অর্ঘ্য 🏏 📚 💻

The ministry's advice: "don't respond to suspicious emails."

The attacker, who already has the data: "no worries, you don't have to."
3/3

They accessed data on 1.2 million accounts: IBANs, account holder identities, addresses, sometimes tax IDs.

The civil servant had login credentials with access to all (?) bank accounts in France as part of "inter-ministerial data sharing." What could go wrong!
2/3

France's Ministry of Finance admits that someone hijacked a civil servant's login credentials and had been poking around FICOBA, the national bank account registry.
1/3

🇺🇸 US Launches $200Mn ‘Edge AI’ Package For Indo-Pacific

The US State Department unveiled a funding push of up to $200 Mn to accelerate secure, “trusted” next-gen smartphones and AI software ecosystems across the Indo-Pacific.

Cellebrite cut off Serbia citing abuse of its phone unlocking tools. Why not others? | TechCrunch Cellebrite, which makes phone unlocking and hacking tools, stopped sales to countries that allegedly abused its tools. But after new allegations in Jordan and Kenya, the company has changed its approach.

Last year, Cellebrite stopped Serbia from using its tools after allegations of misuse it's tools to hack into the phone of a journalist.

Now there are similar allegations in Kenya and Jordan, and Cellebrite is taking an entirely different approach.

🔗 http://techcrunch.co...

It’s unclear if the threat actor’s replacement of BRICKSTORM with GRIMBOLT was part of a pre-planned life cycle iteration by the threat actor or a reaction to incident response efforts led by Cybersecurity industry partners like Mandiant & Crowdstrike.
10/10

The attackers edited a legitimate shell script to launch the backdoor each time the script is run.

The analysts were unable to pinpoint how the attackers achieved initial access to affected systems, but UNC6201 is known to target edge appliances.
9/10

According to Mandiant & GTIG, the GRIMBOLT backdoor is built in a way that turns it directly into machine code before it’s run, which makes it easier to run on small devices & harder to detect via static analysis.
8/10

The BRICKSTORM backdoor is a known threat, wielded by UNC5221 & related threat clusters, deployed on appliances that do not support traditional endpoint detection & response (EDR) tools. This allows the attacker to keep their presence in target organizations’ networks quiet.
7/10

The attackers deployed stealthy backdoors (BRICKSTORM and GRIMBOLT), a webshell (SLAYSTYLE) & maintained long-term access inside targeted networks.
6/10

The issue, officially named CVE-2026-22769, involves hardcoded credentials. This means the software came with a built-in username and password that could not be easily changed.
5/10

As we know it, these types of tools are vital for keeping digital services running, which makes them a prime target for those looking to steal information.

Earlier this month, CISA revised its report on the BRICKSTORM with the latest indicators.

🔗 www.cisa.gov/news-ev...
4/10

The problem affects Dell RecoverPoint for Virtual Machines, a tool designed to help businesses recover their data if their systems fail.

www.dell.com/support...
3/10

UNC6201 Exploiting a Dell RecoverPoint for Virtual Machines Zero-Day | Google Cloud Blog UNC6201 utilizes a newly discovered zero-day in Dell RecoverPoint for Virtual Machines to deliver BRICKSTORM and subsequently backdoors.

According to reports from Google’s Threat Intelligence Group (GTIG) and the cybersecurity firm Mandiant, a group of hackers linked to China has been exploiting this weakness since at least mid-2024.

🔗 cloud.google.com/blo...
2/10

A major security vulnerability has been identified in a Dell product used by many companies to protect their virtual data.

UNC6201 - a China-Linked Hackers Use Dell RecoverPoint Flaw to Drop GrimBolt Malware. 🧵 👇

🔗 www.crowdstrike.com/...
1/10

Hackers stole 2 quadrillion bytes of data from Israelis in recent years, cyber chief tells 'Post' Israel National Cyber Directorate (INCD) Chief Yossi Karadi told The Jerusalem Post that Israel is among the three countries most targeted by hackers worldwide.

A stunning two petabytes (two quadrillion bytes) of data has been hacked from Israelis in recent years, Israel National Cyber Directorate (INCD) Chief Yossi Karadi told The Jerusalem Post.

🔗

Ex-intel official discusses the risks and opportunities presented by revolutions in AI "You can defend well hundreds of times, but they only have to get through once," the former official noted. "It is always harder to protect than it is to attack."

"You can defend well hundreds of times, but they only have to get through once," the former official noted. "It is always harder to protect than it is to attack."

🔗

The Bank Secrecy Act enables this surveillance infrastructure, and companies like Persona profit from building digital panopticons that would make Orwell blush.

Crypto like Ethereum is the antidote: permissionless, no KYC at the protocol level, no central point of failure...
7/7

The researchers confirmed that the government platform (withpersona-gov.com) runs the SAME codebase as the commercial platform, verified through matching git commits...
6/7

It is important to note that all of this was discovered through passive reconnaissance using Shodan, certificate transparency logs, DNS records, and public source maps, no systems were breached. None of it was hidden. It was all internet-facing...
5/7

When you hand over your passport to use a chatbot, your biometrics end up in permanent government watchlist databases.

This is the digital panopticon in action, and it's exactly what Bitcoin skeptics of KYC have been warning about for years.
4/7

This isn't some conspiracy theory. This is the smoking gun that privacy advocates have been looking for.

Code references include intelligence program codenames "Project SHADOW" & "Project LEGION."

The 53MB of unprotected source code sitting on a FedRAMP government endpoint.
3/7

The KYC provider #Persona has been running 269 different verification checks on your face, comparing your selfie to every politician on Earth, and filing reports directly with government agencies.

Remember #Prism program from #SnowdenLeaks? Such co-operations are not new.
2/7

Security researchers just exposed a secret AI surveillance machine that's been watching millions of OpenAI users behind the scenes for over two years. 🧵 👇

The researchers original writeup can be found here:

🔗 vmfunc.re/blog/persona/
1/7

Portugal charges man with espionage for stealing NATO officer’s digital devices A 23-year-old Portuguese national hoodwinked hotel staff into letting him into the room of a Swedish naval official, and then tried to sell what he stole to a Russian embassy employee.

A man allegedly stole a Laptop & iPad belonging to a NATO official (Swedish naval official) visiting Lisbon has been charged with attempted espionage, as he tried to sell what he stole to a Russian embassy employee, says Portugal's Prosecution service.

🔗

PromptSpy ushers in the era of Android threats using GenAI ESET researchers discover PromptSpy, the first known Android malware to abuse generative AI in its execution flow.

Cybersecurity researchers at ESET have discovered #PromptSpy - The first known Android #malware to abuse generative AI (Gemini) in its execution flow:

🔗

Takeaways:

• Massiv is a completely new Device Takeover malware family.

• Its remote control (RCE) abilities lead to confirmed fraudulent cases across southern Europe (🇪🇸 🇵🇹 🇫🇷).

• IPTV applications are increasingly becoming mobile malware distribution channel.

Massiv: When your IPTV app terminates your savings Massiv is a new Device Takeover (DTO) malware family without direct links to other known threats, masquerading as an IPTV app.

Mobile Threat Intelligence (MTI) researchers at #ThreatFabric discovered yet another freshly baked Android banking Trojan, which they named "Massiv", and it's acting as an IPTV app to lure victims.

Read the full report 👇
🔗

This vulnerability is only triggerable within WebAssembly functions optimized by Ion, as the mechanism doesn’t exist in the Baseline compiler.
9/9

The typo caused the forwarding pointer to be set to 0, which inadvertently satisfied the condition for identifying an array as inline in the isDataInline() function: return (headerWord & 1) == 0;.
8/9