Catalin Cimpanu

@campuscodi
18.6K Followers
435 Following
140 Posts

Cybersecurity reporter for Risky Business

#infosec #cybersecurity #security

Newsletter:https://risky.biz/newsletters/
Podcast:https://risky.biz/podcasts/
Catalin Cimpanu11h ago
Taggart 15h ago

RE: https://infosec.exchange/@ifin/116540679223847150

If anyone has more information on this, DMs are open.

Catalin Cimpanu20h ago
Hacker News20h ago
Tesla is recalling its cheaper Cybertruck because the wheels might fall off
L: https://www.theverge.com/transportation/926741/tesla-cybertruck-cheaper-recall
C: https://news.ycombinator.com/item?id=48063240
posted on 2026.05.08 at 09:58:32 (c=2, p=5)
Tesla is recalling its cheaper Cybertruck because the wheels might fall off

All 173 of the RWD Cybertrucks sold by Tesla are being recalled.

The Verge
Catalin Cimpanu20h ago
Show threadmc.fly20h ago

and we have another one. This one with CVE.

#dirtyfrag #CVE-2026-43500

Catalin Cimpanu23h ago
Catalin Cimpanu1d ago

-Google patches Android remote takeover bug
-Palo Alto Networks patches firewall zero-day
-Ivanti also patches one
-Leak exposes Russia's spy and hacker school
-US includes offensive cyber in counterterrorism strategy
-US hasn't forgotten about CISA 2015
-EU working to exclude US firms from EU clouds
-Five water treatment stations hacked in Poland
-Pegasus investigation reopened in Barcelona

Podcast: https://risky.biz/RBNEWS561/
Newsletter: https://news.risky.biz/risky-bulletin-google-patches-android-remote-takeover-bug/

Catalin Cimpanu23h ago
Show threadCatalin Cimpanu1d ago
-AI company Braintrust discloses hack
-DAEMON Tools releases clean versions
-Chrome 148 is out
-ProtonMail adds PQC support
-German domains go down in massive outage
-GothFerrari sentenced to prison
-Two more DPRK laptop farmers sentenced to prison
-Swatter arrested in Hungary
-Malicious NuGet packages
-New PCPJack attacks
-New CallPhantom campaign
-New TCLBANKER malware
-New Contagious Interview tactics
Catalin Cimpanu1d ago
Glyn Moody2d ago
World’s most powerful are suing media outlets before stories are even published, says editor - https://www.theguardian.com/media/2026/may/06/worlds-most-powerful-are-suing-media-outlets-before-stories-are-even-published-says-editor "Editor-in-chief of Wall Street Journal says those with deep pockets are launching legal challenges as a PR strategy" #journalism
World’s most powerful are suing media outlets before stories are even published, says editor

Editor-in-chief of Wall Street Journal says those with deep pockets are launching legal challenges as a PR strategy

The Guardian
Catalin Cimpanu1d ago
BrianKrebs1d ago

New, from me: Canvas Breach Disrupts Schools and Colleges Nationwide

"An ongoing data extortion attack targeting the widely-used education technology platform Canvas disrupted classes and coursework at school districts and universities across the United States today, after a cybercrime group defaced the service’s login page with a ransom demand that threatened to leak data from 275 million students and faculty across nearly 9,000 educational institutions."

"Canvas parent firm Instructure responded to today's defacement attacks by disabling the platform, which is used by thousands of schools, universities and businesses to manage coursework and assignments, and to communicate with students."

Lots more here:

https://krebsonsecurity.com/2026/05/canvas-breach-disrupts-schools-colleges-nationwide/

#canvas #breach #shinyhunters #instructure

Catalin Cimpanu1d ago
IFIN - The Independent Federated Intelligence Network2d ago

It would appear that the DDoS attack affecting #Ubuntu is finally over, with statements from both Canonical and the claimed attackers. While the attackers threaten Cloudflare next, they continue to use their services to protect their booter service. Meanwhile, Canonical has not put anything but security and archive repos behind Cloudflare protection. It's unknown what other measures are in place for other resources.

https://discourse.ifin.network/t/ubuntu-services-under-attack/356

#ThreatIntel #ThreatIntelligence #IFIN

Ubuntu services under attack

Last Updated: 2026-05-04T17:46:49Z (UTC) Status page notes security and archive are down again. https://status.canonical.com Canonical now has an official forum thread for this incident: Impacted: security.ubuntu.com jaas.ai archive.ubuntu.com canonical.com maas.io blog.ubuntu.com developer.ubuntu.com Ubuntu Security API-CVEs Ubuntu Security API-Notices academy.canonical.com ubuntu.com portal.canonical.com assets.ubuntu.com launchpad.net livepatch.canonical.com Cause Unconfirmed, but...

IFIN
Catalin Cimpanu1d ago
Will Dormann1d ago

The 3 recent Linux LPEs are sort of interesting in that each one took a different path from discovery to disclosure.

  • Copy Fail: Publicity stunt where they claim to have done the right thing, yet didn't bother to tell a single distro vendor, and lied about updates being available.
  • Dirty Frag: Attempted to do proper coordination, including notifying the linux-distros mailing list. But the embargo was broken, so it was disclosed unexpectedly ahead of time.
  • Copy Fail 2: Discovered as an n-day by looking at kernel commit logs and Spender noticing that it was copyfail-class

    • Each path had basically exactly the same outcome (No fixes at publication time). 😂

    Show threadCatalin Cimpanu1d ago
    -Most MD5 hashes can be cracked under an hour
    -OceanLotus returns on PyPI
    -BO Team leaks malware source
    -MuddyWater deploys Chaos ransomware
    -US aligns with Russia on Canadian info-op
    -Edge stores passwords in cleartext
    -New SFMC vulnerabilities
    -Cisco buys Astrix
    -Bunch of new tools