MetacurityDon't sleep on The Stack - it has a solid cybersecurity reporting game lately.
The Big Interview: NATO cybersecurity chief Mario Beccia
https://www.thestack.technology/the-big-interview-nato-cybersecurity-chief-mario-beccia/
Jessica Beffa
@jessicabeffa@infosec.exchange
- 68 Followers
- 141 Following
- 148 Posts
Dog, cat and kid mom. Head of NA Public Relations @ESET @ESETresearch ♥ cybersecurity, hiking, traveling and swimming with turtles.
Lorenzo Franceschi-BicchieraiNEW: Peter Williams, the former head of Western zero-day and spyware maker Trenchant, pleaded guilty to selling eight exploits to a Russian broker that resells to the Russian government.
The DOJ said Williams was promised millions of dollars in exchange for "national-security focused software."
Former L3Harris Trenchant boss pleads guilty to selling zero-day exploits to Russian broker | TechCrunch
Prosecutors confirmed Peter Williams, the former Trenchant boss, sold eight exploits to a Russian buyer. TechCrunch exclusively reported that the Trenchant division was investigating a leak of its hacking tools, after another employee was accused of involvement.
Christoffer S.Lazarus (North Korea) is targeting the UAV-sector
Absolutely excellent research coming out of ESET today (2025-10-23): https://www.welivesecurity.com/en/eset-research/gotta-fly-lazarus-targets-uav-sector/
Also very timely given the state of the world. It's a long one, and they have also provided an abundance of IoC:s in their github repo:
https://github.com/eset/malware-ioc/tree/master/nukesped_lazarus
Dan Kennedy 
I may be in the minority on this one, but I want to hear your bio during a talk. To be sure, it's nice when they are short and sweet and devoid of meaningless accolades ("I was awarded CISO of the century in the 1900s by a print magazine, founded a made up not-for-profit that lasted five minutes, and wrote slam poetry and press releases as a teen member of a hacking group"), but I want to hear it.
I sit thru the equivalent of three or four security talks per day as an analyst. About the only thing really unique to you as a speaker I'm listening to, is your story (and sometimes hopefully your research or solution). There are a lot of voices competing for attention in infosec, and establishing credibility via experience out of the gate makes a difference.
Zack WhittakerScoop, by @lorenzofb: A federal contract shows ICE spent $825,000 on vans equipped with fake cellphone towers known as cell-site simulators, which can be used to spy on nearby phones.
The Maryland-based company that integrates the cell-site simulators into their vans is called TechOps Specialty Vehicles.
Steve HermanSaul Zabar has died at the age of 97. Anyone who has spent time on the Upper West Side of NYC will recognize the name and think of smoked fish. https://www.nytimes.com/2025/10/07/dining/saul-zabar-dead.html?unlocked_article_code=1.rk8.4cCc.NdZCZxj3EfHa&smid=nytcore-ios-share&referringSource=articleShare
Cavedale RhônesAfter playing in the grass the puppies are tired and they head to their favorite corner for a nap. #DogsofMastodon.
ESET Research#ESETResearch has identified two campaigns targeting Android users in the 🇦🇪. The campaigns, which are still ongoing, distribute previously undocumented spyware impersonating #Signal and #ToTok via deceptive websites. https://www.welivesecurity.com/en/eset-research/new-spyware-campaigns-target-privacy-conscious-android-users-uae/
The first campaign deployed Android #ProSpy camouflaged as upgrades or plugins for Signal and ToTok apps, named Signal Encryption Plugin or ToTok Pro.
Android #ToSpy, the spyware used in the other campaign, masquerades solely as the ToTok app. It is distributed through phishing websites impersonating app distribution platforms, such as the Samsung Galaxy Store.
After compromising their targets, both ProSpy and ToSpy exfiltrate data in the background, including documents, media, files, and contacts. ToSpy in particular also targets .ttkmbackup files, suggesting a focus on chat history and app data.
Despite similar objectives and techniques, ESET tracks the two campaigns separately due to differences in infrastructure and delivery. Users should avoid downloading apps or plugins from unofficial sources, especially those claiming to enhance trusted services.
IoCs available in our GitHub repo: https://github.com/eset/malware-ioc/tree/master/prospytospy
The first campaign deployed Android #ProSpy camouflaged as upgrades or plugins for Signal and ToTok apps, named Signal Encryption Plugin or ToTok Pro.
Android #ToSpy, the spyware used in the other campaign, masquerades solely as the ToTok app. It is distributed through phishing websites impersonating app distribution platforms, such as the Samsung Galaxy Store.
After compromising their targets, both ProSpy and ToSpy exfiltrate data in the background, including documents, media, files, and contacts. ToSpy in particular also targets .ttkmbackup files, suggesting a focus on chat history and app data.
Despite similar objectives and techniques, ESET tracks the two campaigns separately due to differences in infrastructure and delivery. Users should avoid downloading apps or plugins from unofficial sources, especially those claiming to enhance trusted services.
IoCs available in our GitHub repo: https://github.com/eset/malware-ioc/tree/master/prospytospy
Mark Holtom (aka Kingbeard)This has got to be one of the best. In Wales, UK, there is a legal requirement for road signs to be in both English and Welsh. So, in this case, the official of the Highways department emailed the English wording to the translator and, after receiving a reply, proceeded to have the sign made and installed.
Unfortunately, a few weeks later, Welsh-speaking drivers began to call up to point out that the Welsh reads..... "I am currently out of the office. Please submit any work to the translation team."
A DHS Data Hub Exposed Sensitive Intel to Thousands of Unauthorized Users
https://www.wired.com/story/a-dhs-data-hub-exposed-sensitive-intel-to-thousands-of-unauthorized-users/
https://www.wired.com/story/a-dhs-data-hub-exposed-sensitive-intel-to-thousands-of-unauthorized-users/
