The Banshee Queen πŸ‘‘'s Avatar

The Banshee Queen πŸ‘‘

@cyberoverdrive.bsky.social

#threatintel @Recorded Future | Formerly @PwC GTI | Malware & infrastructure analysis with a side of cyberpunk. πŸŒƒπŸŒŒ She/her, support πŸ³οΈβ€πŸŒˆπŸ³οΈβ€βš§οΈβœ¨

806 Followers  |  266 Following  |  79 Posts  |  Joined: 19.11.2024  |  2.3833

Latest posts by cyberoverdrive.bsky.social on Bluesky

Preview
Israeli Spyware Maker NSO Gets New Owners, Leadership and Seeks to Mend Reputation Investors led by Hollywood producer Robert Simonds have taken a controlling stake in the company behind Pegasus, and former Trump official David Friedman has been named executive chairman.

Omfg

"NSO’s new executive chairman, David Friedman, a former U.S. ambassador to Israel and onetime bankruptcy lawyer for President Trump, said he wants to use his ties to the Trump administration to help rebuild the company’s spyware business in the U.S."
www.wsj.com/tech/israeli...

10.11.2025 12:26 β€” πŸ‘ 5    πŸ” 3    πŸ’¬ 0    πŸ“Œ 0
Russia Launches Massive Air Attack on Ukraine, Killing Civilians, Hitting Energy Infrastructure Russia launched a massive overnight attack on Ukraine with drones, Kalibr and Kinzhal missiles, hitting Dnipro’s residential building and energy sites, causing casualties and blackouts.

Kyiv Post - Russia launched a massive overnight attack on Ukraine with drones, Kalibr and Kinzhal missiles, hitting Dnipro's residential building and energy sites, causing casualties and blackouts. www.kyivpost.com/post/63877

08.11.2025 11:06 β€” πŸ‘ 13    πŸ” 16    πŸ’¬ 1    πŸ“Œ 0
Preview
The Shutdown of U.S.A.I.D. Has Already Killed Hundreds of Thousands The short documentary β€œRovina’s Choice” tells the story of what goes when aid goes.

One analytical model shows that, as of November 5th, the dismantling of U.S.A.I.D. has already caused the deaths of 600,000 people, two-thirds of them children. https://newyorkermag.visitlink.me/jUzNSc

06.11.2025 21:00 β€” πŸ‘ 9046    πŸ” 5906    πŸ’¬ 418    πŸ“Œ 1283

Lol

06.11.2025 07:21 β€” πŸ‘ 19    πŸ” 3    πŸ’¬ 1    πŸ“Œ 1
Preview
Active exploitation of Cisco IOS XE Software Web Management User Interface vulnerabilities Cisco has identified active exploitation of two previously unknown vulnerabilities in the Web User Interface (Web UI) feature of Cisco IOS XE software β€” CVE-2023-20198 and CVE-2023-20273 β€” when expose...

Received an alert from us? Act!

Background on CVE-2023-20198/CVE-2023-20273 & the BadCandy implant from over 2 years ago:
blog.talosintelligence.com/active-explo...

#CyberCivilDefense

03.11.2025 20:30 β€” πŸ‘ 3    πŸ” 3    πŸ’¬ 0    πŸ“Œ 0
Post image

"Don’t take BADCANDY from strangers ..."

The Australian Signals Directorate (ASD) recently published an advisory on the BadCandy implant still present in many Cisco IOS XE devices: www.cyber.gov.au/about-us/vie...

We still see around 15 000 Cisco IOS XE devices with the implant

03.11.2025 20:30 β€” πŸ‘ 7    πŸ” 4    πŸ’¬ 1    πŸ“Œ 0
Post image

"The intimidation included approaching country officials during coffee breaks to warn them they might not be able to transit via the US, or that they and their families could face restrictions on entering the country if they acted against American interests..." www.ft.com/content/4e0a...

03.11.2025 22:13 β€” πŸ‘ 15    πŸ” 6    πŸ’¬ 0    πŸ“Œ 1
Post image

-Operation SkyCloak targets Russian, Belarusian militaries
-DarkHotel was pretty active this summer
-Kimsuky's new HttpTroy backdoor
-Linux bug exploited by ransomware groups
-GameMaker IDE vulnerability
-New agent session smuggling attack
-Loads of new tools
-Infosec drama, episode 28,311

03.11.2025 09:35 β€” πŸ‘ 6    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Post image

-Couple loses fortune to scammers
-Valid accounts still rule the day for initial access
-Open VSX rotate leaked creds
-ZeroAccess botnet dev is now a software dev
-BadCandy flourishes in Australia
-New Katreus miner
-Malware reports on Aura Stealer, SectopRATο»Ώ, SleepyDuck RAT, OysterLoader

03.11.2025 09:32 β€” πŸ‘ 6    πŸ” 4    πŸ’¬ 1    πŸ“Œ 0
Preview
China intimidated UK university to ditch human rights research, documents show Sheffield Hallam University apologises to Professor Laura Murphy for restricting her academic freedom.

"The documents she obtained showed the university "had negotiated directly with a foreign intelligence service to trade my academic freedom for access to the Chinese student market," she told the BBC".

www.bbc.com/news/article...

03.11.2025 09:06 β€” πŸ‘ 12    πŸ” 14    πŸ’¬ 1    πŸ“Œ 2
Post image

It shows how platform incentives reshape democratic behaviour. What gains attention defines what feels real, even when it is hollow, and creates the risk that discourse and politics slide into simulated, disordered forms.

03.11.2025 09:04 β€” πŸ‘ 84    πŸ” 11    πŸ’¬ 1    πŸ“Œ 0
Post image

Looks like extraordinary cowardice. "...following pressure from the Chinese state and a separate defamation law suit against the university, Sheffield Hallam decided not to publish a final piece of research by Prof Murphy and her team into forced labour." www.bbc.co.uk/news/article...

03.11.2025 06:29 β€” πŸ‘ 462    πŸ” 183    πŸ’¬ 12    πŸ“Œ 15
Preview
Inside the Great Firewall Part 1: The Dump - DomainTools Investigations | DTI Analysis of the 500GB+ Great Firewall data breach revealing China’s state censorship network, VPN evasion tactics, and the operators behind it.

More research being conducted on the Geedge Networks dataset. @domaintools.bsky.social started a series dissecting the Geedge leak and posted their 1st part out of 3. dti.domaintools.com/inside-the-g... #GFWExport

31.10.2025 12:05 β€” πŸ‘ 7    πŸ” 6    πŸ’¬ 1    πŸ“Œ 0

"Such technofixes for the climate, in fact, lead us down a dangerous road, both because they displace far safer and more reliable optionsβ€”namely the clean energy transitionβ€”and because they provide an excuse for business-as-usual burning of fossil fuels."

01.11.2025 15:30 β€” πŸ‘ 173    πŸ” 47    πŸ’¬ 6    πŸ“Œ 2

This year’s BlackHat Europe lineup actually looks FIRE πŸ”₯

01.11.2025 15:25 β€” πŸ‘ 3    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
CBS News kills its climate unit David Ellison, the new pro-Trump chief executive of Paramount Skydance, has dismantled the best climate change reporting team in cable news.

A scoop that I’m not happy to report:

CBS News has gutted its climate change reporting team, one of the best in the business, and one of the only ones on cable news that consistently called out fossil fuels as the main source of climate pollution.

heated.world/p/cbs-news-k...

31.10.2025 15:51 β€” πŸ‘ 1607    πŸ” 788    πŸ’¬ 58    πŸ“Œ 65
Post image

This three-hops theory is especially insane. Even if you assume each person is connected to only 100 other people, there are 1m people within three hops of every suspected drug traffickerβ€”and remember that even *known* drug traffickers aren’t legitimate targets. www.nytimes.com/2025/10/30/u...

31.10.2025 12:07 β€” πŸ‘ 1768    πŸ” 547    πŸ’¬ 122    πŸ“Œ 174
Preview
You Can't Refuse To Be Scanned by ICE's Facial Recognition App, DHS Document Says Photos captured by Mobile Fortify will be stored for 15 years, regardless of immigration or citizenship status, the document says.

New from 404 Media: you can't refuse to be scanned by ICE's new facial recognition app, according to internal DHS document I obtained. Photos captured by the app are stored for 15 years, including U.S. citizens. We've seen officers scanning faces w/ phones on streets

www.404media.co/you-cant-ref...

31.10.2025 13:49 β€” πŸ‘ 1176    πŸ” 802    πŸ’¬ 81    πŸ“Œ 137
Preview
UNC6384 Weaponizes ZDI-CAN-25373 Vulnerability to Deploy PlugX Against Hungarian and Belgian Diplomatic Entities - Arctic Wolf Arctic Wolf Labs has identified an active cyber espionage campaign by Chinese-affiliated threat actor UNC6384 targeting European diplomatic entities in Hungary, Belgium, and additional European nation...

But I thought Microsoft said it wasn't worth fixing? "Microsoft classified this as low severity and this will not be patched in the immediate future." arcticwolf.com/resources/bl...

30.10.2025 19:42 β€” πŸ‘ 4    πŸ” 5    πŸ’¬ 0    πŸ“Œ 0
Preview
BRONZE BUTLER exploits Japanese asset management software vulnerability The threat group targeted a LANSCOPE zero-day vulnerability (CVE-2025-61932)

Sophos has linked the recent Lanscope zero-day to Bronze Butler (Tick)

news.sophos.com/en-us/2025/1...

30.10.2025 20:25 β€” πŸ‘ 5    πŸ” 3    πŸ’¬ 0    πŸ“Œ 0

I was recently talking to someone who worked on tracking Chinese botnets. We talked about ways to impact them and settled on β€œfixing the IoT ecosystem”. Then we had a good laugh and changed the subject because obviously that’s never going to happen.

30.10.2025 11:34 β€” πŸ‘ 7    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0

The central lie β€” the key dishonesty β€” of modern conservatism is that being judgmental about the ethnicity or language or culture of the person next door is fine and acceptable, but being judgmental of that attitude is elitist and arrogant and closed-minded. What vapid bullshit.

29.10.2025 17:09 β€” πŸ‘ 1022    πŸ” 249    πŸ’¬ 21    πŸ“Œ 6
Preview
Revealed: Israel demanded Google and Amazon use secret β€˜wink’ to sidestep legal orders The tech giants agreed to extraordinary terms to clinch a lucrative contract with the Israeli government, documents show

Revealed: Israel demanded Google and Amazon use secret β€˜wink’ to sidestep legal orders www.theguardian.com/us-news/2025...

29.10.2025 15:28 β€” πŸ‘ 112    πŸ” 65    πŸ’¬ 8    πŸ“Œ 6

CBO: $542 billion to defend against 1-2 missiles
DIA: North Korea could have 50 by 2035

www.dia.mil/articles/pre...

29.10.2025 12:58 β€” πŸ‘ 18    πŸ” 9    πŸ’¬ 3    πŸ“Œ 2
Preview
Exclusive: CEO of spyware maker Memento Labs confirms one of its government customers was caught using its malware Security researchers found a government hacking campaign that relies on Windows spyware developed by surveillance tech maker Memento Labs. When reached by TechCrunch, the spyware maker's chief executi...

SCOOP: On Mon, Kaspersky said it found new spyware called Dante targeting Windows users in Russia & Belarus, saying the spyware was developed by Milan-based Memento Labs.

Memento's CEO confirmed to TechCrunch that Dante is its spyware, and blamed one of its government customers for getting caught.

29.10.2025 05:09 β€” πŸ‘ 42    πŸ” 21    πŸ’¬ 0    πŸ“Œ 2
Preview
LG Uplus is latest South Korean telco to confirm cybersecurity incident | TechCrunch Korean telecom giant LG Uplus is the third major phone provider in the past six months to report a cybersecurity incident.

Welp. That's the third telco in South Korea to have reported a data breach in the past six months, after SK Telecom and KT.

29.10.2025 03:57 β€” πŸ‘ 35    πŸ” 18    πŸ’¬ 0    πŸ“Œ 0

Not me literally butting into my teammates' day just to be like "yooooooo what's up let's chat!!!" and them expecting me to talk to them about some really high-priority CTI finding and me being like "I just missed u hehe πŸ₯° " #wholesomeCTI

28.10.2025 14:36 β€” πŸ‘ 5    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

Ransomware payment rates have dropped below 25% for the first time in history.

Coveware says cyber defenders, law enforcement, and legal specialists should take this as a validation of their efforts.

www.coveware.com/blog/2025/10...

26.10.2025 11:14 β€” πŸ‘ 72    πŸ” 12    πŸ’¬ 2    πŸ“Œ 3
Incident Response Chaos Club Incident Response Chaos Club - embracing the chaos of cybersecurity through DFIR, incident response, and security research.

Yo! Kinda forgot to post here but I created irchaos.club.

I'll let yall discover it :)

25.10.2025 04:35 β€” πŸ‘ 6    πŸ” 5    πŸ’¬ 0    πŸ“Œ 1

@cyberoverdrive is following 20 prominent accounts