International Cyber Digest
6.28K subscribers
940 photos
52 videos
2 files
170 links
Independent reporting on cybersecurity, tech, AI & digital policy. Got a tip? http://internationalcyberdigest.com/tips
Download Telegram
Google told a security researcher his bug was a 'nice catch', lined up his payout, then eleven days later called it harmless and refused to pay.

The bug, which the researcher named ConfigConfusion, is an unpatched flaw in Google Config Connector that he says lets anyone with basic Kubernetes access grant themselves owner rights over an entire Google Cloud organization. Google's stated reason for the reversal was that the tool works as designed, and it declined to assign a CVE.

Months on, there is still no patch. Google's own docs recommend running Config Connector with organization-level permissions, so plenty of teams are exposed.
🀣20πŸ€”2❀1😒1
Holy shit, this guy tried to weaken @sama by facing him alone while astral projecting and got spiritually injured. Turns out Sam is too powerful.
🀣27😭4😨4😁1πŸ₯΄1
US House Homeland Security Chair Andrew Garbarino is scared of Mythos's capabilities and says 95% of his colleagues "don't understand what the hell's going on."

By his account, Anthropic told the model to find a vulnerability in a bank and empty accounts. It did, he says, then identified the same flaw and could patch it.

A separate jailbreak demo, of an unspecified model, produced a plan to kidnap a lawmaker in 30 seconds.
🀣31πŸ’©4πŸ”₯3❀2πŸ‘1πŸ‘1😁1
Someone released an article about what is basically an offline VirusTotal without burning your payload: a security researcher reverse-engineered four major EDRs (SentinelOne, Cortex XDR, CrowdStrike, and Sophos) and extracted their detection logic from on-disk agent binaries, ML models, YARA rules, and behavioral scripts.

The project rebuilds the kernel telemetry stack those products run on, including Windows process, thread, registry, and handle callbacks plus a file-system minifilter. It even reconstructs access to the ETW Threat Intelligence provider that Windows normally reserves for protected anti-malware processes. Thus, both the detection rules and the sensor layer can be replicated outside the vendor’s agent.

https://blog.otterpwn.com/projects/heavener
πŸ‘13❀6πŸ‘1πŸ€”1
A Microsoft Critical Environment Technician in Italy resigned because β€œMicrosoft is massively expanding its European data centers (aka mass surveillance centers) to use Palestine as a laboratory for its experimental digital weaponry.”

He sent this in a mass email to thousands of colleagues protesting the company's ties to Israeli military surveillance, according to The Canary. The worker, identified only by a pseudonym, framed the move as part of the worker-led No Azure for Apartheid campaign.

The protest rests on a documented controversy. An investigation reported that Israel's Unit 8200 stored intercepted Palestinian phone calls on customized Azure infrastructure, and Microsoft, after first saying it found no evidence of civilian harm, later cut the unit's access to some Azure storage and AI services.

Microsoft has faced repeated internal revolts, firings, and event disruptions over its Israeli defense work, and the campaign now spans multiple countries, keeping pressure on how hyperscalers handle military and intelligence customers.
πŸ’©12❀10πŸ‘2πŸ™1
The internet could change if the U.S. House passes the KIDS Act today to "protect children." Critics warn it could mean de facto age checks for everyone and weakened encrypted communications.

The KIDS Act is a package of around a dozen bills that pairs a revised Kids Online Safety Act with new age-verification, AI chatbot, and messaging rules.

Digital rights group EFF warns the design would pressure platforms to age-check all users, not just minors, since liability can attach when a service "should have known" a user's age, and flags new rules touching encrypted and disappearing messages. Sponsors Brett Guthrie (R) and Frank Pallone (D) say it's kids-safety protection and note KOSA's text says age verification isn't required.

https://www.internationalcyberdigest.com/a-kids-safety-bill-heads-to-a-u-s-house-vote-give-us-your-freedom/
πŸ’©9πŸ‘5❀1πŸ‘1🀬1
Chinese AI models have matched the performance of Anthropic’s powerful model Mythos in some cybersecurity scenarios.

Researchers point to Zhipu AI's open-weight GLM-5.2 and a new tool, Tulongfeng, from 360 Security Technology, whose CEO said the capability cannot stay "solely in American hands."

The Trump administration has kept the more capable Anthropic models, Fable and Mythos, off-limits to foreign users for more than two weeks while continuing to clear AI chip exports to China, a pairing one former export-control official called "a gift to China."

https://www.internationalcyberdigest.com/china-matches-mythos-on-cyber-bug-finding-as-the-us-restricts-its-own-model/
❀9πŸ”₯3πŸ₯°2🀣1
This media is not supported in your browser
VIEW IN TELEGRAM
In the Russian town of Podolsk, a 13-year-old boy set fire to a fuel pump at a gas station. According to Russia's Interior Ministry, online handlers had tricked him into doing it.

The boy had been chatting with someone online he thought was a girl, and he'd shared his location with "her." The handlers then told him that location was going to be used to target a Ukrainian missile strike, and that the only way to stop the strike was to burn down the gas station.
🀣19😭8❀4πŸ‘1🀬1
These Y-combinator snake-oil saleskids are doing everything to get attention these days.

The average security professional would destroy this fella if he walked into their office with a cake like that.

Instant blacklist.
🀣19❀4
‼️ iPhone 18 Pro photos were LEAKED as a result of the Tata Electronics breach we reported about recently.

On the specs: the A20 Pro is reportedly fabbed by TSMC on its first 2nm (N2) process, paired with 96-bit-wide LPDDR6 and a reported 12GB on the 18 Pro.

Tata builds about a third of Apple's iPhones in India, more than 204,000 documents totalling 630+ GB have been leaked including Tesla and Apple confidential documents.

https://www.internationalcyberdigest.com/tata-electronics-leaked-iphone-18-pro-photos-and-designs/
❀10πŸ’©1
‼️ iPhone 18 Pro photos were LEAKED as a result of the Tata Electronics breach we reported about recently.

On the specs: the A20 Pro is reportedly fabbed by TSMC on its first 2nm (N2) process, paired with 96-bit-wide LPDDR6 and a reported 12GB on the 18 Pro.

Tata builds about a third of Apple's iPhones in India, more than 204,000 documents totalling 630+ GB have been leaked including Tesla and Apple confidential documents.

https://www.internationalcyberdigest.com/tata-electronics-leaked-iphone-18-pro-photos-and-designs/
πŸ’©9🀣5❀1