🏛 𝗝𝘂𝗻𝗲 𝗶𝗻 𝗖𝘆𝗯𝗲𝗿𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗛𝗶𝘀𝘁𝗼𝗿𝘆 ⚔

Did you know that 2 of the most famous nation-state cyberattacks are connected to June?

On June 17, 2010, the #Stuxnet worm was first uncovered. Read more in 𝘾𝙤𝙪𝙣𝙩𝙙𝙤𝙬𝙣 𝙩𝙤 𝙕𝙚𝙧𝙤 𝘿𝙖𝙮, by Kim Zetter. @kimzetter
✍ https://tinyurl.com/5ymfkr8w

And on June 27, 2017, the #NotPetya global cyberattack began. Read more in 𝙎𝙖𝙣𝙙𝙬𝙤𝙧𝙢, by Andy Greenberg. @agreenberg
✍ https://tinyurl.com/34xpmpy8

#CybersecurityBooks

🕵🏻‍♂️ [InfoSec MASHUP] 21/2026 - The Supply Chain Didn't Break. It Was Walked.

This week's issue reads like a case study in cascade failure. A malicious VS Code extension on one #GitHub employee's device leads to 3,800 internal repositories exfiltrated — by #TeamPCP, the same group that poisoned 170 npm and #PyPI packages last week. #Grafana gets breached via a token nobody rotated after the TanStack attack, itself a TeamPCP operation. A GitHub Action used by thousands of projects gets compromised and starts exfiltrating CI/CD credentials. And somewhere in a public GitHub spreadsheet, CISA contractor credentials — including #AWS GovCloud keys — sat waiting to be found.

These aren't four separate incidents. They're one incident with four manifestations. The supply chain isn't a vector anymore; it's the terrain. Developer tooling, CI/CD pipelines, third-party actions, tokens issued and forgotten — all of it is now actively mapped and exploited with a persistence that makes the traditional "patch and move on" response look quaint. The Verizon DBIR dropped this week noting that third-party compromise is surging. The week's news was already illustrating the point before the report landed.

→ Week #21/2026 also covers: fast16 predated #Stuxnet and corrupted nuclear simulations quietly, #Pwn2Own Berlin paid $1.3M for 47 bugs, and #Bluesky got hijacked for Russian propaganda.

Full issue 👉 https://infosec-mashup.santolaria.net/p/infosec-mashup-21-2026-the-supply-chain-didn-t-break-it-was-walked

If you find it useful, subscribe to get it in your inbox every weekend 📨 #infosecMASHUP #cybersecurity #infosec #threatintel #AI

"Günstiger wird KI vermutlich nicht."

"Im Bund haben wir kritische Schwachstellen gefunden, die zum Teil mehr als 10 Jahre alt sind, und das in 16 Ministerien." (-> bereits bekannte und patchbare Schwachstellen)

https://frauen-technik.podigee.io/82-new-episode von @sveckert und @evawolfangel

#ki #stuxnet #HayaSchulmann #TheyTalkTech

Revisiting Stuxnet: Research Notes
Technical Analysis and Design Insights into the Loader

https://malwareanalysisspace.blogspot.com/2026/05/revisiting-stuxnet-research-notes.html

#Stuxnet #Loader

Hörempfehlung.

They Talk Tech – mit Eckert und @evawolfangel Teure KI und Schwachstellen-Hype - mit Cybersicherheitsforscherin Haya Schulmann

🕸️ https://frauen-technik.podigee.io/82-new-episode

My 2ct:

Toller Beitrag! Etwas fragwürdig imo der Versuch #Stuxnet zu legitimieren: Stuxnet war genauso Verstoß gegen Hacker-Ethik wie #APT28-Angriffe. Mir fehlen Hinweise auf "friendly Cyber-Sabotage" und moralische Scheuklappen - gerade bei Despoten wie #Trump, #Thiel & #Musk. LLMs & 0Days sind imho Teil digitaler #Geopolitik

Fast16 Malware Exposes Pre-Stuxnet Cyber Warfare Roots

Meet fast16, a sneaky malware framework that's been around since 2005 - five years before the infamous Stuxnet - and is designed to quietly sabotage high-precision software by subtly altering numerical results. This stealthy approach can cause systems to fail, wear out faster, or produce false conclusions, making it a chilling…

https://osintsights.com/fast16-malware-exposes-pre-stuxnet-cyber-warfare-roots?utm_source=mastodon&utm_medium=social

#IndustrialControlSystems #MalwareOperations #NationState #CyberWarfare #Stuxnet