sec_leabhart

@DailyDarkWeb well... i can say these are all fictional companies...

🚨 BREAKING ShinyHunters claims to have accessed internal systems linked to Anthropic’s Mythos model — sharing screenshots of: User management panels AI experiment dashboards Model performance & cost analytics ⚠️ At this stage, authenticity is unverified — but if confirmed, this would be a major escalation: AI models designed to find vulnerabilities… becoming targets themselves. This isn’t just a breach story. It’s a preview of the next cyber battleground: AI infrastructure. More to come. #CyberSecurity #AI #DataBreach #ShinyHunters #Infosec #DDW

@ing_juani7a Roborock y DJI Romo no son lo mismo.

El cuento fue este: -Un usuario estaba analizando (reverse-engineering) su propia aspiradora Roborock con ayuda de Claude AI y descubrió una API no documentada en la nube de la marca. -Por un fallo de diseño en esa API, podía interactuar con prácticamente cualquier otra #Roborock conectada a la misma plataforma en todo el mundo, entonces logró acceso remoto a: --Planos/mapa completos del suelo de las casas --Imágenes y vídeo en directo de las cámaras (de los modelos que las tienen) --Posibilidad de moverlas, encenderlas, etc. -En pocas palabras, consiguió controlar accidentalmente más de 6.700 aspiradoras de todo el mundo mientras investigaba su propio dispositivo. El usuario lo reportó a Roborock el 24/02/2026, y la empresa corrió a parchar el fallo para cerrar el acceso cruzado no autorizado. Como debe ser! Es un caso de vulnerabilidad en dispositivos IoT. Eso me recuerda q el otro día vi una wifi de una lavadora...🤔

@vxunderground FWIW CrowdStrike had csa-251248 on October 30 with same IOCs as in that blog.

Rapid7 did a write-up on the Notepad++ compromise. Rapid7 released the paper fast af boi How? 1. They sat on it or... 2. Called in all the malware analysis schizos for lock the fuck in time tldr ya prolly China lol rapid7.com/blog/post/tr-c…

@jamieantisocial i really appreciate when you annotate articles like this. i can't even count how many times i skipped reading an article because i didn't think i'd find it interesting/relevant but then i see your tweet and realize i'm missing out and should read it after all. :-)

fresh take on old tradecraft. lolbas-project.github.io/lolbas/OtherMS…

Tired of "reacting" to CVE-2025-55182? Come to SecDSM tonight! Doors open at 18:00 with free pizza and drinks. There will be a talk on monitoring networks for malicious traffic followed by "show & tell." Deets at secdsm.org.

mmm. #malware #opendir maingravel[.]com

@UK_Daniel_Card lol. i'll stick with caipirinha.

Jambu leaf drink! In Peru we had coca leaves and drinks made from them.

I’m told this is like legal Brazilian liquid drugs

FYSA it's not Monday

Oh my God. It actually worked. Someone learned the password. It's a Christmas miracle.

New Blog! Top 10 Cyber Threats of 2024 Overall, this year was full of mega breaches, government hacking campaigns, massive ransomware attacks, disruptive ICS attacks, and global technology failures 🔗 blog.bushidotoken.net/2024/12/top-10… #cybercrime #infosec #malware #cybersecurity