This dumb password rule is from Pole-Emploi.

Password must contain at least one letter, one number and one character from `&-_@*%=.,;:!?` only.
It rejected passwords generated by pass, while accepting `p@ssw0rd!`...
They also block pasting on the password confirmation field,
forcing you to manually type your 32-letters-long generated passwo...

https://dumbpasswordrules.com/sites/pole-emploi/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Security News This Week: LastPass Users Had Their Data Stolen—Again

https://fed.brid.gy/r/https://www.wired.com/story/security-news-this-week-lastpass-users-had-their-data-stolen-again/

Sicherheit

Datensicherung zurück holen
https://forum.ubuntuusers.de/topic/datensicherung-zurueck-holen/
27.06.2026 um 13:05 Uhr

#ubuntuusers #forumuu #linux #opensource #fragenistmenschlich #security #passwort #passwords #firewall #data #verschlusselung #encryption

This dumb password rule is from Onleihe.

Password is your birthday in format ddmmyyyy. Users are not allowed to change their passwords

https://dumbpasswordrules.com/sites/onleihe/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Sears.

"cAsE sensitive, no spaces, ! or ?
8 characters min - 1 letter, 1 number
Can't repeat same character more than 3 times in a row
Cannot be or contain your username or email address"

https://dumbpasswordrules.com/sites/sears/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Brute force doesn’t guess — it grinds through every possible password until one works.

Short and simple passwords can fall fast. Add length, complexity, and variety, and cracking time jumps from minutes to years or beyond.

Here is why strong passwords still matter 😎👇

Find a high-res pdf book with all my cybersecurity related infographics from https://study-notes.org

#cybersecurity #infosec #informationsecurity #passwords #pentesting

This dumb password rule is from Premera Blue Cross.

Password must contain 8-30 characters, including one letter and one number.
"Special characters allowed" seems to mean a very small handful of choices you can only find through trial and error `-_'.@`

https://dumbpasswordrules.com/sites/premera-blue-cross/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

ClickFix campaign delivers macOS infostealer via DMG

A new macOS ClickFix campaign employs fake CAPTCHA pages to deceive users into executing malicious Terminal commands. The attack chain downloads and invisibly mounts a DMG file containing a self-signed information-stealer application bundle. This payload, assessed as belonging to the AMOS (Atomic macOS Stealer) lineage—specifically the Odyssey variant—prompts users for passwords through fake System Preferences dialogs. The stealer harvests extensive data including browser credentials, cryptocurrency wallet information from 13 standalone applications and 201 browser extensions, messaging app data, Apple Notes, Safari cookies, and macOS keychain entries. Exfiltrated data is compressed and sent to two command-and-control servers. The malware establishes persistence via LaunchAgent and trojanizes legitimate cryptocurrency applications including Ledger Live and Trezor Suite, replacing them with compromised versions downloaded from attacker infrastructure.

Pulse ID: 6a3d42cc11f8fec9a3aab237
Pulse Link: https://otx.alienvault.com/pulse/6a3d42cc11f8fec9a3aab237
Pulse Author: AlienVault
Created: 2026-06-25 15:01:32

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#AMOS #Atomic #Browser #CAPTCHA #Cookies #CyberSecurity #ELF #Edge #InfoSec #InfoStealer #Mac #MacOS #Malware #OTX #OpenThreatExchange #Password #Passwords #RAT #Safari #Trojan #Word #bot #cryptocurrency #AlienVault

Zero-Day Exploitation of Vulnerability (CVE-2026-20245) in Cisco Catalyst SD-WAN Manager

In early 2026, a threat actor targeted SD-WAN infrastructure at a service provider, exploiting a zero-day vulnerability in Cisco Catalyst SD-WAN to escalate privileges. The attacker initially gained access through unauthorized peering connections and manipulated default account passwords. They then exploited CVE-2026-20245, a privilege escalation flaw in the file upload feature, by uploading a malicious CSV file to achieve root-level access. The vulnerability allowed the creation of a privileged user account through manipulation of system password files. Throughout the intrusion, the threat actor employed extensive anti-forensic techniques, systematically deleting malicious files, restoring modified system configurations, and executing validation scripts to ensure removal of indicators. This campaign demonstrates the living off the edge paradigm, where adversaries compromise network appliances to bypass traditional security perimeters and maintain persistent access.

Pulse ID: 6a3d476551c12310394b4adc
Pulse Link: https://otx.alienvault.com/pulse/6a3d476551c12310394b4adc
Pulse Author: AlienVault
Created: 2026-06-25 15:21:09

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Cisco #CyberSecurity #Edge #InfoSec #OTX #OpenThreatExchange #Password #Passwords #RAT #Vulnerability #Word #ZeroDay #bot #AlienVault

This dumb password rule is from Hetzner.

- 8 or more characters
- At least one uppercase and one lowercase letter
- At least one number or special character

Okay, fair enough, but after putting in a password with some special characters this message appears:
- Invalid characters, allowed are: A-Z a-z 0-9 ä ö ü ß Ä Ö Ü ^ ! $ % / ( ) = ?...

https://dumbpasswordrules.com/sites/hetzner/

#password #passwords #infosec #cybersecurity #dumbpasswordrules