Will

A newly decoded piece of sabotage malware called Fast16, created before Stuxnet, was made to silently tamper with calculations in research and engineering software. Likely created by the US or an ally, and possibly used against Iran's nuclear program. wired.com/story/fast16-m…

California Man Sentenced to 70 Months in Prison for Role in $263 Million Cryptocurrency Scam: The defendant laundered millions of dollars for members of the scheme and received luxury goods, including expensive vehicles, in exchange for his illicit services. He also converted stolen cryptocurrency into fiat cash to procure mansions for his co-conspirators. justice.gov/usao-dc/pr/cal… @FBILosAngeles @IRS_CI @USAO_DC

When a Chinese national impersonated U.S. researchers to access sensitive NASA aerospace software, our cyber investigators tracked him down and exposed his ruse. Read how we investigate export control violations to protect national security: go.nasa.gov/48SPCmX

Chinese government-linked cyber threat actors are using covert networks built from compromised SOHO routers, IoT, & smart devices to carry out malicious activity. We urge all orgs to review our advisory for TTPs, IOCs, & mitigations against this threat. 🔗 go.dhs.gov/5Z3

11,7 millions de comptes concernés. ⚠ On fait le point sur l’incident de sécurité ayant touché l’Agence nationale des titres sécurisés. ⬇ info.gouv.fr/actualite/fran…

In recent weeks, more and more people retweeting or sharing shit from this BreakGlass AI thing... That in itself is a sad thing... but - unfortunately - not really surprising. Until now, I didn't said anything about this publicly. But today, after seeing @JRoosen retweeted a tweet sharing that "quality" article + the "Official Twitter page of the 780th Military Intelligence Brigade (Cyber)" account tweeted that article, I have to ask: what the fuck is going on? Like, random people sharing random things is a thing... but more and more supposedly knowledgeable (in relation to malware/reversing/etc I mean, of course) people, and some also who not only supposedly, but seriously have knowledge are sharing these shits is not great, to say it nicely... Anyway, the only reason I looked at that article was because when I saw the title containing "a Cardiff University GovRoam Relay", I was like "that could be something interesting if it's true, so let's just quickly look at the article and see if somehow it's true this time". So looked, and of course it turned out that it is wrong. The article says right after "The Cardiff University Connection" that "This is the finding that prompted this writeup." - so the most important thing in the whole article is wrong. The C2 IP (so not a domain, but an IP) of that sample is this: 151.242.152[.]131 - it has absolutely nothing to do with Cardiff University. Also the article mentions 3 ports for that. The first two are clearly wrong, and about the third one I have no idea at all. The right base port is 4408, with a sandbox also showing traffic on port 4409 too. 😫

Rare glimpse behind the 2nd most dangerous RaaS for 2026, publicly claiming 225+ victims. CP<r> shares behind-the-scenes details that reveal the real number is potentially over 1,570 victims. research.checkpoint.com/2026/dfir-repo…

Here's my update to the broader community about the ongoing incident investigation. I want to give you the rundown of the situation directly. A Vercel employee got compromised via the breach of an AI platform customer called Context.ai that he was using. The details are being fully investigated. Through a series of maneuvers that escalated from our colleague’s compromised Vercel Google Workspace account, the attacker got further access to Vercel environments. Vercel stores all customer environment variables fully encrypted at rest. We have numerous defense-in-depth mechanisms to protect core systems and customer data. We do have a capability however to designate environment variables as “non-sensitive”. Unfortunately, the attacker got further access through their enumeration. We believe the attacking group to be highly sophisticated and, I strongly suspect, significantly accelerated by AI. They moved with surprising velocity and in-depth understanding of Vercel. At the moment, we believe the number of customers with security impact to be quite limited. We’ve reached out with utmost priority to the ones we have concerns about. All of our focus right now is on investigation, communication to customers, enhancement of security measures, and sanitization of our environments. We’ve deployed extensive protection measures and monitoring. We’ve analyzed our supply chain, ensuring Next.js, Turbopack, and our many open source projects remain safe for our community. The recommendation for all Vercel customers is to follow the Security Bulletin closely (vercel.com/kb/bulletin/ve…). My advice to everyone is to follow the best practices of security response: secret rotation, monitoring access to your Vercel environments and linked services, and ensuring the proper use of the sensitive env variables feature. In response to this, and to aid in the improvement of all of our customers’ security postures, we’ve already rolled out new capabilities in the dashboard, including an overview page of environment variables, and a better user interface for sensitive env var creation and management. As always, I’m totally open to your feedback. We’re working with elite cybersecurity firms, industry peers, and law enforcement. We’ve reached out to Context to assist in understanding the full scale of the incident, in an effort to protect other organizations and the broader internet. I also want to thank the Google Mandiant team for their active engagement and assistance. It’s my mission to turn this attack into the most formidable security response imaginable. It’s always been a top priority for me. Vercel employs some of the most dedicated security researchers and security-minded engineers in the world. I commit to keeping you updated and rolling out extensive improvements and defenses so you, our customers and community, can have the peace of mind that Vercel always has your back.

Our investigation has revealed that the incident originated from a third-party AI tool with hundreds of users whose Google Workspace OAuth app was compromised. We recommend that Google Workspace Administrators check for usage of this app immediately. #indicators-of-compromise-iocs" target="_blank" rel="nofollow noopener">vercel.com/kb/bulletin/ve…

We’ve identified a security incident that involved unauthorized access to certain internal Vercel systems, impacting a limited subset of customers. Please see our security bulletin: vercel.com/kb/bulletin/ve…

Vercel has reportedly been breached by ShinyHunters. As of now, nobody else appears to be posting about this, so I’m sharing what I have. Here is the information I’ve gathered, along with screenshots provided by ShinyHunters. #cybernews #shinyhunters #breach #vercel #news