The Cyber Post

$WLFI another scam token from the trump family smh. Sad the president of the United States has to grift and rug his own netizens for his own personal gain. Their website right now dosent even work. What a piece of sh!t

I have no idea when Virus Bulletin uploaded our paper - but here it is: our talk from last September at VB2025, where we talked about an APT41-adjacent group started using Google Calendar C2 as part of their espionage operation. 🔗Link below for the slides and paper

8.6 million Swedes use BankID for basically everything. Government. Banking. Tax filings. Their entire digital life through one system. A hacker group just leaked the source code for it. This is what centralized digital ID actually looks like when it goes wrong...

x.com/FBICyberDiv/st… Got information on other Iranian government-linked hackers? Send us your tip. It could make you eligible for a reward.

Dear Malta Gaming Authority, Yes, I hacked you, and the data obtained has been shared with media partners, authorities,…. And yes, we will expose the organized crime enablement schemes you created while presenting yourselves as a “legitimate public service”.

Researchers at @ctrlaltintel once again yanked an APT into the spotlight due to sloppy trade craft. Today its FancyBear! Check out the full write up. As always, none of this is possible without @polygonben and others @ctrlaltintel ctrlaltintel.com/threat%20resea…

This tool has already been used in distinct hacking campaigns against Ukrainians, Malaysians, Saudi and Turkish victims. If other hackers needed any more encouragement to adopt it, too, the Russian spies who used it left it fully unobfuscated with helpful code comments legible.

We achieved a guest-to-host escape by exploiting a QEMU 0-day where the bytes written out of bounds were uncontrolled. Full breakdown of the technique, glibc allocator behavior, and our heap spray/RIP-control primitive ↓

I am genuinely impressed by mainstream media outlets ability to find absolute nobodies in cybersecurity. It's remarkable. I am often left speechless. There has been dozens occasions, especially as of recent, where some media outlet will be like, "Today as a special guest is world-renowned cybersecurity expert and ethical hacker Joe McCyberSecurity". I'm like, who the fuck is Joe McCybersecurity? I've been doing cybersecurity and malware stuff for a long time and I've never once seen or heard of Joe McCybersecurity. If he is world-renowned, I would THINK I would have seen them or heard of them. The camera then pans over to Joe McCybersecurity and it is the most generic cookie cutter white dude in a cheap suit and the tag below him will say something like, "Joe McCybersecurity, Ethical Hacker, CEO of Cybersecurity McJoe Industries" I'm like, "Cybersecurity McJoe Industries? What the fuck is that?". I look it up and it's a generic WordPress website hosted on GoDaddy with an expired SSL cert. Joe McCybersecurity then babbles incomprehensible nonsense for about 60 seconds until the TV host goes "woaw" and it cuts to a commercial. Absolute cinema.

@IntCyberDigest He deleted his x account too lol

❗️Meet Hellcat ransomware group operator 'Pryx' — responsible for high-profile hacks like Jaguar Land Rover, Telefonica, Schneider Electric and many more. He started doing cybercrime as a kid. He got 4 people killed and 27 injured after starting a fire by hacking into the SCADA network of Telecom Egypt. An OSINT researcher just revealed who he is and how he tracked him down.

The threat actor group Hellcat has now reportedly had 2 of its members de-anonymized, those members being Rey & Pryx. IntelBroker, Hellcat's most notorious alleged member in terms of publicity, was reportedly arrested in 2025 and is believed to be in custody. The current state of Hellcat is shown in the image of alleged members below.

Russian Market reads less like a forum and more like a storefront with felonies. Obvane looks inside one of the largest criminal marketplaces online and the economy that formed around it. obvane.com/research/russi…

Breach Forums has shut down after their recent troubles and is reportedly trying to find a buyer

⚠️ CISA flags CVE-2025-47813 in Wing FTP as actively exploited. It leaks server paths via cookie errors—low severity, high value. Attackers can pair it with a known RCE flaw already used to deploy malware. 🔗 How it enables real attack chains → thehackernews.com/2026/03/cisa-f…

Fiber-optic cables can act as listening devices & AI reconstructs conversations from 50 meters away. 👨🏻‍💻👂〰️🧱🗣️ More details on: LinkedIn: linkedin.com/posts/dlaskov_… Substack: it4sec.substack.com/p/fiber-optic-…

Discovered a Mark-of-the-Web (MOTW) bypass using native Windows extraction tools. CAB - TAR - TAR - XLSM chain causes the final file to lose MOTW, allowing macros in Microsoft Excel to run without the security warning. Reported to MSRC and classified as moderate. Enjoy

LOLEXFIL Living off the land Data Exfiltration method lolexfil.github.io

@Persianserene1 @NickSzabo4 THANK GOD !

X just suspended one of the most influential Iranian accounts When censorship starts, it’s a clear sign the enemy is losing both on and off the battlefield!

@levelsio @DanielLockyer @marckohlbrugge Remember tribes ?! Do that one please 🙏

✨ 7 years after I set up a Quake III server, I have it running again, but now in the web browser, much easier 😊 👉 q3.pieter.com 👈 Back in 2019 we'd play a fork of Quake III called OpenArena in a Bali villa with @daniellockyer @marckohlbrugge @dannypostmaa @lenilsonjr_ @gvrizzo @AndreyAzimov @SeanParkRoss and other ppl But it broke after a new Mac update and they never really fixed it, it kinda sucked because it was actually the only game we could just load with friends online and play death match a bit and then continue your day Luckily @lukathedev built Q3JS which successfully compiles ioquake3 to WebAssembly and now it works in the browser To make it extra simple, I've set up a Q3JS server and frontend for you to use at q3.pieter.com, which loads you straight into the game A big problem is that most of the times, nobody's playing, so I've also added Web Notifications, which notifies you if enough human players join, so you can join a match. And I've added a daily match at 8 PM GMT every day which everyone also gets notified when it starts If you want more servers and maps etc, you can check out @lukathedev's own q3js.com HAPPY FRAGGING

🚨  Russian-linked actors targeted Ukrainian entities with DRILLAPP, a JavaScript backdoor executed through Microsoft Edge. It abuses Chromium debugging flags to access files, record audio, capture webcam images, and grab screen data. 🔗 Read → thehackernews.com/2026/03/drilla…

🦔 Researchers at Aikido Security found 151 malicious packages uploaded to GitHub between March 3 and March 9. The packages use Unicode characters that are invisible to humans but execute as code when run. Manual code reviews and static analysis tools see only whitespace or blank lines. The surrounding code looks legitimate, with realistic documentation tweaks, version bumps, and bug fixes. Researchers suspect the attackers are using LLMs to generate convincing packages at scale. Similar packages have been found on NPM and the VS Code marketplace. My Take Supply chain attacks on code repositories aren't new, but this technique is nasty. The malicious payload is encoded in Unicode characters that don't render in any editor, terminal, or review interface. You can stare at the code all day and see nothing. A small decoder extracts the hidden bytes at runtime and passes them to eval(). Unless you're specifically looking for invisible Unicode ranges, you won't catch it. The researchers think AI is writing these packages because 151 bespoke code changes across different projects in a week isn't something a human team could do manually. If that's right, we're watching AI-generated attacks hit AI-assisted development workflows. The vibe coders pulling packages without reading them are the target, and there are a lot of them. The best defense is still carefully inspecting dependencies before adding them, but that's exactly the step people skip when they're moving fast. I don't really know how any of this gets better. The attackers are scaling faster than the defenses. Hedgie🤗 arstechnica.com/security/2026/…