Exclusive: Andrey Kharchenko, one of the Russian attendees of a much-scrutinized 2018 meeting in a Moscow hotel with Lega leader Matteo Salvini's right-hand, is an FSB Fifth Service officer, @the_ins_ru today reveals. The meeting was to negotiate Russian funding of Lega.

— Michael Weiss (@michaeldweiss) February 6, 2024

We're naming names 🔥 because the harm is not hypothetical.

Today we share "Buying Spying", our new report diving into the commercial surveillance/spyware industry. We dive into the players, the campaigns, the spyware, & the harm it perpetuates.https://t.co/D8Lx4wRrw6 pic.twitter.com/QhAzm4BPLl

— Maddie Stone (@maddiestone) February 6, 2024

Everyone's been sending me the deepfake CFO article. I'm not sure if it's real, so waiting for facts to emerge. But, here's what I'd do if it's accurately reported 🧵https://t.co/iUOkexZ5Mp

— Dan Guido (@dguido) February 5, 2024

One can only imagine how painful the waiver process that will inevitably be required for visa restricted designation of exploit devs that suddenly become interesting for national security purposes.

— JD Work (@HostileSpectrum) February 6, 2024

I'm hoping this is used more against the users of the tech and not the exploit devs who we really do want coming to get a job at a FAANG?

— Dave Aitel (@daveaitel) February 6, 2024

Stakeknife: Soldiers who handled agent in IRA will not be prosecutedhttps://t.co/6UcdDwQjdp

— Jennifer O'Leary (@Jen_O_Leary) February 6, 2024

Last week, Finnish authorities claimed to have successfully traced Monero transactions linked to the Vastaamo hack. Just moments ago, Binance announced the delisting of Monero ($XMR).
Is this merely a coincidence? I think not.
🧵👇 pic.twitter.com/sqEjFwmqsA

— Snoops (@Snoops0x) February 6, 2024

Wow! ICYMI Friday: The list of amici on this @PaulWeissLLP Amicus Brief calling out the @SECGov enforcement action vs. @solarwinds is a who's who of #CyberSecurity luminaries, experts and Pioneers, from @ncdinglis and @stewartbaker to @SpauldingSezhttps://t.co/FjmAnk3nJr

— Shaun Waterman (@WatermanReports) February 5, 2024

Taylor Swift attorneys have threatened legal action against Florida college student whose social media accounts track takeoffs/landings of aircraft owned by billionaires, politicians, Russian oligarchs and celebs using public FAA data. https://t.co/nImdgsm1qf

— Kim Zetter (@KimZetter) February 6, 2024

New from 404 Media: Patternz, a global phone spy tool which is built on advertising data, was specifically marketed as a "riot detection" tool, with maps pointing to New York City. Shows the aspirations of what companies selling this tech envision it for https://t.co/l5S1XxhalG

— Joseph Cox (@josephfcox) February 6, 2024

Excellent introduction to Linux kernel heap exploitation concepts and Random kmalloc caches (RANDOM_KMALLOC_CACHES) mitigation
Credits @sam4k1https://t.co/K1xeX3BqPw#Linux #infosec pic.twitter.com/RYY3nvoToQ

— 0xor0ne (@0xor0ne) February 6, 2024

Ministry of Defence (MoD) of the Netherlands uncovers COATHANGER, a stealthy Chinese FortiGate RAT.

Intrusion affected segmented 50-user MoD R&D network.

10-pager by MIVD & @AIVD w/tech details (0.5MB .pdf, Feb 2024) https://t.co/zPNOTQtnKP

Initial access via CVE-2022-42475. pic.twitter.com/EyJIFGsx8z

— Matthijs R. Koot (@mrkoot) February 6, 2024

shazam, but for scary noises I hear at night

— Grace Jarvis (@gracejarvisohno) February 6, 2024

Some roses are red
Some roses are black

"3 million smart toothbrushes were just used in a DDoS attack"https://t.co/YEKDUFiq8M

— pourmecoffee (@pourmecoffee) February 6, 2024

I mean, they never did ? https://t.co/F8SCPTb37X

— Dave Aitel (@daveaitel) February 6, 2024

WOW: ~ 50% of 0day exploits against Google/Android products now come from commercial vendors.

"if governments ever had a monopoly on the most sophisticated capabilities, that era is certainly over"

Timely NEW REPORT by @Google TAG

Some takeaways🧵 1/ https://t.co/YdqufVoDYi pic.twitter.com/CjrJwZywmL

— John Scott-Railton (@jsrailton) February 6, 2024

Art Nouveau doors from c. 1900 in Brussels, Belgium. pic.twitter.com/5KTucKhzpK

— ArtNouveauDeco (@NouveauDeco) February 6, 2024

My buzzword bingo sheet was not prepared for this headline:

"a Cyber Resilient Hybrid Cloud and AI Platform" pic.twitter.com/zYCCMhUsm5

— stacksmashing (@ghidraninja) February 6, 2024

Images generated in ChatGPT and our API now include metadata using C2PA specifications.

This allows anyone (including social platforms and content distributors) to see that an image was generated by our products. https://t.co/kRv3mFnQFI pic.twitter.com/ftHqECS8SB

— OpenAI (@OpenAI) February 6, 2024

Interesting international initiative on commercial spyware https://t.co/eaADuQLEP4

— Ciaran Martin (@ciaranmartinoxf) February 6, 2024

iPhone apps are collecting quite some A LOT OF user private data. Extremely verbose, allowing to fingerprint, perhaps even track users.
Context from my works. About privacy risks of light data: https://t.co/eb93tHS83a
Risks of battery information: https://t.co/qrWc0Cwow8 https://t.co/uhhXJ09T6J pic.twitter.com/mg8FXEiz1x

— Lukasz Olejnik, ☕️🥐 (@lukOlejnik) February 7, 2024

This screenshot shows the app analytics data sent by two different iOS apps: @duolingo and @Tinder. What's the likelihood that both apps are installed on the same device? 💯? 🤯

Both apps use @unity Ads. The data in the screenshot is collected by the Unity Ads framework included… pic.twitter.com/h8SwasjYkG

— Mysk 🇨🇦🇩🇪 (@mysk_co) February 4, 2024

The volume being sent is also accurate.
Testing with different volume levels resulted in including such values in the requests. (One can still argue that Unity Ads uses this so that it sends silent ads if the device's volume is too high, no fingerprinting here 🙃) pic.twitter.com/w3iTpAQw0m

— Mysk 🇨🇦🇩🇪 (@mysk_co) February 4, 2024