Tootfinder

Someday I'll have the time and energy to try shit like this myself.
"This is how I turned an old Kindle (Kindle Touch 4th Generation/K5/KT) into a live bus feed that refreshes every minute with the option to exit out of dashboard mode by pressing the menu button. It’s basically TRMNL without the $140 price tag."
#TRMNL #Kindle #Hacking

uploaded a first repo to codeberg, since i have been hacking on it and it's one of the ones i mirror to github
https://codeberg.org/fanf/nsnotifyd
it's so fast compared to microsoft github!

nsnotifyd
scripted DNS NOTIFY handler

Hacking on Indiekit to customize my blog https://rmendes.net/articles/2026/02/18/hacking-on-indiekit-to-customize

Hacking on Indiekit to customize my blog
Hacking on Indiekit to customize my blog 18 February 2026 Big changes I have made to my indiekit fork and some views of the plugin developed Lately, I have been investing a significant part of my free...

Staatstrojaner: Bürgerrechtler rufen den Menschenrechtsgerichtshof an
Das Bundesverfassungsgericht hat eine Beschwerde gegen die Hacking-Befugnisse der Geheimdienste abgewiesen. Datenschützer suchen nun Rechtsschutz in Straßburg.

https://www.axios.com/2025/12/16/ai-models-hacking-stanford-openai-warnings
Leaders from Amazon and Anthropic are testifying before two house committees today.

AI models are perfecting their hacking skills
This is the worst AI tools will likely ever perform, and they're already unnerving researchers and developers.

North Korean state hackers seen using Medusa ransomware in attacks on US, Middle East https://therecord.media/north-korean-hackers-using-medusa-ransomware

North Korean hackers stole a record $2.02B in crypto in 2025, a 51% YoY rise that takes its cumulative stolen total to $6.75B; individual wallet hacks hit 158K (Chainalysis)
https://www.chainalysis.com/blog/crypto-hacking-stolen-funds-2026/

2025 Crypto Theft Reaches $3.4 Billion
North Korean hackers stole $2.02 billion in cryptocurrency in 2025, a 51% year-over-year increase, pushing their all-time total to $6.75 billion.

In written evidence to the Prince Harry privacy trial, ex-Daily Mail editor Paul Dacre says allegations of phone hacking are "grave and sometimes preposterous" (Dominic Ponsford/Press Gazette)
https://pressgazette.co.uk/news/paul-d

Paul Dacre says hacking and tapping claims 'grave, preposterous, deeply upsetting'
Ex-Daily Mail editor Paul Dacre has described the allegations of phone hacking against his former team as “grave and sometimes preposterous”.

University of Michigan surveillance footage shows former co-offensive coordinator Matt Weiss entering three team offices seconds before investigators say he hacked into the personal accounts of college athletes.

UM security cam shows Matt Weiss at time of computer hacking, FBI says
A sealed FBI file alleges Matt Weiss was in UM offices when computer accounts were hacked, leading to the theft of intimate photos and videos.

Running @… on the XM8536D that is on the NVR I'm hacking on, working just fine after expanding the binary with zeroes to ensure the stack memory is initially clear. 🥳 🦀

Is it just me, or does Tony Grasso (RNZ NineToNoon tech correspondent) sound a lot like a FUD merchant (Boo! China scare!)? https://www.rnz.co.nz/national/programmes/ninetonoon/audio/2019023694/technology-volt-typhoon-th…

Jordan used Cellebrite phone-hacking tools against activists critical of Gaza war, report finds https://therecord.media/jordan-used-cellebrite-against-activists-critical-gaza-war

Every year hundreds of dedicated hackers put their heads together and ask themselves one question
"How are we going to do it bigger, and better, than last year?",
and every year they do. Join them!
Give us your craziest ideas, your fresh outlook, your passion.
This is the place you can find all of the open calls for DEF CON Content, so pick your poison and show us what you got!

RE: https://social.growyourown.services/@FediTips/116087724209677173
New p-hacking technique just dropped: reset the votes until you get a chunk that confirms your priors.

»Interrail meldet Datenleck: Auch Ausweisdaten betroffen:
Bei Eurail flossen mutmaßlich Daten ab. Der Anbieter stellt Interrail-Pässe auch im Auftrag der deutschen, österreichischen und Schweizer Bahn aus«
Sind wir mittlerweile in der Fase, in der wir uns fragen welche Firmen so wie Menschen sind vom Hacking nicht betroffen? Wer lügt, dass es ihn noch nie betraf oder nichts zu verbergen hat?
🚆

Interrail meldet Datenleck: Auch Ausweisdaten betroffen
Bei Eurail flossen mutmaßlich Daten ab. Der Anbieter stellt Interrail-Pässe auch im Auftrag der deutschen, österreichischen und Schweizer Bahn aus.

Don't miss today's Metacurity which is jam-packed with a host of intense cybersecurity developments, including
--Texas AG sues TP-Link, saying it allowed the CCP to hack routers,
--A hacker gained access to a French national bank database with 1.2m accounts,
--Microsoft 365 Copilot bug summarized confidential emails,
--DEF CON bans Epstein's hacking associates,
--Deutsche Bahn operations disrupted by cyberattack,
--Polish army bans Chinese cars,…

Texas AG sues TP-Link, saying it allowed the CCP to hack routers
A hacker gained access to a French national bank database with 1.2m accounts, Microsoft 365 Copilot bug summarized confidential emails, DEF CON bans Epstein's hacking associates, Deutsche Bahn operations disrupted by cyberattack, Polish army bans Chinese cars, much more

Sources: UK and Chinese security officials set up a forum to discuss cyberattacks after hacking accusations, the first of its kind, to help prevent escalation (Alex Wickham/Bloomberg)
https://www.bloomberg.com/news/articles/2026-…

Hacking washing machines https://media.ccc.de/v/39c3-hacking-washing-machines

Check out today's Metacurity for the critical infosec developments you might have missed over the weekend, including
--Black Basta suspects’ homes raided; gang leader added to most-wanted list,
--Jordanian national pleads guilty to access broker charges,
--Acting head of CISA was blocked by colleagues from removing CIO,
--Iranian campaign sought to steal Gmail and other account credentials,
--Man pleads guilty to hacking US S.Ct.,
--DPRK hackers impersona…

Black Basta suspects’ homes raided; gang leader added to most-wanted list
Jordanian national pleads guilty to access broker charges, Acting head of CISA was blocked by colleagues from removing CIO, Iranian campaign sought to steal GMail and other account credentials, Man pleads guilty to hacking US S.Ct., DPRK hackers pose as human rights orgs, much more

A UK privacy lawsuit by Prince Harry, Elton John, and others against Associated Newspapers begins, with allegations of phone hacking and illicit data collection (Reuters)
https://www.reuters.com/world/uk/prince-harry-elton-john…

#FreeSoftwareAdvent for today: #Ansible
It's what I'm using to provision and update our renderfarm, workstations and servers. Instead of hacking shell scripts to install apps and edit config files on every new workstation you write yaml files ("playbooks") that get e…

from my link log —
Always-on processor magic: how “Find My” works while iPhone is powered off.
https://naehrdine.blogspot.com/2021/09/always-on-processor-magic-how-find-my.html
saved 2021-09-30

Always-on Processor magic: How Find My works while iPhone is powered off
Wireless and firmware hacking, PhD life, Technology

Blockchain-based lending company Figure confirms a data breach; ShinyHunters hacking group published 2.5GB of data, saying Figure refused to pay a ransom (Lorenzo Franceschi-Bicchierai/TechCrunch)
https://techcrunch.com/2026/02/13/fintech-lending-giant-fi…

Fintech lending giant Figure confirms data breach | TechCrunch
The company said hackers downloaded “a limited number of files” after breaking into an employee’s account. The hacking group ShinyHunters took responsibility for the breach.

Idea: map of conferences
Some people track conferences they want to attend in calendars.
What if you could also explore a map to find interesting events nearby?
Markers would have a link, an icon and a label.
The link could point to a calendar entry in turn.
I bet that already exists somehow, but I don't see it much.
E.g. the Rust website could have that for all Rust conferences.
Or CCC for all the hacking community events in Germany.
DebConf, wh…

❤️ https://crowdersoup.com/blog/post/padd-some-new-features-1771364186/

PADD: Some new features!
I've been working on PADD publicly for about a week now. Before that I was hacking on the individual parts (indieauth, micropub, etc.) but I was finally able to put them together in a fun UI and re...

Tennessee man to plead guilty to hacking Supreme Court’s electronic case filing system https://therecord.media/guilty-plea-hacking-supreme-court-case-filing-system

Mirror Group lawyers say the publisher "accepts the allegations" of phone hacking but the claimants failed to file within the six-year statute of limitations (Press Gazette)
https://pressgazette.co.uk/media_law/mirror-acc…

Mirror accepts hacking took place but says new claims brought too late
The Mirror has admitted hacking took place at the paper but has said new claims against it have been brought too late.

I do not support or condone malicious hacking, destruction of private data, or the unwilling sharing of private data.
Unless it's Nazis. Then screw 'em.
https://techcrunch.com/2026/01/05/hacktivist-deletes…

Hacktivist deletes white supremacist websites live onstage during hacker conference | TechCrunch
A hacker known as Martha Root broke in and deleted three white supremacist websites at the end of a talk during the annual hacker conference Chaos Communication Congress in Germany.

Citizen Lab links Cellebrite to the hacking of a Kenyan presidential candidate’s phone
https://cyberscoop.com/citizen-lab-kenya-cellebrite-phone-cracking-boniface-mwangi-forensic-evidence/

Citizen Lab links Cellebrite to the hacking of a Kenyan presidential candidate’s phone
Researchers have found forensic evidence suggesting that Kenyan authorities used Cellebrite’s phone-cracking technology on the device of a prominent human rights activist after arresting him, according to a report published Tuesday.

Sources: Armadin, launched by Mandiant's founder Kevin Mandia to fight AI hacking, raised a $24M seed and is in talks to raise $100M at a $600M valuation (Wall Street Journal)
https://www.wsj.com/tech/ai/this-buzzy-cyber-startup-wants-…

…a bio hacking project that measures time and caffeination level where if I haven't hit the magical late-enough-or-caffeinated-enough level, it silently puts all posts and outbound mails into send-later drafts instead of sending.
Maybe including this one.

Apple and Google have released several software updates
to protect against a hacking campaign targeting an unknown number of their users.
On Wednesday, Google released patches for a handful of security bugs in its Chrome browser,
-- noting that one of the bugs was being actively exploited by hackers before the company had time to patch it. 
Unusually for Google, the company provided no further details at the time.  But on Friday, Google updated the page to say that t…

Google and Apple roll out emergency security updates after zero-day attacks | TechCrunch
Apple released patches for all of its flagship devices to fix security flaws under attack. Google also updated Chrome to remediate one vulnerability exploited in the attacks.

Exclusive: Palo Alto chose not to tie China to hacking campaign for fear of retaliation from Beijing, sources say
https://www.reuters.com/world/china/palo-alto-chose-not-tie-china-hacking-campaign-fear-retaliatio…

Från Bleeping computer
"An Illinois man pleaded guilty to hacking nearly 600 women's Snapchat accounts to steal nude photos that he sold or traded online, including accounts compromised at the request of a former university track coach who was later convicted of sextortion"
LÄXA - sluta posta nudes på digitala plattformar!!

RE: https://mstdn.social/@TechCrunch/115844037920694794
This is what hacking should be all about.

In the first successful US prosecution of a spyware operator in 10 years, pcTattletale founder pleads guilty to promoting surveillance apps for unlawful uses (Zack Whittaker/TechCrunch)
https://techcrunch.com/2026/01/06/foun

Founder of spyware maker pcTattletale pleads guilty to hacking and advertising surveillance software | TechCrunch
Bryan Fleming, the founder of hacked stalkerware company pcTattletale, pleaded guilty to federal charges linked to the running of his now-defunct Michigan-based spyware company.

Three hacking groups, two vulnerabilities and all eyes on China https://therecord.media/three-hacking-groups-two-vulnerabilities-china-microsoft

Dear #Apple I am starting to really get pissed of f at your random actions on how you are dealing with our data. I DONT want my stuff on iCloud unless I specifically move a folder there. Stop hi hacking our data
#enshitification creeping into your Modus operandi

from my link log —
Reverse engineering a cloud-connected e-scooter and finding the master key to unlock all scooters.
https://blog.nns.ee/2026/01/06/aike-ble/
saved 2026-01-16

Reverse engineering my cloud-connected e-scooter and finding the master key to unlock all scooters
Ethical Hacking and Cybersecurity Blog

Sources: Palo Alto ordered the removal of direct attributions to China from a Unit 42 report on a global hacking campaign due to fears of retaliation from China (Reuters)
https://www.reuters.com/world/china/palo-a

10 years and a few days ago, I was running a DIY Synth workshop with STM32F7 dev boards in our kitchen in North London... Still have ~10 of these boards.
Here are also two videos (live performances) of some softsynths (some with MIDI via USB support) which we built in these workshops (I did quite a few of those in that year)...
STM32F746 MIDI synth (live recording, 2016-01-31)

ICE has purchased “a smorgasbord of spy technology: social media monitoring, cellphone location tracking, facial recognition, remote hacking tools, and more … the government openly says it will use [these] capabilities to target people who oppose ICE’s actions [including] anti-ICE protesters.”
#ICE #protest

ICE Wants to Go After Dissenters as well as Immigrants
The Trump administration is being open about its plans to violate Americans’ First and Fourth Amendment rights.

Good luck with that!
British and Chinese security officials established a forum to discuss cyberattacks following a spate of hacking accusations that soured relations between the two countries.
https://www.bloomberg.com/news/article…

I wonder how long until we learn that a popular 3rd (or 1st!) party closed-source (or OSS binary distribution) remote desktop or ssh client/terminal has been keylogging or uploading screenshots to its maker or external attacker to achieve some extortion or fraud or hacking aim

Sources: South Korean authorities suspect North Korean hacking group Lazarus of the $30M Upbit hack, which used methods resembling those of a 2019 Upbit theft (Kang Yoon-seung/Yonhap News Agency)
https://en.yna.co.kr/view/AEN20251128003952320?section=national/nation…

Want to see some fluffs at #39c3 ?
chaosfurs will do two fursuitwalks on day 2 and 3
https://events.ccc.de/congress/2025/hub/en/assembly/detail/chaosfurs

This article by @… describes me this weekend, hacking away with Copilot on two Hugo websites (one new, one 10 years old) and being incredibly productive while at it (and I suck at golang templates)
https://

The week's cybersecurity news is really heating up today, so check out Metacurity for the most critical developments you should know, including
--China orders domestic companies to stop using US cybersecurity software,
--White House renominates Plankey as CISA Director,
--Whistleblower leaks sensitive data on ICE and Border Patrol workers,
--Man to plead guilty for hacking Supreme Court system,
--Microsoft issues fixes for 114 flaws,
--Belgian hospital …

China orders domestic companies to stop using US cybersecurity software
White House renominates Plankey as CISA Director, Whistleblower leaks sensitive data on ICE and Border Patrol workers, Man to plead guilty for hacking Supreme Court system, Microsoft issues fixes for 114 flaws, Belgian hospital forced to cancel procedures after cyberattack, much more

Virginia brothers charged with hacking, deleting federal databases holding FOIA info https://therecord.media/twin-brothers-arrested-hacking-deleting-foia-databases

»Texteditor — Notepad -Server gehackt und Update-Traffic manipuliert:
Angreifern ist es gelungen, die Update-Infrastruktur von Notepad zu kompromittieren und Traffic umzuleiten. Der Entwickler entschuldigt sich.«
Falls wer von euch Notepad nutzt, gebt bitte acht. Und ja Hacking ist schon lange Kriegsführung aber viele Firmen glauben immer noch nichts zu verbergen zu haben.
P.S. Das ist keine Notepad Kritik.
🧑‍💻

Texteditor: Notepad++-Server gehackt und Update-Traffic manipuliert - Golem.de
Angreifern ist es gelungen, die Update-Infrastruktur von Notepad++ zu kompromittieren und Traffic umzuleiten. Der Entwickler entschuldigt sich.

Another Korean cyber incident appears to be emerging involving the major e-commerce platform Gmarket, but the company claims that the unauthorized payments were not due to hacking but were made using account information stolen from outside sources

Gmarket suffers unauthorized payment incident affecting 60 users amid hacking woes
Financial authorities have begun an emergency on-site inspection of the major e-commerce platform Gmarket after reports of unauthorized mobile paym...

Each week, Metacurity offers our free and premium subscribers a weekly digest of the best long-form (and longish) infosec-related pieces we couldn't properly fit into our daily news crush.
This week's selection includes,
--A journalist's talks with an Iranian hacking leader ended with murder,
--Hackers attacked Aeroflot's still-insecure infrastructure,
--The war on disinformation has been dismantled,
--Trump's DOJ uses Americans' own data …

Best infosec-related long reads for the week of 12/6/25
A journalist's talks with an Iranian hacking leader ended with murder, Hackers attacked Aeroflot's still-insecure infrastructure, The war on disinformation has been dismantled, Trump's DOJ uses Americans' own data to limit voting rights, The Wassenaar Arrangement can help limit spyware exports

Untrusted estš gratis en Steam, tetes. Corred antes de que acabe la oferta: https://store.steampowered.com/app/1502660/Untrusted/

Unit 42 details how underground hacking forums advertise and sell custom, jailbroken, and open-source AI hacking tools such as WormGPT and KawaiiGPT (Derek B. Johnson/CyberScoop)
https://cyberscoop.com/malicious-llm-tools-cybercrime-wormgpt-kawaiigpt/

"So there I was, finally grasping the reality of what you're up against, as a Windows user:
Random bugs that break basic functionality
Updates that install without permission and brick my system
Copilot and OneDrive ads appearing in every corner of the OS
Copilot buttons everywhere, coming for every application
Can't even make a local account without hacking the setup with Rufus (they even removed the terminal workaround)
Ze…

Bogdan's Blog – From Microsoft to Microslop to Linux: Why I Made the Switch
Broken updates, Copilot shoved everywhere, and my system bricking itself. Here's why I finally escaped to Linux.

North Korean hacking group Lazarus is suspected to be behind a breach of around 45 billion won ($30.6m) in cryptocurrency from South Korea's largest crypto exchange Upbit. The group was suspected of stealing 58 billion won ($40m) worth of Ethereum from Upbit in 2019.
https://en.yna.co.kr/view/A…

Speaking at the US Capitol today, Senate and House Democrats said that
“dramatic changes” are needed
at the Department of Homeland Security (DHS)
as they continue their negotiations over a full-year appropriations bill
Trump signed a stopgap spending measure on Tuesday that funds the DHS until 13 February while lawmakers hammer out guardrails.
The Senate’s top Democrat, Chuck Schumer, said that the party is also demanding the end of “roving patrols”,
“inde…

Daily Mail publisher's High Court trial over alleged phone hacking threatens to derail its £500M Telegraph bid, as main funder NatWest considers the legal risks (Dan Evans/Byline Times)
https://bylinetimes.com/2026/01/23/dai

Daily Mail High Court Trial Casts Shadow Over Lord Rothermere's Telegraph Bid
Allegations that the Mail engaged in phone hacking, landline tapping, burglaries, and the theft of medical records are threatening to derail its £500 million takeover of the Telegraph

https://www.nextgov.com/people/2025/12/trump-formally-taps-joshua-rudd-lead-nsa-cyber-command/410266/
“Rudd, the current deputy director for Indo-Pacific Command, appears to not have previously held a military cybersecurity po…

Trump formally taps Joshua Rudd to lead NSA, Cyber Command
The nomination marks a turning point for the electronic surveillance and hacking teams that have been without a permanent leader for eight months.

Illinois man admits to hacking Snapchat accounts to steal nude photos
https://www.reuters.com/sustainability/boards-policy-regulation/illinois-man-admits-hacking-snapchat-accounts-steal-nude-photos-202…

I have no interest in hacking on my text editor

Every day is a big cyber news day, so don't miss today's Metacurity for the most critical infosec developments you should know, including
--Twin brother hackers arrested for US government hacking, data destruction spree,
--GRU cyber ops sanctioned into Skripal poisoning inquiry,
--Defenders scramble to patch React Server Components' critical flaws,
--AI agents match human attackers in smart contract exploits,
--AZ Atty. General sues Temu for customer …

Twin brother hackers arrested for US government hacking, data destruction spree
GRU cyber ops sanctioned into Skripal poisoning inquiry, Defenders scramble to patch React Server Components' critical flaws, AI agents match human attackers in smart contract exploits, AZ Atty. General sues Temu for customer data theft, Threat intel experts recorded DPRK IT recruiters, much more

UK confirms Foreign Office hacked, says ‘low risk’ of impact to individuals https://therecord.media/uk-foreign-office-hacked-china

Stanford researchers develop AI hacking bot Artemis and say it surpassed nine out of 10 penetration testers by rapidly finding bugs in the university's network (Robert McMillan/Wall Street Journal)
https://www.wsj.com/tech/a…

Yup, the Tianfu Cup silently returned this year.
https://www.bloomberg.com/news/newsletters/2026-02-11/china-revives-home-grown-hacking-competition-that-stirs-security-concerns

Singapore blames Chinese-backed hacking group UNC3886 for a months-long cyber-espionage campaign that targeted its four largest telecommunication companies (Zack Whittaker/TechCrunch)
https://techcrunch.com/2026/02/10/singapore-…

Singapore says China-backed hackers targeted its four largest phone companies | TechCrunch
The Singaporean government said the China-backed hackers gained "limited access to critical systems" run by the country's top four telecommunication giants, but said they did not disrupt services or steal customers' data.

Pakistan-linked hackers target Indian government, universities in new spying campaign https://therecord.media/pakistan-linked-hacking-group-targets-indian-orgs

"Dutch police have arrested a man for 'computer hacking' after accidentally handing him their own sensitive files and then getting annoyed when he didn't hand them back."
https://www.theregister.com/2026/02/16/dutch_cop…

Dutch cops arrest man after sending him confidential files by mistake
: Bungled link handed over sensitive docs, and when recipient didn't cooperate, police opted for cuffs

from my link log —
Bypass Windows user interface privilege isolation via the CTF input method protocol.
https://googleprojectzero.blogspot.com/2019/08/down-rabbit-hole.html
saved 2019-08-13

The US DOJ says Peter Williams, former boss of L3Harris' Trenchant, stole and sold tools that can hack millions of computers worldwide to a Russian broker (Lorenzo Franceschi-Bicchierai/TechCrunch)
https://techcrunch.com/…

DOJ says Trenchant boss sold exploits to Russian broker capable of accessing 'millions of computers and devices' | TechCrunch
The former boss of the L3Harris-owned hacking and surveillance tools maker Trenchant faces nine years in prison for selling several exploits to a Russian broker, which counts the Russian government among its customers.

Check out today's Metacurity for the most crucial cybersecurity developments you should know, including
--Man pleads guilty in the first successful US prosecution of a stalkerware operator,
--Korea warns of hacking forum that steals and sells data,
--NZ High court enjoins publication of stolen medical data,
--UK government launches $282m cyber action plan,
--Threat actor stole and threatens to leak data from insurer Prosura,
--Command injection flaw fou…

Man pleads guilty in the first successful US prosecution of a stalkerware operator
Korea warns of hacking forum that steals and sells data, NZ High court enjoins publication of stolen medical data, UK government launches $282m cyber action plan, Threat actor stole and threatens to leak data from insurer Prosura, Command injection flaw found in D-Link DSL routers, much more

Russian police bust bank-account hacking gang that used NFCGate-based malware https://therecord.media/russian-police-bust-banking-hackers-nfcgate-based-malware

Crunchbase Confirms Data Breach After Hacking Claims
https://www.securityweek.com/crunchbase-confirms-data-breach-after-hacking-claims/

Illinois man pleads guilty to hacking hundreds of Snapchat accounts to steal nude photos https://therecord.media/illinois-man-pleads-guilty-snapchat-nude-photo-hacks

Personal information of thousands of Victorian students accessed in targeted cyberattack on schools
https://www.news.com.au/technology/online/hacking…

According to AhnLab, the N. Korean Lazarus Group, responsible for the recent massive theft from crypto exchange Upbit, has engaged in 31 cyberattacks, followed by DPRK's Kimsuky, which has launched 27 cyberattacks, over the past year.
https://en.yna.co.kr/view/AEN20251130001000315<…

Ilya Lichtenstein, sentenced in Nov. 2024 to five years in prison for hacking Bitfinex, has been released early due to First Step Act, Trump's prison-reform law (CNBC)
https://www.cnbc.com/2026/01/02/bitcoin-hacker-ilya-lichtenstein-bitfinex-razz…

Ilya Lichtenstein, Bitcoin hacker behind massive crypto theft, credits Trump for early prison release
Ilya Lichtenstein had been sentenced to five years in prison after pleading guilty and admitting to the hack of crypto assets valued in the billions of dollars.

South Korean police arrest four over hacking 120K home security cameras, whose footage was used to make sexually exploitative material; one person made ~$12K (John Yoon/New York Times)
https://www.nytimes.com/2025/12/02/world/asia/south-korea-cameras-hacked.html…

120,000 Home Cameras Were Hacked for Sexual Videos, South Korean Police Say
The authorities arrested four people this week in the latest turn in the country’s effort to stop exploitative recordings

So much cybersecurity news, so little time. Check out today's Metacurity for a quick run-down of the most crucial infosec developments you should know today, including
--Hackers claim to be selling Target's internal source code,
--Poland thwarted power system cyberattack,
--Hackers accessed the systems of Spanish energy provider Endesa and Energía XXI,
--Personal finance platform Betterment was hacked through third-party,
--Dutch national sentenced to sev…

Hackers claim to be selling Target's internal source code
Poland thwarted power system cyberattack, Hackers accessed the systems of Spanish energy provider Endesa and Energía XXI, Personal finance platform Betterment was hacked through third-party, Dutch national sentenced to seven years for hacking, Korea's Kyowon Group hit with ransomware, much more

Spyware maker is hijacking diplomatic efforts to limit commercial hacking, civil society warns https://therecord.media/spyware-maker-pall-mall-process-reputation

The US DOJ has indicted two Virginia brothers, Muneeb and Sohaib Akhter, for allegedly deleting 96 US government databases while working as Opexus contractors (Sam Sabin/Axios)
https://www.axios.com/2025/12/03/virgina-twins-doj-arrest-opexus-data-breaches

Virginia brothers arrested for allegedly tampering with government databases
The brothers worked for a contractor and previously pled guilty for hacking into the State Department.

https://www.cnn.com/2026/01/28/politics/hacking-disinformation-election-security
Secret US cyber operations shielded 2024 election from foreign trolls, but now the Trump admin has gutted protections

Secret US cyber operations shielded 2024 election from foreign trolls, but now the Trump admin has gutted protections
Weeks before the 2024 election, American military hackers carried out a secret operation to disrupt the work of Russian trolls spewing false information at US voters.

SentinelLabs' Dakota Cary linked Yu Yang and Qiu Daibing, two alleged members of the Chinese state hacking group, to participants of the 2012 Cisco Networking Academy Cup.
https://www.theregister.com/2025/12/11/salt_typhoon_cisco_training/

Researcher claims Salt Typhoon spies attended Cisco training scheme
: Skills gained later fed Beijing's cyber operations, according to SentinelLabs expert

US needs to impose ‘real costs’ on bad actors, State Department cyber official says https://therecord.media/usa-cyber-actors-consequences

Germany summons Russian ambassador over cyberattack, election disinformation https://therecord.media/germany-summons-russian-ambassador-cyberattack-disinformation

Hackers reportedly breach developer involved with Russia’s military draft database https://therecord.media/hackers-reportedly-breach-developer-involved-in-russian-military-database

Poland detains Russian citizen suspected of hacking local firms https://therecord.media/poland-detains-russian-citizen-accused-of-hacks

Portugal updates cybercrime law to exempt security researchers
https://www.bleepingcomputer.com/news/security/portugal-updates-cybercrime-law-to-exempt-security-researchers/

Portugal updates cybercrime law to exempt security researchers
Portugal has modified its cybercrime law to establish a legal safe harbor for good-faith security research and to make hacking non-punishable under certain strict conditions.

Oswego man allegedly hired by college coach to get Snapchat access codes from nearly 600 women: FBI
https://abc7chicago.com/post/oswego-man-kyle-svara-26-allegedly-hired-college-coach-steve-wait…

Oswego man allegedly hired by college coach to get Snapchat access codes from nearly 600 women: FBI
A 26-year-old man from the west suburbs has been charged in a Snapchat hacking case. The FBI says he is accused of getting access to Snapchat access codes for nearly 600 women.

ShinyHunters publishes alleged personal data from Harvard, UPenn breaches
https://www.newsbytesapp.com/news/science/shinyhunters-claims-harvard-upenn-breaches-publishes-over-a-million-records/story

Hacker group publishes alleged personal data from Harvard, UPenn breaches
A notorious hacking group has released personal data allegedly stolen from Harvard University and the University of Pennsylvania during last year's breaches.

Leaked technical documents show China rehearsing cyberattacks on neighbors’ critical infrastructure https://therecord.media/leaked-china-documents-show-testing-cyber-neighbors

Salt Typhoon hackers ‘almost certainly’ in Australia’s critical infrastructure
https://www.smh.com.au/technology/salt-typhoon-hackers-almost-certainly-in-australia-s-critical-infrastructure-20251231-p5nqwn.htm…

Salt Typhoon hackers ‘almost certainly’ in Australia’s critical infrastructure
China’s hacking campaign is one of the most effective long-term espionage moves ever seen, a top cybersecurity figure says.

“The problem today is that around 80 percent of all the [space data] traffic is downlinked to a single location in Svalbard, which is an island shared between different countries, including Russia”
https://www.politico.eu/article/space-hacks-europe-ramps-up-s…

Hacking space: Europe ramps up security of satellites
Space systems are increasingly targeted with cyberattacks, as the global hybrid warfare rages.

Metacurity is back from a Thanksgiving holiday break with an extensive run-down of the critical cybersecurity developments since last Monday, including
--Some ChatGPT customer data was exposed by a breach at vendor Mixpanel,
--Lazarus Group suspected of $30.6m breach of Upbit,
--Korea's shopping platform Coupang hacked by a former insider to access 30m customers' data,
--Lazarus Group and Kimsuky are DPRK's most prolific hackers,
--Korea arrests four …

Some ChatGPT customers' data were exposed by a breach at vendor Mixpanel
Lazarus Group suspected of $30.6m breach of Upbit, Korea's shopping platform Coupang hacked by a former insider to access 30m customers' data, Lazarus Group and Kimsuky are DPRK's most prolific hackers, Korea arrests four for hacking 120K IP cameras, OnSolve CodeRED platform hit by attack, much more

https://www.ynetnews.com/article/s161vadwbx
This is creepy. The Iranian hacking group Handala hacked an Israeli nuclear scientist’s car and left a threatening message.

Iranian hackers claim they left a heavy bouquet in Israeli nuclear scientist’s car
Iranian hacker group Handala claims it broke into the car of an Israeli nuclear scientist, left a heavy bouquet and a veiled threat, and released what it says are names and phone numbers of Unit 8200 personnel Israel has not confirmed it

https://www.richardsilverstein.com/2025/12/30/iranian-hackers-break-cell-phone-of-scandal-plagued-netanyahu-aide/
Israeli hacking group Handala exposed dozens of names and phone numbers of Israel’s security detail …

Iranian Hackers Break Cell Phone of Scandal-Plagued Netanyahu Aide – Tikun Olam תיקון עולם إصلاح العالم
Exposing secrets of the Israeli national security state

The Lazarus group stands accused of stealing approximately 45 billion won ($30.6 million) from Upbit, South Korea's largest cryptocurrency platform.
https://en.yenisafak.com/world/north-koreas-lazarus-hackers-steal-30-million…

North Korea's Lazarus hackers steal $30 million from South Korean exchange
North Korea's Lazarus hacking group is suspected of stealing approximately $30.6 million in cryptocurrency from South Korea's largest digital asset exchange, Upbit.

India and the EU signed a security and defense pact yesterday, covering a lot of cyber territory. But Intelligence Online says the EU wanted India to rein in its hacking-for-hire industry, which India denies even exists. So that was left out of the deal.

Europe/India • Indian 'hackers for hire' to continue to thrive under Brussels-New Dehli trade deal
The major trade and strategic agreement signed on 27 January between the European Union and India includes a cyber component, which has been subject to a discreet tug-of-war between cyber diplomats

Russian state hackers likely behind wiper malware attack on Poland’s power grid https://therecord.media/russia-eset-sandworm-poland-hack