the grugq's newsletter

Subscribe
Archives
February 27, 2025

February 27, 2025

February 27, 2025

My slides from out of the box con

https://strapi.ootb.net/uploads/28_months_later_final_1357291282.pdf

All presentation slides from #OOTB #Jakarta have been uploaded to the respective talk pages :) https://t.co/klY5L0amMm Stay tuned for details on our next event ... 😎 #HITB #25YearsInTheBox #security #conference

— Out Of The Box Security Conference (@OOTBconf) February 27, 2025


https://t.co/9zhPMCmGbB

— Safe.eth (@safe) February 26, 2025


RustDoor and Koi Stealer for macOS Used by North Korea-Linked Threat Actor to Target the Cryptocurrency Sector | https://t.co/pBySvcyDVT @Unit42_Intel

— 780th Military Intelligence Brigade (Cyber) (@780thC) February 26, 2025


Today Lockbit ransomware group issued a message to Kash Patel, the new Director of the United States Federal Bureau of Investigation. He requested Kash Patel contact him via Tox and offered him a file titled "personal_gift_for_new_director_FBI_Kash_Patel.7z".

The file is…

— vx-underground (@vxunderground) February 26, 2025


🇧🇾 🇺🇦 🚨 Breaking: @LabsSentinel’s @TomHegel reveals a Ghostwriter campaign targeting Belarusian opposition and Ukrainian military and government organizations. Prep began Jul-Aug 2024; it’s active now. An escalation in cyberespionage against activists and Ukraine.

📄 Details:… pic.twitter.com/GtF66QNTsX

— SentinelOne (@SentinelOne) February 25, 2025


So, this is how lazarus drained 1.5 Billion

1) malicious JS injected into Safe{Wallet} at https://t.co/3kZAjZFiV0 (because apparently, one of the nk devs just casually pushed it to production 🤡)

2) the JS modified executeTransaction() only if the signer was in a predefined… https://t.co/6ZKbUN0K1C pic.twitter.com/Cr9mXGQXDm

— s1r1us (@S1r1u5_) February 26, 2025


https://www.theregister.com/2025/02/26/bybit_lazarus_bounty/


Inside the early modern spy’s toolkit https://t.co/7PsqU9bePp

— Dr. Dan Lomas (@Sandbagger_01) February 26, 2025


From cycling to gaming to birdwatching to history, online forums in the UK are closing. Because they don't have resources for moderation, risk assessment, compliance & legal, or even to read the hundreds of pages pertaining to the UK Online Safety Act, which is a minefield of… pic.twitter.com/Fq5pFgUGX5

— Nick Hutton (@nickdothutton) February 26, 2025


Foreign spies routinely pose as commercial head-hunters on professional networking sites to target individuals for recruitment or information gathering purposes. Think before you link when seeking employment or other opportunities online. pic.twitter.com/jKY0Sc6X9t

— NCSC (@NCSCgov) February 25, 2025


Imagine getting a code review that’s like, “your PR was so bad I trained GPT-4o on it and now it loves Hitler.” https://t.co/W6Xmgeu0Qa

— Riley Goodside (@goodside) February 26, 2025


Reddit grandfather uploads 27 year old EXE file of a visual basic game and Claude one-shotted recreating the game in Python in under 5 minutes!!

From the binary. pic.twitter.com/KEzUfisxmu

— Deedy (@deedydas) February 26, 2025


Today's a phenomenal day for research papers. I mean Great Wall of China and buffer over-read vulns in DNS (it's always DNS!) to leak memory?

Xie Xie, yes please https://t.co/6g7DzFEKyT

— Daniel Cuthbert (@dcuthbert) February 26, 2025


Yes, but:

While Safe frontend and not Bybit infra got compromised, Bybit infra was also insufficient to catch what is, at the end of the day, a pretty simple hack.

There's no excuse for not verifying message integrity on a second airgapped machine when moving >$1b of funds. https://t.co/GLLD0yyTCj

— Hasu⚡️🤖 (@hasufl) February 26, 2025


Today the United States District Court for the Western District of Washington for Seattle, unsealed case details regarding Cameron John Wagenius a/k/a "kiberphant0m" a/k/a "cyb3rph4nt0m"

The defendant, Mr. Wagenius, has expressed intent to the United States government to plea… pic.twitter.com/zckT2zG9vl

— vx-underground (@vxunderground) February 27, 2025


https://www.reuters.com/technology/us-examining-whether-uks-encryption-demand-apple-broke-data-treaty-2025-02-26/


Anyone got a security contact at ISIS? https://t.co/ZORJDpPkNF

— Troy Hunt (@troyhunt) February 27, 2025


On 27Feb2025 Lebanese Army announced that during engineering survey operations in the outskirts of Kfar Shouba city, South Lebanon, they discovered and dismantled these Israeli intel covert surveillance devices.
Source: https://t.co/zoUGZR9hOS#surveillance #Lebanon #Israel #spy pic.twitter.com/PuhFvv3Oa5

— Spy Collection (@SpyCollection1) February 27, 2025


Don't miss what's next. Subscribe to the grugq's newsletter:
X