Arda BΓΌyΓΌkkaya's Avatar

Arda BΓΌyΓΌkkaya

@whichbufferarda.bsky.social

Cyber Threat Intelligence Analyst @EclecticIQ | Threat Hunter | Malware Analyst |. (All opinions expressed here are mine only). πŸ‡ΉπŸ‡·πŸ‡³πŸ‡± #cybersecurity

113 Followers  |  333 Following  |  42 Posts  |  Joined: 20.11.2024  |  1.6655

Latest posts by whichbufferarda.bsky.social on Bluesky

Preview
Hackers stole Social Security numbers during Allianz Life cyberattack | TechCrunch The U.S. insurance giant tells state regulators that Social Security numbers were among the personal information stolen in its mid-July cyberattack.

New, by me: The hackers who breached Allianz Life earlier this month and stole the personal information belonging to the "majority" of its 1.4 million customers, also took Social Security numbers during the breach, per new filings with U.S. states.

30.07.2025 18:02 β€” πŸ‘ 16    πŸ” 5    πŸ’¬ 0    πŸ“Œ 0
Post image

LOL... someone scrapped celebrity Spotify accounts/playlists and leaked their music preferences

The *chef's kiss* here is the name of the site: Panama Playlists πŸ˜†

panamaplaylists.com

31.07.2025 15:03 β€” πŸ‘ 36    πŸ” 14    πŸ’¬ 4    πŸ“Œ 1
Screenshot of text that reads: "Mandatory reporting is also being developed, which would equip law enforcement with essential intelligence to hunt down perpetrators and disrupt their activities, allowing for better support for victims. Consultation responses showed strong support for a new mandatory reporting regime to better protect British organisations and industry."

Screenshot of text that reads: "Mandatory reporting is also being developed, which would equip law enforcement with essential intelligence to hunt down perpetrators and disrupt their activities, allowing for better support for victims. Consultation responses showed strong support for a new mandatory reporting regime to better protect British organisations and industry."

This is by far the coolest part in the UK's proposed ransomware ban and mandatory reporting proposal

www.gov.uk/government/n...

22.07.2025 13:22 β€” πŸ‘ 10    πŸ” 2    πŸ’¬ 1    πŸ“Œ 1
Post image

"This report presents the first detailed study of China’s cyber militia system since 2015. It draws from an analysis of 136 individual militia units, as well as authoritative Chinese-language military writings and mobilization documents."

margin.re/mobilizing-c...

09.07.2025 19:59 β€” πŸ‘ 18    πŸ” 8    πŸ’¬ 0    πŸ“Œ 0
Preview
FBI: Play ransomware gang has attacked 600 organizations since 2023 Law enforcement officials said initial access brokers with ties to Play ransomware operators continue to exploit multiple vulnerabilities in remote monitoring and management tool SimpleHelp.

Ohhh…I smell a takedown coming!

Via @jgreig.bsky.social & @therecordmedia.bsky.social

05.06.2025 14:39 β€” πŸ‘ 2    πŸ” 2    πŸ’¬ 1    πŸ“Œ 0
Post image

GreyNoise observed a major spike in scanning against Ivanti products weeks before two zero-days were disclosed in Ivanti EPMM. Full update: www.greynoise.io/blog/surge-i...
#Ivanti #GreyNoise #Cybersecurity #ZeroDays

20.05.2025 19:54 β€” πŸ‘ 8    πŸ” 6    πŸ’¬ 0    πŸ“Œ 0
Preview
Victoria’s Secret website down as company investigates security incident The retailer's domain now features a brief message to customers explaining that it has β€œidentified and are taking steps to address a security incident.”

Victoria’s Secret website down as company investigates security incident

via @jgreig.bsky.social & @therecordmedia.bsky.social

29.05.2025 15:44 β€” πŸ‘ 1    πŸ” 2    πŸ’¬ 1    πŸ“Œ 0
Preview
New Russia-affiliated actor Void Blizzard targets critical sectors for espionage | Microsoft Security Blog Microsoft Threat Intelligence has discovered a cluster of worldwide cloud abuse activity conducted by a threat actor we track as Void Blizzard, who we assess with high confidence is Russia-affiliated and has been active since at least April 2024. Void Blizzard’s cyberespionage operations tend to be highly targeted at specific organizations of interest to Russia, including in government, defense, transportation, media, non-governmental organizations (NGOs), and healthcare sectors primarily in Europe and North America.

Microsoft has discovered a cluster of worldwide cloud abuse activity by new Russia-affiliated threat actor Void Blizzard (LAUNDRY BEAR), whose cyberespionage activity targets gov't, defense, transportation, media, NGO, and healthcare in Europe and North America. https://msft.it/63324S9Jkp

27.05.2025 09:55 β€” πŸ‘ 34    πŸ” 23    πŸ’¬ 1    πŸ“Œ 5
Post image

Dutch intelligence discover a new Russian APTβ€”LAUNDRY BEAR

www.aivd.nl/documenten/p...

Microsoft calls it Void Blizzard. Their report is here: www.microsoft.com/en-us/securi...

27.05.2025 12:11 β€” πŸ‘ 22    πŸ” 12    πŸ’¬ 1    πŸ“Œ 1
Preview
Ivanti patches two zero-days under active attack as intel agency warns customers Vendor says vulns are linked with 2 mystery open source libraries integrated into EPMM product Australia's intelligence agency is warning organizations about several new Ivanti zero-days chained for remote code execution (RCE) attacks. The vendor itself has said the vulns are linked to two mystery open source libraries which it declined to name.…

Ivanti patches two zero-days under active attack as intel agency warns customers

14.05.2025 16:35 β€” πŸ‘ 7    πŸ” 3    πŸ’¬ 0    πŸ“Œ 0
Preview
Russia's APT28 accused of infiltrating Western logistics, technology firms Int'l partners destroy Lumma Stealer infrastructure, IT contractor breach led to M&S attack, Interlock stole data from West Lothian, 70K Coinbase customers exposed, EU sanctions GRU for disinformation...

Never a dull day in cybersecurity. Check out today's Metacurity for the critical infosec developments you need to know.
www.metacurity.com/russias-apt2...

22.05.2025 12:57 β€” πŸ‘ 8    πŸ” 4    πŸ’¬ 0    πŸ“Œ 0
Post image

"A global law enforcement operation coordinated by Europol has struck a major blow to the criminal underground, with 270 arrests of dark web vendors and buyers across ten countries"

www.europol.europa.eu/media-press/...

22.05.2025 15:50 β€” πŸ‘ 12    πŸ” 3    πŸ’¬ 1    πŸ“Œ 0
Preview
China-Nexus Threat Actor Actively Exploiting Ivanti Endpoint Manager Mobile (CVE-2025-4428) Vulnerability On Thursday, May 15, 2025, Ivanti disclosed two critical vulnerabilities - CVE-2025-4427 and CVE-2025-4428 - affecting Ivanti Endpoint Manager Mobile (EPMM) version 12.5.0.0 and earlier.

A Chinese APT (UNC5221) is behind recent attacks exploiting an Ivanti zero-day (CVE-2025-4427)

This is a known Chinese APT group that seems to be specialized in Ivanti and other Western enterprise products... they have a long list of past zero-days in their name

blog.eclecticiq.com/china-nexus-...

22.05.2025 11:32 β€” πŸ‘ 7    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0

cc @likethecoins.bsky.social

22.05.2025 11:41 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

πŸ‡¨πŸ‡³ UNC5221 China-Nexus Threat Actor Actively Exploiting Ivanti EPMM (CVE-2025-4428).Targets critical networks like US airports and Telecommunications companies in EU. Exfiltrating sensitive data from managed mobile devices. #cyber

Here is the full report:

blog.eclecticiq.com/china-nexus-...

22.05.2025 11:34 β€” πŸ‘ 4    πŸ” 1    πŸ’¬ 1    πŸ“Œ 0
Post image

-Ransomware IAB spreads trojanized KeePass installer
-APT28 targets email servers with XSS attacks
-Good report on DPRK cyber and IT worker schemes
-Russia uses USAID shutdown in info-op targeting Moldova
-RU disinfo group Storm-1516 is behind the Macron coke memes

16.05.2025 08:29 β€” πŸ‘ 6    πŸ” 1    πŸ’¬ 1    πŸ“Œ 0
Preview
Storm-1516 Deploys AI-Generated Media to Spread Disinformation: Targets European Leaders and Influences Istanbul Peace Talks EclecticIQ analysts assess with high confidence that on May 11, 2025, pro-Kremlin disinformation group Storm-1516 amplified a fabricated story on X, falsely claiming European leaders used drugs while ...

Storm-1516, a pro-Kremlin πŸ‡·πŸ‡Ί disinformation group, launched an AI-driven influence operation to discredit European leaders. πŸ‡ͺπŸ‡Ί blog.eclecticiq.com/storm-1516-d...
@hatr.bsky.social

16.05.2025 15:55 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

πŸŽ‰ Happy to share that my talk has been accepted at Virus Bulletin! I’ll be presenting in πŸ‡©πŸ‡ͺ Berlin on Friday, September 26 at VB2025:

Details: www.virusbulletin.com/conference/v...

See you there! #vbconference #VB2025

02.05.2025 14:27 β€” πŸ‘ 5    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0
Preview
FBI awaits signal that Salt Typhoon is fully excised from telecom firms, official says FBI Deputy Director for Cyber Operations Brett Leatherman said that "there’s a lot of work focused on containment" when it comes to the Salt Typhoon hacks.

The FBI is awaiting signals from telecom victims that Salt Typhoon is fully excised from their systems. My Q&A with Deputy Assistant Director for Cyber Operations Brett Leatherman about Salt Typhoon and other topics at #RSAC2025 below:
www.nextgov.com/cybersecurit...

01.05.2025 19:19 β€” πŸ‘ 5    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0
Post image

Microsoft Teams appears to have been used as part of the cyber kill chain in the Co-Op hack. I've recently seen similar tactics, where threat actors employed voice phishing via Teams calls. It’s a threat worth watching.

01.05.2025 19:43 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

Podcast: risky.biz/RBNEWS418/
Newsletter: news.risky.biz/risky-bullet...

-French government grows a spine and calls out Russia's hacks
-Marks & Spencer sends staff home after ransomware attack
-China accuses US of hacking cryptography provider
-AirBorne vulnerabilities impact Apple's AirPlay

30.04.2025 09:30 β€” πŸ‘ 30    πŸ” 6    πŸ’¬ 1    πŸ“Œ 0
Preview
France accuses Russia's APT28 of a string of serious cyberattacks going back to 2021 Kristi Noem urges "back-to-basics" for CISA, WhatsApp to roll out private processing for new AI features, Indian court blocks Proton Mail, Nova Scotia Power copes with a cyber breach, Israeli hacker-f...

As RSA 2025 gets into full swing, stay ahead of the curve by checking out today's Metacurity for the most critical infosec developments you should know.
www.metacurity.com/france-accus...

30.04.2025 13:51 β€” πŸ‘ 3    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Post image

🚨 Erlang SSH RCE (CVE-2025-32433) is a significant supply chain risks to ICS and OT devices, particularly critical networking equipment like routers, switches, and smart sensors. The public availability of a POC makes this vulnerability especially concerning, as it is straightforward to exploit.

25.04.2025 20:02 β€” πŸ‘ 1    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Post image

Since April 15, 2025, BreachForums 2 was offline. Admin β€œNormal” confirmed its return at breached[.]fi, with no prior data restored. The new site faces skepticism, with some calling it a potential honeypot, likely pushing threat actors toward other platforms.

23.04.2025 20:59 β€” πŸ‘ 3    πŸ” 3    πŸ’¬ 0    πŸ“Œ 0

BreachForums has reportedly resumed operations under a new domain, breached[.]fi

23.04.2025 20:32 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image Post image Post image

Sri Lanka’s Foreign Ministry hit by phishing email posing as peacekeeper notice sent from Pakistan’s Naval Uni (likely breached) β€œpro-rector.admin@bahria.edu.pk.” Malicious link led to fake Gmail login via Railway-hosted page "gs23-production.up.railway[.]app", stealing user credentials and OTPs.

23.04.2025 19:11 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image Post image

Telephone-oriented attack delivery (TOAD) should be part of your threat model. We're seeing a rise in phishing where real human voices trick IT admins or helpdesks. Threat actors even run affiliate programs, paying people to guide victims into RMM installs or password reset.

18.04.2025 21:54 β€” πŸ‘ 5    πŸ” 4    πŸ’¬ 0    πŸ“Œ 1
Preview
In Support of Chris Krebs and SentinelOne Chris Krebs and his current employer are under investigation. If the infosec community unites to speak upΒ for our friends and colleagues and leaves politics out of it, we can help strengthen our share...

I’m speaking up in support of @thekrebscycle.bsky.social & @sentinelone.com
Cybersecurity should be a non-partisan issue that unites us in our shared mission to defend our country.
National security can’t afford the chilling effect on both public & private sector
www.lutasecurity.com/post/in-supp...

12.04.2025 18:41 β€” πŸ‘ 311    πŸ” 103    πŸ’¬ 5    πŸ“Œ 4
Preview
HELLOKITTY RANSOMWAREβ€Šβ€”β€ŠRESURFACED? NOTE: This is a year-long Research project in which I have spent a lot of time spotting and analyzing various samples of HelloKitty Ransomware since its inception.You will get a 360-View on HelloKi…

Rakesh Krishnan has published an in-depth report on the evolution of the HelloKitty ransomware, analyzing samples going as far back as the group's inception back in 2020.

The group doesn't have a leak site active, but new samples are still in the wild.

theravenfile.com/2025/04/10/h...

13.04.2025 10:32 β€” πŸ‘ 7    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Post image

Ransomware brands come and go, but affiliates stay active, favoring repeatable/high-ROI tradecrafts. Many work with multiple RaaS crews at once. Their playbooks aren’t static, affiliates adapt to tech shifts like cloud adoption. Focus on affiliate behavior and hunt the tradecraft. #Ransomware

13.04.2025 11:08 β€” πŸ‘ 2    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0

@whichbufferarda is following 19 prominent accounts