Lorenzo

As a result of a US government directive, we are suspending access to Claude Fable 5 for all users. You can continue to use all other Claude models. Here’s what this means for you: Across Claude products, new sessions will run on your selected default model or Opus 4.8, and existing Fable 5 sessions will end with an error. On the Claude Platform, requests to Fable 5 will also return an error. Please update your integrations to other Claude models. We know this is a disruption to your workflows; we appreciate your patience and support.

🇮🇹 A threat actor is advertising an alleged dataset tied to https://t.co/y8y4T1wSCv, reportedly containing telecom customer records, device-registration information, and subscription-related account data associated with users in Italy. According to the listing, the exposed data allegedly includes: Approximately 563,000 records Full names, dates of birth, and gender information Fiscal codes and VAT-related identifiers Email addresses and phone numbers Residential and corporate address information Username and password-hash related fields Customer-account and membership-status metadata Device-registration and connectivity records Notification tokens and Wi-Fi-related identifiers Contract and subscription information Billing-cycle and payment-method details Contract renewal and termination metadata Failed-login-attempt and activity-tracking fields Marketing preferences and privacy-consent records The structure of the dataset suggests exposure from a telecom CRM and subscriber-management environment integrating customer onboarding, device ecosystems, connectivity services, media subscriptions, and account-management workflows. Particularly notable in the listing are references to device registrations, notification tokens, Wi-Fi identifiers, subscription lifecycle tracking, and password-hash fields. Even when passwords are hashed, improperly secured or weak hashing implementations can still create elevated risk if threat actors attempt credential cracking or credential-stuffing operations against other services. Telecom-sector datasets remain highly valuable within underground communities because they can support identity fraud, SIM-swapping operations, phishing campaigns, account takeovers, and broader social-engineering attacks. The combination of contact information, subscription metadata, device relationships, and billing records significantly increases the operational value of such datasets for cybercriminal actors. If verified, the alleged exposure could present both privacy and operational security concerns for affected individuals and organizations. #DDW #Intelligence #DarkWeb #WindTre

Here's a cool trick for y'all looking to create new Nuclei templates for exploitable CVEs! Using CVEmap you can get a list of CVEs with public proofs of concept, that have been marked as exploitable by CISA, are remotely exploitable AND don't have a Nuclei template (yet)! Flags: -k / -kev: Marked as exploitable vulnerabilities by CISA -t=false / -template=false: Has no public Nuclei templates -poc: Has public published POC -re / -remote: is remotely exploitable Good luck! 🤞 #nuclei #hacking #pentesting #bugbounty #CVEmap