🚨‼️ Israeli defense contractor breached
Cyber Toufan, allegedly an Iranian state actor, just released security cam footage of defense contractor Maya. The cameras seem located in a meeting room (!) and a workshop.
There are hours of footage of confidential conversations in the meeting room.
We can see them working on weapons prototypes/mockups of:
- drones
- missiles
- tracking and launching systems
1/ A video went viral on YT this week after a US based victim lost $3.05M (1.2M XRP) from their Ellipal wallet.
Here’s the tracing of where the stolen funds ended up and the biggest takeaways for similar thefts.
It wasn’t a cyberattack — Amazon Web Services (AWS) confirms the US-EAST-1 outage that knocked apps like Snapchat, Canva, Roblox, and Coinbase offline was caused by an internal fault.
#AWS#outage#Monday#Infosec#AWS障害#snapchat#programming
https://t.co/1DidiA9XZb
Have you ever wondered why Microsoft, Apple, and Google eventually stop supporting older versions like Windows 7 or soon Windows 10?
It’s not just about profits — it’s about progress, security, and survival.
Read more 👇|| #tech#Software#microsoft
https://t.co/spTKDJdpPp
#Cybersecurity vs #ITSupport — can your employees tell the difference?
Do they know who to contact when they face a security issue versus a technical one? Or what escalation procedure is in place within your organization?
https://t.co/qpuEfe5HNT
Video showcase of the recent WinRAR 0-day, CVE-2025-8088, uncovered by ESET after threat actor RomCom exploited it in the wild leveraging alternate data streams & path traversal on Windows -- we examine the uncovered RAR file and a proof-of-concept demo! https://t.co/38pMK6rlrO
1/ An unnamed source recently compromised a DPRK IT worker device which provided insights into how a small team of five ITWs operated 30+ fake identities with government IDs and purchased Upwork/LinkedIn accounts to obtain developer jobs at projects.
The exploit for CVE-2025-49113 is already available for sale on the dark web. I feel sorry for anyone who hasn’t upgraded to the newest version yet. Doomsday is coming, believe me. #roundcube#CVE@FearsOff
Excited to share that I reported CVE-2025-48745, Roundcube ≤ 1.6.10 Post-Auth RCE via PHP Object Deserialization. This bug has existed undetected for 10 years and affects over 53 Million hosts.
Details and PoC will be published soon.
We're giving time to all affected parties to make the necessary patches/updates. Safe versions are 1.6.11 and 1.5.10 LTS. https://t.co/yRhNe8iRkF #roundcube #cve
1/ This scammer is using leaked Coinbase customer data to spam out fake SMS text messages to users.
I could dox the scammer right now but I'd rather conceal his identity until he is brought to justice!
Let's give you an inside look into the scammers perspective and workflow.
CHILLING 🧠
In 1974, this man experienced a "glitch in reality."
He discovered the Matrix 22 years before it existed.
FBI and CIA seized his research.
But 46 years later, Elon Musk and quantum physicists prove him right.
The declassified files will terrify you: 🧵
Earlier today we shared some information on a CEO of a cybersecurity company in Oklahoma, United States, allegedly intentionally deploying malware to a healthcare facility in Oklahoma City.
More details have been presented which paint a different picture than what was originally shared and it kind of complicates the issue presented.
Jeffrey Bowie, the Chief Executive Officer of cybersecurity firm Veritaco, had a warrant for his arrest issued by the United States Federal Bureau of Investigation for allegedly intentionally deploying malware to a client of Veritaco (St. Anthony Hospital). Interestingly, the FBI did not immediately notify Mr. Bowie of the arrest warrant — however they DID notify local media new stations. Mr. Bowie was informed of his arrest warrant by friends, family, and colleagues rather than law enforcement themselves.
Mr. Bowie has publicly released the "source code" of the malware allegedly deployed on the healthcare facility (attached image). The "malware" is a powershell script which takes images of the desktop computer every 20 seconds then sends the images back to a remote server owned by Mr. Bowie. The powershell script was deployed onto 2 machines in the healthcare facility and set to run via Windows task scheduler.
Mr. Bowie asserts the endpoint the "malware" sends data to was terminated in August, 2024. Hence, the code present is basically worthless.
1 of the computers (Computer "A") was publicly accessible and specifically designated for guests to use.
The 2nd computer (Computer "B") remained unlocked (???) was designated for sending and receiving PHI (?). Mr. Bowie asserts "unlike Computer A, no software was written."[sic]
Mr. Bowie has (as of this writing) not explicitly stated why the powershell script took screenshots every 20 seconds. Additionally, no details have been shared as to how long this "malware" has been present on machines.
Mr. Bowie asserts local media outlets have defamed his character and has stated he has placed his faith in judicial system and God to deem him not guilty of any wrong doing.
Image 1. of "malware" source code
Image 2. of him informing the hospital he has removed the "malware" from the 2nd computer
We’re continuing our efforts to enhance transparency for Parody, Commentary, and Fan (PCF) accounts. All PCF accounts are now required to have a PCF label. PCF labels further clarify that these accounts are unaffiliated and help minimize confusion. Learn more here: https://t.co/FZk16NG81y.
PCF accounts must continue using PCF-compliant keywords in profile bios and at the beginning of account names, as well as avoiding the use of identical avatars to those of the entities they depict.
As a reminder, all accounts must comply with the X Rules, including our Authenticity policy. If you believe an account is impersonating someone or misleading users, you can report it in-app or via our Help Center.