SwitHak (👁️)

DSA test after the publication of U.S. NSS.
Reaction to this one is important!

La France dénonce avec la plus grande fermeté la restriction de visa prise par les Etats-Unis à l'encontre de Thierry Breton, ancien ministre et Commissaire européen, et quatre autres personnalités européennes.

1/3

We have identified 120 Cisco Secure Email Gateway/ Cisco Secure Email and Web Manager likely vulnerable to CVE-2025-20393 (over 650 fingerprinted exposed). CVE-2025-20393 is exploited in the wild, with no patch available. Follow Cisco recommendations at sec.cloudapps.cisco.com/security/cen...

English version (PDF)
↘️
www.fe-ddis.dk/globalassets...

FE Danish Defence Intelligence Service (DDIS)🇩🇰 assesses that Russia🇷🇺 was behind a destructive cyberattack against a Danish🇩🇰 water💧 utility in 2024 & DDoS attacks against Danish🇩🇰 websites🌐 leading up to the municipal and regional council elections🗳️ in 2025
↘️
www.fe-ddis.dk/da/nyheder/2...

You asked for our traditional #CfP meme-guideline for #PIVOTcon26 - here it is 🥳🎉
Reminder:
- one track,30m
- no recording/streaming/tweeting.
- No TLP:WHITE
- Original content only
#CTI #ThreatIntel #ThreatResearch 1/7

#TSW #Intellexa #IntellexaLeaks #Spyware

CISA has updated its directive to agencies about patching vulnerable Cisco firewalls after some agencies attested to compliance despite updating to software versions that were still vulnerable. Hackers are still breaching agencies using these vulns. www.cisa.gov/ed-25-03-gui...

Эксклюзив: в России ограничили регистрацию пользователей в Telegram и WhatsApp* От российских операторов потребовали прекратить передачу SMS и звонков со стороны Telegram и WhatsApp*

Russian telecom operators are blocking calls and SMS messages used by Telegram and WhatsApp two-factor authentication service.

The blocking is also affecting new user account registrations

kod.ru/telegram-i-w...

📣 Germany's close to reversing its opposition to mass surveillance & private message scanning, & backing the Chat Control bill. This could end private comms-& Signal-in the EU.

Time's short and they're counting on obscurity: please let German politicians know how horrifying their reversal would be.

📱 Silent Smishing: The Hidden Abuse of Cellular Router APIs

Our latest #CTI investigation from Sekoia #TDR team uncovers a novel #smishing vector abusing Milesight industrial cellular router APIs to send phishing #SMS at scale.

blog.sekoia.io/silent-smish...

J.S. Citizenshit and Immigratior Services September 20, 2025 Memorandum TO: Associate Directors, Deputy Associate Directors, Program Office Chiefs FROM: JOSEPH B Digitaly signed by JOSEPH B EDLOW Joseph B. Edlow EDLOW Date: 2025.09.20 Director, United States Citizenship and Immigration Services **00 SUBJECT: Proclamation, Restriction on Entry of Certain Nonimmigrant Workers, H-IB On September 19, 2025, the President issued a Proclamation, Restriction on Entry of Certain Nonimmigrant Workers, to address systemic abuse of H-1B nonimmigrant visas. Pursuant to sections 212(f) and 215(a) of the Immigration and Nationality Act (INA), 8 U.S.C. 1182(f) and 1185(a), the entry into the United States of aliens as nonimmigrants to perform services in a specialty occupation under section 101(a)(15)(H)(i)(b) of the INA, 8 U.S.C. 1101(a)(15)(H)(i)(b), is restricted, except for those aliens whose petitions are accompanied or supplemented by a payment of $100,000. This guidance applies to H-IB employment-based petitions filed after 12:01 AM ET on September 21, 2025.| This proclamation only applies prospectively to petitions that have not yet been filed. The proclamation does not apply to aliens who: are the beneficiaries of petitions that were filed prior to the effective date of the proclamation, are the beneficiaries of currently approved petitions, or are in possession of validly issued H-1B non-immigrant visas. All officers of United States Citizenship and Immigration Services shall ensure that their decisions are consistent with this guidance. The proclamation does not impact the ability of any current visa holder to travel to or rom the United States. cc: David V. Roy, Chief Counsel (A) FOUO, For Official Use Only

NEW: Hours before a new entry ban is supposed to go into effect, the federal government officially acknowledges for the first time that the restrictions do NOT apply to people who currently have H-1B visas.

Link: www.uscis.gov/sites/defaul...

French🇫🇷 diplomatie announced the creation of a dedicated account @FrenchResponse on X/Twitter Social Network to respond to those who want to harm French 🇫🇷 reputation
#FIMI #Disinfo #InformationWarfare

Unfortunately, Bluesky is unavailable in Mississippi right now, due to a new state law that requires age verification for all users.

While intended for child safety, we think this law poses broader challenges & creates significant barriers that limit free speech & harm smaller platforms like ours.

Oregon DMV brings in millions selling your information. Here's how. Oregon’s DMV brings in millions of dollars a year selling drivers’ personal information to qualified buyers, from insurance companies to private investigators.

“No one should profit from our personal data, especially without our consent,” EFF’s Lena Cohen told KATU News. “The data broker industry is extremely opaque, and the lack of transparency makes it hard to know when our privacy rights are being violated.”
katu.com/news/invest...

Army Secretary forces West Point to rescind appointment given to Easterly The United States Military Academy abruptly ended the appointment of Jen Easterly to a high-profile academic position in West Point’s Department of Social Sciences, according to a memorandum issued We...

In another episode of “we live in the stupidest timeline,” Jen Easterly, a woman I have (1) never met and (2) did not work for, had her appointment at West Point terminated because Laura Loomer lied about both of us in a tweet.

cyberscoop.com/jen-easterly...

Russia will move its electronic document signing system from its official government portal to the new Max national messenger app

Officials plan to integrate government services into Max by October and transform it into an everything-app for Russians—like China's WeChat.

www.rbc.ru/rbcfreenews/...

Decoding Secrets Through Symbols: How Military Insignia Revealed Russia's Hidden SIGINT Network - CheckFirst Sometimes the best intelligence comes from the most unexpected sources. Our latest investigation proves this by using Russian online military insignia stores to map one of the FSB's most secretive uni...

Decoding Secrets Through Symbols: How Military Insignia Revealed Russia’s Hidden SIGINT Network by @checkfirst.network
↘️
checkfirst.network/decoding-sec...

Armenian National Extradited to the United States Faces Federal Charges for Ransomware Extortion Conspiracy An Armenian national extradited from Ukraine to the United States faces federal charges for his role in Ryuk ransomware attacks and extortion conspiracy targeting companies throughout the United State...

Armenian extradited to US for role in Ryuk ransomware attacks

www.justice.gov/usao-or/pr/a...

Exploitation of CitrixBleed 2 (CVE-2025-5777) Began Before PoC Was Public GreyNoise has observed active exploitation attempts against CVE-2025-5777 (CitrixBleed 2), a memory overread vulnerability in Citrix NetScaler. Exploitation began on June 23 — nearly two weeks before a public proof-of-concept was released on July 4.

🩸& #threatintel | We (GreyNoise) just published a quick note (www.greynoise.io/blo...) regarding CVE-2025-5777 - CitrixBleed 2
1/2

Finally got the time to read it.
So great paper, a lot of red flags and got me some thoughts about how you can apply these lessons to vetting sources in the Cyber ops.
Also a very good case to study!
Thanks for the work @wylienewmark.bsky.social

Congratulations 🎉
I need to find time to read this one, also the other papers in the issue are looking great too 👀

*sarcastic*
That's how you get the big guys to know your service name, important during the budget decision to have support from them, especially in these cuts and DOGE thingies...

Outstanding work from @julianferdinand.bsky.social, @lawrencesec.bsky.social, and our Malicious Infrastructure Discovery (MID) team.

GrayAlpha shows how financially motivated actors operate with APT-level tradecraft.

Time to retire old threat models. Think in terms of ecosystems, not just malware.

NSO Group asks judge for new trial, calling $167 million in damages 'outrageous' | TechCrunch The spyware maker claims the damages it was ordered to pay are "excessive," and that the jury wanted to “bankrupt” the company.

NEW: NSO Group is trying to avoid paying $167 million in damages to WhatsApp.

In a court filing last week, the spyware maker asked the judge to order a new trial, or reduce the damages amount, arguing that the decision was “outrageous," and "reflects the improper desire to bankrupt NSO."

I can't wait to read the SDR that some say it should be released next Week (Monday).

Good work!
Also I would have added the IG/L part to explain why sometimes the technical evidence isn't released.
Also, it would benefit from distinguishing between Political attribution and the Technical one, some states do one, not the other.

License Plate Reader Company Flock Is Building a Massive People Lookup Tool, Leak Shows Flock, which has license plate readers (LPRs) all around the country, wants police to be able to “jump from LPR to person,” according to leaked audio obtained by 404 Media.

New from 404 Media: Flock, the license plate reader company that has cameras all across the U.S., is now building a massive people lookup tool using hacked data. The plan is to "jump from LPR to person." Won't require a warrant. This is according to leak we obtained.

www.404media.co/license-plat...

Exposing DPRK - DTEX Systems Explore DPRK cyber strategy and threat indicators. Uncover how North Korean operatives and IT workers drive global cyber espionage.

Exposing #DPRK:
Nation-State Threat Actors
↘️
www.dtexsystems.com/exposing-dprk/