Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab – Krebs on Security

Leaked technical documents show China rehearsing cyberattacks on neighbors’ critical infrastructure

Internal files describe a training platform as part of a large integrated system designed to allow attackers to practice hacking replicas of “the real network environments” of China’s “main operational opponents in the South China Sea and Indochina directions.”

Recorded Future Insikt Group August 2025 Report: 18 High-Impact Vulnerabilities Prioritized for Patching | Security Land

Recorded Future's August 2025 report flags 18 critical vulnerabilities, with Citrix and WinRAR exploits leading urgent patch calls.

Bulletproof Host Stark Industries Evades EU Sanctions – Krebs on Security

Bulletproof Host Stark Industries Evades EU Sanctions – Krebs on Security

The latest spin on the Home Office demand for a backdoor into Apple iCloud/iMessage storage is “…it’s not a backdoor, we just want existing exploitable weaknesses to NOT be removed”

Read the attached, and consider that the existing access mechanisms would ALSO remain available to malicious actors. They don’t want the architectural security holes to be bricked-up. It&#821…

Commentary: Just a little week-ender to share my discomfort about the use… | Alexander Martin | 24 comments

Commentary: Just a little week-ender to share my discomfort about the use of the phrase “back door” to describe the Technical Capability Notice regime under the Investigatory Powers Act. There’s been a lot of coverage following The Washington Post’s significant scoop about a TCN being issued to Apple. That, reportedly, came in response to the company’s decision to offer end-to-end-encryption for iCloud users back in 2022. I tried to address some of the more widespread errors here: https://lnkd.in/evhvvbd2 But my frustration with the phrase “back door” is how it misrepresents the British government’s intention. That intention is explicitly and intentionally to not create some kind of covert Top Secret capability to access encrypted data (e.g. one based on a cryptographic weakness only they know) and to not do so because such a weakness could be abused by malicious actors. Instead, the point of TCNs is just to ensure that existing access methods remain available… as they were with iCloud up until November 2022. If anyone is interested in getting into the specifics of the British approach, I wrote this story (https://lnkd.in/eD6H6MGp) back in 2020 based on sources involved in then-ongoing discussions between the British government and Facebook, and with U.S. Congress, about how the legal power could be used. Now, lawful access does still pose privacy problems and questions. But it is insincere or technically ignorant (and sadly the preferred tactic of several well-funded tech lobby groups) to use the phrase “back door” for this kind of access. It suggests those access methods have the same risk profile as ones based on cryptographic weaknesses. That is simply untrue. The keys remain managed by Apple, the warrants to access data are controlled by senior judges, courts, and the rule of law. It’s completely legitimate to worry about those judges and the courts and the rule of law — there are many examples in other domains of people abusing their authority — but that is a different problem set to the “back door” one. And why this matters is that governments are always going to pursue their national security objectives. If there is no lawful access mechanism allowing them to do so, then that’s a great incentive to actually try and develop bona fide “back door” access. That would leave us all less safe. That isn’t a radical opinion, it is the view of officials advocating for lawful access in the British government. I think it’s a strategic error to think of those officials as hostile to good security practices. That said, I may be wrong and am open to criticism. Your thoughts are welcome, whether publicly in the comments section or in confidence on Signal as per the attached image. 📧 [email protected] | 24 comments on LinkedIn

Russland verbannt Cybersecurity-Firma Recorded Future

Recorded Future wurde von der russischen Generalstaatsanwaltschaft als "unerwünschte Organisation" eingestuft.