Cedric Pernet

Notepad ++ hijacked by state sponsored group, updates mechanism hijacked to spread fake update to a very specific set of selected targets

notepad-plus-plus.org/news/hijacke...

For those who read our piece about crypto scam compound whistleblower Red Bull, I've verified that this is his real Bluesky account below.

Thank for your incredible courage and all your work to achieve justice, @mohammadmuzahir02.bsky.social.

Can’t stop, won’t stop: TA584 innovates initial access

www.proofpoint.com/us/blog/thre...

#ClickFix #cybercrime #TA584 #ThreatActor #SocialEngineering #EMail #Tsundere #IAB

Fell on this nice #malware analysis and noticed I did not know about "anti-termination signal handling", so super interesting for me - evilcel3ri.github.io/2026/01/16/s...
#threatintel #CTI #cybercrime

Cet article est un must-read qui nous éclaire sur les problématiques liées à l' #AdInt

J'utilise Obsidian mais récemment j'ai entendu beaucoup de bien de triliumnotes.org ... Je ne sais pas si tu as testé.

Ouais, plus on vieillit moins on a de patience avec ces conneries. Et je parle pas de ces PUTAINS DE PROBLEMES D'IMPRIMANTE ! ;-)

Release v1.11.0 · VirusTotal/yara-x Make the parser stricter (#502). Implement dex module (#458). Implement C api console log (#515). Implement permhash for the crx module (#510). Implement the imports() method for the Rules object i...

github.com/VirusTotal/y... - 1.11.0 is out! Lots of new features, modules and bug fixes. Read the release notes and congrats to Victor and the contributors!

FBI FLASH: North Korean Kimsuky Actors Leverage Malicious QR Codes in Spearphishing Campaigns Targeting U.S. Entities www.ic3.gov/CSA/2026/260... #cybersecurity @gate15.bsky.social

404 Media has obtained material that explains how two surveillance systems ICE recently purchased, work. One can track phones without a warrant and follow their owners home or to their employer. @evystadium.bsky.social has more.

Scoop by @josephcox.bsky.social: www.404media.co/inside-ices-...

"Among the government bodies listed on documents seen by Intelligence Online are 🇵🇰Pakistan and its defence ministry, 🇮🇩Indonesia's State Intelligence Agency, the 🇲🇲Myanmar Police Force, 🇲🇽Mexico's army and navy and 🇻🇪Venezuela's defence ministry."

www.intelligenceonline.com/americas/202...

Music ;-)

I never use such services when I don't know who's behind it.

"Made with ♥ in Pakistan"

Common mistake for some CTI people: flagging a web provider's parking IP addresses as malicious. Please check carefully. This can lead to total nonsense attribution/pivots when unverified. #fail #ThreatIntelligence

Meet Rey, the Admin of ‘Scattered Lapsus$ Hunters’ A prolific cybercriminal group that calls itself "Scattered LAPSUS$ Hunters" made headlines regularly this year by stealing data from and publicly mass extorting dozens of major corporations. But the ...

Brian Krebs identified the real-world identity of Rey, a key administrator of Scattered Lapsus$ Hunters, a hacking group blamed for dozens of high profile hacks.

The hacker, identified as a Jordanian teenager, agreed to be interviewed after Krebs tracked him down and contacted his father.

The Destruction of a Notorious Myanmar Scam Compound Appears to Have Been ‘Performative’ Myanmar’s military has been blowing up parts of the KK Park scam compound. Experts say the actions are likely for show.

NEW: Myanmar has made a big show of destroying the notorious KK Park scam compound—even publishing a video of a steamroller driving over thousands of phones

But new images show buildings are only destroyed in one area. Hundreds are left untouched and experts say the crackdown is mostly propaganda

Le géant de l’informatique HP annonce la suppression de 4 000 à 6 000 emplois d’ici 2028 du fait de l’IA C’est l’une des premières fois qu’une entreprise de taille importante fait publiquement un lien direct entre des réductions de personnel et la mise en place d’outils IA.

Le géant de l’informatique HP annonce la suppression de 4 000 à 6 000 emplois d’ici 2028 du fait de l’IA

Charming Kitten exposed: spy unit led Iran’s surveillance for deadly plots - content.iranintl.com/secret-spy-u...

Ah bien cool ça ! Merci pour les liens ! :-)

Rise of the ‘porno-trolls’: how one porn platform made millions suing its viewers A company called Strike 3, owner of Vixen and Tushy, has clogged US courts with lawsuits, mostly against porn watchers who feel shamed into settling privately

Incroyable histoire dévoilé par @theguardian.com : "Rise of the ‘porno-trolls’: how one porn platform made millions suing its viewers" www.theguardian.com/society/ng-i...

My thought of the day: all registrars should rethink their registration processes, so that automatic registration cannot be done that easily by cybercriminals. Some of them register hundreds of domains every day... #fightautomation #cybercrime

Well some people here asked me where the hell I have been. To make it short: lot of good work (not public), and getting separated from my wife. So, quite a hot-cold situation. Will try to come more often here and start spreading cybercrime/APT stuff again.

Infamous BreachForums Is Back Online With All Old Accounts and Posts Restored - cybersecuritynews.com/breachforums...
#cybercrime

Minnesota Shooting Suspect Allegedly Used Data Broker Sites to Find Targets' Addresses The Minnesota shooter allegedly researched several “people search” sites in an attempt to target his victims, highlighting the potential dangers of widely available personal data.

NEW: Data broker sites were allegedly used by the Minnesota shooting suspect, authorities claim, highlighting the danger of an industry that freely sells your personal information. @lhn.bsky.social reports www.wired.com/story/minnes...

We recently discovered an infostealer in our data that we originally dubbed "Aurotun," named for a misspelling of "autorun" in its strings.

After collab w/ @intel471.bsky.social, @malwareindepth.com & others, we believe this malware is actually MonsterV2, a newer version of an existing infostealer.

Qui organise les campagnes d’hameçonnage visant les abonnés du « Monde » et de « Télérama » ? Des tentatives d’arnaques avec des messages piégés ont ciblé, ces dernières semaines, les abonnés de plusieurs grands journaux, dont « Le Figaro » ou « Le Monde ». La trace des pirates mène en France.

Tu envoies des e-mails de phishing usurpant Le Monde ?

@flrnd.bsky.social et @okami.bsky.social retrouvent ton adresse e-mail.

Very happy and proud that one of my "weekend research" has been exposed in an article from Le Monde.

I had spent some time during my short unemployed period to dig into #Traffyque infrastructure.
www.lemonde.fr/pixels/artic...
#cybercrime #lemonde

The Age of Realtime Deepfake Fraud Is Here Fraudsters are able to change their race, facial hair, voice, and more during live video calls with very little effort. Scammers are already fooling the elderly and verification systems.

New from 404 Media: the age of realtime deepfake fraud is here. Scammers in Nigeria are using realtime deepfakes to change their race, facial hair, gender, more to appear as someone else on video calls. Results very realistic now. Also tricking verification systems www.404media.co/the-age-of-r...

Belgian beer drove him crazy :-)