❗️On 11 July 2024, Belgian police found a dead body on a forest trail.

Initially, they thought it was suicide, but forensic investigation indicated homicide.

The suspected murderer was arrested and later released. He was using a GrapheneOS phone, which he claims did not work as intended.

He says he gave the duress PIN, but the device did not wipe itself, allowing law enforcement to access his data.

One year later, the suspect is summoned to appear at the police station in Antwerp, Belgium, on suspicion of premeditated murder.

Using the dates of the premeditated murder in the document he shared, we were able to find and confirm that this is the case.

‼️🇮🇱 Smartphones worldwide were silently infected with Israeli malware via malicious ads

Simply viewing their ads was enough to get infected.

Surveillance company Intellexa gained full access to cameras, microphones, chat apps, emails, GPS locations, photos, files, and browsing activity.

Internal leaked company documents, sales and marketing materials, as well as training videos from the “Intellexa Leaks” investigation provide a never-before-seen glimpse into the internal operations of a mercenary spyware company focused on exploiting vulnerabilities in mobile devices to enable targeted surveillance attacks on human rights defenders, journalists, and members of civil society.

In an attempt to hide the spyware operator's identity, all data is relayed through a chain of anonymization servers called the “CNC Anonymization Network.”

Since the spyware relies on browser exploits, the operator must trick the victim into opening the malicious link; if the link is not opened, infection fails.

Each time a one-click attack link is sent, it risks exposing the operator, as a suspicious target may share it with forensic experts, revealing the attack and potentially the operator.

‼️🇰🇵 Meet North Korean recruiter 'Aaron,' who infiltrates Western companies by using AI and posing as a remote IT worker using stolen or rented identities.

He was lured into a sandbox by researchers, who observed the wild APT in a controlled setting to see what he would do.

He wanders around the web sending messages to people like "I’d like to offer your an opportunity that I think could be interesting.".. Turns out @MauroEldritch likes opportunities.

Aaron then asks the "legit" worker to download AnyDesk.

‼️ This is a story about a dev who got a job interview at xAI, where they stripped him of his knowledge about how he used the user X API to create two impressive projects, hence the job interview.

After they got what they wanted, X sent a cease and desist, and told him he wasn’t hired.

Despite the developer being open about his project with X employees from the beginning, and getting a job interview and vouch because of it, Nikita Bier mocked him after he was sent a cease and desist.

Nikita deleted the post, but we still have a copy:

The developer @seloesque, behind the popular sites xglobalrank.com and x-graphs.com, didn’t understand why X did this. He was always transparent and communicative with X employees: he created these projects to land a job at xAI.

‼️ Secret Chinese documents have been leaked, revealing their internal cyberwarfare training program.

The documents show a focus on products from Cisco, Fortinet, WatchGuard, and Juniper as primary operational targets.

China has built digital cyber ranges that allow operatives to practice on infrastructure closely resembling the critical digital infrastructure of major adversaries.

The documents show a network operations training environment capable of supporting 300 users and 10,000 concurrent connections. It includes DNS gateways, a URL classification database with 100 million entries, and support for 50,000 concurrent connections.

The introduction page describes a network setup with distinct separation between an “internal” system and several “external” components.

‼️ China's largest cybersecurity firm, Knownsec, was breached, exposing details of China's state cyber operations.

The data includes cyberweapon documentation, internal hacking tool source code, and global target lists covering over 20 countries, including Japan, Vietnam, and India.

A spreadsheet lists 80 hacked foreign organizations, plus evidence of 95 GB of stolen Indian immigration data and 3 TB of call records from South Korean mobile operator LG U Plus.

One of the documents mention a malicious power bank, disguised as a charging device.

Knownsec is key to China's cybersecurity, providing advanced defense and offensive capabilities, including espionage tools.

A thread with their tools 🧵

ZoomEye

A global search engine similar to Shodan or Censys, lists vulnerabilities for each host. It claims to scan the entire IPv4 address range in 7-10 days.

Windows Trojan / Remote control