Mastodawn

So @xaitax has cracked Microsoft Recall, he's got access to the encrypted database and has automated dumping of screenshots and all text from screenshots.

I've looked at most recent Recall and yep, you can just read the database as a user process. The database also contains all manner of fields which aren't publicly disclosed for tracking the user's activity.

No AV or EDR alerts triggered, world's #1 in infostealer 😅

* you can just read it in plain text

Cirio Mar 10

Merill Fernando

Mar 10

Microsoft Authenticator is about to wipe work accounts from jailbroken/rooted phones automatically 👏.

No IT config needed. 🔥

3-phase rollout starting Feb 2026:
⚠️ Warn → 🚫 Block → 🗑️ Wipe

Let your help desk and security teams know.

🔗 https://support.microsoft.com/en-us/account-billing/jailbreak-root-detection-in-microsoft-authenticator-9f0431bd-675a-4f2d-b8fb-7acd18deaadc

Cirio Mar 10

Kevin Rothrock Mar 10

A mass hacking campaign targeting iPhone users in Ukraine & China used tools that were likely designed by U.S. military contractor L3Harris. Intended for Western spies, the tools "wound up in the hands of various hacking groups, including Russian govt spooks & Chinese cybercriminals." https://techcrunch.com/2026/03/09/an-iphone-hacking-toolkit-used-by-russian-spies-likely-came-from-u-s-military-contractor/

The mystery of a globetrotting iPhone-hacking toolkit

Tools used in a series of hacking campaigns by hackers in Russia, Ukraine, and China may have originated inside U.S. government contractor L3Harris, TechCrunch has learned.

TechCrunch

Cirio Mar 6

Taggart Mar 6

Oh hey are you looking for a Vim alternative?

Helix has replaced Vim/Neovim for me almost entirely. I install it first-thing on new devices.

And the devs, far as I can tell, are not using AI, nor adding first-party support for it.

https://helix-editor.com

https://github.com/helix-editor/helix

Helix

A post-modern modal text editor.

Cirio Mar 4

Jérémy -Jeey-Mar 4

Et ben, fichtrement intéressant et gros travail de présentation de l'infrastructure de #YggTorrent ainsi que des modalités de son hack par Gr0lum, le leaker/pirate/hacker.
Un must-read pour tout adminsys.

https://yggleak.top/fr/home/ygg-dossier

YGGtorrent — Fin de partie — YGGLeak

Détournement de cartes bancaires et fingerprinting abusif de ses 6.6 millions d'utilisateurs, DDoS des concurrents, blanchiment de millions d'euros via des montages sophistiqués, fausses identités fabriquées à partir de CNI volées. Dans ce leak vous allez découvrir les coulisses du plus gros tracker torrent francophone.

Cirio Feb 21

Mullvad VPN Feb 21

God save the Mullvad ads. This one got banned too, by The City of London.

Cirio Feb 7

Hold on, there's something I don't get here.

How can this malware intercept and modify #android manifest update requests ? Aren't they protected by TLS ? Is the device hosting #DKnife already doing TLS interception ?

Knife Cutting the Edge: Disclosing a China-nexus gateway-monitoring AitM framework
https://blog.talosintelligence.com/knife-cutting-the-edge/

Knife Cutting the Edge: Disclosing a China-nexus gateway-monitoring AitM framework

Cisco Talos uncovered “DKnife,” a fully featured gateway-monitoring and adversary-in-the-middle (AitM) framework comprising seven Linux-based implants.

Cisco Talos Blog

Cirio Jan 27

Taggart Jan 26

RE: https://infosec.exchange/@mttaggart/113694884783855934

It's 2026 now. Boost if you're ready to destroy genAI entirely.

Cirio Jan 23

Microsoft Gave FBI Keys To Unlock Encrypted Data, Exposing Major Privacy Flaw
https://www.forbes.com/sites/thomasbrewster/2026/01/22/microsoft-gave-fbi-keys-to-unlock-bitlocker-encrypted-data/

And remember folks, if the #FBI can access your #bitlocker keys, so can chinese and russian #hackers who have made Microsoft their home

Microsoft Gave FBI Keys To Unlock Encrypted Data, Exposing Major Privacy Flaw

The tech giant said providing encryption keys was a standard response to a court order. But companies like Apple and Meta set up their systems so such a privacy violation isn’t possible.

Forbes

Cirio Jan 16

Damnit, what is it with threat actors and the folder C:\windows\public\music ?

I must have seen this folder used at least 10 times now !

UAT-8837 targets critical infrastructure sectors in North America https://blog.talosintelligence.com/uat-8837/

UAT-8837 targets critical infrastructure sectors in North America

Cisco Talos is closely tracking UAT-8837, a threat actor we assess with medium confidence is a China-nexus advanced persistent threat (APT) actor.

Cisco Talos Blog