Tootfinder

Plex tells customers to reset their passwords after suffering data breach that includes email addresses, usernames, and passwords (Lawrence Abrams/BleepingComputer)
https://www.bleepingcomputer.com/news/security/plex-tells-users-to-re…

Plex tells users to reset passwords after new data breach
Media streaming platform Plex is warning customers to reset passwords after suffering a data breach in which a hacker was able to steal customer authentication data from one of its databases.

Hervorragende Nachrichten für alle #Malware-Hersteller und böse #Hacker: wenn die #KI schreibenden Zugriff auf solche Dinge erhält, muss man nicht mehr die mittlerweile besser geschulten Menschen für einen erfolgreichen …

FBI seizes all domains for a BreachForums variant operated by ShinyHunters; the hacker group says their Salesforce extortion campaign is unaffected (Bill Toulas/BleepingComputer)
https://www.bleepingcomputer.com/news/security/f…

Während die #EUCommission unter #CDU-Führung versucht die Totalüberwachung unter dem Vorwand, Kinder vor sexuellen Angriffen zu schützen, für staatlichen Einsatz zu legalisieren fährt die #Totalüberwachung

https://www.bleepingcomputer.com/news/security/sandworm-hackers-use-data-wipers-to-disrupt-ukraines-grain-sector/
Sandworm hackers use data wipers to disrupt Ukraine's grain sector

Sandworm hackers use data wipers to disrupt Ukraine's grain sector
Russian state-backed hacker group Sandworm has deployed multiple data-wiping malware families in attacks targeting Ukraine's education, government, and the grain sector, the country's main revenue source.

Cyberangriff auf Nürnberg: Prorussische Hacker im Verdacht
Auf der Webseite der Stadt Nürnberg ging so gut wie gar nichts mehr. Jetzt ist mehr zu den Hintergründen bekannt.
https://www.

»OAuth-Token erbeutet – Hacker greifen massig Daten aus Salesforce-Instanzen ab:
Cyberkriminelle haben es erneut auf Salesforce-Kunden abgesehen. Wer die Salesloft-Drift-Integration verwendet, sollte dringend handeln.«
Schon länger geht das Gerücht um, dass OAuth des öfteren schwach implementiert ist von den IT-Konzernen, wie schon bei OAuth v1 das als unsicher gilt.
🔒

OAuth-Token erbeutet: Hacker greifen massig Daten aus Salesforce-Instanzen ab - Golem.de
Cyberkriminelle haben es erneut auf Salesforce-Kunden abgesehen. Wer die Salesloft-Drift-Integration verwendet, sollte dringend handeln.

Looks like a threat actor got massive and wide-scale access to UPenn systems.
The threat actor behind the attack contacted BleepingComputer, claiming the intrusion was far broader and that they had gained access to multiple university systems.
https://www.

Penn hacker claims to have stolen 1.2 million donor records in data breach
A hacker has taken responsibility for last week's University of Pennsylvania "We got hacked" email incident, saying it was a far more extensive breach that exposed data on 1.2 million donors and internal documents.

Noch einige der zuletzt hier besonders häufig geteilten #News:
Gesichtsdaten an Forscher weitergegeben? IT-Sicherheitsexperte verklagt das BKA

DDoS-Angriff auf das Vergabeportal des Bundes: Die prorussische Gruppe Noname057(16) legt tagelang öffentliche Ausschreibungen lahm. Ein Weckruf für die digitale Souveränität – wer kritische Infrastruktur so leicht trifft, trifft letztlich auch den Staat selbst. #Golem

Prorussische Hacker: Cyberangriff legt Vergabeportal tagelang lahm - Golem.de
Prorussische Hacker haben das Vergabeportal attackiert und damit den Zugang zu tausenden öffentlichen Ausschreibungen blockiert.

Zum Abend noch einige der heute besonders häufig geteilten #News:
Gesichtsdaten an Forscher weitergegeben? IT-Sicherheitsexperte verklagt das BKA

"We now save over $1.2M / yr and we expect this to grow, as we grow as a business."
"AWS to Bare Metal Two Years Later: Answering Your Toughest Questions About Leaving AWS "
https://oneuptime.com/blog/post/2025-10-29-aws-to-bare-metal-tw…

AWS to Bare Metal Two Years Later: Answering Your Toughest Questions About Leaving AWS
https://oneuptime.com/blog/post/2025-10-29-aws-to-bare-metal-two-years-later/view

AWS to Bare Metal Two Years Later: Answering Your Toughest Questions About Leaving AWS
Two years after our AWS-to-bare-metal migration, we revisit the numbers, share what changed, and address the biggest questions from Hacker News and Reddit.

NSFW. Literally!
https://www.pcmag.com/news/anthropic-warns-of-hacker-weaponizing-claude-ai-like-never-before

My reaction to Midnight Commander being on hacker news:

While this is completely anecdotal, I always imagined that this is what being a billionaire or CEO is like. Everyone kisses your ass, tells you that you're brilliant, are afraid to critique or correct you.. and you basically lose touch with reality. You start thinking you are some kind of superior person when in reality you're a dumbass just like the rest of us - you just happen to have more money/power.

This is very exciting news 👀
@… https://social.lansky.name/@hn100/115375453553361259

Zum Abend noch einige der heute besonders häufig geteilten #News:
Biometrische Tests mit Polizei-Echtdaten: IT-Sicherheitsexperte verklagt das BKA

UK sentences “serial hacker” of 3,000 sites to 20 months in prison
https://www.bleepingcomputer.com/news/legal/uk-sentences-serial-hacker-of-3-000-sites-to-20-months-in-prison/

UK sentences “serial hacker” of 3,000 sites to 20 months in prison
A 26-year old in the UK who claimed to have hacked thousands of websites was sentenced to 20 months in prison after pleading guilty earlier this year.

Chinese hackers scanning, exploiting Cisco ASA firewalls used by governments worldwide https://therecord.media/chinese-hackers-scan-exploit-firewalls-government

For the things that make you go hmmm department [1]
[1] see items (4) and (5)

Biometrische Tests mit Polizei-Echtdaten: IT-Sicherheitsexperte verklagt das BKA
Ein vom CCC unterstützter Hacker hat Klage gegen das BKA erhoben. Er moniert, die Behörde habe Gesichtsbilder von ihm für biometrische Tests verarbeitet.

Länder verhandelten - Gastpatienten-Gipfel: Einigung scheint in Sicht #News #Nachrichten

So apparently the lesson is that unless you are a charity that can raise a massive backlash on Hacker News then you should expect the $230bn company that is Salesforce to utterly fuck you over if you use Slack. But luckily these folks WERE one of those unicorns, so they are just going to go with it.
"Slack is extorting us with a $195k/yr bill increase "
h…

There is never a shortage of critical cybersecurity news, so don't miss today's Metacurity for the most important developments you should know, including
--With cyber grants dead in Congress, states scramble to build their own defenses,
--Cl0p is extorting executives and tech departments for up to $50m,
--Nursery chain hackers remove repugnant posts,
--UK government takes another bite at an Apple backdoor,
--Oz judge continues to protect Qantas lawyers fr…

With cyber grants dead in Congress, states scramble to build their own defenses
Cl0p is extorting executives and tech departments for up to $50m, Nursery chain hackers remove repugnant posts, UK government takes another bite at an Apple backdoor, Oz judge continues to protect Qantas lawyers from hacker retribution, Allianz says attack affected 1.5m customers, much more

Now ain't that glorious?
https://social.lansky.name/@hn100/115234131907098567

Abermals neuer NTFS-Treiber für Linux vorgestellt
Ein erfahrener Kernel-Hacker hat den Dateisystem-Treiber "ntfsplus" vorgestellt, der Schwächen bisheriger Lösungen vermeidet, aber keinen Freifahrtschein hat.
h…

Hackers expose identities of 17 Israeli military scientists
https://en.mehrnews.com/news/237838/Hackers-expose-identities-of-17-Israeli-military-scientists

Hackers expose identities of 17 Israeli military scientists
TEHRAN, Oct. 19 (MNA) – The hacker group known as “Handala” has, for the first time, released the identities and personal details of 17 senior Israeli military scientists

The lameassedness of A.I. marketing; it's not just the people on Hacker News who only know the waitlist as a marketing tactic -- it's Microsoft too
#microsoft #marketing #ai

Recovering screen pixels of another app in Android using a timimg side-channel attack. Crazy! https://social.lansky.name/@hn100/115377419606967864

Metacurity is pleased to offer our free and premium subscribers a weekly digest of the best long-form (and longish) infosec-related pieces we couldn't properly fit into our daily news crush.
This week's selection covers
--The time is now to end cybersecurity with AI,
--Prosecutors say PowerSchool hacker was skilled,
--People with facial differences struggle with digital identity systems,
--Autistic teens can't grasp ramifications of digital crimes, …

Best infosec-related long reads for the week of 10/11/25
The time is now to end cybersecurity with AI, Prosecutors say PowerSchool hacker was skilled, People with facial differences struggle with digital identity systems, Autistic teens can't grasp ramifications of digital crimes, Online predator groups can kill teens, Crypto ATMs rip off scam victims

"Noah Urban’s role in the notorious Scattered Spider gang was talking people into unwittingly giving criminals access to sensitive computer systems."
‘I Was a Weird Kid’: Jailhouse Confessions of a Teen Hacker
https://www.blo…