#Netsec

Anonops

@anonops.com

3 days ago

14,000 routers are infected by malware that's highly resistant to takedowns Most of the devices are made by Asus and are located in the US.

14,000 routers are infected by #malware that's highly resistant to takedowns | #security #netsec #Asus #botnet #technology #technews | arstechnica.com/security/202...

MadStash

@madstash.bsky.social

1 week ago

FBI Investigates Hack on its Wiretap and Critical Surveillance Systems The Federal Bureau of Investigation has confirmed a cybersecurity incident targeting a sensitive internal network used to manage wiretapping operations and foreign intelligence surveillance warrants, ...

FBI Investigates Hack on its Wiretap and Critical Surveillance Systems #NetSec #InfoSec

cybersecuritynews.com/fbi-investig...

Wendy

@thistleandmoss.com

1 week ago

Proton Mail Helped FBI Unmask Anonymous ‘Stop Cop City’ Protester A court record reviewed by 404 Media shows privacy-focused email provider Proton Mail handed over payment data related to a Stop Cop City email account to the Swiss government, which handed it to the ...

So I guess #proton did something, and it will cause distrust.
#opssec #netsec #infosec #encryption

www.404media.co/proton-mail-...

Mister Sterling

@mister-sterling.bsky.social

2 weeks ago

Cheers to the National Security class. The imperialists who set us up for 9/11. Made billions as experts, advising us how to prevent the next 9/11. Told us that our biggest threat was "open borders." And then, this year, decapitated Venezuela and Iran to start the clock for the next 9/11. #netsec

Rootkit Labs

@rootkitlabs.bsky.social

2 weeks ago

Completely open source, handheld Linux device we developed for hacking and pentesting.

Also it runs Doom :)

#hacking #security #netsec #linux #opensource

Pink Dragon Lady

@lunakin.bsky.social

2 weeks ago

Remember, the S in IoT stands for Security...

#meme #joke #it #IoT #sysadmin #security #netsec

MadStash

@madstash.bsky.social

3 weeks ago

Hackers Expose Age-Verification Software Powering Surveillance Web Three hacktivists tried to find a workaround to Discord’s age-verification software. Instead, they found its frontend exposed to the open internet.

Hackers Expose Age-Verification Software Powering Surveillance Web #infosec #Netsec

www.therage.co/persona-age-...

@fastnetmon.bsky.social

3 weeks ago

NANOG + APRICOT conversation and topic highlights:
Dave Phelan DDoS talk: excellent regional analysis!
Routing security convos showing real RPKI/ASPA deployment progress
Regional infrastructure = different constraints = different solutions

#NANOG #APRICOT2026 #DDoS #NetSec

Roland Turner

@9v1rt.f.rolandturner.com.ap.brid.gy

1 month ago

The “black box” in your hallway exacerbates a power imbalance. At the FOSSASIA Summit 2026 Dheeraj Reddy Jonnalagadda is going to show us how to level the playing field. Much of the history of the open source movement — and particularly the Free Software Movement — is a history of redressing power imbalances. When software is closed and code is kept secret, it becomes a tool for organizations to exert control over individuals. It allows vendors to compel costly upgrades, block interoperability, and hide vulnerabilities. For most of my adult life, I have worked to reduced these asymmetries, because I believe that the systems we rely on for our civil liberties must be transparent to be trustworthy. In few places is this power imbalance more physical, or more intrusive, than the plastic box sitting in your hallway: the ISP-supplied router. ## The Hidden Cost of the “Black Box” We are asked to trust these devices implicitly. They mediate our banking, our private communications, and our work. Yet, for most users, they are total black boxes. We cannot audit the code they run. We cannot verify if they are patched against the latest CVE. We are effectively tenants in our own digital infrastructure, renting access from a landlord who holds all the keys. But the cost isn’t just security; it’s sovereignty. * Want to block ads network-wide? You can’t, because you don’t have root. * Want to segregate your insecure IoT lightbulbs from your work laptop? You can’t, because VLANs are locked out. * Want to use encrypted DNS to stop your ISP from selling your browsing history? Good luck changing those settings. This is why, when we were curating the Cybersecurity & Privacy track for FOSSASIA 2026, we looked for talks that didn’t just discuss security in the abstract, but offered practical tools to reclaim it. ## Meet the Speaker: Dheeraj Reddy Jonnalagadda Dheeraj is a Senior Flight Software Engineer at Pixxel, where he builds embedded systems for space technology — a domain where “trust” isn’t a sentiment, but a verifiable engineering constraint. If code fails in orbit, the satellite is dead. He applies that same rigorous skepticism to the terrestrial hardware we use every day. ## The Session: “Don’t Trash It, Hack It” On Monday, March 9, Dheeraj is leading a session titled Don’t Trash It, Hack It: Reverse engineering secrets & repurposing ISP Routers. This session is a masterclass in auditability. Dheeraj will demonstrate the process of: * The Teardown: Analyzing the binary structure of a locked-down firmware image. * The Breach: Uncovering hard-coded backdoor credentials (the ultimate breach of trust that vendors often leave behind). * The Repurpose: Gaining root access to transform the device from a passive “ISP endpoint” into an active “User-Controlled Firewall.” ## Why This Matters This isn’t just about saving a few dollars on hardware or reducing e-waste (though keeping plastic out of the landfill is a noble bonus). It is about the fundamental principle that you cannot secure what you cannot understand. If we want an Internet that is trustworthy — one that protects individuals rather than just serving as a vector for surveillance or crime — we need to start by owning the edge of the network. We need to move from blind faith in our ISPs to verified Trust. Dheeraj is giving us the crowbar to open the black box. I hope you’ll join us to see what’s inside. ## Join Us in Bangkok * Session: Don’t Trash It, Hack It * Track: Cybersecurity & Privacy * When: March 9, 08:45 AM * Tickets: EventYay

rolandturner.com/Why%20We%20Invited%20a%2... @fossasia

#FOSSASIA #FOSSASIA2026 #Bangkok #HardwareHacking #ReverseEngineering #EmbeddedSystems #NetSec #Firmware #RightToRepair #DigitalSovereignty #Privacy

Offensive Sequence

@offseq.bsky.social

1 month ago

CVE-2026-25803: CWE-798: Use of Hard-coded Credentials in denpiligrim 3dp-manage CVE-2026-25803 is a critical security vulnerability identified in the denpiligrim 3dp-manager product, specifically affecting versions 2.0.1 and earlier. The vulnerability arises from the use of hard-coded default credentials (username: adm

Critical alert: denpiligrim 3dp-manager ≤2.0.1 uses hard-coded admin creds, risking full takeover. Upgrade to 2.0.2 or restrict access now! 🔒 radar.offseq.com/threat/cve-2026-25803-cw... #OffSeq #Vulnerability #NetSec

Lab401.com

@lab401.bsky.social

1 month ago

Keyring-sized network recon. Runs payloads for auto scans and easy loot. Default payload does nmap and saves results.
🔗Get yours now: l.lab401.com/8kVYG
#lab401 #pentesting #NetSec #Hak5 #RedTeam

Anonops

@anonops.com

1 month ago

Site catering to online criminals has been seized by the FBI One of the last holdouts for ransomware discussions, RAMP is taken down.

Site catering to online criminals has been seized by the FBI | #RAMP #ransomeware #netsec | arstechnica.com/security/202...

phusion

@phusion.bsky.social

1 month ago

Site catering to online criminals has been seized by the FBI One of the last holdouts for ransomware discussions, RAMP is taken down.

Site catering to online criminals has been seized by the FBI | #RAMP #netsec #security #ransomware | arstechnica.com/security/202...

Rootkit Labs

@rootkitlabs.bsky.social

1 month ago

I Built a Fully Open Source Handheld Computer (FROM SCRATCH) YouTube video by Rootkit Labs

Handheld Hacking Device I developed From Scratch! #hacking #opensource #linux #netsec

youtu.be/QxqeU8ZfaYg?...

phusion

@phusion.bsky.social

1 month ago

Hacker who stole 120,000 bitcoins wants a second chance—and a security job Crypto theft was "the worst thing I had ever done."

Hacker who stole 120,000 bitcoins wants a second chance—and a security job | #netsec #security #hacking #BTC #crypto #technology #technews | arstechnica.com/security/202...

@taij-triki.bsky.social

1 month ago

Le modèle hybride "Cloud-to-On-Prem" n'est plus une option, c'est l'assurance-vie de votre infra. La cybersécurité n'est plus une question de murs, mais de flexibilité. 🚀

#CyberSecurity #DDoS #CloudSecurity #Resilience #Architecture #NetSec

Lab401.com

@lab401.bsky.social

1 month ago

Integrated USB-C Ethernet gives host access to the Pager’s LAN—simple, fast, clean. 🔌⚙️ Available now at lab401.com/. Get yours now: l.lab401.com/4F08n
#lab401 #pentesting #NetSec #WiFiPineapple #Hak5

Lab401.com

@lab401.bsky.social

2 months ago

Root Linux in your pocket: plug in, SSH on, be productive anywhere. 💻🔑 Available now at lab401.com/. Get yours now: l.lab401.com/7Gu7M
#lab401 #pentesting #NetSec #WiFiPineapple #Hak5

Irbis Zen

@zen.irbis.sh

2 months ago

GitHub - ZenPrivacy/zen-desktop: Simple, free and efficient ad-blocker and privacy guard for Windows, macOS and Linux Simple, free and efficient ad-blocker and privacy guard for Windows, macOS and Linux - ZenPrivacy/zen-desktop

Privacy tools shouldn't ask for trust.
They should earn it.
That's why Zen is open-source.

See how it works: github.com/ZenPrivacy/z...

#privacy #opensource #netsec

Anonops

@anonops.com

2 months ago

Resecurity Caught ShinyHunters in Honeypot Resecurity caught ShinyHunters (SLH) using decoy accounts; the group attacked airlines, telecoms, and law enforcement in Sept 2025.

Resecurity Caught #ShinyHunters in Honeypot | #netsec #security | securityaffairs.com/186528/secur...

Alex Levberg

@alexlevberg.bsky.social

2 months ago

#happyholiday #cybersecurity #netsec #sysadmin #ciso

Hacker News Companion

@hncompanion.com

2 months ago

Tools like `firewalld`, `nftables`, or `UFW` are essential for granular control. Don't just permit known ports; explicitly deny everything else. Regularly review rules to prevent configuration drift and open backdoors. #NetSec 3/6

Gr@ve_Rose

@tcpdump101.com

2 months ago

💚🙃
#Cisco #CVE-2025-20393 #NetSec #Memes

The Mechanical Eye

@mechanicaleye.bsky.social

2 months ago

Evil Israeli data exfiltration company exposed.

www.koi.ai/blog/urban-v...

Here's their "HQ". No doubt Mossad ties.

maps.app.goo.gl/bEGxqdTxHbA8...

Listed as an "ISP" on Google. Supplies fake VPN browser extensions that steals all your data.

#netsec #israel #vpn

Anonops

@anonops.com

3 months ago

GitHub - fr33-sh/Tripwire Contribute to fr33-sh/Tripwire development by creating an account on GitHub.

Anti #EvilMaid Defense | #tripwire #security #netsec #linux | github.com/fr33-sh/Trip...

Gr@ve_Rose

@tcpdump101.com

3 months ago

Every time you use NAT in a VPN God kills a kitten

- Don't configure sites with overlapping subnets
- Use IPv6 (even v6-in-v4 tunnels) instead
- Think of the kitties

#NAT #VPN #IPSec #NetSec #Networking #IPv6 #Firewalls

phusion

@phusion.bsky.social

3 months ago

Admins and defenders gird themselves against maximum-severity server vuln Open source React executes malicious code with malformed HTML—no authentication needed.

Admins and defenders gird themselves against maximum-severity server vuln | #security #netsec #ReactServer | arstechnica.com/security/202...

Gr@ve_Rose

@tcpdump101.com

3 months ago

A recorder with the Fortinet logo

FortiRecorder

#Fortinet #Memes #NetSec #Security

phusion

@phusion.bsky.social

3 months ago

How to know if your Asus router is one of thousands hacked by China-state hackers So far, the hackers are laying low, likely for later use.

How to know if your #Asus router is one of thousands hacked by China-state hackers | #china #router #netsec #tech #technews #technology #networking #malware | arstechnica.com/security/202...