Marc Smeets @MarcOverIP

Cobalt Strike 4.13 is live! Say "Hello World" to our Beacon Interpreter for native C scripting - plus an LLVM Beacon, smoother docking UX, sharper payload management and more. Read about all the new features in the release blog! cobaltstrike.com/blog/cobalt-st…

@BakkertjeJasper @UID_ Wat enorm leuk dat je je in discussie mengt Jasper, maar doe dat dan even goed ajb. Niet eens in de 4 jaar, er zijn ook EKs. En als je goed leest zeg ik dat het afneemt. Dat jij op absolute cijfers een kwalificatie plakt van ‘prima’ is subjectief en helpt niet.

@FearedBuck @kyleavery dude wtf?

ServiceNow customers are being notified after unauthorized access hit multiple tenants. The messy part? A Scripted REST endpoint reportedly shipped with authentication disabled. No token. No valid session. No real user account. Just requests landing as “Guest” in logs. The IOC: 51.159.98.241 Security teams should be checking /api/now/related_list_edit transaction logs immediately.

Oh.

It’s hilarious that they made a huge deal about the cyber capabilities for months and then when they rolled it out, they’ve blocked the actual utility of the model by prohibiting cyber use 🤣 And yes this includes trusted testers. Like, what was the point in even releasing it?

Zack Korman @ZackKorman

2 days ago

Mythos is amazing.

65 41 673 98K 41

Door een fout van bewindvoerders liggen de privé- en medische gegevens van mensen met schulden op straat. De organisaties wilden geen 10 euro per jaar betalen om hun oude domeinnaam te behouden, waarop nog veel gevoelige informatie binnenkwam. rtl.nl/nieuws/tech/ar…

A careless code blunder just blew the lid off Beijing’s multi-million dollar AI propaganda operation targeting the West. France's digital interference watchdog, Viginum, has officially exposed "Fawn Mianju," a covert network of 13 multilingual fake news sites running on advanced automation and generative AI. The sophisticated network was completely compromised after a computer engineer working as a Senior Project Manager at China's state-run CGTN Digital accidentally left his login credentials exposed in the code. This operation, which expanded on findings first uncovered by U.S. cybersecurity firm Graphika in 2025, operated with deep financial backing. The domains were registered in Beijing, hosted on Alibaba Cloud, and utilized expensive infrastructure alongside paid plugins to artificially manipulate search engine rankings. Using digital keys linked directly to AI language models, the network automatically scraped CGTN articles, lightly rewrote them, and republished over 2,300 articles, often within less than an hour of the original state media broadcast. Sites like the French-language "Actu Méridien" were weaponized to manipulate public opinion across 89 countries, heavily targeting Western audiences and Francophone African youth. The articles aggressively peddled pro-Beijing narratives, painting China as the undisputed leader of the Global South and green energy transition while explicitly telling Western readers that aligning with Chinese interests would bring them massive benefits. Despite the cutting-edge tech and heavy state funding, the operation was an organic flop. The articles struggled to breach 15,000 views, with nearly 40 percent of its top social media engagement traced back to fake accounts in Burundi whose sole purpose was to artificially inflate the content. While the reach was limited, French authorities warn that the operation exposes Beijing’s rapidly escalating capability to launch fully automated, stealth disinformation campaigns designed to quietly erode Western democratic alignment. #Disinformation #CyberSecurity #France #China #AIPropaganda #Geopolitics #Viginum #NationalSecurity

RFI 华语 - 法国国际广播电台 @RFI_Cn

4 days ago

法国查明一批专事宣传中国的虚假新闻网站 rfi.my/Cli5.x

29 63 211 97K 41

When you need to double check if its a parody account 😬😬

Mercedes-AMG PETRONAS F1 Team @MercedesAMGF1

5 days ago

Chase. Every. Millisecond.

keyboard_arrow_left Previous keyboard_arrow_right Next

1K 2K 45K 5.5M 1K

@wdortmans @BovenkampD1940 Daua eigenlijk zeg je dat je de oldtimer wilt laten stelen? 🙃

Ffs When do we collectively just give up on npm?

Abdulkadir | Cybersec @cyber__razz

6 days ago

Someone hid a self-replicating worm inside 37 npm packages. Written in Rust. Hidden behind an eBPF kernel rootkit. Talking to its operator over Tor. It steals 86 environment variables. AWS keys. GCP keys. Vault secrets. Kubernetes tokens. Your Anthropic API key. Your OpenAI

91 541 3K 499K 2K

Cobalt Strike 4.13 has a new Aggressor hook to support BOF cocktails. Here's a quick walkthrough: rastamouse.me/bof-cocktails-…

Good lord 🤮

You only think about yourselves.

@0xTriboulet en.wikipedia.org/wiki/Cargo_cult

The Saint Petersburg International Economic Forum of 2026 (SPIEF 2026) in Russia has started with a very fiery keynote speech by the Ukrainian surprise guests.

@UID_ Echt he?!

I wanted to address the speculation about the recently introduced Device Bound Session Credentials (DBSC) security feature in Google Chrome. Does it help increase the security of session cookies against infostealer malware and MFA phishing? The feature has been available and enabled by default since the Chrome 146 update (April 2026), if you're running Windows with a hardware-backed TPM security module (macOS support is coming in future updates). DBSC allows the browser to upgrade session cookies from long-lived to short-lived, requiring the browser to refresh them approximately every 10 minutes to maintain access to the user's account. > Does DBSC prevent account takeover by threat actors using a stolen session cookie obtained from the user's browser via infostealer malware? Yes (kind of). The extracted session cookie will be valid for up to 10 minutes from the time it is extracted. The attacker will be unable to maintain long-term access to the user's account. Still, the timeframe may be sufficient, for example, to exfiltrate the inbox if the attack is automated. The attacker cannot refresh the short-lived session cookie because it requires the private key (stored in the TPM) assigned to the account to sign the challenge. The malware cannot access the private keys stored in the TPM. > Does DBSC prevent account takeover by threat actors during a phishing attack? No. Servers need to provide legacy support for the browsers that do not yet support DBSC. By default, the server registers and sends a long-lived session cookie to the browser. If the server supports DBSC, it will announce the DBSC API endpoint URL in the `Secure-Session-Registration` HTTP header of the response packet that contains the long-lived session cookies. Only after the short-lived session cookie is registered via the DBSC API endpoint is the long-lived session cookie invalidated. When the attacker removes the `Secure-Session-Registration` HTTP header retrieved from the server during a phishing attack, the browser will continue using long-lived session cookies and assume the server does not support DBSC. In short, removing that HTTP header while proxying traffic during a phishing attack allows the attacker to maintain long-term access to the user's account using the stolen long-lived session cookie. I hope I've managed to clear up some confusion. On a related note, you will soon be able to simulate phishing attacks against Google Workspace accounts (and other websites) that bypass DBSC and MFA protections using Evilginx Pro with the Phishlets 2.0 update.

Xavier Rivera @XavierRiveraX

2 weeks ago

Google Chrome is rolling out device-bound session credentials to all users. Session cookies get cryptographically tied to your device, so stolen cookies can't be replayed from a different machine. Attackers who exfiltrate your cookie database get nothing usable.

104 318 4K 506K 906

Everyone except me ? We are in fact still in court over this.

Microsoft Security Response Center @msftsecresponse

a week ago

Over the past several days, we have been listening to the conversation around coordinated disclosure and the relationship between security researchers and vendors. We recognize that this relationship is both critical and, at times, fragile. We deeply value the security community,

322 108 481 576K 307