The BirdThe server mastodon.arell.ai is copying the account details of people, and then posting AI nonsense as them.
It likely scrapes the profile information to make the account. So a server block is likely needed.
FC
@fatalisticcritic@ioc.exchange
- 28 Followers
- 308 Following
- 2.2K Posts
Mostly re-hashing. Yeah and fuck Orban, Putin, Trump and that Isräraely guy
Kevin BeaumontWake up bae, new attack surface just dropped. Works outside UNC paths too, and MS don’t appear to own the domain 🤣
https://chaos.social/@karotte/114875319621020657
https://chaos.social/@karotte/114875319621020657
Lukas (@karotte@chaos.social)
Mildly cursed factoid about UNC paths: - UNC Paths can contain IP addresses such as \\192.168.1.1\share - IPv6 addresses are supported as well - IPv6 addresses contain colons - can't have colons in Windows paths since colons are reserved for drive letters So Microsoft came up with the the ipv6-literal.net domain that's special-cased by Windows so you can to write IPv6 addresses in UNC paths as 2a0e-3c0--21.ipv6-literal.net without it hitting any resolvers.
Paris MarxSilicon Valley’s alliance with Donald Trump was a mask off moment and showed the world we can’t depend on US tech companies.
For the past few months, I’ve been trying to get off US tech and I put together a guide so you find alternatives too. I hope you find it helpful!
Lost body 
🐼In a historic gathering, 12 countries announce #Israel sanctions and renewed legal action to end Gaza #genocide
30 countries announce Israel sanctions and renewed legal action to end Gaza genocide
Meeting in Bogotá, Colombia, representatives from over 30 states, including China, Brazil, Spain, Mexico, Turkey, and Qatar, announced sanctions against Israel to cut the flow of weapons facilitating genocide and war crimes in Gaza.
cyb_detectiveRead more about using IP search engines in Awesome IP Search Engines Github repository https://github.com/cipher387/awesome-ip-search-engines and Netlas Cookbook https://github.com/netlas-io/netlas-cookbook
Daryl
ANY.RUN🚨 #DeerStealer Delivered via Obfuscated .LNK and #LOLBin Abuse.
A new phishing campaign delivers #malware through a fake PDF shortcut (Report.lnk) that leverages mshta.exe for script execution, which is a known LOLBin technique (MITRE T1218.005).
⚠️ The attack begins with an .lnk file that covertly invokes mshta.exe to drop scripts for the next stages. The execution command is heavily obfuscated using wildcard paths.
🔗 Execution chain:
.lnk ➡️ mshta.exe ➡️ cmd.exe ➡️ PowerShell ➡️ DeerStealer
To evade signature-based detection, #PowerShell dynamically resolves the full path to mshta.exe in the System32 directory. It is launched with flags, followed by obfuscated Base64 strings. Both logging and profiling are disabled to reduce forensic visibility during execution.
🚀 #ANYRUN’s Script Tracer reveals the full chain, including wildcard LOLBin execution, encoded payloads, and network exfiltration, without requiring manual deobfuscation.
Characters are decoded in pairs, converted from hex to ASCII, reassembled into a script, and executed via IEX. This ensures the #malicious logic stays hidden until runtime.
👾 The script dynamically resolves URLs and binary content from obfuscated arrays, downloads a fake PDF to distract the user, writes the main executable into AppData, and silently runs it. The PDF is opened in Adobe Acrobat to distract the user.
👨💻 See analysis session:
https://app.any.run/tasks/02dd6096-b621-49a0-a7ef-4758cc957c0f?utm_source=mastodon&utm_medium=post&utm_campaign=deerstealer_lolbin&utm_content=linktoti&utm_term=170725
🔍 Use these TI Lookup search requests to find similar threats to enrich your company's detection systems:
🔹 https://intelligence.any.run/analysis/lookup?utm_source=mastodon&utm_medium=post&utm_campaign=deerstealer_lolbin&utm_content=linktoti&utm_term=170725#%7B%2522query%2522:%2522threatName:%255C%2522susp-lnk%255C%2522%2522,%2522dateRange%2522:180%7D%20
🔹 https://intelligence.any.run/analysis/lookup?utm_source=mastodon&utm_medium=post&utm_campaign=deerstealer_lolbin&utm_content=linktoti&utm_term=170725#%7B%2522query%2522:%2522commandLine:%255C%2522%7C%2520IEX%255C%2522%2522,%2522dateRange%2522:180%7D
🔹 https://intelligence.any.run/analysis/lookup?utm_source=mastodon&utm_medium=post&utm_campaign=deerstealer_lolbin&utm_content=linktoti&utm_term=170725#%7B%2522query%2522:%2522commandLine:%255C%2522powershell*%2520-E%2520%255C%2522%2522,%2522dateRange%2522:180%7D%20
#IOC:
https[:]//tripplefury[.]com/
fd5a2f9eed065c5767d5323b8dd928ef8724ea2edeba3e4c83e211edf9ff0160
8f49254064d534459b7ec60bf4e21f75284fbabfaea511268c478e15f1ed0db9
⚡️ With real-time and deep visibility into script execution, process details, and network behavior, #ANYRUN simplifies dynamic analysis of evasive threats like DeerStealer.
Wiz 
🚨 NEW RESEARCH: #NVIDIAscape AI vulnerability uncovered!
Wiz Research discovered a critical vulnerability (CVE-2025-23266) in the NVIDIA Container Toolkit, the glue connecting containers to GPUs across major cloud providers.
🧱 With just three lines of code, attackers can escape containers and gain full root access to the host. That's your models, data, and GPU workloads — exposed.
NVIDIA rated it 9.0. We think it's a sign: AI infra needs stronger walls.
🛠️ Full technical breakdown + mitigation steps in our latest blog:
👉 https://www.wiz.io/blog/nvidia-ai-vulnerability-cve-2025-23266-nvidiascape
Cisco TalosCisco Talos has uncovered a Malware-as-a-Service operation that leverages fake GitHub accounts and public repositories to deliver a wide range of malicious payloads: https://blog.talosintelligence.com/maas-operation-using-emmenhtal-and-amadey-linked-to-threats-against-ukrainian-entities
Vissthis is because everywhere has gone "DX" - or "optimizing for the developer experience above all else, at the cost of everyone else. "
make things as easy as possible for the devs/devops, we dont care how bad the security becomes, how many layers of abstraction get installed, how many dozen new js frameworks appear this afternoon, how public the data is, how bad the architecture is - burn the building down
just make sure the devs are comfy
MiniMia 🏴 🇵🇸
Simon Johnson
Gerardo Lisboa
Sibrosan
Rhinos Worry Me
xs4me2
lhotejc