Joseph CoxHere is a video demonstrating how truly awful the encryption implementation is in TeleGuard, a 'secure' messaging app with more than 1 million downloads. App uploads users private keys to company server; this shows the company is able to decrypt messages. Details: https://www.404media.co/a-secure-chat-apps-encryption-is-so-bad-it-is-meaningless/
Cirio
- 37 Followers
- 140 Following
- 508 Posts
An avid listener and reader, an infrequent speaker. I am mostly interested in technical infosec content, and I love to learn how things work.
buherator@cynicalsecurity TBH I first learned about SSH certs from Facebook of all things:
https://engineering.fb.com/2016/09/12/security/scalable-and-secure-access-with-ssh/
@jpmens
https://engineering.fb.com/2016/09/12/security/scalable-and-secure-access-with-ssh/
@jpmens
Kevin BeaumontSo @xaitax has cracked Microsoft Recall, he's got access to the encrypted database and has automated dumping of screenshots and all text from screenshots.
I've looked at most recent Recall and yep, you can just read the database as a user process. The database also contains all manner of fields which aren't publicly disclosed for tracking the user's activity.
No AV or EDR alerts triggered, world's #1 in infostealer 😅
* you can just read it in plain text
Merill Fernando 
Microsoft Authenticator is about to wipe work accounts from jailbroken/rooted phones automatically 👏.
No IT config needed. 🔥
3-phase rollout starting Feb 2026:
⚠️ Warn → 🚫 Block → 🗑️ Wipe
Let your help desk and security teams know.
Kevin RothrockA mass hacking campaign targeting iPhone users in Ukraine & China used tools that were likely designed by U.S. military contractor L3Harris. Intended for Western spies, the tools "wound up in the hands of various hacking groups, including Russian govt spooks & Chinese cybercriminals." https://techcrunch.com/2026/03/09/an-iphone-hacking-toolkit-used-by-russian-spies-likely-came-from-u-s-military-contractor/
TaggartOh hey are you looking for a Vim alternative?
Helix has replaced Vim/Neovim for me almost entirely. I install it first-thing on new devices.
And the devs, far as I can tell, are not using AI, nor adding first-party support for it.
Jérémy -Jeey-Et ben, fichtrement intéressant et gros travail de présentation de l'infrastructure de #YggTorrent ainsi que des modalités de son hack par Gr0lum, le leaker/pirate/hacker.
Un must-read pour tout adminsys.
YGGtorrent — Fin de partie — YGGLeak
Détournement de cartes bancaires et fingerprinting abusif de ses 6.6 millions d'utilisateurs, DDoS des concurrents, blanchiment de millions d'euros via des montages sophistiqués, fausses identités fabriquées à partir de CNI volées. Dans ce leak vous allez découvrir les coulisses du plus gros tracker torrent francophone.
Mullvad VPN
Hold on, there's something I don't get here.
How can this malware intercept and modify #android manifest update requests ? Aren't they protected by TLS ? Is the device hosting #DKnife already doing TLS interception ?
Knife Cutting the Edge: Disclosing a China-nexus gateway-monitoring AitM framework
https://blog.talosintelligence.com/knife-cutting-the-edge/
RE: https://infosec.exchange/@mttaggart/113694884783855934
It's 2026 now. Boost if you're ready to destroy genAI entirely.