Looks like Twitter finally took down the NoName057 account after yesterday's indictment

X (formerly Twitter)

Safety (@Safety) on X

X has zero tolerance for users abusing our platform to facilitate criminal conduct. Pursuant to that policy, X has cooperated with the U.S. Feder...

SOAPwn -- new bugs that can lead to RCE in .NET apps Vulnerable applications include the Umbraco CMS, Barracuda's Service Center, the Ivanti Endpoint Manager, and more Microsoft did not fix them

watchTowr Labs

SOAPwn: Pwning .NET Framework Applications Through HTTP Client Proxies And WSDL

Welcome back! As we near the end of 2025, we are, of course, waiting for the next round of SSLVPN exploitation to occur in January (as it did in 20...

Dutch prosecutors are seeking an eight-month prison sentence for a man who launched DDoS attacks against the country's 112 emergency line. The suspect allegedly tried to frame some business partners for the attack

Zakelijk conflict leidt tot DDoS-aanval 112-centrale: celstraf geëist

Het Landelijk Parket (LP) van het Openbaar Ministerie (OM) heeft woensdag een onvoorwaardelijke gevangenisstraf van acht maanden en een geldboete g...

There's this image on social media about how most of the Red Bull team that helped Verstappen win his titles are now gone... but few people posting this remember this drama started from the Verstappens. This is the definition of shooting yourself in the nuts. You should have 0 sympathy for him

The Paxful cryptocurrency exchange has pleaded guilty to laundering crypto-assets linked to scams, fraud, and extortions Will pay a $4mil fine only

Virtual Asset Trading Platform Pleads Guilty to Violating the Travel Act and Other Federal Criminal Charges

Paxful Holdings Inc., an online virtual currency trading platform, agreed to plead guilty yesterday to a three-count information filed in the Easte...

This constant stream of malicious VSCode extensions won't end anytime soon.... This batch hid its payload, a Rust-based trojan, as PNG files inside the dependencies folder

ReversingLabs

VS Code extensions contain trojan-laden fake image | ReversingLabs

RL researchers have identified 19 malicious extensions on the VS Code Marketplace — the majority containing a malicious file posing as a PNG.

A popular reverse proxy and ingress controller shipped misconfigured versions for the past five months. The Traefik setting that enabled TLS verification was actually disabling it across the board.

AISLE

CVE-2025-66491: Traefik's "Verify=On" Turned TLS Off

Learn how CVE-2025-66491 exposed a critical TLS verification flaw in Traefik, where "Verify=On" accidentally disabled security for 5 months.

Pffff... the Coupang insider, who allegedly stole the company's data, was apparently a cybersecurity employee

Alleged Coupang data leaker had only worked at company for two years, say police

The former Coupang employee accused of leaking 33.7 million customer data had worked at the company for just two years, according to police on Thur...

Security firm Flare has scanned the Docker Hub portal and found secrets and tokens, including for production systems, in more than 10,000 images

Flare | Threat Exposure Management | Unmatched Visibility into Cybercrime

Thousands of Exposed Secrets Found on Docker Hub - Flare

In a month, we found Docker Hub images that contained leaked secrets (including live credentials to production systems) from over 100 companies.

The Justice Department charged a former product manager at Accenture Federal Services with falsely misleading government customers about the security posture of a cloud product offered by the company.

Nextgov.com

US charges former Accenture employee with misleading feds on cloud platform’s security

Danielle Hillmer, most recently employed with SentinelOne, allegedly concealed a cloud product’s noncompliance with federal security regulations.