fosstodon.org is one of the many independent Mastodon servers you can use to participate in the fediverse.
Fosstodon is an invite only Mastodon instance that is open to those who are interested in technology; particularly free & open source software. If you wish to join, contact us for an invite.

Administered by:

Server stats:

8.8K
active users

#nationstate

0 posts0 participants0 posts today
Opalsec :verified:<p>Hey everyone! It's been a pretty packed 24 hours in the cyber world, with critical zero-day exploits, major breaches, new malware tactics, and some significant policy shifts from the UK government. Let's dive in:</p><p>SharePoint Zero-Days Under Active Exploitation by China-Linked APTs ⚠️<br>- Microsoft SharePoint on-premise servers are under active attack via a chain of zero-day vulnerabilities (CVE-2025-53770, CVE-2025-53771), allowing unauthenticated Remote Code Execution (RCE) and spoofing.<br>- Microsoft attributes exploitation to China-linked nation-state groups Linen Typhoon (APT27), Violet Typhoon (APT31), and Storm-2603, who are deploying web shells and stealing MachineKeys for persistence.<br>- Emergency patches have been released for SharePoint Server Subscription Edition, 2019, and 2016, but organisations with internet-exposed on-premise servers should assume compromise and rotate ASP.NET machine keys and restart IIS.</p><p>🤖 Bleeping Computer | <a href="https://www.bleepingcomputer.com/news/microsoft/microsoft-sharepoint-toolshell-attacks-linked-to-chinese-hackers/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/micr</span><span class="invisible">osoft/microsoft-sharepoint-toolshell-attacks-linked-to-chinese-hackers/</span></a><br>🤖 Bleeping Computer | <a href="https://www.bleepingcomputer.com/news/microsoft/microsoft-patches-critical-sharepoint-2016-zero-days-amid-active-exploits/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/micr</span><span class="invisible">osoft/microsoft-patches-critical-sharepoint-2016-zero-days-amid-active-exploits/</span></a><br>🤫 CyberScoop | <a href="https://cyberscoop.com/microsoft-sharepoint-zero-days-china-typhoon/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">cyberscoop.com/microsoft-share</span><span class="invisible">point-zero-days-china-typhoon/</span></a><br>🕵🏼 The Register | <a href="https://go.theregister.com/feed/www.theregister.com/2025/07/22/chinese_groups_attacking_microsoft_sharepoint/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">go.theregister.com/feed/www.th</span><span class="invisible">eregister.com/2025/07/22/chinese_groups_attacking_microsoft_sharepoint/</span></a></p><p>Cisco ISE RCE Flaws Actively Exploited 🛡️<br>- Cisco warns of active exploitation of three maximum-severity (CVSS 10.0) unauthenticated Remote Code Execution (RCE) vulnerabilities in Cisco Identity Services Engine (ISE): CVE-2025-20281, CVE-2025-20282, and CVE-2025-20337.<br>- These flaws allow attackers to execute arbitrary commands as root or upload and execute malicious files without authentication.<br>- Immediate patching to ISE 3.3 Patch 7 or ISE 3.4 Patch 2 is critical, as there are no workarounds.</p><p>🤖 Bleeping Computer | <a href="https://www.bleepingcomputer.com/news/security/cisco-maximum-severity-ise-rce-flaws-now-exploited-in-attacks/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/cisco-maximum-severity-ise-rce-flaws-now-exploited-in-attacks/</span></a></p><p>Recent Cyber Attacks and Breaches 🚨<br>- Dell confirmed a breach of its "Solution Center" demo environment, stating that the exfiltrated 1.3 TB of data by WorldLeaks (Hunters International rebrand) was "primarily synthetic (fake) data" or non-sensitive.<br>- Hungarian police arrested a 23-year-old suspect, "Hano," for a prolonged series of DDoS attacks against independent media outlets in Hungary and the Vienna-based International Press Institute (IPI) since April 2023.<br>- AMEOS Group, a major Central European healthcare network, disclosed a security breach where external actors gained unauthorised access to IT systems, potentially exposing patient, employee, and partner data, leading to a full IT system shutdown.<br>- A Silicon Valley engineer, Chenguang Gong, pleaded guilty to stealing thousands of trade secrets, including sensitive US missile technology and radiation-hardened camera designs, from his employers, with links to Chinese "talent programs."</p><p>🕵🏼 The Register | <a href="https://go.theregister.com/feed/www.theregister.com/2025/07/21/dell_scoffs_at_breach/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">go.theregister.com/feed/www.th</span><span class="invisible">eregister.com/2025/07/21/dell_scoffs_at_breach/</span></a><br>🗞️ The Record | <a href="https://therecord.media/hungary-arrest-suspect-hacking-independent-media" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">therecord.media/hungary-arrest</span><span class="invisible">-suspect-hacking-independent-media</span></a><br>🕵🏼 The Register | <a href="https://go.theregister.com/feed/www.theregister.com/2025/07/22/engineer_admits_trade_theft/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">go.theregister.com/feed/www.th</span><span class="invisible">eregister.com/2025/07/22/engineer_admits_trade_theft/</span></a><br>🤖 Bleeping Computer | <a href="https://www.bleepingcomputer.com/news/security/major-european-healthcare-network-discloses-security-breach/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/major-european-healthcare-network-discloses-security-breach/</span></a></p><p>New Malware and Ransomware Tactics 👾<br>- CISA and FBI issued a joint warning about escalating Interlock ransomware activity, which targets businesses and critical infrastructure, particularly healthcare, using unusual initial access methods like drive-by downloads from compromised sites and fake browser updates.<br>- Russian cybersecurity researchers disrupted NyashTeam, a Russian-speaking group operating a malware-as-a-service scheme (DCRat, WebRat) since 2022, by dismantling over 110 domains and removing associated Telegram channels and instructional videos.<br>- A new variant of the Coyote banking trojan is abusing Microsoft's UI Automation (UIA) framework to identify banking and cryptocurrency exchange sites, a technique that evades Endpoint Detection and Response (EDR) and marks the first real-world case of UIA abuse for data theft.<br>- Arch Linux removed three malicious packages ("librewolf-fix-bin", "firefox-patch-bin", "zen-browser-patched-bin") from its Arch User Repository (AUR) that were installing the CHAOS Remote Access Trojan (RAT), highlighting the risks of community-maintained repositories.</p><p>🗞️ The Record | <a href="https://therecord.media/russia-hacker-group-disrupted-local-researchers" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">therecord.media/russia-hacker-</span><span class="invisible">group-disrupted-local-researchers</span></a><br>🤖 Bleeping Computer | <a href="https://www.bleepingcomputer.com/news/security/cisa-and-fbi-warn-of-escalating-interlock-ransomware-attacks/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/cisa-and-fbi-warn-of-escalating-interlock-ransomware-attacks/</span></a><br>🕵🏼 The Register | <a href="https://go.theregister.com/feed/www.theregister.com/2025/07/22/arch_aur_browsers_compromised/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">go.theregister.com/feed/www.th</span><span class="invisible">eregister.com/2025/07/22/arch_aur_browsers_compromised/</span></a><br>🤖 Bleeping Computer | <a href="https://www.bleepingcomputer.com/news/security/coyote-malware-abuses-windows-accessibility-framework-for-data-theft/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/coyote-malware-abuses-windows-accessibility-framework-for-data-theft/</span></a><br>🗞️ The Record | <a href="https://therecord.media/fbi-vigilance-interlock-ransomware" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">therecord.media/fbi-vigilance-</span><span class="invisible">interlock-ransomware</span></a></p><p>UK Government's Ransomware Policy Shift 🇬🇧<br>- The UK government is proposing a ban on ransomware payments by public sector organisations and critical national infrastructure (CNI) to disrupt the criminal business model and make these entities less attractive targets.<br>- New measures, part of the Cyber Resilience Bill, will also mandate reporting of all ransomware incidents to law enforcement and require private businesses to notify the government before making any ransom payments.<br>- While aiming to improve visibility and resilience, concerns remain about the effectiveness of a payment ban on opportunistic attackers and whether law enforcement will have sufficient resources to utilise the increased intelligence.</p><p>🕵🏼 The Register | <a href="https://go.theregister.com/feed/www.theregister.com/2025/07/22/uk_to_ban_ransomware_payments/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">go.theregister.com/feed/www.th</span><span class="invisible">eregister.com/2025/07/22/uk_to_ban_ransomware_payments/</span></a><br>🗞️ The Record | <a href="https://therecord.media/mandatory-reporting-ransomware-attacks-uk-proposal" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">therecord.media/mandatory-repo</span><span class="invisible">rting-ransomware-attacks-uk-proposal</span></a><br>🤖 Bleeping Computer | <a href="https://www.bleepingcomputer.com/news/security/uk-to-ban-public-sector-orgs-from-paying-ransomware-gangs/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/uk-to-ban-public-sector-orgs-from-paying-ransomware-gangs/</span></a><br>🤫 CyberScoop | <a href="https://cyberscoop.com/uk-ransomware-payment-ban-public-sector-private-business-reporting/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">cyberscoop.com/uk-ransomware-p</span><span class="invisible">ayment-ban-public-sector-private-business-reporting/</span></a></p><p>New Wi-Fi Tracking Raises Privacy Concerns 🔒<br>- Researchers in Italy have developed "WhoFi," a technique that creates a unique biometric identifier for individuals based on how their bodies interfere with Wi-Fi signals (Channel State Information - CSI).<br>- This method allows for re-identification and tracking of people across different Wi-Fi networks with high accuracy (up to 95.5%), even if they are not carrying a device.<br>- The research raises significant privacy concerns, as it enables pervasive surveillance without traditional visual or device-based tracking.</p><p>🕵🏼 The Register | <a href="https://go.theregister.com/feed/www.theregister.com/2025/07/22/whofi_wifi_identifier/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">go.theregister.com/feed/www.th</span><span class="invisible">eregister.com/2025/07/22/whofi_wifi_identifier/</span></a></p><p>CISA CyberSentry Program Funding Lapses 📉<br>- Funding for CISA's CyberSentry Program, a critical public-private partnership that monitors US critical infrastructure (IT/OT) for nation-state threats, expired on Sunday.<br>- This lapse has forced Lawrence Livermore National Laboratory to stop monitoring networks, creating a significant gap in visibility into potential cyberattacks on essential services.<br>- The incident highlights ongoing instability and funding challenges within CISA and the broader federal government, impacting vital cybersecurity initiatives.</p><p>🕵🏼 The Register | <a href="https://go.theregister.com/feed/www.theregister.com/2025/07/22/lapsed_cisa_funding_cybersentry/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">go.theregister.com/feed/www.th</span><span class="invisible">eregister.com/2025/07/22/lapsed_cisa_funding_cybersentry/</span></a></p><p>Open Source Security: Eyeballs and Trust 👀<br>- An opinion piece highlights that while open source software benefits from "many eyes" for security, this doesn't come for free; trust is built through clear communication and defensive coding.<br>- Automated scanners can misidentify benign, low-level system utilities as malware, as demonstrated by John Hammond's analysis of the "Talon" Windows de-bloater.<br>- Developers of open source tools that perform system-wide modifications should provide thorough documentation and and comments to clarify their intent and avoid triggering suspicion.</p><p>🕵🏼 The Register | <a href="https://go.theregister.com/feed/www.theregister.com/2025/07/22/open_source_windows_security_opinion_column/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">go.theregister.com/feed/www.th</span><span class="invisible">eregister.com/2025/07/22/open_source_windows_security_opinion_column/</span></a></p><p>Windows Server Update Issues ⚙️<br>- Microsoft has acknowledged a known issue where the July 8th Windows Server 2019 security update (KB5062557) causes the Cluster service to repeatedly stop and restart.<br>- This bug can prevent nodes from rejoining clusters, lead to virtual machine restarts, and trigger Event ID 7031 errors, especially on systems with BitLocker enabled on Cluster Shared Volumes (CSV) drives.<br>- While a mitigation is available, Microsoft has not yet rolled it out publicly and is advising affected organisations to contact business support for assistance.</p><p>🤖 Bleeping Computer | <a href="https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-server-kb5062557-causes-cluster-vm-issues/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/micr</span><span class="invisible">osoft/microsoft-windows-server-kb5062557-causes-cluster-vm-issues/</span></a></p><p><a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/ThreatIntelligence" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatIntelligence</span></a> <a href="https://infosec.exchange/tags/ZeroDay" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ZeroDay</span></a> <a href="https://infosec.exchange/tags/RCE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RCE</span></a> <a href="https://infosec.exchange/tags/SharePoint" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SharePoint</span></a> <a href="https://infosec.exchange/tags/CiscoISE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CiscoISE</span></a> <a href="https://infosec.exchange/tags/Ransomware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Ransomware</span></a> <a href="https://infosec.exchange/tags/APT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>APT</span></a> <a href="https://infosec.exchange/tags/NationState" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NationState</span></a> <a href="https://infosec.exchange/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Malware</span></a> <a href="https://infosec.exchange/tags/DataBreach" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DataBreach</span></a> <a href="https://infosec.exchange/tags/Privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Privacy</span></a> <a href="https://infosec.exchange/tags/UKGov" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>UKGov</span></a> <a href="https://infosec.exchange/tags/CISA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CISA</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://infosec.exchange/tags/CyberAttack" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberAttack</span></a> <a href="https://infosec.exchange/tags/IncidentResponse" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IncidentResponse</span></a></p>
Opalsec :verified:<p>Alright team, it's been a pretty eventful 24 hours in the cyber world! We've got critical zero-days under active exploitation, several significant breaches, new spyware, and a big debate on national cyber strategy. Let's dive in:</p><p>Microsoft SharePoint Zero-Day Under Active Exploitation ⚠️<br>- A critical remote code execution (RCE) zero-day, CVE-2025-53770 (CVSS 9.8), is being actively exploited in on-premises Microsoft SharePoint servers globally. This flaw is a bypass of a patch for a previous vulnerability (CVE-2025-49706) released in July's Patch Tuesday.<br>- Attackers, suspected to be nation-state actors, are using an exploit dubbed "ToolShell" to gain unauthenticated access, exfiltrate sensitive data, deploy backdoors, and steal cryptographic machine keys, allowing persistent access even after patching.<br>- Microsoft has released emergency patches for SharePoint Server 2019 and Subscription Edition, but SharePoint Server 2016 remains unpatched. Organisations with public-facing on-prem SharePoint should assume compromise, investigate for malicious files (e.g., spinstall0.aspx), rotate machine keys, and consider disconnecting servers if immediate patching isn't possible.<br>🗞️ The Record | <a href="https://therecord.media/microsoft-sharepoint-zero-day-vulnerability-exploited-globally" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">therecord.media/microsoft-shar</span><span class="invisible">epoint-zero-day-vulnerability-exploited-globally</span></a><br>🤖 Bleeping Computer | <a href="https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-emergency-patches-for-sharepoint-rce-flaws-exploited-in-attacks/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/micr</span><span class="invisible">osoft/microsoft-releases-emergency-patches-for-sharepoint-rce-flaws-exploited-in-attacks/</span></a><br>🕵🏼 The Register | <a href="https://go.theregister.com/feed/www.theregister.com/2025/07/21/infosec_in_brief/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">go.theregister.com/feed/www.th</span><span class="invisible">eregister.com/2025/07/21/infosec_in_brief/</span></a><br>🤫 CyberScoop | <a href="https://cyberscoop.com/microsoft-sharepoint-zero-day-attack-spree/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">cyberscoop.com/microsoft-share</span><span class="invisible">point-zero-day-attack-spree/</span></a><br>🕵🏼 The Register | <a href="https://go.theregister.com/feed/www.theregister.com/2025/07/21/massive_security_snafu_microsoft/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">go.theregister.com/feed/www.th</span><span class="invisible">eregister.com/2025/07/21/massive_security_snafu_microsoft/</span></a></p><p>CrushFTP Zero-Day Under Active Exploitation 🛡️<br>- CrushFTP is warning customers about CVE-2025-54309, a critical zero-day actively exploited since at least July 18th, allowing attackers to gain administrative access to the web interface due to mishandled AS2 validation.<br>- The vulnerability affects all CrushFTP versions below 10.8.5 and 11.3.4_23. Over 1,000 unpatched instances are exposed online, with some attackers manipulating exploited versions to appear up-to-date.<br>- Admins should immediately update to the latest versions, review upload/download logs for unusual activity, enable automatic updates, and consider IP whitelisting or using a DMZ instance to mitigate exploitation.<br>🤖 Bleeping Computer | <a href="https://www.bleepingcomputer.com/news/security/over-1-000-crushftp-servers-exposed-to-ongoing-hijack-attacks/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/over-1-000-crushftp-servers-exposed-to-ongoing-hijack-attacks/</span></a><br>🗞️ The Record | <a href="https://therecord.media/file-transfer-crushftp-zero-day" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">therecord.media/file-transfer-</span><span class="invisible">crushftp-zero-day</span></a></p><p>Poland Investigates Air Traffic Control Disruption 🚨<br>- Poland's internal security agency is investigating a temporary outage in the country's air traffic control system that caused widespread flight delays on Saturday, with potential sabotage being scrutinised.<br>- The outage was attributed to an unspecified technical malfunction, not a cyberattack, but national security services are looking for signs of sabotage given Poland's heightened alert over suspected Russian-linked acts.<br>- This incident follows previous accusations by Poland against Moscow for "air terror" operations and involvement in a 2023 shopping centre fire, highlighting ongoing hybrid threats in the region.<br>🗞️ The Record | <a href="https://therecord.media/poland-investigates-potential-sabotage-air-traffic-control" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">therecord.media/poland-investi</span><span class="invisible">gates-potential-sabotage-air-traffic-control</span></a></p><p>Alaska Airlines Grounds Fleet Due to IT Issue ✈️<br>- Alaska Airlines temporarily grounded its fleet due to an unspecified IT issue, causing significant operational disruption.<br>- While the nature of the incident is unconfirmed, the Scattered Spider ransomware gang, known for targeting airlines, is an obvious suspect, especially given recent incidents affecting Hawaiian Airlines (owned by Alaska), Qantas, and Air Serbia.<br>- The airline has apologised for the inconvenience and is working to resolve the issues, advising customers to check flight status before heading to the airport.<br>🕵🏼 The Register | <a href="https://go.theregister.com/feed/www.theregister.com/2025/07/21/alaska_airlines_it_incident_grounding/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">go.theregister.com/feed/www.th</span><span class="invisible">eregister.com/2025/07/21/alaska_airlines_it_incident_grounding/</span></a></p><p>Indian Crypto Exchange CoinDCX Suffers $44M Theft 💰<br>- Indian cryptocurrency exchange CoinDCX confirmed a theft of over $44 million worth of USDC and USDT from one of its internal operational accounts over the weekend.<br>- User funds were not impacted as operational accounts are segregated from customer wallets, and CoinDCX is absorbing the losses from its own treasury reserves.<br>- The company is investigating, patching vulnerabilities, and tracing the stolen funds, offering a bug bounty program and up to 25% of recovered funds for assistance.<br>🗞️ The Record | <a href="https://therecord.media/indian-crypto-dcx-millions-stolen" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">therecord.media/indian-crypto-</span><span class="invisible">dcx-millions-stolen</span></a></p><p>Dell Product Demo Platform Breached 💻<br>- Dell confirmed a breach of its "Solution Center" product demonstration platform by a threat actor, but stated that no sensitive customer or partner information was involved.<br>- The platform is intentionally separated from Dell's main networks and customer systems, and the data contained is primarily synthetic or publicly available test data.<br>- The WorldLeaks ransomware gang (a revamp of Hunters International) has claimed responsibility for the incident, which Dell says had limited impact.<br>🗞️ The Record | <a href="https://therecord.media/hackers-hit-dell-product-demo-platform-limited-impact" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">therecord.media/hackers-hit-de</span><span class="invisible">ll-product-demo-platform-limited-impact</span></a></p><p>Dior Notifies US Customers of Data Breach 🛍️<br>- The luxury fashion house Dior is sending data breach notifications to US customers following a cybersecurity incident on January 26, 2025, discovered on May 7, 2025.<br>- Exposed information includes full names, contact details, physical addresses, dates of birth, and in some cases, passport/government ID numbers and Social Security Numbers. No payment details were compromised.<br>- This incident is believed to be linked to the ShinyHunters extortion group, which previously breached a third-party vendor affecting other LVMH brands like Louis Vuitton.<br>🤖 Bleeping Computer | <a href="https://www.bleepingcomputer.com/news/security/dior-begins-sending-data-breach-notifications-to-us-customers/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/dior-begins-sending-data-breach-notifications-to-us-customers/</span></a></p><p>Ring Denies Breach Amid Suspicious Login Reports 🏠<br>- Ring is attributing a surge in suspicious login reports from May 28th to a "backend update bug" that incorrectly displays prior login dates and devices.<br>- However, many customers are disputing Ring's explanation, reporting unknown devices, strange IP addresses, and countries they've never visited, along with unreceived MFA prompts and live view activity when no one accessed the app.<br>- Users are advised to review authorized devices in the Control Center, remove unrecognized entries, change passwords, and enable two-factor authentication.<br>🤖 Bleeping Computer | <a href="https://www.bleepingcomputer.com/news/security/ring-denies-breach-after-users-report-suspicious-logins/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/ring-denies-breach-after-users-report-suspicious-logins/</span></a></p><p>Arizona Election Website Defaced, CISA Criticised 🗳️<br>- Arizona election officials reported a hack on a statewide online portal for political candidates, resulting in the defacement of candidate photos with images of the late Iranian Ayatollah Ruhollah Khomeini.<br>- The attack, which occurred after US bombings of Iranian nuclear sites, involved uploading an image file containing a Base64-encoded PowerShell script to take over the server. Officials believe it was pro-Iranian interests.<br>- Arizona's Secretary of State criticised CISA, claiming the agency has been "weakened and politicized" under the current administration, leading to a loss of confidence in federal election security support.<br>🤫 CyberScoop | <a href="https://cyberscoop.com/arizona-secretary-of-state-website-hack-candidate-portal-criticizes-cisa/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">cyberscoop.com/arizona-secreta</span><span class="invisible">ry-of-state-website-hack-candidate-portal-criticizes-cisa/</span></a></p><p>New Iranian Android Spyware Discovered 📱<br>- Lookout security researchers have discovered four new samples of DCHSpy Android spyware, linked to the Iranian Ministry of Intelligence and Security (MOIS), surfacing shortly after the Iran-Israel conflict began.<br>- Disguised as VPN apps (Earth VPN, Comodo VPN), the malware collects WhatsApp data, records audio/video, and exfiltrates sensitive files, indicating continued development and usage by the MuddyWater espionage group.<br>- The distribution via Telegram channels, sometimes using "Starlink" lures, suggests targeting Iranian dissidents, activists, and journalists, highlighting the MOIS's efforts to surveil citizens.<br>🕵🏼 The Register | <a href="https://go.theregister.com/feed/www.theregister.com/2025/07/21/muddywaters_android_iran/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">go.theregister.com/feed/www.th</span><span class="invisible">eregister.com/2025/07/21/muddywaters_android_iran/</span></a></p><p>ExpressVPN Fixes RDP IP Leak Bug 🔒<br>- ExpressVPN has patched a flaw in its Windows client (versions 12.97 to 12.101.0.2-beta) that caused Remote Desktop Protocol (RDP) traffic to bypass the VPN tunnel, exposing users' real IP addresses.<br>- The issue stemmed from debug code mistakenly included in production builds. While encryption wasn't compromised, RDP traffic was visible to observers like ISPs.<br>- Users are advised to upgrade to version 12.101.0.45 immediately. ExpressVPN states the risk was low for typical consumers as RDP is primarily used by IT admins and enterprises.<br>🤖 Bleeping Computer | <a href="https://www.bleepingcomputer.com/news/security/expressvpn-bug-leaked-user-ips-in-remote-desktop-sessions/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/expressvpn-bug-leaked-user-ips-in-remote-desktop-sessions/</span></a></p><p>US Cyber Posture Shift: From Defense to Offense 🇺🇸<br>- The US is reportedly shifting its cyber posture towards more robust offensive operations, backed by a proposed $1 billion cyber initiative under the 2026 National Defense Authorization Act (NDAA).<br>- This pivot is driven by a changing threat landscape where adversaries like China's Volt Typhoon and Russia's campaigns are actively preparing for conflict and disruption, not just espionage.<br>- The argument is that a defensive-only approach has emboldened adversaries, and a more muscular cyber posture, integrating offensive capabilities with military and intelligence operations, is necessary for deterrence and to impose costs.<br>🤫 CyberScoop | <a href="https://cyberscoop.com/us-offensive-cyber-operations-2025-defense-shift-op-ed/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">cyberscoop.com/us-offensive-cy</span><span class="invisible">ber-operations-2025-defense-shift-op-ed/</span></a></p><p><a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/ThreatIntelligence" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatIntelligence</span></a> <a href="https://infosec.exchange/tags/ZeroDay" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ZeroDay</span></a> <a href="https://infosec.exchange/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Vulnerability</span></a> <a href="https://infosec.exchange/tags/RCE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RCE</span></a> <a href="https://infosec.exchange/tags/SharePoint" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SharePoint</span></a> <a href="https://infosec.exchange/tags/CrushFTP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CrushFTP</span></a> <a href="https://infosec.exchange/tags/CyberAttack" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberAttack</span></a> <a href="https://infosec.exchange/tags/DataBreach" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DataBreach</span></a> <a href="https://infosec.exchange/tags/Ransomware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Ransomware</span></a> <a href="https://infosec.exchange/tags/Spyware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Spyware</span></a> <a href="https://infosec.exchange/tags/NationState" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NationState</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://infosec.exchange/tags/IncidentResponse" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IncidentResponse</span></a> <a href="https://infosec.exchange/tags/CyberWarfare" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberWarfare</span></a></p>
Opalsec :verified:<p>Morning, cyber pros! ☕ It's been a bit quiet over the last 24 hours, but we've still got some critical updates to chew on, including a nasty SharePoint zero-day, new GRU malware, and a warning about hardcoded credentials in Aruba access points. Let's dive in:</p><p>SharePoint Zero-Day Under Active RCE Exploitation ⚠️</p><p>- A critical zero-day, CVE-2025-53770, in Microsoft SharePoint Server is being actively exploited for Remote Code Execution (RCE) since at least July 18th, with over 75 organisations already compromised.<br>- This flaw is a variant of CVE-2025-49706, part of the "ToolShell" chain demonstrated at Pwn2Own Berlin, and allows attackers to steal the server's MachineKey configuration to craft valid ViewState payloads for RCE.<br>- No patch is available yet, but Microsoft recommends enabling AMSI integration (default since Sep 2023 updates for SharePoint Server 2016/2019/Subscription Edition) and deploying Defender AV. If AMSI isn't an option, disconnect servers from the internet. Check for `C:\PROGRA~1\COMMON~1\MICROS~1\WEBSER~1\16\TEMPLATE\LAYOUTS\spinstall0.aspx` and specific IIS log entries as IOCs.</p><p>🤖 Bleeping Computer | <a href="https://www.bleepingcomputer.com/news/microsoft/microsoft-sharepoint-zero-day-exploited-in-rce-attacks-no-patch-available/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/micr</span><span class="invisible">osoft/microsoft-sharepoint-zero-day-exploited-in-rce-attacks-no-patch-available/</span></a></p><p>UK Sanctions GRU, Uncovers New Microsoft Credential Stealer 🛡️</p><p>- The UK government has sanctioned three GRU units (26165, 29155, 74455) and several individuals for a sustained campaign of malicious cyber activity, including targeting logistics providers and using cyber reconnaissance for missile strikes in Ukraine.<br>- Specifically, GRU's APT28 (Fancy Bear/Forest Blizzard, Unit 26165) is attributed to deploying "Authentic Antics," a novel Windows malware that steals Microsoft email credentials and OAuth tokens by displaying fake login prompts.<br>- Authentic Antics also exfiltrates victim data by sending emails from the compromised account to an actor-controlled address without appearing in the 'sent' folder, highlighting the sophistication and stealth of GRU operations.</p><p>🕵🏼 The Register | <a href="https://go.theregister.com/feed/www.theregister.com/2025/07/20/uk_microsoft_snooping_russia/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">go.theregister.com/feed/www.th</span><span class="invisible">eregister.com/2025/07/20/uk_microsoft_snooping_russia/</span></a></p><p>HPE Warns of Hardcoded Passwords in Aruba Access Points 🔒</p><p>- HPE has issued a critical warning (CVE-2025-37103, CVSS 9.8) regarding hardcoded administrative credentials in Aruba Instant On Access Points running firmware version 3.2.0.1 and below.<br>- This vulnerability allows remote attackers to bypass authentication and gain full administrative access to the web interface, enabling configuration changes, backdoor installation, or traffic surveillance.<br>- A second high-severity flaw, CVE-2025-37102, an authenticated command injection, can be chained with the hardcoded password vulnerability for further compromise. Immediate upgrade to firmware version 3.2.1.0 or newer is recommended as no workarounds are available.</p><p>🤖 Bleeping Computer | <a href="https://www.bleepingcomputer.com/news/security/hpe-warns-of-hardcoded-passwords-in-aruba-access-points/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/hpe-warns-of-hardcoded-passwords-in-aruba-access-points/</span></a></p><p><a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/ThreatIntelligence" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatIntelligence</span></a> <a href="https://infosec.exchange/tags/ZeroDay" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ZeroDay</span></a> <a href="https://infosec.exchange/tags/RCE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RCE</span></a> <a href="https://infosec.exchange/tags/SharePoint" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SharePoint</span></a> <a href="https://infosec.exchange/tags/NationState" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NationState</span></a> <a href="https://infosec.exchange/tags/APT28" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>APT28</span></a> <a href="https://infosec.exchange/tags/GRU" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GRU</span></a> <a href="https://infosec.exchange/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Malware</span></a> <a href="https://infosec.exchange/tags/AuthenticAntics" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AuthenticAntics</span></a> <a href="https://infosec.exchange/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Vulnerability</span></a> <a href="https://infosec.exchange/tags/HardcodedCredentials" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HardcodedCredentials</span></a> <a href="https://infosec.exchange/tags/Aruba" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Aruba</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://infosec.exchange/tags/CyberAttack" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberAttack</span></a> <a href="https://infosec.exchange/tags/IncidentResponse" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IncidentResponse</span></a></p>
Opalsec :verified:<p>Alright team, a busy 24 hours in the cyber world! We've got some significant updates on nation-state activity, a couple of actively exploited vulnerabilities, a new ransomware decryptor, and a reminder about the ever-evolving privacy landscape. Let's dive in.</p><p>Russian Alcohol Retailer Hit by Ransomware ⚠️</p><p>- WineLab, a major Russian alcohol retailer and part of Novabev Group, has shut down its stores and online operations following a cyberattack.<br>- The company confirmed a ransom demand was made but stated they would not comply, indicating potential data theft or system encryption.<br>- While most major Russian-origin ransomware groups typically avoid targeting entities within Russia or CIS, this incident highlights a growing trend of smaller RaaS operations or non-Russian actors breaching such targets.</p><p>🤖 Bleeping Computer | <a href="https://www.bleepingcomputer.com/news/security/russian-alcohol-retailer-winelab-closes-stores-after-ransomware-attack/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/russian-alcohol-retailer-winelab-closes-stores-after-ransomware-attack/</span></a></p><p>Actively Exploited Vulnerabilities</p><p>CrushFTP Zero-Day Under Active Exploitation 🛡️</p><p>- CrushFTP is warning customers about a zero-day vulnerability, CVE-2025-54309, actively exploited to gain administrative access via the web interface.<br>- The flaw affects versions prior to CrushFTP v10.8.5 and v11.3.4_23, with exploitation detected since July 18th, potentially earlier.<br>- Indicators of compromise include unexpected entries in MainUsers/default/user.XML and new, unrecognised admin-level usernames like "7a0d26089ac528941bf8cb998d97f408m". Admins should review logs and consider IP whitelisting or DMZ instances.</p><p>🤖 Bleeping Computer | <a href="https://www.bleepingcomputer.com/news/security/crushftp-zero-day-exploited-to-gain-admin-access-on-servers/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/crushftp-zero-day-exploited-to-gain-admin-access-on-servers/</span></a></p><p>Hackers Scanning for TeleMessage Signal Clone Flaw 🔒</p><p>- Researchers are observing active exploitation attempts for CVE-2025-48927 in the TeleMessage SGNL app, a Signal clone, which can expose usernames, passwords, and other sensitive data.<br>- The vulnerability stems from exposing the '/heapdump' endpoint from Spring Boot Actuator without authentication, allowing attackers to download a full Java heap memory dump.<br>- Organisations using on-premise installations of TeleMessage SGNL should immediately disable or restrict access to the '/heapdump' endpoint and limit exposure of all Actuator endpoints.</p><p>🤖 Bleeping Computer | <a href="https://www.bleepingcomputer.com/news/security/hackers-scanning-for-telemessage-signal-clone-flaw-exposing-passwords/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/hackers-scanning-for-telemessage-signal-clone-flaw-exposing-passwords/</span></a></p><p>Nation-State Activity, Malware, and Ransomware Updates</p><p>UK Sanctions Russian GRU for Cyber Operations and Murders 🚨</p><p>- The UK government has sanctioned 18 Russian military intelligence officers and three GRU units (26165, 29155, 74455) for cyber reconnaissance operations linked to civilian targeting in Ukraine and destabilisation efforts in Europe.<br>- Unit 26165 (Fancy Bear/APT28) is specifically attributed to deploying 'Authentic Antics' malware, a sophisticated credential stealer for Microsoft 365 accounts that exfiltrates data by sending emails from the victim's own account without appearing in the sent folder.<br>- This action underscores the UK's commitment to exposing and countering hybrid threats, with international allies like the EU and NATO issuing solidarity statements.</p><p>🗞️ The Record | <a href="https://therecord.media/uk-sanctions-gru-personnel-accused-murder-civilians-ukraine" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">therecord.media/uk-sanctions-g</span><span class="invisible">ru-personnel-accused-murder-civilians-ukraine</span></a><br>🤫 CyberScoop | <a href="https://cyberscoop.com/uk-sanctions-russian-hackers-spies-as-us-weighs-its-own-punishments-for-russia/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">cyberscoop.com/uk-sanctions-ru</span><span class="invisible">ssian-hackers-spies-as-us-weighs-its-own-punishments-for-russia/</span></a><br>🤖 Bleeping Computer | <a href="https://www.bleepingcomputer.com/news/security/uk-ties-russian-gru-to-authentic-antics-credential-stealing-malware/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/uk-ties-russian-gru-to-authentic-antics-credential-stealing-malware/</span></a></p><p>Singapore Accuses Chinese APT of Critical Infrastructure Attacks 🇨🇳</p><p>- Singapore's Minister for National Security, K. Shanmugam, has publicly accused Chinese espionage group UNC3886 of actively targeting the nation's critical infrastructure.<br>- UNC3886 is known for exploiting routers and network security devices (like Juniper, Fortinet, VMware) to deploy custom backdoors, focusing on stealth and long-term persistence in defence, technology, and telecommunication sectors.<br>- This ongoing threat highlights the potential for cascading impacts on business operations and supply chains, urging a re-evaluation of vendor trust and system security.</p><p>🗞️ The Record | <a href="https://therecord.media/singapore-accuses-chinese-backed-hackers-critical-infrastructure-attacks" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">therecord.media/singapore-accu</span><span class="invisible">ses-chinese-backed-hackers-critical-infrastructure-attacks</span></a></p><p>Free Decryptor Released for Phobos and 8Base Ransomware 🔓</p><p>- The Japanese National Police Agency, in collaboration with Europol and the FBI, has released a free decryptor for victims of Phobos and its spin-off, 8Base ransomware.<br>- This tool supports files encrypted with extensions like ".phobos", ".8base", ".elbie", ".faust", and ".LIZARD", and is believed to be possible due to information obtained during recent law enforcement disruptions and arrests of key operators.<br>- Victims are strongly encouraged to try the decryptor, available on the Japanese police website and NoMoreRansom platform, even if their file extensions aren't explicitly listed, as it has been confirmed to successfully decrypt files from recent variants.</p><p>🤖 Bleeping Computer | <a href="https://www.bleepingcomputer.com/news/security/new-phobos-ransomware-decryptor-lets-victims-recover-files-for-free/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/new-phobos-ransomware-decryptor-lets-victims-recover-files-for-free/</span></a><br>🗞️ The Record | <a href="https://therecord.media/decryptor-phobos-8base-ransomware-japan-national-police" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">therecord.media/decryptor-phob</span><span class="invisible">os-8base-ransomware-japan-national-police</span></a></p><p>Arch Linux AUR Packages Spread Chaos RAT Malware 🐧</p><p>- Arch Linux has removed three malicious packages ("librewolf-fix-bin", "firefox-patch-bin", "zen-browser-patched-bin") from its Arch User Repository (AUR) that were installing the CHAOS remote access trojan (RAT).<br>- The packages, uploaded by user "danikpapas", contained a source entry pointing to a GitHub repository with malicious code executed during the build/installation phase.<br>- Users who installed these packages should immediately check for and delete a suspicious "systemd-initd" executable, potentially located in the /tmp folder, and take further measures to ensure their systems are not compromised.</p><p>🤖 Bleeping Computer | <a href="https://www.bleepingcomputer.com/news/security/arch-linux-pulls-aur-packages-that-installed-chaos-rat-malware/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/arch-linux-pulls-aur-packages-that-installed-chaos-rat-malware/</span></a></p><p>Social Engineering and AI: The New Zero-Day? 🧠</p><p>- Former IDF cyber chief Ariel Parnes highlights that social engineering, rather than zero-days, is increasingly the primary concern for cyber defenders, as demonstrated by groups like Scattered Spider and Iranian APTs.<br>- Generative AI significantly enhances social engineering capabilities by automating reconnaissance and enabling the creation of highly convincing phishing emails, fake documents, and spoofed websites at scale.<br>- This shift means attackers don't need advanced cyber weapons; they just need to understand target organisations, people, language, and culture, making the threat more scalable and effective.</p><p>🕵🏼 The Register | <a href="https://go.theregister.com/feed/www.theregister.com/2025/07/19/idf_cyber_chief_iran/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">go.theregister.com/feed/www.th</span><span class="invisible">eregister.com/2025/07/19/idf_cyber_chief_iran/</span></a></p><p>Data Privacy and AI Terms of Service</p><p>AI and Terms of Service: A Privacy Minefield ⚖️</p><p>- Companies integrating AI are updating their Terms of Service (ToS), causing user backlash over data usage for AI model training, as seen with WeTransfer.<br>- WeTransfer faced significant user anger after a ToS change granted broad licensing permissions for content, including for "improving performance of machine learning models," despite denying intent to use files for AI training.<br>- This incident highlights the "AI trust crisis" where users are wary of how their data is used, underscoring the need for clear, transparent communication from companies regarding AI features and data handling.</p><p>🕵🏼 The Register | <a href="https://go.theregister.com/feed/www.theregister.com/2025/07/18/llm_products_terms_of_service/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">go.theregister.com/feed/www.th</span><span class="invisible">eregister.com/2025/07/18/llm_products_terms_of_service/</span></a></p><p><a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/ThreatIntelligence" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatIntelligence</span></a> <a href="https://infosec.exchange/tags/Ransomware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Ransomware</span></a> <a href="https://infosec.exchange/tags/NationState" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NationState</span></a> <a href="https://infosec.exchange/tags/APT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>APT</span></a> <a href="https://infosec.exchange/tags/ZeroDay" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ZeroDay</span></a> <a href="https://infosec.exchange/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Vulnerability</span></a> <a href="https://infosec.exchange/tags/SocialEngineering" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SocialEngineering</span></a> <a href="https://infosec.exchange/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AI</span></a> <a href="https://infosec.exchange/tags/DataPrivacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DataPrivacy</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://infosec.exchange/tags/CyberAttack" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberAttack</span></a> <a href="https://infosec.exchange/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Malware</span></a> <a href="https://infosec.exchange/tags/IncidentResponse" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IncidentResponse</span></a></p>
Pyrzout :vm:<p>China’s Salt Typhoon Hacked US National Guard – Source: www.securityweek.com <a href="https://ciso2ciso.com/chinas-salt-typhoon-hacked-us-national-guard-source-www-securityweek-com/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">ciso2ciso.com/chinas-salt-typh</span><span class="invisible">oon-hacked-us-national-guard-source-www-securityweek-com/</span></a> <a href="https://social.skynetcloud.site/tags/rssfeedpostgeneratorecho" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rssfeedpostgeneratorecho</span></a> <a href="https://social.skynetcloud.site/tags/CyberSecurityNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurityNews</span></a> <a href="https://social.skynetcloud.site/tags/securityweekcom" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>securityweekcom</span></a> <a href="https://social.skynetcloud.site/tags/NationalGuard" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NationalGuard</span></a> <a href="https://social.skynetcloud.site/tags/securityweek" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>securityweek</span></a> <a href="https://social.skynetcloud.site/tags/NationState" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NationState</span></a> <a href="https://social.skynetcloud.site/tags/SaltTyphoon" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SaltTyphoon</span></a> <a href="https://social.skynetcloud.site/tags/Government" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Government</span></a> <a href="https://social.skynetcloud.site/tags/ChinaAPT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ChinaAPT</span></a> <a href="https://social.skynetcloud.site/tags/FEATURED" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FEATURED</span></a> <a href="https://social.skynetcloud.site/tags/China" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>China</span></a></p>
RoundSparrow 🐦<p><span class="h-card" translate="no"><a href="https://mastodon.social/@RationalizedInsanity" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>RationalizedInsanity</span></a></span> </p><p>This is a <a href="https://mastodon.social/tags/Mastdon" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Mastdon</span></a> <a href="https://mastodon.social/tags/SocialMedia" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SocialMedia</span></a> <a href="https://mastodon.social/tags/Bully" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Bully</span></a> - a <a href="https://mastodon.social/tags/CyberBully" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberBully</span></a> </p><p>A CyberBully who is IGNORANT of <a href="https://mastodon.social/tags/Russian" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Russian</span></a> <a href="https://mastodon.social/tags/Putin" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Putin</span></a> <a href="https://mastodon.social/tags/Kremlin" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Kremlin</span></a> information warfare against Americans on social media</p><p>Not one of Rationalized Insanity Mastodon posts mentions <a href="https://mastodon.social/tags/NationState" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NationState</span></a> <a href="https://mastodon.social/tags/Military" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Military</span></a> warfare of <a href="https://mastodon.social/tags/Russia" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Russia</span></a> <a href="https://mastodon.social/tags/Putin" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Putin</span></a> information warfare.</p><p>A <a href="https://mastodon.social/tags/UsefulIdiot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>UsefulIdiot</span></a> <a href="https://mastodon.social/tags/American" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>American</span></a> <a href="https://mastodon.social/tags/USA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>USA</span></a> person who BELIEVES Russian Hate and attacks with Hate upon American USA humans.</p>
Pyrzout :vm:<p>Alleged Chinese State Hacker Wanted by US Arrested in Italy – Source: www.securityweek.com <a href="https://ciso2ciso.com/alleged-chinese-state-hacker-wanted-by-us-arrested-in-italy-source-www-securityweek-com/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">ciso2ciso.com/alleged-chinese-</span><span class="invisible">state-hacker-wanted-by-us-arrested-in-italy-source-www-securityweek-com/</span></a> <a href="https://social.skynetcloud.site/tags/rssfeedpostgeneratorecho" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rssfeedpostgeneratorecho</span></a> <a href="https://social.skynetcloud.site/tags/CyberSecurityNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurityNews</span></a> <a href="https://social.skynetcloud.site/tags/securityweekcom" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>securityweekcom</span></a> <a href="https://social.skynetcloud.site/tags/securityweek" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>securityweek</span></a> <a href="https://social.skynetcloud.site/tags/NationState" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NationState</span></a> <a href="https://social.skynetcloud.site/tags/SilkTyphoon" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SilkTyphoon</span></a> <a href="https://social.skynetcloud.site/tags/arrested" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>arrested</span></a> <a href="https://social.skynetcloud.site/tags/ChineAPT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ChineAPT</span></a> <a href="https://social.skynetcloud.site/tags/FEATURED" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FEATURED</span></a> <a href="https://social.skynetcloud.site/tags/charged" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>charged</span></a> <a href="https://social.skynetcloud.site/tags/hacker" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hacker</span></a> <a href="https://social.skynetcloud.site/tags/China" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>China</span></a></p>
fraggle<p>Chinese state-sponsored hackers known as Salt Typhoon pulled off one of the most significant espionage operations in recent history by infiltrating major U.S. telecommunications companies including AT&amp;T, Verizon, T-Mobile, and Lumen Technologies in December 2024. The hackers gained access to sensitive communications infrastructure, potentially intercepting calls, messages, and metadata from high-value targets including political figures and government officials. What made this breach particularly concerning was its scope and duration - the hackers had been inside these networks for months, possibly years, before detection. Senate Intelligence Committee Chair Mark Warner called it one of the most serious breaches he's ever seen. The operation demonstrates how nation-state actors are increasingly targeting critical communications infrastructure for long-term espionage campaigns.<br><a href="https://1.6.0.0.8.0.0.b.e.d.0.a.2.ip6.arpa/tags/salttyphoon" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>salttyphoon</span></a> <a href="https://1.6.0.0.8.0.0.b.e.d.0.a.2.ip6.arpa/tags/telecomhack" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>telecomhack</span></a> <a href="https://1.6.0.0.8.0.0.b.e.d.0.a.2.ip6.arpa/tags/cyberspying" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cyberspying</span></a> <a href="https://1.6.0.0.8.0.0.b.e.d.0.a.2.ip6.arpa/tags/nationstate" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>nationstate</span></a> <a href="https://1.6.0.0.8.0.0.b.e.d.0.a.2.ip6.arpa/tags/breach" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>breach</span></a></p>
Pyrzout :vm:<p>US Calls Reported Threats by Pro-Iran Hackers to Release Trump-Tied Material a ‘Smear Campaign’ – Source: www.securityweek.com <a href="https://ciso2ciso.com/us-calls-reported-threats-by-pro-iran-hackers-to-release-trump-tied-material-a-smear-campaign-source-www-securityweek-com/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">ciso2ciso.com/us-calls-reporte</span><span class="invisible">d-threats-by-pro-iran-hackers-to-release-trump-tied-material-a-smear-campaign-source-www-securityweek-com/</span></a> <a href="https://social.skynetcloud.site/tags/rssfeedpostgeneratorecho" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rssfeedpostgeneratorecho</span></a> <a href="https://social.skynetcloud.site/tags/CyberSecurityNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurityNews</span></a> <a href="https://social.skynetcloud.site/tags/securityweekcom" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>securityweekcom</span></a> <a href="https://social.skynetcloud.site/tags/securityweek" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>securityweek</span></a> <a href="https://social.skynetcloud.site/tags/NationState" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NationState</span></a> <a href="https://social.skynetcloud.site/tags/Iran" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Iran</span></a></p>
ginevra<p>Ah, frequency illusion bias/Baader-Meinhof phenomenon! I have been learning about the nation-state Treaty of Westphalia stuff.<br>I'm finding it a bit odd that I'm so late to learn about this ... is it less emphasised in Australia? Why is it emphasised in the US?<br>At my current stage of learning, Australia's self-definition feels heavily 'state', with any discussion of 'nation' often being tied to racism.<br>More to learn I guess!<br><a href="https://hachyderm.io/tags/NationState" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NationState</span></a> <a href="https://hachyderm.io/tags/TreatyOfWestphalia" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TreatyOfWestphalia</span></a></p>
Pyrzout :vm:<p>Russian APT Hits Ukrainian Government With New Malware via Signal <a href="https://www.securityweek.com/russian-apt-hits-ukrainian-government-with-new-malware-via-signal/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">securityweek.com/russian-apt-h</span><span class="invisible">its-ukrainian-government-with-new-malware-via-signal/</span></a> <a href="https://social.skynetcloud.site/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Malware</span></a>&amp;Threats <a href="https://social.skynetcloud.site/tags/NationState" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NationState</span></a> <a href="https://social.skynetcloud.site/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>malware</span></a> <a href="https://social.skynetcloud.site/tags/Ukraine" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Ukraine</span></a> <a href="https://social.skynetcloud.site/tags/Russia" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Russia</span></a> <a href="https://social.skynetcloud.site/tags/Signal" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Signal</span></a> <a href="https://social.skynetcloud.site/tags/APT28" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>APT28</span></a></p>
Pyrzout :vm:<p>Russian APT Hits Ukrainian Government With New Malware via Signal <a href="https://www.securityweek.com/russian-apt-hits-ukrainian-government-with-new-malware-via-signal/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">securityweek.com/russian-apt-h</span><span class="invisible">its-ukrainian-government-with-new-malware-via-signal/</span></a> <a href="https://social.skynetcloud.site/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Malware</span></a>&amp;Threats <a href="https://social.skynetcloud.site/tags/NationState" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NationState</span></a> <a href="https://social.skynetcloud.site/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>malware</span></a> <a href="https://social.skynetcloud.site/tags/Ukraine" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Ukraine</span></a> <a href="https://social.skynetcloud.site/tags/Russia" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Russia</span></a> <a href="https://social.skynetcloud.site/tags/Signal" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Signal</span></a> <a href="https://social.skynetcloud.site/tags/APT28" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>APT28</span></a></p>
Pyrzout :vm:<p>North Korean Hackers Take Over Victims’ Systems Using Zoom Meeting <a href="https://www.securityweek.com/north-korean-hackers-take-over-victims-systems-using-zoom-meeting/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">securityweek.com/north-korean-</span><span class="invisible">hackers-take-over-victims-systems-using-zoom-meeting/</span></a> <a href="https://social.skynetcloud.site/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Malware</span></a>&amp;Threats <a href="https://social.skynetcloud.site/tags/cryptocurrency" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cryptocurrency</span></a> <a href="https://social.skynetcloud.site/tags/NationState" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NationState</span></a> <a href="https://social.skynetcloud.site/tags/ZoomMeeting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ZoomMeeting</span></a> <a href="https://social.skynetcloud.site/tags/Cybercrime" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybercrime</span></a> <a href="https://social.skynetcloud.site/tags/BlueNoroff" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BlueNoroff</span></a> <a href="https://social.skynetcloud.site/tags/NorthKorea" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NorthKorea</span></a> <a href="https://social.skynetcloud.site/tags/DPRK" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DPRK</span></a> <a href="https://social.skynetcloud.site/tags/Zoom" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Zoom</span></a></p>
Pyrzout :vm:<p>North Korean Hackers Take Over Victims’ Systems Using Zoom Meeting <a href="https://www.securityweek.com/north-korean-hackers-take-over-victims-systems-using-zoom-meeting/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">securityweek.com/north-korean-</span><span class="invisible">hackers-take-over-victims-systems-using-zoom-meeting/</span></a> <a href="https://social.skynetcloud.site/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Malware</span></a>&amp;Threats <a href="https://social.skynetcloud.site/tags/cryptocurrency" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cryptocurrency</span></a> <a href="https://social.skynetcloud.site/tags/NationState" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NationState</span></a> <a href="https://social.skynetcloud.site/tags/ZoomMeeting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ZoomMeeting</span></a> <a href="https://social.skynetcloud.site/tags/Cybercrime" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybercrime</span></a> <a href="https://social.skynetcloud.site/tags/BlueNoroff" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BlueNoroff</span></a> <a href="https://social.skynetcloud.site/tags/NorthKorea" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NorthKorea</span></a> <a href="https://social.skynetcloud.site/tags/DPRK" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DPRK</span></a> <a href="https://social.skynetcloud.site/tags/Zoom" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Zoom</span></a></p>
Pyrzout :vm:<p>Predatory Sparrow Burns $90 Million on Iranian Crypto Exchange in Cyber Shadow War <a href="https://www.securityweek.com/predatory-sparrow-burns-90-million-on-iranian-crypto-exchange-in-cyber-shadow-war/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">securityweek.com/predatory-spa</span><span class="invisible">rrow-burns-90-million-on-iranian-crypto-exchange-in-cyber-shadow-war/</span></a> <a href="https://social.skynetcloud.site/tags/PredatorySparrow" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PredatorySparrow</span></a> <a href="https://social.skynetcloud.site/tags/DataBreaches" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DataBreaches</span></a> <a href="https://social.skynetcloud.site/tags/cyberwarfare" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cyberwarfare</span></a> <a href="https://social.skynetcloud.site/tags/NationState" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NationState</span></a> <a href="https://social.skynetcloud.site/tags/Government" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Government</span></a> <a href="https://social.skynetcloud.site/tags/bitcoin" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bitcoin</span></a> <a href="https://social.skynetcloud.site/tags/Nobitex" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Nobitex</span></a> <a href="https://social.skynetcloud.site/tags/Israel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Israel</span></a> <a href="https://social.skynetcloud.site/tags/Iran" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Iran</span></a></p>
Pyrzout :vm:<p>Predatory Sparrow Burns $90 Million on Iranian Crypto Exchange in Cyber Shadow War <a href="https://www.securityweek.com/predatory-sparrow-burns-90-million-on-iranian-crypto-exchange-in-cyber-shadow-war/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">securityweek.com/predatory-spa</span><span class="invisible">rrow-burns-90-million-on-iranian-crypto-exchange-in-cyber-shadow-war/</span></a> <a href="https://social.skynetcloud.site/tags/PredatorySparrow" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PredatorySparrow</span></a> <a href="https://social.skynetcloud.site/tags/DataBreaches" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DataBreaches</span></a> <a href="https://social.skynetcloud.site/tags/cyberwarfare" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cyberwarfare</span></a> <a href="https://social.skynetcloud.site/tags/NationState" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NationState</span></a> <a href="https://social.skynetcloud.site/tags/Government" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Government</span></a> <a href="https://social.skynetcloud.site/tags/bitcoin" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bitcoin</span></a> <a href="https://social.skynetcloud.site/tags/Nobitex" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Nobitex</span></a> <a href="https://social.skynetcloud.site/tags/Israel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Israel</span></a> <a href="https://social.skynetcloud.site/tags/Iran" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Iran</span></a></p>