ꙮ i d m

"The morpheme ‘cyber-’, even though it nowadays seems to have lost the direct link to its origins, is still inextricably linked to systemic thinking. The notion of ‘systems’ is absolutely central in the context of cyber-threats and has several practical and theoretical ramifications for how the issue is approached." Cavelty, Myriam Dunn. (2008) Cyber-security and threat politics: US efforts to secure the information age., Nova York: Routledge 16p.

Brazil has the most decentralized political system in Latin America, as measured by the autonomy given to governors and mayors, according to a new index published in AQ today. Argentina & Colombia are not far behind.

I have a really deep appreciation for YARA and the work VirusTotal's engineers put into YARA. YARA is interesting because they encountered some challenges when developing their static analysis engine and they handled it really, really, really well. Initially I was under the assumption YARA read rules by parsing strings and applying them to binaries in-memory (mapping). However, being a doofus, I failed to consider the fact YARA contains BOOLEAN logic in their rules. Hence, reading the files and parsing them as text wouldn't be able to reliably handle the logic present inside the YARA files. YARA contains an internal VM and transforms the text into byte code. The caveat being the VM isn't turing complete and does not possess any ability to interact with anything else. This was done intentionally though because it acts as a sandbox. Regardless, it uses the transformed byte code to perform operations on the in-memory mapped binary using (sort of) simple logic but containing a custom implemented callstack for doing stuff. Furthermore, YARA also has a custom heap management system (they're using the ARENA algorithm). What makes this even more impressive is all of this written in C, is cross platform for Windows, Linux, and MacOS, and easily compiles. This is a significant software engineering project and they did an extremely good job.

ECA Digital is a STRONG mistake without prior implementation strategy and can MAKE INTERNET IN BRAZIL OBJECTIVELY UNSAFER

As of today, Brazil requires identity verification to use social media. X use Persona for ID checks, the same provider found capable of running 269 checks on every verified user, matching faces to government watchlists, and retaining data for up to 3 years.

China's biggest cybersecurity company apparently just shipped an AI assistant with its own SSL private key sitting inside the installer. Qihoo 360, think Norton or McAfee, but dominant across the entire Chinese market It appears that their new AI product, 360安全龙虾 (Security Claw) bundles a wrapper on @OpenClaw. Inside the installer package - accessible to anyone who downloaded it - was a private SSL certificate key for the domain *.myclaw.360.cn. An SSL private key is essentially the master password to a website's encrypted connection. With it, an attacker can impersonate 360's servers, silently intercept user traffic, forge a login page that looks completely legitimate, or possibly take over the AI agent altogether. The cert is valid until April 2027 and covers every subdomain on the platform. It's now public. The founder launched the product with a promise it would "never leak passwords". It did that during release? 461 million users, a $10B valuation, and nobody checked the zip file before shipping. The cert expires April 2027.

➡️ COMANDO VERMELHO | Saiba como o CV criou um império de internet nas favelas do Rio Leia na coluna de @mirelle_ap metropoles.com/colunas/mirell…

Já tava demorando pro Vibe-coding chegar nos estelionatários. Esses dias recebi uma notificação no whatsapp dizendo que eu havia caído na malha fina da receita federal até com um botão para "verificar a situação". +

Brazil 🇧🇷 - JBS Brazil has allegedly been compromised by the Coinbasecartel ransomware group, which claims to have exfiltrated 3TB of data from the multinational food corporation. dailydarkweb.net/jbs-brazil-tar…

🇧🇷 Brazil’s Pix payment system now processes more transactions than Visa and Mastercard combined 🤯 According to Banco Central do Brasil, Pix handled 224+ million transactions in a single day, overtaking the combined domestic volumes of Visa and Mastercard. Let’s put that into context. Pix launched in November 2020. In under five years, it became the default payment method for more than 150 million Brazilians, roughly 70% (❗️) of the population. It’s: • Instant • 24/7 • Free for consumers • Near-zero cost for merchants • Mandatory for large banks That combination changed everything. For decades, Brazil’s merchants paid 2–5% per card transaction. Pix removed most of that friction overnight. For a street vendor in Recife or a small business in São Paulo, the math became obvious. But this isn’t just about transaction volume. Pix brought an estimated 71 million unbanked or underbanked Brazilians into the digital economy. That’s one of the largest financial inclusion shifts in modern history. And strategically, this is even bigger: A government-built rail is directly competing with — and outscaling — private global card networks. This raises a fundamental question for the global payments ecosystem: If public, low-cost, interoperable infrastructure can scale this fast… what does that mean for the long-term economics of interchange? Brazil may not just have built a payment system. It may have built a blueprint. Together with 🇮🇳 India’s UPI, this might be the most successful payments story of the past decade. What do you think? Will more central banks follow this path?

As invasões hackers aos sistemas da PF e da PGR que deram a Daniel Vorcaro acesso a dados sigilosos tinham duas estratégias: o spearfishing, um golpe mais sofisticado, e a simples compra de senhas por meio de intermediários. Os métodos usados pela “Turma” (nome do grupo no WhatsApp) permitiram a Vorcaro ter acesso a investigações sobre ele e o Master quase em tempo real (O Globo)

Hi friends! We'd like to share our nxc ​​module, telegram.py, with you. It allows u to find tdata sessions on computers and copy them locally. U can then take the tdata session and steal telegram account. github.com/CICADA8-Resear…

General Caine on cyber operations against Iran: "The first movers were US CyberCom and US Spacecom, layering non-kinetic effects, disrupting and degrading and blinding Iran's ability to see, communicate, and respond." youtube.com/live/2l3vfInJB…

Brazil 🇧🇷 - Fundação Getulio Vargas (FGV) has allegedly been breached by the Dragonforce ransomware group, which claims to have exfiltrated 1.52 TB of sensitive employee, student, and institutional data. dailydarkweb.net/fundacao-getul…

Narcoestado lança coquetel Molotov contra provedor de Internet em Porto Velho/RO para intimidar atuação da empresa na oferta de acesso à rede dentro do território controlado pela facção. Em diversas regiões do país, o narcoestado já possui o monopólio do serviço. portalrondonia.com/2026/01/10/vip…

Oh no.

🚨BGP Route Leak at 2026-02-24 01:56 UTC 🇧🇷AS28629 (SENADO) leaked 10484 prefixes learned from 🇧🇷AS16735 (ALGAR) towards 🇧🇷AS22381 (Megatelecom), affecting 111 countries and 1838 ASNs. ⏱️Duration: ~11 min 🌏Propagation: 74%

Brazil mentioned: cloud.google.com/blog/topics/th…

Digital literacy is a basic need for modern functionality. Rationally, we have more reasons to care for our security on the internet than in the streets in a significant number of cases, even in global South. If you dont let your children on the streets alone, you also should watch out for their internet navigation. And the same applies for yourself. No platform or policy will save you or your family. Governments are also way before the accelerations provoked by Digital Transformation and AI. I know Tecnophobia is the main feeling that arisess when avarage population read this. That’s not the way too. Embrace change in a pragmatic way. Focus on your goals. Oppose evil when you can make the difference. Care for your immediate community. Believe on your analysis of things. Dont trust the judgement of the ones that make their living out of being heard. And most important, turn on MFAs in as much things as you can and always keep in mind that clicking stuff is entering someone else’s building.