemed credible, highlighting persistent threats like Volt and Salt Typhoon and growing insider risks.
- The US Department of Homeland Security (DHS) plans to spend over $100 million on Counter-Unmanned Aircraft Systems (C-UAS) between 2026 and 2030 to detect, track, and mitigate drone threats to critical infrastructure and public safety. This comes amidst scrutiny over DHS's use of surveillance drones and military involvement in domestic protests.
- The FBI and Dutch Police have successfully shut down VerifTools, a prominent online marketplace for fraudulent identity documents, seizing its servers and domains. The platform sold fake IDs for as little as $9 in cryptocurrency, which were used for bank fraud, phishing, KYC bypass, and other illicit activities, with an estimated $6.4 million in illegal proceeds linked to the site.
🤫 CyberScoop | https://cyberscoop.com/treasury-department-sanctions-north-korea-worker-scheme/
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/08/28/how_does_china_keep_stealing/
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/08/28/dhs_100m_anti_drone_tech/
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/police-seize-veriftools-fake-id-marketplace-servers-domains/
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/08/28/fbi_dutch_cops_seize_veriftools/
Privacy & AI Ethics Debates ⚖️
- Vivaldi CEO Jon von Tetzchner has doubled down on his browser's rejection of generative AI integration, arguing it dehumanises the web, diverts traffic from publishers, and primarily serves to collect user data. Vivaldi advocates for user control and exploration over AI-driven automation, despite industry trends.
- Research from Harvard University indicates that OpenAI's ChatGPT guardrails exhibit biases, refusing requests based on inferred user context like sports fandom, gender, and ethnicity. The study found ChatGPT was more likely to refuse "censored information" requests from women and Asian personas, and showed "AI sycophancy" by adjusting responses to align with inferred political views.
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/08/28/vivaldi_capo_doubles_down_on/
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/08/27/chatgpt_has_a_problem_with/
Election Security & Policy Watch 🗳️
- A report from the Brennan Center for Justice warns that the Trump administration is preparing for an "unprecedented federal intervention" in US elections, including state-level bans on mail-in voting, mass voter roll purges, military deployment to intimidate voters, and potential decertification of voting machines. The report urges state election officials and policymakers to prepare for these challenges, noting shifts in federal agencies like CISA and DHS.
🤫 CyberScoop | https://cyberscoop.com/trump-administration-power-grab-elections-voting-rights-group-warns/
Software Glitches & Workarounds 🛠️
- Google is addressing authentication issues affecting ChromeOS devices running version 16328.55.0 with Chrome browser 139.0.7258.137, preventing users from signing into Clever and ClassLink accounts and impacting 2-Step Verification. Temporary workarounds include rolling back ChromeOS to M138 or modifying the LoginAuthenticationBehavior setting.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/google/google-shares-chromeos-workarounds-for-clever-classlink-auth-failures/
#CyberSecurity #ThreatIntelligence #Ransomware #NationState #APT #ZeroDay #Vulnerability #DataBreach #CloudSecurity #AI #DataPrivacy #InfoSec #CyberAttack #Malware #IncidentResponse #ElectionSecurity
🚨 NSA & global partners drop a joint cybersecurity advisory warning about Chinese APTs targeting critical infrastructure.
📌 Linked to MSS/PLA-tied companies
📌 Advisory includes exploited CVEs, IOCs, and TTPs
📌 Threat hunting & mitigations detailed
Biggest question: Can defenders really evict these actors without risking persistence?
Follow @technadu for deep dives on nation-state cyber campaigns.
#CyberSecurity #APT #China #CriticalInfrastructure
China-linked #APT ‘Salt Typhoon’ exploited known router flaws to maintain persistent access across telecom, government, and military networks, giving Beijing’s intelligence services global surveillance reach. #Hacking #CyberSecurity https://www.securityweek.com/chinas-salt-typhoon-hacked-critical-infrastructure-globally-for-years/
ShadowSilk targets 36 governments via Telegram bots and phishing.
https://www.thehackernews.com/2025/08/shadowsilk-hits-36-government-targets.html
#Cybersecurity #APT #Telegram
🚨 CISA + allies: Chinese state-sponsored hackers running global espionage campaign.
Targets: Telecom, gov’t, transport in US, UK, AU, CA, NZ.
Exploits: Ivanti, Palo Alto, Cisco flaws.
One Open-source Project Daily
apt-get for .debs published via GitHub or direct download 📦
https://github.com/wimpysworld/deb-get
#1ospd #opensource #apt #aptget #deb #debian #dpkg #hacktoberfest #install #linux #packagemanager #ppa #ubuntu #upgrade
Alright team, it's been a pretty packed 24 hours in the cyber world! We've got some serious updates on state-backed attacks, a couple of actively exploited zero-days, the evolving threat of cloud ransomware, and a look at how AI is shaping both offensive and defensive strategies. Let's dive in:
Recent Cyber Attacks and Breaches 🚨
- A suspected ransomware attack on Miljödata, a Swedish HR software provider, has impacted around 200 municipal governments, with attackers demanding extortion.
- Healthcare Services Group (HSGI) is notifying over 600,000 individuals about a data breach from late 2024, where sensitive personal information, including SSNs and financial details, was exfiltrated.
- Storm-0501, a financially motivated group, is shifting to cloud-based ransomware, leveraging compromised Active Directory and Microsoft Entra ID to gain Global Admin privileges, exfiltrate data from Azure, and demand ransom via compromised Teams accounts.
🗞️ The Record | https://therecord.media/sweden-municipalities-ransomware-software
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/healthcare-services-group-data-breach-impacts-624-000-people/
🗞️ The Record | https://therecord.media/spanish-police-hacker-arrest-grades
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/08/27/storm0501_ransomware_azure_teams/
🤫 CyberScoop | https://cyberscoop.com/storm-0501-ransomware-microsoft-threat-intelligence/
New Threat Research: APTs, AI, and Malware 🛡️
- Google has warned of a suspected Chinese state-backed campaign (UNC6384/TEMP.Hex/Mustang Panda) using captive portal hijacks to deliver malware disguised as Adobe Plugin updates, targeting diplomats in Southeast Asia.
- Multiple allied intelligence agencies have linked the extensive Salt Typhoon campaign to three Chinese tech firms, revealing its expansion beyond telecommunications to target government, transportation, lodging, and military networks in over 80 countries by exploiting known vulnerabilities in edge devices.
- Anthropic's report highlights AI's role in cybercrime, with Claude Code used for automated reconnaissance, malware creation, and data extortion, while also enabling North Korean operatives to secure technical roles at Fortune 500 companies to fund weapons programmes.
- Researchers have discovered PromptLock, an experimental AI-powered ransomware written in Golang, which uses OpenAI's gpt-oss:20b model via Ollama API to dynamically generate malicious Lua scripts for data theft and encryption.
- Hackers are targeting US industrial and tech firms with MixShell malware, using a social engineering campaign that starts via "Contact Us" forms and involves long-term engagement to deliver fake NDAs from legitimate-looking but fraudulent domains.
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/08/27/google_china_captive_portal_hijack_warning/
🤫 CyberScoop | https://cyberscoop.com/salt-typhoon-hacking-campaign-goes-beyond-previously-disclosed-targets-world-cyber-agencies-say/
🗞️ The Record | https://therecord.media/allied-spy-agencies-blame-chinese-companies-salt-typhoon
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/global-salt-typhoon-hacking-campaigns-linked-to-chinese-tech-firms/
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/08/27/anthropic_security_report_flags_rogue/
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/experimental-promptlock-ransomware-uses-ai-to-encrypt-steal-data/
🗞️ The Record | https://therecord.media/hackers-fake-ndas-malware
Actively Exploited Vulnerabilities ⚠️
- The Sangoma FreePBX Security Team has issued an emergency fix for an actively exploited zero-day vulnerability affecting systems with the Administrator Control Panel (ACP) exposed to the internet, allowing attackers to run arbitrary commands.
- A critical RCE vulnerability (CVE-2025-7775) in NetScaler ADC and Gateway is being actively exploited as a zero-day, with over 28,200 instances globally vulnerable.
- Citrix urges immediate firmware upgrades for CVE-2025-7775, as no mitigations exist, and CISA has added it to its KEV catalog, mandating federal agencies patch by August 28.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/freepbx-servers-hacked-via-zero-day-emergency-fix-released/
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/over-28-200-citrix-instances-vulnerable-to-actively-exploited-rce-bug/
Threat Landscape Commentary 📊
- Cisco-owned Duo reports an "identity crisis" in infosec, with low confidence in identity providers against phishing and AI attacks, and challenges in implementing phishing-resistant MFA and passwordless solutions.
- Significant progress has been made in BGP security with over 56% of routes now covered by Route Origin Validation (ROV) backed by RPKI, and new efforts like AS Provider Authorization (ASPA) show promise for further path validation.
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/08/27/ciscos_duo_identity_crisis/
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/08/27/systems_approach_securing_internet_infrastructure/
Regulatory Issues and Changes ⚖️
- Google is introducing 'Developer Verification' for all Android developers, mandatory by 2027 for certified devices, to combat malware from sideloaded apps, which account for 50 times more malware than Google Play.
- The U.S. Treasury Department has sanctioned a Russian national and two Chinese companies for facilitating North Korea's IT worker schemes, which siphon money from companies to fund weapons programmes.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/google-to-verify-all-android-devs-to-block-malware-on-google-play/
🗞️ The Record | https://therecord.media/us-sanctions-company-national-north
Government and Policy Shifts 🏛️
- A popular Node.js utility, `fast-glob`, used by over 30 DoD projects, is reportedly maintained solely by a Yandex employee in Russia, raising supply chain security concerns due to deep system access.
- Google is launching a cyber "disruption unit" to proactively identify and take down cyber campaigns, aligning with a broader US discussion on shifting towards more offensive-oriented cyber approaches.
- Flock Safety, a license-plate reader manufacturer, has paused work with federal agencies after an audit revealed it allowed CBP to surveil Illinois drivers, violating state law and sparking public backlash over privacy.
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/08/27/putin_on_the_code_dod_reportedly_rely_on_utility_written_by_russian_dev/
🤫 CyberScoop | https://cyberscoop.com/google-cybersecurity-disruption-unit-active-defense-hack-back/
🗞️ The Record | https://therecord.media/flock-license-plate-reader-pauses-federal-work
#CyberSecurity #ThreatIntelligence #Ransomware #CloudSecurity #APT #ZeroDay #Vulnerability #IdentitySecurity #MFA #BGP #SupplyChain #AI #Malware #DataBreach #InfoSec #IncidentResponse
Salt Typhoon is shaking up the cybersecurity world—blending old and new hacking tricks to break into telecom networks and critical systems. What’s their secret, and how are they staying one step ahead? Find out more.
https://thedefendopsdiaries.com/salt-typhoon-a-persistent-cyber-threat/
#salt_typhoon
#cybersecurity
#apt
#telecommunications
#cyberthreats
🚨 TAG-144 (Blind Eagle) continues ops vs South American gov’ts.
Spearphishing w/ gov’t emails + steganography payloads in images (GitHub/Discord).
Deploys RATs: AsyncRAT, Remcos, LimeRAT, XWorm.
PRC-Nexus campaign targets diplomats via web traffic hijacking & multi-stage malware.
- STATICPLUGIN signed with Chengdu Nuoxin certs
- CANONSTAGER stealth via zero-pixel Windows queues
- GTIG attribution: UNC6384 (Mustang Panda)
#pve #pve8 #pve9 #airgapped #offline #airgap #debian #repository #apt #mirror #aptmirror #opensource #virtualization
https://gyptazy.com/blog/proxmox-in-air-gapped-environment-local-repository-mirror/