𝙰𝚛𝚖𝚊𝚗𝚍𝚘 𝙻𝚎𝚘𝚝𝚝𝚊

🚨 ALERT - A critical Splunk Enterprise flaw can go from “no login required” to remote code execution. Tracked as CVE-2026-20253, the bug carries a 9.8 CVSS score and affects vulnerable Splunk Enterprise servers through exposed PostgreSQL sidecar endpoints. The exploit chain is now public. Read the full story: https://t.co/arMFjVVt10

‼️🚨 BREAKING: Amazon researchers snitched to the US government about jailbreaking Fable 5 and Mythos 5, forcing Anthropic to immediately shut down worldwide access. A security export control directive from Commerce Secretary Howard Lutnick enforced the action. Anthropic is fighting the directive and calls it a misunderstanding. This isn't the first clash. The Trump administration had already tried to get Anthropic to pause the release of its latest models before this directive landed.

🚨APPLE ADVERTISES $2 MILLION FOR FINDING SECURITY BUGS.. THEN CALLS YOUR DISCOVERY A "DUPLICATE".. PATCHES IT SILENTLY.. GIVES YOU NOTHING.. AND BANS YOUR APPLE ID IF YOU COMPLAIN.. Two researchers found a critical macOS vulnerability that let attackers steal passwords, encrypted chats, and Safari data through Archive Utility.. Submitted it October 2025.. Apple took 5 months.. Patched it with zero credit.. Zero CVE.. Zero bounty.. Their reason.. "You were not the first person to report this issue".. That's the duplicate loophole.. Apple claims an internal engineer found it first.. But researchers can't verify that.. Apple controls the tracking system.. No audit.. No appeals.. The researcher said it felt like "doing charity work for a $3 trillion company".. Another researcher found apps could access your entire photo library even after you turned off access in settings.. Apple's own page lists that at $50,000.. They reported it.. Apple went silent.. Patched it quietly.. Said it was a duplicate.. $0.. When the researcher blogged about it.. Apple permanently banned their 12-year-old Apple ID.. Apple's brand new Passwords app in iOS 18 was sending data over unencrypted HTTP.. A credential manager transmitting password reset links in plaintext.. Any attacker on the same WiFi could intercept them.. Researchers reported it.. Apple let it sit 3 months.. Patched it quietly.. Said it "didn't meet the impact criteria".. Then there's the FaceTime disaster.. A 14-year-old discovered you could eavesdrop on anyone's iPhone.. Start a FaceTime call.. Add your own number before they answer.. Their microphone turns on.. If they hit the volume button.. Their camera activates too.. His mother spent a week trying to tell Apple.. Emails.. Faxes.. Social media.. Support told her to pay $99 for a developer account to file a bug report.. Apple did nothing until the exploit went viral and millions started eavesdropping on each other.. Then they panicked.. Took FaceTime offline globally.. Congress sent formal letters to Tim Cook demanding answers.. Then there's the researcher who got so fed up being ignored that they hacked Apple's own internal daily security call.. They'd reported a zero-click iMessage vulnerability.. Apple stonewalled them.. So they found another flaw.. Used it to infiltrate the internal FaceTime call where Apple engineers discuss bugs.. And dropped a screenshot proving the exploit live.. The team securing 2.35 billion devices couldn't secure their own meeting.. Apple's response.. A threatening legal letter.. Not a bounty.. A legal threat.. This is why the exploit black market thrives.. A zero-click iPhone exploit sells for $1.5 to $2.5 million on the gray market.. Guaranteed payment.. No bureaucracy.. No "duplicate" risk.. Submitting to Apple means NDAs.. 6-12 months of waiting.. Risk of $0.. Risk of your Apple ID being banned if you speak up.. Those gray market exploits end up with mercenary spyware vendors like NSO Group.. Deployed against journalists and human rights lawyers worldwide.. Apple pushes researchers toward the black market.. Then spends billions defending against the exploits those researchers could have sold them for a fraction of the price.. 2.35 billion devices.. And the company would rather send lawyers than pay what they owe.

🇮🇹 A threat actor is advertising an alleged dataset tied to Gruppo Ferrovie Italiane, reportedly containing customer contact information, ticketing-support records, and order-history data associated with Italian railway users. According to the listing, the exposed data allegedly includes: Approximately 492,000 records Full names and titles Email addresses and multiple phone numbers Residential and shipping addresses Dates of birth CRM usernames and encrypted-password references Customer communication preferences and marketing metadata Support-ticket logs and internal service notes Ticket categories, escalation details, and SLA-related information Customer satisfaction scores and incident metadata Order and purchase history records Regional segmentation and account-tier information The structure of the dataset suggests exposure from a centralized CRM and customer-support environment integrating railway customer management, ticketing operations, support workflows, and order-processing systems. Transportation-sector datasets are particularly valuable within underground communities because they often combine identity data, travel-related records, customer-service interactions, and operational metadata. Such information can potentially support phishing campaigns, impersonation attacks, loyalty-account abuse, refund fraud, and broader social-engineering operations targeting both customers and transportation ecosystems. The alleged inclusion of support-ticket metadata, escalation workflows, and internal CRM notes may also provide adversaries with insight into organizational processes and customer-service procedures that could later be leveraged for more convincing fraud and impersonation attempts. If verified, this type of exposure could present elevated privacy and operational risks due to the scale of customer interaction data and the critical-infrastructure nature of the transportation sector. #DDW #Intelligence #DarkWeb #Italy

Le cookie est mort alors ils ont cuisinés une nouvelle merde pour vous traquer 👉 Utiq, c'est un système de tracking qui n'a pas besoin de cookie. Il utilise votre opérateur télécom. Le site que vous visitez transmet votre IP à Utiq. Utiq la transmet à Orange, SFR ou Bouygues. Votre opérateur crée un identifiant lié à votre numéro de téléphone. Et cet identifiant vous suit sur tous les sites partenaires. Vider votre cache ne change rien. La navigation privée non plus. C'est cross-plateforme. Votre IP = votre identifiant publicitaire. Formidable. Derrière Utiq, on trouve Deutsche Telekom, Orange, Telefónica et Vodafone. Les opérateurs qui transportent vos données depuis 20 ans viennent de décider qu'ils allaient aussi les monétiser. C'est présenté comme une alternative "éthique et européenne" aux GAFAM. 😂 Vous échangez Google contre votre opérateur télécom. Qui connaît votre numéro de téléphone, votre adresse, et tout votre trafic réseau. Cliquez sur Rejeter.

🇮🇹 A threat actor is advertising an alleged dataset tied to https://t.co/y8y4T1wSCv, reportedly containing telecom customer records, device-registration information, and subscription-related account data associated with users in Italy. According to the listing, the exposed data allegedly includes: Approximately 563,000 records Full names, dates of birth, and gender information Fiscal codes and VAT-related identifiers Email addresses and phone numbers Residential and corporate address information Username and password-hash related fields Customer-account and membership-status metadata Device-registration and connectivity records Notification tokens and Wi-Fi-related identifiers Contract and subscription information Billing-cycle and payment-method details Contract renewal and termination metadata Failed-login-attempt and activity-tracking fields Marketing preferences and privacy-consent records The structure of the dataset suggests exposure from a telecom CRM and subscriber-management environment integrating customer onboarding, device ecosystems, connectivity services, media subscriptions, and account-management workflows. Particularly notable in the listing are references to device registrations, notification tokens, Wi-Fi identifiers, subscription lifecycle tracking, and password-hash fields. Even when passwords are hashed, improperly secured or weak hashing implementations can still create elevated risk if threat actors attempt credential cracking or credential-stuffing operations against other services. Telecom-sector datasets remain highly valuable within underground communities because they can support identity fraud, SIM-swapping operations, phishing campaigns, account takeovers, and broader social-engineering attacks. The combination of contact information, subscription metadata, device relationships, and billing records significantly increases the operational value of such datasets for cybercriminal actors. If verified, the alleged exposure could present both privacy and operational security concerns for affected individuals and organizations. #DDW #Intelligence #DarkWeb #WindTre

🚨 Supply chain attack on the Laravel Lang organization: 700+ historical versions across multiple community-maintained Laravel Lang packages were compromised with an RCE backdoor, including: laravel-lang/lang laravel-lang/http-statuses laravel-lang/attributes Laravel-Lang/actions The payload targets cloud creds, CI/CD secrets, Kubernetes tokens, Vault, browser data, password managers, SSH keys, and more.

🚨 BREAKING: Active supply chain attack across npm, PyPI, and Crates.​io. Socket detected TrapDoor, a crypto stealer campaign hitting 34 malicious packages and 384 versions and artifacts, with attackers repeatedly pushing new releases across ecosystems. TrapDoor targets #crypto, #DeFi, AI, and security developers, stealing wallets, SSH keys, cloud credentials, GitHub tokens, browser data, env vars, and API keys. Socket detected releases with a median detection time of 5 minutes, 27 seconds. The fastest detection occurred 58 seconds after publication.

❗️ Linux is having a brutal week. Another local to root privilege escalation vulnerability just dropped: "Copy Fail 2: Electric Boogaloo." This is the third Linux LPE in a row, after Copy Fail and Dirty Frag. The PoC is public on GitHub. There is still no coordinated patch. https://t.co/6XifksYgZ6

‼️Copy Fail (CVE-2026-31431) is a Linux privilege escalation bug that lets any local user get root using a 732-byte Python script, and itworks on basically every major Linux distro shipped since 2017. Website: https://t.co/f5G6KnEv35 Write-up: https://t.co/W86Pz2PC6C GitHub: https://t.co/zAMTC6nTRk It's a logic flaw in the kernel's crypto code (authencesn via AF_ALG and splice()) that allows a small write into the page cache, which can be used to tamper with a setuid binary like /usr/bin/su. Think how bad this is going to be for shared environments like Kubernetes, CI runners, and cloud sandboxes, where it enables container escape and tenant-to-host compromise. Found by Theori's Xint Code scanner, patched in the mainline kernel, and publicly disclosed on April 29, 2026; if you can't patch right away, the recommended workaround is to disable the algif_aead module.

‼️Trivy/LiteLLM supply chain compromise update: TeamPCP's spokesperson told us that the largest data exfiltration is multiple terabytes of government, military, and public services data, obtained through contractors of the US, UK, and Australia. "A lot of companies hard code shit or don't gitignore .env files," they told us.

We are aware of recent reports regarding targeted phishing attacks that have resulted in account takeovers of some Signal users, including government officials and journalists. We take this very seriously. To be clear: Signal’s encryption and infrastructure have not been compromised and remain robust. These attacks were executed via sophisticated phishing campaigns, designed to trick users into sharing information – SMS codes and/or Signal PIN – to gain access to users’ accounts. 1/4

Sometimes Linux developers are M0R0NS. Ubuntu 22 LTS, apt upgrade to kernel 6.8, rebooted, networking is gone, no interfaces ... why? Because some IDIOT decided to move a huge amount of network drivers to the linux-modules-extra package, not installed by default. Once you reboot, without networking, you can only install it via USB drive ... if you manage to figure out WHY your network interfaces are all unclaimed. Who the hell thought this was a good idea?