Joe Roosen's Avatar

Joe Roosen

@jroosen.bsky.social

SpyCloud - Director of Security Research, Cryptolaemus Coordinator, Emotet(Ivan)/QBot(Boris) Destroyer, gold prospector & former sysadmin.

1,955 Followers  |  534 Following  |  88 Posts  |  Joined: 13.05.2023  |  2.1865

Latest posts by jroosen.bsky.social on Bluesky

Post image Post image Post image

Tonight, Iran International TV exposed the identity of a Handala hacking group adminβ€”part of the Banished Kitten cyber unit I've previously reported onβ€”and unmasked his handler in Iran's Ministry of Intelligence.

- Morteza Aftabi-Far
- Ali Bermoudeh

13.08.2025 20:15 β€” πŸ‘ 13    πŸ” 5    πŸ’¬ 1    πŸ“Œ 2
Van Halen - Dreams (Blue Angels)
YouTube video by The Military Aviator Van Halen - Dreams (Blue Angels)

All you need now is Van Halen - Dreams playing for the audio backing track. youtu.be/mGpMUYmqHZM?...

06.08.2025 10:34 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Every Reason Why I Hate AI and You Should Too maybe it's anti-innovation, maybe it's just avoiding hype. But one thing is clear, I'm completely done with hearing about AI.

Every Reason Why I Hate AI and You Should Too

malwaretech.com/2025/08/ever...

04.08.2025 08:32 β€” πŸ‘ 450    πŸ” 184    πŸ’¬ 36    πŸ“Œ 51
Post image

Thanks to a scan conducted by @leakix.bsky.social, we have shared SharePoint IPs confirmed vulnerable to CVE-2025-53770, CVE-2025-53771.

424 SharePoint IPs found on 2025-07-23. One-off data in www.shadowserver.org/what-we-do/n...

Tree map overview: dashboard.shadowserver.org/statistics/c...

24.07.2025 07:05 β€” πŸ‘ 4    πŸ” 3    πŸ’¬ 1    πŸ“Œ 0
Preview
Russia and Belarus plan to create AI model based on β€œtraditional values” Russia and Belarus intend to develop their own artificial intelligence model built on β€œtraditional values” that would be β€œunderstandable” to citizens of both countries.

🀑 Russia and Belarus plan to create AI model based on "traditional values"

11.07.2025 21:29 β€” πŸ‘ 48    πŸ” 9    πŸ’¬ 19    πŸ“Œ 3
Video thumbnail

BREAKING: Massive explosion at fireworks factory in Yolo County, California.

02.07.2025 02:21 β€” πŸ‘ 1205    πŸ” 354    πŸ’¬ 199    πŸ“Œ 676
Preview
Why Does Russia Want Crimea So Badly? Cambridge Professor Rory Finnin Unpacks the β€œCrimea Is Ours” Mindset Russia seized Crimea in 2014, sparking global outrage. Why does this peninsula matter so much, and why is its liberation the only viable solution?

Why do Russians insist Crimea belongs to them?

The answer isn’t just about strategy or borders but a deeply ingrained national myth.

27.06.2025 18:08 β€” πŸ‘ 74    πŸ” 12    πŸ’¬ 2    πŸ“Œ 1
27.06.2025 18:13 β€” πŸ‘ 222    πŸ” 14    πŸ’¬ 3    πŸ“Œ 0
Preview
A prolific hacking group that's shutdown retailers and insurance companies turns to aviation A cyberattack on WestJet last week is likely tied to the Scattered Spider gang, a source tells Axios.

Mandiant is now aware of multiple incidents in the airline sector that resemble Scattered Spider. The industry should button up its call centers where this actor has had a lot of success with social engineering. www.axios.com/2025/06/27/a...

27.06.2025 17:28 β€” πŸ‘ 21    πŸ” 14    πŸ’¬ 0    πŸ“Œ 1
Post image

The General Staff of Ukraine reports: a strike by long-range drones destroyed two Russian Su-34 fighter-bombers at the Marinovka airbase in Russia’s Volgograd region. Two more were damaged.

27.06.2025 17:44 β€” πŸ‘ 360    πŸ” 32    πŸ’¬ 1    πŸ“Œ 1
Post image

The General Staff of Ukraine reports: a strike by long-range drones destroyed two Russian Su-34 fighter-bombers at the Marinovka airbase in Russia’s Volgograd region. Two more were damaged.

27.06.2025 17:37 β€” πŸ‘ 298    πŸ” 18    πŸ’¬ 5    πŸ“Œ 1

I'm going to start a company which will just be entirely driven by people named Al, then I'm going to see how much VC funding I can raise before someone realizes it's an Al company not an AI company.

26.06.2025 00:07 β€” πŸ‘ 265    πŸ” 29    πŸ’¬ 22    πŸ“Œ 4
Preview
Police Arrest BreachForums Admins, Including ShinyHunters and IntelBroker French authorities have arrested five alleged administrators of BreachForums, including prominent figures like ShinyHunters and IntelBroker.

Police Arrest BreachForums Admins, Including ShinyHunters and IntelBroker

25.06.2025 13:26 β€” πŸ‘ 1    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Preview
La police interpelle cinq hackers français de haut vol, derrière un célèbre forum de vol de données Les cybercriminels administraient BreachForums, le plus grand site de revente de données piratées, selon nos informations.

"ShinyHunters", "Hollow", "Noct" and "Depressed" have allegedly been arrested by the Brigade for the Fight against Cybercrime (BL2C) of the Paris police headquarters on Monday.

IntelBroker was allegedly arrested by French law enforcement in February 2025.

Source: www.leparisien.fr/high-tech/la...

25.06.2025 14:13 β€” πŸ‘ 3    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Preview
BreachForums hacking forum operators reportedly arrested in France The French police have reportedly arrested five operators of the BreachForum cybercrime forum, aΒ website used by cybercriminals to leak and sell stolen data that exposed the sensitive information of millions.

The French police have reportedly arrested five operators of the BreachForum cybercrime forum, aΒ website used by cybercriminals to leak and sell stolen data that exposed the sensitive information of millions.

25.06.2025 10:26 β€” πŸ‘ 12    πŸ” 5    πŸ’¬ 0    πŸ“Œ 1
Preview
New β€˜CitrixBleed 2’ NetScaler flaw let hackers hijack sessions A recent vulnerability in Citrix NetScaler ADC and Gateway is dubbed "CitrixBleed 2," after its similarity to an older exploited flaw that allowed unauthenticated attackers to hijack authentication session cookies from vulnerable devices.

A recent vulnerability in Citrix NetScaler ADC and Gateway is dubbed "CitrixBleed 2," after its similarity to an older exploited flaw that allowed unauthenticated attackers to hijack authentication session cookies from vulnerable devices.

25.06.2025 12:10 β€” πŸ‘ 6    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0

Hierarchy of Credential Data Tiers

1. Infostealer Log
2. Stealer Log DBs
3. ULPs/Combolists

2 & 3 are very close to each other in adjacency to the source but 2 is above your average combolist(3). If your creds show in 2 or 3 there is 95%+ chance there is a 1 for that cred too.

20.06.2025 21:45 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
πŸ“£ You’ve probably seen the headline that 16 billion Apple, Facebook, and Google passwords have been leaked, but let’s take a look at the full scope of the situation. | SpyCloud πŸ“£ You’ve probably seen the headline that 16 billion Apple, Facebook, and Google passwords have been leaked, but let’s take a look at the full scope of the situation. ➑️ These 16 billion passwords ar...

For more info on this subject, see the following post: www.linkedin.com/posts/spyclo... 5/5

20.06.2025 00:17 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

There have been many of these DBs over the years & there will be more going forward. Not new, it is business as usual. Best def against this is to not get infected with stealer malware. Short of that, get intel from a provider that parses logs directly. Skip the middle man. 4/5

20.06.2025 00:17 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

It is clear the author intended to put out big numbers to create a stir but don't be fooled. The biggest benefit to this hype alarm going off is to tell you that you need to double check your password hygiene & 2+ factor deployments to ensure you are safe. Circle the wagons! 3/5

20.06.2025 00:17 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

They can/will contain duplication between them & should not be counted as being aggregately unique. They also span back years & contain a great deal of old already reported information via other ways. These 30 are large DBs a step above a regular spray & pray combolist. 2/5

20.06.2025 00:17 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

As you may have already heard, 16 billion credentials were leaked for popular sites. The fine print is this has been happening for years and is a result of the rise of Infostealer malware. These 30 different DBs mentioned in the original article are personalized collections. 1/5

20.06.2025 00:17 β€” πŸ‘ 7    πŸ” 0    πŸ’¬ 1    πŸ“Œ 1
Preview
No, the 16 billion credentials leak is not a new data breach News broke today of a "mother of all breaches," sparking wide media coverage filled with warnings and fear-mongering. However, it appears to be a compilation of previously leakedΒ credentials stolen…

No, the 16 billion credentials leak is not a new data breach vapt.me/16B

20.06.2025 00:12 β€” πŸ‘ 25    πŸ” 8    πŸ’¬ 0    πŸ“Œ 1
Preview
Flash flooding kills 5 in West Virginia, rescue teams searching for missing people Flash flooding caused by torrential rains has killed five people in northern West Virginia and rescue crews are out searching for three other people who are missing.

Flash flooding caused by torrential rains has killed five people in northern West Virginia and rescue crews are out searching for three other people who are missing.

16.06.2025 00:00 β€” πŸ‘ 127    πŸ” 32    πŸ’¬ 8    πŸ“Œ 9
Video thumbnail

TASS: "Iranian television channel Press TV reported new explosions in the city of Tabriz in the northwest of the country."

14.06.2025 09:12 β€” πŸ‘ 3    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0
Post image Post image Post image Post image

BREAKING: New photos shows the destruction from Iranian missile attack on Rishon Lezion, Israel; at least 2 dead, dozens injured.

14.06.2025 09:16 β€” πŸ‘ 4    πŸ” 4    πŸ’¬ 0    πŸ“Œ 0
Video thumbnail

Reports say Jordan closed its airspace to allow Israeli Air Force to intercept incoming Iranian Shahed-136 kamikaze drones. Video shows an Israeli AH-64A/D Apache chasing the drones.

14.06.2025 09:19 β€” πŸ‘ 242    πŸ” 13    πŸ’¬ 3    πŸ“Œ 2
Preview
NHS calls for 1 million blood donors as UK stocks remain low following cyberattack A cyberattack on London hospitals last year led to the depletion of stocks of crucial O-type blood, and the U.K.'s National Health Service is calling for a nationwide effort to shore up supplies.

NHS England issued a call on Monday for 1 million people to give blood this week as stocks remain low following a cyberattack last year. Just 2% of the population β€œis keeping the nation’s blood stocks afloat” said Monday’s announcement, and β€œthere is now a pressing need to avoid a Red Alert.”

09.06.2025 12:25 β€” πŸ‘ 8    πŸ” 4    πŸ’¬ 1    πŸ“Œ 0
Preview
FakeCaptcha Infrastructure HelloTDS Infects Millions of Devices With Malware

FakeCaptcha Infrastructure HelloTDS Infects Millions of Devices With Malware

09.06.2025 12:29 β€” πŸ‘ 11    πŸ” 2    πŸ’¬ 0    πŸ“Œ 1
Post image

πŸ•ΈοΈπŸƒ "Zelensky has no cards…" they said

01.06.2025 21:11 β€” πŸ‘ 16562    πŸ” 2950    πŸ’¬ 406    πŸ“Œ 162

@jroosen is following 19 prominent accounts