SCOOP: The iPhone mass hacking toolkit used by Russian spies was developed at U.S. military contractor L3Harris, former employees said.
The Coruna toolkit was used against Ukrainians and by Chinese cybercriminals, according to Google. But the toolkit was initially developed for Western governments.
Finland's intelligence service has released its yearly national security overview report. On the cyber side of things, SUPO warns startups that foreign espionage can rob them of their future.
supo.fi/en/espionage...
๐ฃ #PIVOTcon26 Agenda is here ๐ค We are thrilled to announce the lineup for this year's edition!
2โฃ days and 19 talks from leading #ThreatResearch experts.
The agenda link is in the first comment๐, and the talks and speakers are in the thread.๐งต
#CTI #ThreatIntel
1/15
Short newsletter item about one mistake from disinfo operations #Doppelgรคnger that makes it possible to tie together >100 domains
buttondown.com/readwrite/ar...
BREAKING: powerful iPhone hacking tools used by Chinese criminals originated from US defense giant L3 Harris.
Their zero-click exploits went to Russian spies too.
Unbelievable harm to our collective security.
Scoop: @lorenzofb.bsky.social, here's why it matters 1/
techcrunch.com/2026/03/09/a...
"A formerly legitimate Featured Chrome extension (ShotBird) was turned into a remote-controlled malware channel after an apparent ownership transfer"
Curious if this is another case of an extension being sold on ExtensionHub again? A place to watch...
monxresearch-sec.github.io/shotbird-ext...
What's with the bird names in a .gov iOS exploit framework? @craiu.bsky.social @jags.bsky.social www.youtube.com/watch?v=-QNf...
We are aware of recent reports regarding targeted phishing attacks that have resulted in account takeovers of some Signal users, including government officials and journalists. We take this very seriously. 1/7
๐๐ฟ๐ฎ๐ป ๐ฎ๐ป๐ฑ ๐๐ต๐ฒ ๐ฐ๐๐ฏ๐ฒ๐ฟ ๐ฑ๐ผ๐บ๐ฎ๐ถ๐ป: our selected analysis providing useful context on the different ways cyber tools have been used in and around #Iran. (1/5)
(5/5) Ransomware, espionage, & sabotage.
A. Milenkoski, J. Minier, @julianferdinand.bsky.social, M. Smeets, and @tgrossman.bsky.social examine state uses of ransomware, including Iranโs capacity for disruptive & politically motivated cyber operations.
๐ Read article: bindinghook.com/state-backed...
-Mammoth trojan comes to MAX
-Phishing campaign targets Armenian civil society leaders ahead of elections
-Coruna technical analysis
-LuaJIT malware on GitHub
-Red Alert malware in Israel
-DPRK (ab)uses AI for everything
-New CL-UNK-1068 APT
-APT36 adopts vibeware
-Claude found 22 Firefox bugs
-White House releases new Cyber Strategy
-New Trump EO prioritizes fight against scams and cybercrime
-Chinese hackers breach FBI wiretap network
-Romania's largest meat exporter enters insolvency after ransomware attack
Podcast: risky.biz/RBNEWS535/
Newsletter: news.risky.biz/risky-bullet...
Along with our open call for talks, we have also opened registration for Hague TIX 2026!
The ticket link and everything practical you need to know about #HagueTIX2026 is right here: www.thehagueprogram.nl/the-hague-ti...
@thehagueprogram.bsky.social @fggaleiden.bsky.social @monicakello.bsky.social
New video footage shows a US Tomahawk missile hitting an IRGC facility in Minab, Iran, on Feb 28, showing for the first time that the US struck the area. The footage also shows smoke already rising from the vicinity of the girlsโ school, where 175 people were reportedly killed, including children.
Huntress researchers Jamie Levy & Harlan Carvey have identified and detailed the full timeline of an intrusion in a customer environment that aligns with what others have identified as MuddyWater. www.huntress.com/blog/muddywa...
The #DefCon #Singapore March Chill Out will be happening March 27th at Georges in Tai Seng. Everyone is welcome!
Come meet the local InfoSec, Hacker, and Researcher communities working to make the DEF CON Singapore conference a reality at the end April [โฆ]
[Original post on defcon.social]
Russian state hackers are carrying out a global campaign to compromise Signal and WhatsApp accounts belonging to government officials and military personnel, Dutch intelligence warned Monday.
In this how-to for beginners, I explain how to get started with Burp and similar browser tools, we'll explore API basics, how to understand network requests, and getting started. I'll also walk you through some examples of how I found security bugs and data leaks, which I wrote up for TechCrunch.
๐งจ ๐จ NEW POD UP! (presented by @thinkstcanary.canary.tools) - The Coruna iOS exploit kit, the connection to the Peter Williams/Trenchant exploit sale to Russians, how it slipped from government hands into criminal use @craiu.bsky.social @jags.bsky.social
LISTEN everwhere ๐
pod.link/1414525622
Terrific data deep dive with animated maps, showing how US/Israeli targeting shows a shift over the course of the warโs first week: from targeting army and drone/missile sites to targeting police and regime security, to enable an uprising.
economist.com/interactive/...
My comment for Anadolu Agency (turkish press agency) on data centres as targets in the Iran war. The strikes on Amazon facilities in the UAE and Bahrain are the first time commercial cloud infrastructure has taken physical damage from a drone or missile attack. www.aa.com.tr/en/middle-ea...
Kaspersky recently produced a podcast on Operation Triangulation, basically a story of the investigation
Things that I haven't seen mentioned elsewhere:
โ Triangulation malware existed for >10 years
โ Some technical details similar to the Equation Group
www.youtube.com/watch?v=j4pC...
โThe Florida-based cyber firm Defense Primeโwhich has also done business as Palm Beach Networksโ& been staffed mostly by former employees of NSO Group, has dissolved its Florida operations. Its executives have moved their business operations to ๐ช๐ธBarcelona.โ
www.intelligenceonline.com/americas/202...
Hacking internet-connected civilian security cameras for recon has become a standard operating procedure of modern warfare. First for Russia and Ukraine, now for Israel and Iran.
Your insecure internet-of-things surveillance system is now their targeting system.
www.wired.com/story/from-u...
Exclusive: Russia is providing Iran with targeting information to attack American forces in the Middle East, the first indication that another major U.S. adversary is participating โ even indirectly โ in the war.
-Iranian hackers are scanning for security cameras to aid missile strikes
-Israel bombs Iran's cyber headquarters
-CISA's CIO leaves
-Authorities take down LeakBase and Tycoon 2FA
-Mexico mandates SIM registration to real IDs
Newsletter: news.risky.biz/risky-bullet...
Podcast: risky.biz/RBNEWS534/
NEW: Google said that last year, and for the first time, it found more zero-days used by spyware makers (15) rather than government-backed espionage groups (12) in the wild.
The shift demonstrated โa slow but sure movement in the landscapeโ of how governments hack targets, the company said.
Counter-ransomware interventions are increasing, but assessing the impact remains difficult. Our latest article by @maxwsmeets.bsky.social, @jamiemaccoll.bsky.social, S. Williams-Dunning, & @bobherc.bsky.social introduces a practical framework to evaluate them.
Read: bindinghook.com/assessing-th...
My oh my... I hope they didn't store all their cyberz and computers in the same building /s
www.politico.com/news/2026/03...
Microsoft describes how a global coalition disrupted Tycoon 2FA, a phishing-as-a-service platform behind tens of millions of fraudulent emails reaching more than 500,000 organizations each month. blogs.microsoft.com/on-the-issue...
