This is corporate media today:
•CBS: fires Colbert for mocking Trump
•ABC: fires Terry Moran for slamming Stephen Miller as “world class hater”
•MSNBC: fires Matt Dowd for saying “hateful thoughts lead to hateful words leads to hateful actions”
•FOX: stands by Brian Kilmeade as he calls for Nazi style state murder of America’s 600,000 homeless people

Corporate media has wholly abdicated its duty to the American people. All to appease Trump. This is what state media looks like.

What a disgrace.

For privacy researchers, this thread is interesting. iOS allow apps to make network requests after push notifications.

Instagram (and others) appear to be using this to profile devices, eg retrieve device uptime without their customer opening Instagram.

This one probably needs more eyes on it. https://mastodon.social/@mysk/115204746326765802

It's been a bit light on news over the last 24 hours, but we've still got some critical updates on active exploits, supply chain attacks, and evolving threat actor tradecraft. Let's dive in:

Popular npm Linter Packages Hijacked via Phishing ⚠️
- Two widely used JavaScript libraries, eslint-config-prettier and eslint-plugin-prettier, were compromised in a supply chain attack after their maintainer fell victim to a targeted phishing campaign.
- The attackers used stolen npm credentials to publish malicious versions (eslint-config-prettier: 8.10.1, 9.1.1, 10.1.6, 10.1.7; eslint-plugin-prettier: 4.2.2, 4.2.3) containing a DLL that executes as a trojan via `rundll32` on Windows machines.
- Developers should immediately verify `package-lock.json` or `yarn.lock` files, check CI logs for signs of compromise, and consider rotating secrets if builds were deployed after July 18th.

🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/popular-npm-linter-packages-hijacked-via-phishing-to-drop-malware/

PoisonSeed Phishing Bypasses FIDO2 MFA 🔒
- The PoisonSeed phishing campaign is now abusing WebAuthn's legitimate cross-device sign-in feature to bypass FIDO2 security key protections.
- Attackers use an Adversary-in-the-Middle (AiTM) setup to display a QR code from the legitimate login portal on their phishing page, tricking users into approving the attacker's login attempt via their smartphone or authentication app.
- To mitigate, organisations should limit geographic login locations, routinely check for unknown FIDO key registrations, and consider enforcing Bluetooth-based authentication for cross-device sign-ins.

🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/threat-actors-downgrade-fido2-mfa-auth-in-poisonseed-phishing-attack/

CrushFTP Zero-Day Under Active Exploitation 🛡️
- CrushFTP is warning customers about active exploitation of a zero-day vulnerability, CVE-2025-54309, which grants administrative access via the web interface.
- The flaw affects versions prior to CrushFTP v10.8.5 and v11.3.4_23, with exploitation detected since July 18th, potentially earlier, by threat actors who reverse-engineered a prior fix.
- Indicators of compromise include unexpected entries in `MainUsers/default/user.XML` and new, unrecognised admin-level usernames. Admins should restore user configs from pre-July 16th backups, review logs, and consider IP whitelisting or DMZ instances.

🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/crushftp-zero-day-exploited-to-gain-admin-access-on-servers/

Social Engineering: The New Zero-Day? 🧠
- Ariel Parnes, former IDF cyber chief, suggests that social engineering, not zero-days, is becoming the primary concern for cyber defenders, as demonstrated by groups like Scattered Spider and Iranian APTs.
- Generative AI significantly enhances social engineering capabilities by automating reconnaissance and enabling the creation of highly convincing phishing emails, fake documents, and spoofed websites at scale.
- This shift means attackers don't need advanced cyber weapons; they just need to understand target organisations, people, language, and culture, making the threat more scalable and effective.

🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/07/19/idf_cyber_chief_iran/

#CyberSecurity #ThreatIntelligence #Vulnerability #ZeroDay #Phishing #MFA #SupplyChainAttack #Malware #SocialEngineering #AI #InfoSec #CyberAttack #IncidentResponse