ASN: AS18883
Location: Marcus, US
Added: 2025-07-23T02:12
ASN: AS18883
Location: Marcus, US
Added: 2025-07-23T02:12
Worried about npm supply chain attacks?
Here's how to mitigate:
Limit the more riskier packages to Dev or Test- only inclusions! These packages aren't deployed to prod, keeping customer data safe.
Dev-only package compromise only impacts developers' machines where there's less to worry about. There's no customer data. Just ssh and pgp keys, browser localstorage, or already being VPNed into corporate.
Don't risk customer data. ISO 27001 and SOC2 are counting on YOU!
ASN: AS3352
Location: Madrid, ES
Added: 2025-07-13T04:20
For those attending @defcon the special edition of Casey Erdmann's Red Team Engineering will be available at our booth! Many resources out there focus on either tooling or infrastructure, but rarely both in practical detail.
This book aims to bridge that gap, providing hands-on instruction for writing custom offensive tools and then engineering the infrastructure to use them effectively.
I share the same common view of online ID verification as most other #infosec people: it's a ludicrous situation that *increases* risk to everybody, handing data over to a mish-mash of organisations with very little transparency or rigour.
But I am enjoying the particular absurdity of seeing it in implementation. I hit a site that requires ID verification, I tell my Tailscale/Headscale config to route through one of my servers in Europe, and no more need to provide ID.
ASN: AS5432
Location: Antwerpen, BE
Added: 2025-07-01T09:36
Was anything even nailed down? This company should be sued out of the entire business.
Tech Crunch: Allianz Life says ‘majority’ of customers’ personal data stolen in cyberattack https://techcrunch.com/2025/07/26/allianz-life-says-majority-of-customers-personal-data-stolen-in-cyberattack/ @TechCrunch @zackwhittaker #cybersecurity #infosec #databreach
The official disclosure: https://www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2-8792-a1252b4f8318/0446bff3-a013-43ed-82fa-bca6bb157de1.html
If you missed this, you'll get a lot less by the time the lawyers are done taking their share.
CNET: AT&T to Pay Out Huge Data Breach Settlement, and You Might Be Eligible for Up to $5K https://www.cnet.com/tech/mobile/at-t-to-pay-out-huge-data-breach-settlement-and-you-might-be-eligible-for-up-to-5k/ @cnet #cybersecurity #Infosec
This dumb password rule is from GoDaddy SFTP.
Max 14 characters for the most important password in your shared hosting environment.
Ok for some reason when I mentioned non-human identities and tracking them, a number of people assumed aliens or something, or just AI agents. What I am looking for are some insights into authentication actions on computer systems - using tokens, APIs, stored secrets, and so on - where a human is not directly involved in the interaction. Yes, AI could be involved, think MCP especially. I know there are tools out there to manage this, just wondering. Think using Okta SSO etc but not human users at all. Thoughts? Opinions? To me this is the next step in zero trust, in that one should have the same principles in place between any and all systems be they human or automated in that are they who or what they claim to be and are they authorized to do go forward and do what they are trying to do. #infosec #security #zerotrust
Attack on United Australia Party and Trumpet of Patriots also breached the business entites of Clive Palmer
A ransomware attack discovered June 23, 2025, compromised email servers across 11 business entities associated with Australian politician Clive Palmer, potentially affecting up to 80,000 individuals and exposing financial records, identity documents, and confidential correspondence.
**Do you want your companies to be descibed as having "breathtaking lack of care" for a cybersecurity incident? It seems if one is a rich enough, that's acceptable. Think of this before you give out your data to companies with huge budgets - will they care at all if they get breached?**
#cybersecurity #infosec #incident #databreach
https://beyondmachines.net/event_details/attack-on-united-australia-party-and-trumpet-of-patriots-also-breached-mineralogy-and-queensland-nickel-group-h-c-0-v-a/gD2P6Ple2L
ASN: AS3320
Location: Darmstadt, DE
Added: 2025-07-02T13:59
Finnish technology company Exel Composites reports cyberattack exposing employee and shareholder data
Finnish composite materials technology company Exel Composites confirmed a cyberattack discovered on July 18, 2025, that compromised a limited number of workstations and servers, exposing personal information of staff and shareholders along with sensitive business materials. The company has reported the incident to police and data protection authorities but has not disclosed the nature of the attack or the number of affected individuals.
****
#cybersecurity #infosec #incident #databreach
https://beyondmachines.net/event_details/finnish-technology-company-exel-composites-reports-cyberattack-exposing-employee-and-shareholder-data-9-i-3-b-r/gD2P6Ple2L
ASN: AS4685
Location: Tokyo, JP
Added: 2025-07-25T15:06
Wait, so any app on Android with network access can just open a localhost port and then a browser script can share all your private browsing data via that port? Even on GrapheneOS? How is that not restricted?? What's stopping your banking apps or "sandboxed" Google Play store from doing this and tracking everything?
https://www.theregister.com/2025/06/03/meta_pauses_android_tracking_tech/
Women dating safety app Tea data leak exposes thousands of women's IDs and selfies
Tea, a women-only dating safety app, suffered a massive data breach exposing 72,000 images including verification selfies and government IDs through an improperly secured Firebase database that required no authentication to access. The vulnerability was discovered by 4chan users. The database was secured within hours but the sensitive data has already been exfiltrated and is being shared across social media platforms.
**Do you really feel confident giving out your photo IDs to random platforms on the internet? Even if they claim to be about safety and security?**
#cybersecurity #infosec #incident #databreach
https://beyondmachines.net/event_details/women-dating-safety-app-tea-data-breach-exposes-thousands-of-women-s-ids-and-selfies-b-d-o-2-0/gD2P6Ple2L
ASN: AS13796
Location: Storrs, US
Added: 2025-07-15T08:58
Multiple vulnerabilities reported in Tridium Niagara Framework
Researchers discovered 10 critical vulnerabilities (CVE-2025-3936 through CVE-2025-3945) in Tridium's widely-deployed Niagara Framework, an IoT middleware platform connecting HVAC, lighting, and security systems. The vulnerabilities can be chained together to enable complete system compromise, allowing adjacent attackers to intercept tokens, hijack administrator sessions, and execute arbitrary code with root privileges.
**If you use Tridium Niagara Framework systems (common in HVAC, lighting, and building automation), check to confirm that the system is isolated from the internet and accessible only from trusted networks. Then plan an update to the latest patched versions. Also check for proper encrypted communication between Tridium Niagara and all other components to prevent interception of sensitive data.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/multiple-vulnerabilities-reported-in-tridium-niagara-framework-u-w-q-s-0/gD2P6Ple2L
ASN: AS17506
Location: Yokohama, JP
Added: 2025-07-25T14:51