Julian-Ferdinand Vögele

An unlikely couple, a doomed affair and their €64mn ransomware scam How a mysterious tip-off led investigators to uncover the inner workings of a highly unusual hacking operation

In Sirotin’s case, the fatal mistake came in the form of two online purchases — a knife, bought with the same email address used to rent the suspicious servers discovered by investigators, and a pair of plane tickets he had bought for his parents

on.ft.com/4hhtmGd

NOW: US court permanently bans Pegasus spyware maker from hacking WhatsApp.

NSO Group can't help their customers hack WhatsApp etc. ether. Must delete exploits & R&D.

Bad news for NSO. Huge competitive disadvantage for the notorious company.

Big additional win for WhatsApp 1 /

The response to SolarWinds really nerfed the viability of traditional software supply chain compromise and China got the message. The shift to operational enablement compromises ain’t going anywhere and is more viable for the long term.

Wikipedia Says AI Is Causing a Dangerous Decline in Human Visitors “With fewer visits to Wikipedia, fewer volunteers may grow and enrich the content, and fewer individual donors may support this work.”

Wikipedia is seeing a significant decline in human traffic because more people are getting the information that’s on Wikipedia via generative AI chatbots that were trained on its articles and search engines that summarize them without actually clicking to the site

www.404media.co/wikipedia-sa...

Paragon Solutions (US) has terminated its 🇺🇸 lobbying registration with law firm Holland & Knight. The filing is dated 15 October, but the termination took effect on 25 April. Paragon’s owner, AE Industrial Partners, still maintains an active registration.

Researchers at NTT present an analysis of OtterCandy and detail the update observed in August 2025. This malware was used by WaterPlum (also known as Famous Chollima or PurpleBravo). jp.security.ntt/insights_res...

-The F5 hack
-EU MEP files criminal complaint against Hungary PM over hacking
-Bulletproof hoster shuts down due to political reasons
-PowerSchool hacker sentenced to four years
-Four airports hacked across NA

Newsletter: news.risky.biz/risky-bullet...
Podcast: risky.biz/risky-bullet...

YouTube video by Recon Conference Recon 2025 - A Trip to Ancient BABYLON: Unearthing a 2017 Pegasus Persistence Exploit

Recording of our REcon talk about a 2017 iOS persistence exploit used by NSO's Pegasus—and other threat actors too—is out. @billmarczak.org and me of @citizenlab.ca at @reconmtl.bsky.social.

youtu.be/ZlopMtjsVRw

Neue Hinweise auf ungarische Spionage in Brüssel Der ungarische Oppositionsführer Péter Magyar war selbst in der ständigen Vertretung Ungarns in Brüssel stationiert und schildert seine Erinnerungen in einem Post

🇭🇺🕵️‍♂️ Nach unserer @spiegel.de @derstandard.at @papertrailmedia.de @direkt36.bsky.social Recherche: Péter Magyar – heute Oppositionsführer, früher Diplomat in Ungarns EU-Vertretung in Brüssel – bekräftigt Spionagevorwürfe gegen Orbáns Regierung: „allgemein bekannt“ www.derstandard.at/story/310000...

New from last night: F5 CEO François Locoh-Donou is personally briefing customers about the China-linked hackers who were in the company’s network for at least 12 months

Révélations sur le « Group 78 », une unité secrète américaine chargée de la lutte contre les cybercriminels En novembre 2024, la présentation de cette task force par le FBI à des policiers et des magistrats européens a choqué certains enquêteurs. Ils craignent notamment pour l’intégrité de leurs investigati...

Scoop : révélations sur le "Group 78", l'unité secrète du FBI chargée de faire la guerre aux cybercriminels, quitte à utiliser des méthodes illégales et au risque de faire dérailler les enquêtes judiciaires européennes (avec @flrnd.bsky.social et @kaibiermann.bsky.social). Thread ⤵️

Cyber giant F5 Networks says government hackers had 'long-term' access to its systems, stole code and customer data | TechCrunch The company, which provides cybersecurity defenses to most of the Fortune 500, said the DOJ allowed it to delay notifying the public on national security grounds.

This one's a wild/messy one: Cyber giant F5, which serves most of the Fortune 500, said unknown government hackers had 'long term' access to its network:

• stole source code, some customer data
• accessed undisclosed vulns in BIG-IP
• DOJ allowed F5 to delay public notice citing national security

-Windows 10 reaches End-of-Life
-CISA layoffs didn't touch cyber personnel
-US seizes $15 billion from cyber scam compound operator
-Secure Boot bypass impacts 200k Framework systems
-German police take down 1,400 scam sites

Podcast: risky.biz/RBNEWS491/
Newsletter: news.risky.biz/risky-bullet...

Exclusive: Assad government secretly moved mass grave to cover up killings, Reuters investigation finds From 2019 to 2021, Syria’s authoritarian government carried out a secret operation to move tens of thousands of bodies from the exposed Qutayfah mass grave to a hidden site in the desert east of Damascus. The goal of the clandestine reburial was to hide evidence of atrocities as Bashar Assad tried to regain international standing.

🚨🚨🚨 Reuters journalists have discovered an enormous, secret mass grave in Syria — likely with tens of thousands of bodies. The graves are part of 2-year conspiracy by Assad’s forces to excavate one of Syria’s largest known mass graves and hide bodies in the desert. www.reuters.com/world/middle...

‘I love Hitler’: Leaked messages expose Young Republicans’ racist chat Thousands of private messages reveal young GOP leaders joking about gas chambers, slavery and rape.

EXCLUSIVE: Thousands of leaked messages show leaders of Young Republican groups joking about gas chambers, slavery and rape in a private Telegram chat.

Inside rising GOP leaders’ racist chats — obtained by POLITICO and spanning more than 7 months👇

🚨 NEU: “Wir können dafür ins Gefängnis kommen”– dieser Satz steht im Zentrum unserer neuen Recherche. 🚨
Es wird verrückt: Strafbare Sanktionsumgehung, ein Undercover-Einsatz, ein überwachter Vatikan-Reporter, prominente Opfer & Red Bull. Willkommen zu #SurveillanceSecrets

Satellites Are Leaking the World’s Secrets: Calls, Texts, Military and Corporate Data With just $800 in basic equipment, researchers found a stunning variety of data—including thousands of T-Mobile users’ calls and texts and even US military communications—sent by satellites unencrypte...

Researchers pointed a satellite dish at the sky for 3 years and monitored what unencrypted data it picked up. The results were shocking: They obtained thousands of T-Mobile users' phone calls and texts, military and law enforcement secrets, much more: www.wired.com/story/satell... 🧵👇

Ukraine takes steps to launch dedicated cyber force for offensive strikes Ukraine lawmakers are considering uniting the country's offensive and defensive military cyber capabilities under a single command within the Armed Forces.

If new legislation passes, Ukraine’s Cyber Forces will conduct military cyber operations, gather intelligence, hunt threats in cyberspace and defend military systems while building secure infrastructure for the country's armed forces therecord.media/ukraine-take...

YouTube video by Three Buddy Problem Apple Exploit-Chain Bounties, Tactical Wi-Fi Exploit Suitcases

An all-new Three Buddy Problem for your weekend earholes. Apple exploits chains, Oracle + ransomware, Ivanti 0days, VT pricing tiers @craiu.bsky.social @jags.bsky.social
youtu.be/qPj9_8azAvk?...

YouTube video by Three Buddy Problem Tactical Suitcase x iPhone WiFi Exploits #apple #wifi #tacticalgear #spyware #exploit #iPhone #iOS

Costin on million-dollar "tactical suitcases" with iPhone wireless proximity exploits @craiu.bsky.social @jags.bsky.social
www.youtube.com/shorts/r3vu_...

-Microsoft revamps Edge's "IE Mode" after zero-day attacks
-FBI seizes Salesforce extortion site
-New round of CISA layoffs
-Apple doubles bug bounty rewards
-White House rescinds NSA&CyberCom chief nomination

Newsletter: news.risky.biz/microsoft-re...
Podcast: risky.biz/RBNEWS490/

Spyware maker NSO Group confirms acquisition by US investors | TechCrunch NSO Group confirmed to TechCrunch that an unnamed group of American investors has taken “controlling ownership” of the surveillance tech maker.

SCOOP: Spyware maker NSO Group confirmed to us that the company has been acquired by a U.S. investment group.

NSO's spokesperson said the group "has invested tens of millions of dollars in the company and has acquired controlling ownership," but declined to say who is behind the investment.

Apple Announces $2 Million Bug Bounty Reward for the Most Dangerous Exploits With the mercenary spyware industry booming, Apple VP Ivan Krstić tells WIRED that the company is also offering bonuses that could bring the max total reward for iPhone exploits to $5 million.

As Apple expands its bug bounty, I spoke with VP Ivan Krstić about the significance + recent big swings like Memory Integrity Enforcement. These steps protect all users, but particularly those targeted by spyware: “We feel a great moral obligation to defend those users” www.wired.com/story/apple-...

NEW: Pegasus spyware coming to America?

An ex-Adam Sandler producer with ties to China is trying to acquire NSO Group.

Again.

Simonds fronted this before in 2023 & failed. But the backers haven't given up. Why?

Where is the money coming from? 1/

www.globes.co.il/news/article...

-EU scraps Chat Control vote
-Ukraine establishes a Cyber Force
-CISA workers reassigned to immigration enforcement
-Teenagers arrested for Kido hack
-Salesforce will not pay the ransom
-US Court halts FCC data breach rules

Newsletter: news.risky.biz/risky-bullet...
Podcast: risky.biz/RBNEWS489/

Germany’s AfD expels Hamburg lawmaker Robert Risch over participation in far-right congress in St. Petersburg Germany’s far-right Alternative for Germany (AfD) party has expelled Hamburg state lawmaker Robert Risch from its parliamentary group after he attended an international gathering of radical nationalis...

Germany’s AfD expels Hamburg lawmaker Robert Risch over participation in far-right congress in St. Petersburg

The Sept. 12 congress at the Mariinsky Palace brought together radical nationalists and neo-Nazis from 14 countries, from Hungary to Argentina.

The hack against software giant Red Hat is part of a larger campaign that is targeting AWS cloud accounts.

A group named the Crimson Collective is using compromised IAM accounts to access and pilfer corporate AWS environments.

www.rapid7.com/blog/post/tr...

(S+) EU: Wie Ungarns Agenten in Brüssel Informanten anzuwerben versuchten Ungarische Spione trieben wohl jahrelang ihr Unwesen in Brüssel. Recherchen zeigen erstmals, dass sie sogar EU-Beamte rekrutieren wollten.

Hungary uses spies within the EU to close an information gap due to their public positioning in political matters that often is at odds with what the bloc is doing/saying

www.spiegel.de/ausland/eu-w...

Il caso Paragon si allarga agli imprenditori: anche Caltagirone spiato Il telefono del finanziere romano tra i protagonisti del riassetto del sistema bancario sarebbe stato attaccato con lo spyware che ha colpito anche giornalisti…

According to reconstructions, in Dec 2024 the ☎️number used by Caltagirone was added to a WhatsApp chat with contacts known to him, within which a PDF file had been shared. Shortly afterwards, the chat & the PDF disappeared.

✍️ @faffa42.bsky.social & Gianluca Paolucci.
www.lastampa.it/economia/202...

🚨 According to @irpimedia.eu & @lastampa.bsky.social, prominent 🇮🇹 Italian businessman Francesco Gaetano Caltagirone has been added to the list of people who last January received a message from WhatsApp informing them that they had been targeted with Paragon's Graphite #spyware.