Olivia
Online
Manuel Urueña
@muruenya
Security Architect at @RedeiaCorp. Entropy fighter.
@[email protected]
@muruenya.bsky.social
Joined March 2011
1.2K Following
332 Followers
8.4K Posts
US charges and extradites 33-year-old Ukrainian woman for her alleged role in pro-Russia hacking group that caused spillage at a Texas water plant and an ammonia leak at a meat processing plant in LA. https://t.co/5I3ApyFfsJ
DOJ confirms our earlier assessment of ties between hacktivist front Cyber Army of Russia Reborn (CARR) and Russia’s military intelligence service, the GRU. CARR carried out cyberattacks on US and European critical infrastructure but hid behind this false persona. https://t.co/jN8NtsTnuM
A new wiper attack has been identified by ClearSky Cyber Security affecting Ukraine.
We named this wiper "GamaWiper" (VBS-based wiper).
The intrusion chain begins with the exploitation of a vulnerable WinRAR version (CVE-2025-80880). We assess with moderate confidence that this activity is linked to the Gamaredon APT group.
This marks the first observed instance of Gamaredon conducting destructive operations rather than its traditional espionage activities.
Related IoCs:
95262c4094a9a5e589a218e354ef54b3800aa0abc3b6a343bbcfdcbf021fc04f – initial ZIP with vulnerability CVE-2025-80880
68e21d7599d20444232415a7e74214ce50d7b4643215d83b8320e74c95a9dfd3 – downloaded VBA
aafa4c206495163a5e408aa5c296139fe9f330a9f819a226c6934921493de9c6 – downloaded (padded+base64) wiper
d4ce4776bdad9b741a1e8345b41737245b80f4cf8d361ebb1ae5415c7a4fe1eb – base64 encrypted wiper
9a39423ec90dc06a3058279cd744c08d83252d1c7096633b9853e435cc205755 – deobfuscated wiper
Network:
dears[.]serveirc[.]com
whitesalad[.]zzrak08526[.]workers[.]dev
![ClearskySec's tweet photo. A new wiper attack has been identified by ClearSky Cyber Security affecting Ukraine.
We named this wiper "GamaWiper" (VBS-based wiper).
The intrusion chain begins with the exploitation of a vulnerable WinRAR version (CVE-2025-80880). We assess with moderate confidence that this activity is linked to the Gamaredon APT group.
This marks the first observed instance of Gamaredon conducting destructive operations rather than its traditional espionage activities.
Related IoCs:
95262c4094a9a5e589a218e354ef54b3800aa0abc3b6a343bbcfdcbf021fc04f – initial ZIP with vulnerability CVE-2025-80880
68e21d7599d20444232415a7e74214ce50d7b4643215d83b8320e74c95a9dfd3 – downloaded VBA
aafa4c206495163a5e408aa5c296139fe9f330a9f819a226c6934921493de9c6 – downloaded (padded+base64) wiper
d4ce4776bdad9b741a1e8345b41737245b80f4cf8d361ebb1ae5415c7a4fe1eb – base64 encrypted wiper
9a39423ec90dc06a3058279cd744c08d83252d1c7096633b9853e435cc205755 – deobfuscated wiper
Network:
dears[.]serveirc[.]com
whitesalad[.]zzrak08526[.]workers[.]dev](https://pbs.twimg.com/media/G6_hXfLXQAAOUJc.png)
This is simply an amazing talk. Except the subject itself and the REALLY GOOD explanations, Some really interesting research and detection methods hide in this post. BTW, I used the same methods in some of my researches lately, and found similar insights. knowing I'm in the "right" research mindset makes me so proud.
It was worth the wait! @WEareTROOPERS @fabian_bader @_dirkjan
https://t.co/hzNBjsB0Rc
Who to follow
Omɐr 
@omarbv
Hacker. Technology enthusiast. Building stuff.
MAlvarez 💚 🇪🇦
@malvarez_smo
Informático.
Dir. Tecnología y Arte en ABF Publicidad.
Prof. TIC y dir. de cursos para la Escuela de Organización Industrial (EOI)
Anton Dedov
@brutemorse
This is my personal Twitter, mostly to connect with AppSec people.
At @NCSC we have just released guidance on using Privileged Access Workstations (PAWs) in Operational Technology (OT) environments..
https://t.co/UZkRYyNo6S
GRU's Spy Airbnb: check out our latest video investigation into Unit 29155, and the "Czech" spy couple they used to help them plant explosives in weapons depots.
https://t.co/k5qr3JQSX4
Let me explain where this incredible vulnerability in Notepad++ comes from... my blog post from 3w ago. The problem is there's no vuln. I described this as sneaky init access. You might as well do binary patching of any PE file in the world.
#infosec
https://t.co/rXWXaskcG0
*turns on loudspeaker at 5,000 person venue*
"Hey Meta, text my ex and say I miss her"
The vast majority of hacking is just credentials. There are four basic ways to get creds:
STAB
Steal: using malware, etc.
Try: brute force, guessing, etc.
Ask: social engineering, etc.
Buy: infostealer logs, etc.
Steal. Try. Ask. Buy.
A collab with @UK_Daniel_Card
Right now, the media is hyping up a story that a SECRET HACKER FIRMWARE FOR FLIPPER ZERO HAS APPEARED ON THE DARKNET THAT CAN HACK ANY CAR!!!11 WE’RE ALL IN DANGER.
Let’s break it down and see if that’s actually true (spoiler: it’s not): https://t.co/JZPz5KZKcP
Microsoft isn’t disclosing this so: M365 Copilot allowed users to access files without producing an audit log. All you had to do was ask Copilot to not link to the file. You don’t even have to ask; it sometimes just happens. If your org uses Copilot your audit log is likely wrong
Two yrs ago when researchers found backdoor in encryption algo used to secure radio comms for police/military/intel agencies, the org behind algo told users to deploy end-to-end encryption on top of it. Now researchers found security prob with the E2E too https://t.co/9wh1ysUEJm
Mandiant has observed an increasing number of attacks targeting VMware vSphere in recent years, notably for deploying ransomware.
Dive deep into what specifically is fueling this trend and get actionable guidance to defend your VMware vSphere estate in our latest blog posts. 👇
Russia’s military intelligence agency (GRU) is targeting Western logistics and technology companies, the US Department of Defense warned in May. https://t.co/gyRuAlduhU @cepa
Dudes... please enable Detailed File Share auditing in your environment. All these attackers who switched over to the Impacket suite still run the default configs and it takes like 2 seconds to find them.
New @TheDFIRReport
Hide Your RDP: Password Spray Leads to RansomHub Deployment
https://t.co/y5gLgWEGFB
🚨NEW REPORT: exposing a new hacking tactic.
🇷🇺Russian state-backed hackers used an App-Specific Password attack against prominent Russia expert @KeirGiles & others.
It's like they know what we all expect from them...and then did the opposite 1/
By us @citizenlab & @google's GTIG
MeteorExpress (aka Predatory Sparrow, @GonjeshkeDarand, Adelat Ali, Indra, CodeBreakers, etc) represents the most significant effort at cyber signaling and force projection in nearly a decade.
#NoRegerts
https://t.co/AYZSSjdqG5
1.CodeBreakers emerges, hacking Sepah bank.
2.They demand $42M for ransom,
3. Release the most valuable chunks of records for free, while hardly pushing sponsored PR!
4.They disappear and the tg. group is gone
5.Predatory Sparrows drops in and nuke the Sepah bank.
2+2=3.14?
Predatory Sparrow’s past cyber attacks on Iranian steel plants and gas stations have demonstrated tangible effects in Iran. Disrupting the availability of this bank’s funds, or triggering a broader collapse of trust in Iranian banks, could have major impacts there.
Last Seen Users on Sotwe
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.3M followers
Barack Obama
@barackobama
119.2M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.6M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.2M followers
Taylor Swift
@taylorswift13
81M followers
Lady Gaga
@ladygaga
72.5M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
69.1M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.6M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.7M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.3M followers