Apparently some of the source code of the Sweden's E-Government platform has been stolen from CGI Sverige AB in a "sustained compromise".
The impact of this breach is unclear. In best scenarios the leak of the source code would largely not matter: You should build your systems in a way that access to source code doesn't lead to a compromise.
However, some reporting does mention that some credentials would have leaked as well. This sounds quite bad. However, credentials and keys are typically fairly easy to revoke and update (or this should be the case in most well designed systems).
Don't get me wrong, this is quite terrible. But it might not be as bad as it might initially seem like.
🔙 🚪 Researchers found a new backdoor called #Slopoly, likely generated with #AI, used in an Interlock ransomware attack to steal data.
Slopoly is a simple #PowerShell client that beacons to a C2 server, runs commands, and keeps persistence.
#IBM X-Force links the attack to a financially motivated group known as Hive0163 and says AI tools are speeding custom malware development.
#infosec #cybersecurity #tech #ibmxforce #xforce #threatintel
https://www.ibm.com/think/x-force/slopoly-start-ai-enhanced-ransomware-attacks
There are a lot of articles and discussions concerning the Handala Hack Team, and especially the recent attack on Stryker.
Multiple articles have been published regarding this threat actor and I have put together a "Threat Actor Profile" for Handala. It's as always reasonably well attributed to origin sources and hopefully provides a good overview of the actor based on available OSINT research.
Please reach out if you believe there are mistakes in the article that should be corrected.
At a @bsidesljubljana conference at @muzej today! \o/
(As soon as I figure out my wardrobe conundrum... no, not if I should step out as a witch or a lion :blobtongue: Just our usual March weather and what to wear so I'm not cold in the morning and hot in the afternoon... I'll figure it out... #Onions)
#SecurityBSides #BSidesLjubljana #InfoSec #CyberSecurity #Community #Conference
👋 Here's a quick infographic that sums up my Hack The Box - Redeemer walkthrough (Redis enumeration).
👉 Watch the full step-by-step video: https://youtu.be/81JN1vy1HGY
#HackTheBox #Redis #EthicalHacking #CyberSecurity #PenTesting #CTF #Infosec #htb
Hot take from a guy who spent two decades at investigating cyber crimes:
The term "hacker" tells you almost nothing useful.
What matters, what actually predicts behavior, tactics, and targets,
is WHY they're doing it.
The intelligence community has used M.I.C.E for 70 years to understand spies. That model is shifted to a new ear of online threats.
Money. Ideology. Curiosity . Ego.
I wrote a book applying it to cybersecurity. Not because it's theoretical.
Because in the field, understanding motivation is how you get ahead of attacks.
A money-motivated attacker runs a different kill chain than an ego-driven one.
Treat them the same and your defenses will always be one step behind.
Happy to talk through any of it here. The infosec community on Bluesky
has been one of the best conversations I've had about this stuff.
Book: 'How MICE Threaten Cyber Security' on Amazon.
https://a.co/d/0awR4gNr
#CrackArmor: Multiple vulnerabilities in #AppArmor
https://cdn2.qualys.com/advisory/2026/03/10/crack-armor.txt
These vulnerabilities allow a local attacker to bypass the security normally provided by AppArmor. Also, in some situations, it allows privilege escalation to root by selectively blocking specific syscalls.
DOJ has charged a former incident response employee in connection with alleged ransomware extortion activity linked to ALPHV (BlackCat).
The case highlights serious insider threat risks within cybersecurity environments.
Vulnerability alert.
A high-severity SQL injection flaw (CVE-2026-2413) in the Ally WordPress Plugin from Elementor could expose data from 250K+ sites.
Patch available in v4.1.0.
Follow @technadu for security updates.
#Infosec #CyberSecurity
🚨 New threat detected: #MicroStealer.
Targets corporate credentials and session data while staying under detection radar.
Industries exposed: telecom and education ❗️
See how your team can detect it early, reducing business risk👇
https://any.run/cybersecurity-blog/microstealer-technical-analysis/?utm_source=mastodon&utm_medium=post&utm_campaign=microstealer_technical_analysis&utm_term=120326&utm_content=linktoblog
GitHub - n0raitor/dfir-installer: Install every tool and every needed software for your DFIR (/SRE/PEN/OSINT/TCI) workstation. This Tool is doing the work for you, everything after installing Windows (and update). · GitHub https://github.com/n0raitor/dfir-installer #bot #cybersecurity #infosec
🌐 As we project 2026 to be the first year in history to exceed 50,000 published CVEs, FIRST is bringing the global security community together to do what we do best: coordinate, share intelligence, and act.
We're excited to announce our flagship event series, three regional conferences designed to help incident response and security teams navigate an increasingly complex threat landscape.
Join Us:
📍CVE/FIRST VulnCon 2026 & Annual CNA Summit: April 13-16, 2026 | Scottsdale, Arizona, USA - Bringing together vulnerability management and cybersecurity professionals to collaborate, exchange ideas, and strengthen the vulnerability management ecosystem.
📍2026 Cyber Threat Intelligence Conference: April 21-23, 2026 | Munich, Germany - A hub for experts to share insights and explore proactive threat intelligence strategies through management discussions, technical sessions, and hands-on workshops.
📍FIRST's 38th Annual Conference (FIRSTCON26): June 14-19, 2026 | Denver, Colorado, USA - Our premier event promoting worldwide CSIRT collaboration and sharing strategies to improve cybersecurity on a global scale.
When no single organization can tackle cybersecurity alone, these conferences create the trusted networks the world needs.
🔗 Learn more: https://go.first.org/VK3Ul
#cybersecurity #IncidentResponse #infosec
#ThreatIntelligence #VulnerabilityManagement
The FBI confirmed an isolated cyber incident involving a server used for digital evidence processing at its New York Field Office.
Reports say the system contained files related to investigations, including materials linked to the Jeffrey Epstein case.
Hello again! :ablobcatpoprev:
Today I reviewed tools like TCPdump and Nmap, both part of the Cybersecurity 101 networking module. I'm already comfortable analyzing packets with Wireshark, but combining it with the command-line tool TCPdump allows me not only to capture live traffic but also to read and analyze .pcap files directly from the terminal.
Starting tomorrow, I'll move into cryptography theory and begin working with tools like John the Ripper and Hashcat for password cracking practice.
For CS50, I completed the main lecture today. Tomorrow I'll finish the remaining lecture segments and then jump straight into the problem sets.
Don't let regulatory compliance catch you off guard. Inadequate privacy frameworks can lead to costly enforcement actions, like the FTC's consent decrees against Facebook and Equifax. Traditional compliance vs AI-driven Privacy-by-Design: Which approach reigns supreme? Learn how to secure your SMB from potential pitfalls and stay ahead of emerging threats.
#CyberSecurity #Privacy #InfoSec #Security #DataProtection #Tech #Technology
🎥 Watch Teaser: https://steelefortress.com/3oa24c
EU-Vorgaben für Cybersicherheit zwingt Embedded-Systems-Branche zu Veränderungen
Der Cyber Resilience Act (CRA) verlangt Änderungen an Industriecomputern, Medizinelektronik, Robotern und sonstigen Embedded Systems – mit Nebenwirkungen.
⏳ One week to go! The countdown is on for this new edition.
📱 Now’s the time to organize your agenda. Download our mobile app, add your favorite talks, and create your ideal schedule.
👉 Don't wait, your perfect day is just a tap away: https://insomnihack.ch/our-mobile-application-is-ready/?utm_source=mastodon&utm_medium=image&utm_campaign=Insomnihack2026&utm_content=1203
#InsomniHack #Cybersecurity #Infosec #INSO26 #CyberConference
This year, we are happy to welcome two bronze sponsors:
🤝 Chiche Communication, Wavemind Sàrl, a special thanks to Romain Therisod.
🤝 Cisco, a special thanks to Alexis Gastaldello, Simon Verrando & Amaury Jouglet.
👉 Register here: https://insomnihack.ch/?utm_source=mastodon&utm_medium=image&utm_campaign=Insomnihack2026&utm_content=1103
#InsomniHack #Cybersecurity #Infosec #INSO26 #CyberConference
The #cyberattacks statistics for February 2026 are out... 🔊 With 176 events and a #threat landscape dominated by #malware, #cybercrime as the main motivation, and #socialengineering as the main attack vector.
https://www.hackmageddon.com/2026/03/12/february-2026-cyber-attacks-statistics/
Wouldn’t it be lulz if the Iranians launched cyber attacks against Trump businesses and MAGA-supporting businesses? Trump would be big mad if they defaced sites with Epstein files alleging Trump raped that young girl.
#iran #epstein #cybersecurity #uspol
Subscribe to #cybersecurity entries via RSS feed