Mastodawn

Really good research from Rapid7 here, where they’ve found multiple new versions of BPFdoor which do things like listen and backdoor on extremely uncommon 4G and 5G signaling protocols - it strongly suggests BPFDoor has been placed far inside telcos for surveillance.

They provide a tool to check for the new implant - I would strongly suggest telcos look for this on their Linux systems, including call infrastructure.

https://www.rapid7.com/blog/post/tr-bpfdoor-telecom-networks-sleeper-cells-threat-research-report/

BPFdoor in Telecom Networks: Sleeper Cells in the backbone

A months-long investigation by Rapid7 Labs has uncovered evidence of an advanced China-nexus threat actor placing stealthy digital sleeper cells in telecommunications networks, in order to carry out high-level espionage – including against government networks. Read more in a new blog.

Rapid7

bash0ra Mar 1

@GossiTheDog how do you like it? I kinda find it good considering the age and Speed Match for elderly Gamers like me 45+

bash0ra Nov 21

Stefan Bohacek Nov 20

EDIT: The Malwarebytes article has been updated:

"After taking a closer look at Google’s documentation and reviewing other reporting, that doesn’t appear to be the case."

This confusion could've been easily avoided if Google was more clear in how they communicate with their users.

ORIGINAL:

PSA to anyone who uses Gmail!

"Reportedly, Google has recently started automatically opting users in to allow Gmail to access all private messages and attachments for training its AI models. This means your emails could be analyzed to improve Google’s AI assistants, like Smart Compose or AI-generated replies. Unless you decide to take action."

https://www.malwarebytes.com/blog/news/2025/11/gmail-is-reading-your-emails-and-attachments-to-train-its-ai-unless-you-turn-it-off

#gmail #AI

[Correction] Gmail can read your emails and attachments to power "smart features"

Did you know that Gmail can use your emails and attachments for its smart features? Here's how to check your settings.

Malwarebytes

bash0ra Oct 29

cR0w

Oct 29

Watching companies like Microsoft and AWS continue to fuck up at massive scale and orgs are just like "what can you do?" and keep shoveling money to them is very exhausting.

bash0ra Sep 27, 2025

nixCraft 🐧Sep 27, 2025

Ditch DocuSign! Use DocuSeal. It is a free, open source secure, and efficient tool to handle all your documents. Simply create PDF forms that anyone can fill and sign online using easy, mobile optimized tool and much more. Give it a try https://github.com/docusealco/docuseal

GitHub - docusealco/docuseal: Open source DocuSign alternative. Create, fill, and sign digital documents ✍️

Open source DocuSign alternative. Create, fill, and sign digital documents ✍️ - docusealco/docuseal

GitHub

bash0ra Sep 18, 2025

Dan Goodin Sep 17, 2025

Ugh, the world's leading password manager is integrating itself into the world's most questionable browser, becoming the latest to jump on the AI hype train. Et tu, 1Password?

bash0ra Aug 30, 2025

stux⚡️Aug 29, 2025

When your code works but no idea how

bash0ra Aug 18, 2025

raptor

Aug 18, 2025

#Certify 2.0 by @SpecterOps

https://specterops.io/blog/2025/08/11/certify-2-0/

Certify 2.0 - SpecterOps

Certify 2.0 features a suite of new capabilities and usability enhancements. This blogpost introduces changes and features additions.

SpecterOps

bash0ra Aug 15, 2025

Show thread

Kevin Beaumont Aug 15, 2025

Colt are being extorted by Warlock ransomware group, they have been for over a week, Colt are trying to cover it up.

Entry likely via sharehelp.colt.net via CVE-2025-53770 as they were interacting with it.

They've stolen a few hundred gig of customer data and documentation and posted a file list on a forum.

bash0ra Jul 27, 2025

/r/netsec Jul 24, 2025

SharePoint ToolShell – One Request PreAuth RCE Chain https://blog.viettelcybersecurity.com/sharepoint-toolshell/