New sensitive breach: Hungarian political party TISZA suffered a breach of its TISZA Világ platform last month, exposing 200k records, later published online. Data included email, name, phone & physical address. 41% were already in @haveibeenpwned.com. More: haveibeenpwned.com/Breach/Tisza

The piss tank on the ISS is now 61% full.

Not the most important thing, here, but some outlet sent reporter Harry Cockburn to cover swingers on a cruise ship.

You would get so much XP from clearing this place

It is sad, but not surprising, that the president of Mexico is wasting her time on frivolous matters like suing the man who groped her. by Andrew Cuomo

STOP having "conversations" with ChatGPT and START talking to your stuffed animals like a normal person

The US Congressional Budget Office says it has identified a security incident; sources say the CBO has been hacked by a suspected foreign actor (Washington Post) Main Link | Techmeme Permalink

21st Century Phrenology being sold as actual science.

This is wild. 99% of the code is legit, with just 20 malicious lines buried in thousands of lines of working code. cc: @campuscodi.risky.biz

Someone uploaded malware on NuGet in 2023 that destroys systems in 2027 and 2028 That's quite the long game!!! socket.dev/blog/9-malic...

Russian authorities have filed charges against a 20-year-old man for deliberately searching the internet for extremist content—Ukraine's Azov battalion. This is Russia's first case for such a crime under a law that entered into effect in September. ura.news/news/1053030...

-Top UK mobile carriers will block spoofed phone numbers starting next year -Six telcos to participate -Network upgrades underway -Telcos will mark calls coming from abroad to prevent scams -Also roll out "advanced call tracing technology" to let police hunt down scammers www.gov.uk/government/n...

Google is rolling out a dedicated form to allow businesses listed on Google Maps to report threat actors who post bad reviews and demand ransoms to remove the negative comments. blog.google/technology/s...

-Malvertising as entry point -Didn't pay ransom -Recovery cost the state $1.5mil gov.nv.gov/Newsroom/PRs...

Five members of the Bai crime family were sentenced to death this week in China for their role in Myanmar scam compounds www.spp.gov.cn/spp/zdgz/202... 11 Ming crime family members were sentenced to death in Sep. www.spp.gov.cn/spp/zdgz/202...

The lede that I and the Yonhap team missed here is that KT apparently hid a second breach from authorities... and they'll likely get fined into the ground, just like SK Telekom South Korean telcos are slowly turning to be some of shadiest companies around

This explains why they've been declining to take down anything I reported over the past 2-3 years. This is downright criminal behavior. In any normal country, Zuckerberg would be charged and Meta servers taken offline just like Europol dismantled those scam networks this week

Meta annually earns $16 billion (with a "b") on ads built to defraud people. It's so bad that Meta itself admits that its advertising tools and platforms have made it a pillar of the global scam economy. Reporting by Reuters. www.reuters.com/investigatio...

BPFDoor found on the network of hacked South Korean telco KT en.yna.co.kr/view/AEN2025...

Four Pakistani senators have fallen victim to online scammers, losing between $1,700 and $3,000 to schemes requesting money for various projects. The lawmakers blamed the country's cybercrime investigations agency for failing to act and investigate the cases. tribune.com.pk/story/257611...

Vital piece of investigative reporting from Sky. They've uncovered the X algorithm which feeds users extremist right wing material from the moment they join the site. It is a far-right radicalisation engine, by design. news.sky.com/story/the-x-...

Meta earns $3.5 billion every six months from showing Faceboon and Instagram users 15 billion “higher legal risk” scam ad impressions a day, internal documents state. That haul vastly exceeds how much the company expects regulators To fine it for running scam ads. www.reuters.com/investigatio...

A South Korean activist specialized in North Korean human rights affairs has been hacked. Hackers infected their PC with malware and then sent malicious links to the target's KakaoTalk contacts. South Korean police suspect a North Korean APT group koreajoongangdaily.joins.com/news/2025-11...

AhnLab looks at the new Cephalus ransomware, a strain first seen in August. The group leverages RDP accounts for initial access and operates a dark web leak site that hasn't been updated in more than two months, suggesting the group might have disbanded already. asec.ahnlab.com/en/90878/

Proofpoint has spotted a new Iranian APT group—UNK_SmudgedSerpent. The group's TTPs overlap with many other Iranian groups, showing some sort of collaboration, personnel movement, or similar training/contractors. www.proofpoint.com/us/blog/thre...

Two US senators have introduced a bill that would require US companies and federal agencies to report the number of workers they fired and replaced with AI technology. The data would be compiled by the Dept. of Labor and released via a public report. www.warner.senate.gov/public/index...

Find the Floof. Spot the cat. 😼 bigjobby.com/floof/

"temporary" lol

NVISO has linked VShell to UNC5174, a cyber contractor for the Chinese MSS www.nviso.eu/blog/nviso-a...

Lol

The AI boom is driving coordinated innovation in the US as it builds fabs and energy infrastructure that could have lasting value even if the bubble bursts (Ben Thompson/Stratechery) Main Link | Techmeme Permalink

New Policy Analysis: Europe's cybersecurity heavily relies on the United States. My key points: 1. Europe's dependencies on the US in the field of cybersecurity extend well beyond software updates, SaaS, and cloud services and would persist even if a EuroStack were developed. /1

🌺 DAY 5 - RATS ⬇️ #RemembranceDay #AnimalsInWar #rats #LestWeForget #CanadaRemembers

Repeat after me: Do not fill in and sync your government ID data to your Google account blog.google/products/chr...

CISA's election day monitoring room was not stood up yesterday for the first time in years According to Bloomberg, remaining CISA election security staff, who have not been fired, have been "prohibited" from contacting state election officials. www.bloomberg.com/news/article...

NEW: After all of that, a federal judge has reimposed a sentence on Paige Thompson, the former Amazon Web Services engineer convicted in the 2019 Capital One data breach that compromised the personal information of more than 100 million people. cyberscoop.com/court-reimpo...

CISA's filing in the shutdown layoffs lawsuit provides the first confirmed count of laid-off employees in the Stakeholder Engagement Division: storage.courtlistener.com/recap/gov.us... (h/t www.nextgov.com/people/2025/...) CISA says employees are exempt from injunction b/c they're not in a union.

The EU is preparing to further tighten visa rules for Russian citizens, effectively ending the issuance of multi-entry Schengen permits in most cases. But visa issuance remains a national competence, meaning that the European Commission cannot impose a total, sweeping ban on Russian visitors.

Much like there’s employees of anti-ransomware companies doing ransomware attacks, there will end up being employees of GenAI cybersecurity companies who do GenAI based cyber attacks. The financial incentive is there to set fire to things, the industry will love it too.

Researcher @sick.codes found a vulnerability in TCL TVs and reached out to TCL. What happened next? New analysis from Natto Thoughts - how a single disclosure reshaped China’s approach to cybersecurity and control. nattothoughts.substack.com/p/what-a-nar...

DOJ: The US 'sanctioned two entities and eight individuals involved in supporting (North Korea's) illicit schemes to launder funds, including those derived from #cybercrime and information technology (IT) worker fraud.' www.state.gov/releases/off... @gate15.bsky.social @campuscodi.risky.biz

-US indicts two rogue cybersecurity employees for ransomware attacks -Hackers extort massage parlor visitors -Balancer hacked for $128 million -Cargo thieves use hackers to go after trucking and freight companies Podcast: risky.biz/RBNEWS500/ Newsletter: news.risky.biz/risky-bullet...

-UPenn hack gets feisty -Major breach in Poland, at SuperGrosz -Hack exposes Kansas City dirty cops -Twitter to show more user info -US to face-scan all foreign travelers -Australia expands kids social media ban to Reddit and Kick -SMS blaster detained in Cambodia -Scammers arrested in Europe

A cyber work of art from @doublepulsar.com

Do you got any games on your phone? #pigeonsky #pigeon

-US indicts two rogue cybersecurity employees for ransomware attacks -Hackers extort massage parlor visitors -Balancer hacked for $128 million -Cargo thieves use hackers to go after trucking and freight companies Podcast: risky.biz/RBNEWS500/ Newsletter: news.risky.biz/risky-bullet...

Tanzanian citizens received mass texts from authorities this week to warn them that sharing messages that cause distress could result in treason charges.

@ddimolfetta.bsky.social looks at the consequences of layoffs and furloughs on the NSA's hacking and espionage missions, which may be faltering as people leave or sit at home: www.nextgov.com/people/2025/...

I regret to inform everyone that Russia aligned hacktivists are at it again with the weird shit.