In a recent development, the Cybersecurity and Infrastructure Security Agency (CISA) is moving away from utilizing Censys and VirusTotal as part of its broader operational reductions. This decision comes as CISA aims to streamline its threat hunting operations and triage potential threats more efficiently. VirusTotal, a widely used free tool for analyzing suspicious files … [Read more...] about CISA plans to drop Censys and VirusTotal
Archives for April 2025
4chan suffers major hack
In a significant security breach, 4chan has been compromised, with hackers gaining shell access to its hosting servers. The attackers exploited a vulnerability in the site's outdated Ghostscript software, specifically an old 2012 version of PostScript, allowing them to elevate privileges using SUID and ultimately secure unauthorized access. The data leak is extensive, … [Read more...] about 4chan suffers major hack
Signalgate: Retired Army General Barry McCaffrey criticizes opsec failures
A retired Army general is calling out the White House for questionable communication practices, spotlighting an alleged "bro" channel on the private messaging app Signal. This so-called "Signalgate" raises serious concerns about operational security (OpSec) at the highest levels of military command. While OpSec lapses can happen, especially with newcomers, such mistakes are … [Read more...] about Signalgate: Retired Army General Barry McCaffrey criticizes opsec failures
Slopsquatting: The Cybersecurity Threat That Could Catch You Off Guard!
Bleeping computer reports about a new attack called "Slopsquatting." This is a supply chain attack similar to Typosquattingâwhen hackers purchase domains that look similar to legitimate ones. LLMs sometimes generate nonsense, which we call hallucinations or slop. Typosquatting, a phishing attack targeting human finger dexterity failures, is the squatting part of the … [Read more...] about Slopsquatting: The Cybersecurity Threat That Could Catch You Off Guard!
Oracle admits breach of legacy system
Oracle admitted to a compromised "legacy environment" after a hacker attempted to extort a ransom last month. Despite denying a breach of their cloud infrastructure, evidence mounted. Their carefully chosen language suggested Oracle Cloud wasnât breached, but a âlegacy environmentâ known as "Oracle Cloud classic" was. It was a legacy environment with known vulnerabilities. … [Read more...] about Oracle admits breach of legacy system