WhatsApp has accused Paragon Solutions of targeting around 90 journalists and members of civil society using Graphite spyware. The targets were notified by WhatsApp, and the company issued a cease-and-desist letter to Paragon 🧵
https://en.globes.co.il/en/article-whatsapp-alleges-paragon-targeted-users-1001501020
- Founded in 2015 by former Israeli intelligence officers headquartered in Ramat Gan, Israel.
- Executive Chairman: John Fleming (previously served in the U.S. Air Force and worked for various defense contractors).
- CEO: Eitan Alimi (formerly with the IDF SIGINT Unit 8200).
- Paragon offers a suite of spyware products, including:
+ Graphite: A zero-click spyware capable of infiltrating encrypted apps like WhatsApp and Signal. It's designed to target specific individuals without their interaction with malicious links or files.
+ SilverEdge: A mobile surveillance solution that provides real-time access to targeted devices' data, including messages, contacts, and location.
+ BlackBox: An advanced monitoring tool for computers and servers, enabling remote access and data extraction.
- Paragon licenses its technology to "a select group of global democracies — principally, the United States and its allies," according to John Fleming. However, specific customers are not publicly disclosed.
- In 2024, U.S. Immigration and Customs Enforcement (ICE) signed a $2 million one-year contract with Paragon for a fully configured proprietary solution.
- In 2023, American private equity giant AE Industrial Partners acquired Paragon Solutions for $500M.
This automated post is based on realtime intelligence from public sources and may be incorrect, inaccurate and may not include all or complete facts.
https://en.globes.co.il/en/article-whatsapp-alleges-paragon-targeted-users-1001501020
- Founded in 2015 by former Israeli intelligence officers headquartered in Ramat Gan, Israel.
- Executive Chairman: John Fleming (previously served in the U.S. Air Force and worked for various defense contractors).
- CEO: Eitan Alimi (formerly with the IDF SIGINT Unit 8200).
- Paragon offers a suite of spyware products, including:
+ Graphite: A zero-click spyware capable of infiltrating encrypted apps like WhatsApp and Signal. It's designed to target specific individuals without their interaction with malicious links or files.
+ SilverEdge: A mobile surveillance solution that provides real-time access to targeted devices' data, including messages, contacts, and location.
+ BlackBox: An advanced monitoring tool for computers and servers, enabling remote access and data extraction.
- Paragon licenses its technology to "a select group of global democracies — principally, the United States and its allies," according to John Fleming. However, specific customers are not publicly disclosed.
- In 2024, U.S. Immigration and Customs Enforcement (ICE) signed a $2 million one-year contract with Paragon for a fully configured proprietary solution.
- In 2023, American private equity giant AE Industrial Partners acquired Paragon Solutions for $500M.
This automated post is based on realtime intelligence from public sources and may be incorrect, inaccurate and may not include all or complete facts.
Google's AI ethics policy update removes its pledge against AI use in weapons and surveillance beyond global norms, raising concerns over Project Maven.
https://www.washingtonpost.com/technology/2025/02/04/google-ai-policies-weapons-harm/
https://www.washingtonpost.com/technology/2025/02/04/google-ai-policies-weapons-harm/
Vulnerability & Exploit Data Aggregation System (VEDAS) is the World's First Automated Advisory Generation Platform that can aggregate and comprehend Vulnerability / Exploit Intelligence, powered by Osprey Vision & Exploit Observer.
https://vedas.arpsyndicate.io
https://vedas.arpsyndicate.io
vedas.arpsyndicate.io
VEDAS - Vulnerability & Exploit Data Aggregation System by ARPSyndicate
Vulnerability & Exploit Data Aggregation System (VEDAS) is the World's First Automated Advisory Generation Platform that can aggregate and comprehend Vulnerability / Exploit Intelligence, powered by Osprey Vision & Exploit Observer.
Subdomain Center by @ARPSyndicate is the World's Largest Subdomain Database with freemium access and coverage for both Surface + Dark Web 😇
https://www.subdomain.center
https://www.subdomain.center
www.subdomain.center
The World's Largest Shadow IT & Subdomain Database
Subdomain Center scours the web, gathering and interpreting data from from all over the Internet. Consequently, it has evolved into The World's Largest Shadow IT & Subdomain Intelligence Database and is freely accessible to all.
Apple has revoked access to its highest level of data protection, Advanced Data Protection (ADP), for users in the United Kingdom. This decision comes after the UK government demanded that Apple provide a method for law enforcement to access encrypted data during criminal investigations.
https://proton.me/blog/apple-ends-adp-in-uk
https://proton.me/blog/apple-ends-adp-in-uk
Proton
The UK government’s war on encryption is a global threat | Proton
Apple turned off its end-to-end encryption in the UK in response to a government notice. We look at what this means and how people in the UK can protect their data.
Passive Subdomain Enumeration: Uncovering More Subdomains than Subfinder & Amass
Subdomain Center notes over 200 competitors, yet Amass integrates 87 and Subfinder 45; this article explores better subdomain enumeration tools.
https://osintteam.com/passive-subdomain-enumeration-uncovering-more-subdomains-than-subfinder-amass/
Subdomain Center notes over 200 competitors, yet Amass integrates 87 and Subfinder 45; this article explores better subdomain enumeration tools.
https://osintteam.com/passive-subdomain-enumeration-uncovering-more-subdomains-than-subfinder-amass/
OSINT Team - Learn OSINT from experts
Passive Subdomain Enumeration: Uncovering More Subdomains than Subfinder & Amass
Subdomain Center notes over 200 competitors, yet Amass integrates 87 and Subfinder 45; this article explores better subdomain enumeration tools.
While monitoring for n-day vulnerabilities via Exploit Observer, we noticed this #aprilfools prank -
https://api.exploit.observer/?keyword=CVE-2025-0401
https://github.com/cybersecurityup/cve-2025-0401
https://x.com/hackerschoice/status/1906976989891682647
Hopefully VEDAS wasn't completely poisoned haha.
https://vedas.arpsyndicate.io/?vuln=CVE-2025-0401
https://api.exploit.observer/?keyword=CVE-2025-0401
https://github.com/cybersecurityup/cve-2025-0401
https://x.com/hackerschoice/status/1906976989891682647
eval "$(printf 'id(){ echo "uid=0(root) gid=0(root) groups=0(root)";};PS1="# ";touch(){ echo "April Fools!";}')"Hopefully VEDAS wasn't completely poisoned haha.
https://vedas.arpsyndicate.io/?vuln=CVE-2025-0401
Subdomain Center scours the web, gathering and interpreting data from from all over the Internet.
Consequently, it has evolved into The World's Largest Subdomain & Shadow IT Intelligence Database and is freely accessible to all.
Buy unrestricted access: https://www.arpsyndicate.io/pricing.html
Consequently, it has evolved into The World's Largest Subdomain & Shadow IT Intelligence Database and is freely accessible to all.
Buy unrestricted access: https://www.arpsyndicate.io/pricing.html
We have officially rebranded the CVEMON to CVE Scores - Home to VEDAS & EPSS Scores.
TL;DR: Vulnerability & Exploit Data Aggregation System is an OSINT-driven metric to determine the popularity of 40+ Vulnerability/Exploit Identifiers.
https://github.com/ARPSyndicate/cve-scores
TL;DR: Vulnerability & Exploit Data Aggregation System is an OSINT-driven metric to determine the popularity of 40+ Vulnerability/Exploit Identifiers.
https://github.com/ARPSyndicate/cve-scores
GitHub
GitHub - ARPSyndicate/cve-scores: EPSS & VEDAS Score Aggregator for CVEs
EPSS & VEDAS Score Aggregator for CVEs. Contribute to ARPSyndicate/cve-scores development by creating an account on GitHub.
On April 15, 2025, Some big news regarding MITRE's future involvement in CVE Enrichment emerged. MITRE alerted the CVE Board that its current contract to operate and modernize the CVE program (and related programs like CWE) will expire on April 16, 2025 🧵
- Such uncertainties, including NIST's failures in enriching the NVD, could negatively impact vulnerability databases, tool vendors, incident response, and critical infrastructure, globally. In response to this potential disruption, a new CVE Foundation has been launched.
- The CVE Foundation is a non-profit, community-driven initiative formed by long-standing CVE Board members. Its mission is to maintain the trust, integrity, availability, and quality of CVE data for cybersecurity defenders worldwide.
- The formation of the CVE Foundation aims to eliminate a single point of failure in vulnerability management and to establish governance that reflects the global nature of cybersecurity threats.
- Meanwhile, to address such failures, we have built intelligent & automated systems which aggregates and interprets exploit and vulnerability data from across the Internet, including vendor advisories, source code repositories, articles, and videos.
- It collects and scores vulnerability and exploit data from over 40 global sources, including CVE, CNVD (China), CNNVD, and BDU (Russia), maps them with products while assigning prioritisation scores as well, providing a broader view than relying on CVE alone.
- As a result, can identify and track vulnerabilities that may not be present in the CVE database, filling gaps when official sources are incomplete or delayed.
- Vulnerability & Exploit Data Aggregation System (VEDAS) & Exploit Observer, together, use OSINT to evaluate the popularity and significance of vulnerabilities, helping prioritise which issues to address first.
https://github.com/ARPSyndicate/cve-scores
https://vedas.arpsyndicate.io
- A.R.P. Syndicate offers comprehensive, real-time, and globally inclusive vulnerability and exploit intelligence, making them essential tools for security teams in a changing vulnerability management landscape.
Reach out to sales@arpsyndicate.io to learn more.
This automated post is based on realtime intelligence from public sources and may be incorrect, inaccurate and may not include all or complete facts.
- Such uncertainties, including NIST's failures in enriching the NVD, could negatively impact vulnerability databases, tool vendors, incident response, and critical infrastructure, globally. In response to this potential disruption, a new CVE Foundation has been launched.
- The CVE Foundation is a non-profit, community-driven initiative formed by long-standing CVE Board members. Its mission is to maintain the trust, integrity, availability, and quality of CVE data for cybersecurity defenders worldwide.
- The formation of the CVE Foundation aims to eliminate a single point of failure in vulnerability management and to establish governance that reflects the global nature of cybersecurity threats.
- Meanwhile, to address such failures, we have built intelligent & automated systems which aggregates and interprets exploit and vulnerability data from across the Internet, including vendor advisories, source code repositories, articles, and videos.
- It collects and scores vulnerability and exploit data from over 40 global sources, including CVE, CNVD (China), CNNVD, and BDU (Russia), maps them with products while assigning prioritisation scores as well, providing a broader view than relying on CVE alone.
- As a result, can identify and track vulnerabilities that may not be present in the CVE database, filling gaps when official sources are incomplete or delayed.
- Vulnerability & Exploit Data Aggregation System (VEDAS) & Exploit Observer, together, use OSINT to evaluate the popularity and significance of vulnerabilities, helping prioritise which issues to address first.
https://github.com/ARPSyndicate/cve-scores
https://vedas.arpsyndicate.io
- A.R.P. Syndicate offers comprehensive, real-time, and globally inclusive vulnerability and exploit intelligence, making them essential tools for security teams in a changing vulnerability management landscape.
Reach out to sales@arpsyndicate.io to learn more.
This automated post is based on realtime intelligence from public sources and may be incorrect, inaccurate and may not include all or complete facts.
Мы запустили проект оценки популярности, рассчитываемый VEDAS для CVE и BDU.
TL;DR: Система сбора данных об уязвимостях и эксплойтах (VEDAS) - это управляемый OSINT показатель, позволяющий определить популярность более 40 идентификаторов уязвимостей/эксплойтов.
https://github.com/ARPSyndicate/cve-scores
https://github.com/ARPSyndicate/bdu-scores
TL;DR: Система сбора данных об уязвимостях и эксплойтах (VEDAS) - это управляемый OSINT показатель, позволяющий определить популярность более 40 идентификаторов уязвимостей/эксплойтов.
https://github.com/ARPSyndicate/cve-scores
https://github.com/ARPSyndicate/bdu-scores
GitHub
GitHub - ARPSyndicate/cve-scores: EPSS & VEDAS Score Aggregator for CVEs
EPSS & VEDAS Score Aggregator for CVEs. Contribute to ARPSyndicate/cve-scores development by creating an account on GitHub.
“If you had asked me five years ago when I left Cyber Command, would a foreign entity, in this case a nation-state, upload destructive malware into critical U.S. infrastructure in a time of peace?... I would have said to you… there's a low probability. Boy, I got that wrong.” — Adm. Mike Rogers
https://youtu.be/_NxMFjKwgTk
https://youtu.be/_NxMFjKwgTk
YouTube
Rethinking Offensive Cyber: Strategy, Deterrence, and Real-World Impact with Adm. Mike Rogers (Ret.)
Overview:
In this episode of Cyber Focus, host Frank Cilluffo sits down with Admiral Mike Rogers (Ret.), former Commander of U.S. Cyber Command and Director of the National Security Agency. Rogers shares insights from his leadership across two administrations…
In this episode of Cyber Focus, host Frank Cilluffo sits down with Admiral Mike Rogers (Ret.), former Commander of U.S. Cyber Command and Director of the National Security Agency. Rogers shares insights from his leadership across two administrations…
Check Point Research is tracking a sophisticated phishing campaign by APT29 (Cozy Bear), a Russia-linked group targeting European diplomatic entities. The attackers impersonate a European foreign affairs ministry to send fake event invites, often for wine tastings.
They use a new initial-stage loader, GRAPELOADER, and an upgraded version of their previous backdoor, WINELOADER. GRAPELOADER handles initial access and stealth, while WINELOADER operates in later stages.
Both share technical similarities, but GRAPELOADER enhances anti-analysis and stealth capabilities.
https://research.checkpoint.com/2025/apt29-phishing-campaign/
They use a new initial-stage loader, GRAPELOADER, and an upgraded version of their previous backdoor, WINELOADER. GRAPELOADER handles initial access and stealth, while WINELOADER operates in later stages.
Both share technical similarities, but GRAPELOADER enhances anti-analysis and stealth capabilities.
https://research.checkpoint.com/2025/apt29-phishing-campaign/
Check Point Research
Renewed APT29 Phishing Campaign Against European Diplomats - Check Point Research
Check Point Research uncovers APT29 targeting European diplomatic entities with phishing attacks spreading malware Grapeloader
Johannes Willbold - Cracking the final frontier: Reverse engineering and exploiting LEO satellites
https://www.youtube.com/watch?v=gt9YaeWzbpc
https://www.youtube.com/watch?v=gt9YaeWzbpc
YouTube
Johannes Willbold - Cracking the final frontier: Reverse engineering and exploiting LEO satellites
This talk presents a comprehensive security analysis of low-earth satellites, which have gained immense popularity in the "New Space" era. Despite their growing numbers, the security of these satellites remains uncertain. After introducing the essential architectural…
Automated AI Reverse Engineering with MCP for IDA and Ghidra (Live VIBE RE)
https://www.youtube.com/watch?v=iFxNuk3kxhk
https://www.youtube.com/watch?v=iFxNuk3kxhk
YouTube
Automated AI Reverse Engineering with MCP for IDA and Ghidra (Live VIBE RE)
Testing MCP plugins for IDA and Ghidra live with @mrexodia
IDA MCP
https://github.com/mrexodia/ida-pro-mcp
Ghidra MCP (thanks @lauriewired )
https://github.com/LaurieWired/GhidraMCP
Malware sample
7b5b060d9013725413f3f77719d0881035246b281e18005c0040e78a32e1c6cc…
IDA MCP
https://github.com/mrexodia/ida-pro-mcp
Ghidra MCP (thanks @lauriewired )
https://github.com/LaurieWired/GhidraMCP
Malware sample
7b5b060d9013725413f3f77719d0881035246b281e18005c0040e78a32e1c6cc…
Aikido Intel reports malicious versions of the official xrpl NPM package - used widely for XRP Ledger development. Attackers inserted a crypto-stealing backdoor, posing a serious threat to countless apps and wallets relying on the package.
https://www.aikido.dev/blog/xrp-supplychain-attack-official-npm-package-infected-with-crypto-stealing-backdoor
https://www.aikido.dev/blog/xrp-supplychain-attack-official-npm-package-infected-with-crypto-stealing-backdoor
www.aikido.dev
XRP supply chain attack: Official NPM package infected with crypto stealing backdoor
The official XPRL (Ripple) NPM package was compromised by sophisticated attackers who put in a backdoor to steal cryptocurrency private keys and gain access to cryptocurrency wallets.
How I Used AI to Create a Working Exploit for CVE-2025-32433 Before Public PoCs Existed - Matthew Keeley
https://platformsecurity.com/blog/CVE-2025-32433-poc
https://platformsecurity.com/blog/CVE-2025-32433-poc
PlatformSecurity
CVE-2025-32433: AI-Built Exploit Before Public PoCs | PlatformSecurity
A step-by-step walkthrough of how I leveraged AI to analyze, understand, and exploit the Erlang SSH pre-authentication vulnerability (CVE-2025-32433)...
Sharon Brizinov earned $64k in bug bounties by automating the scanning of public GitHub repositories for leaked secrets. He restored deleted files, found dangling blobs, and unpacked .pack files to uncover exposed API keys, tokens, and credentials.
https://medium.com/@sharon.brizinov/how-i-made-64k-from-deleted-files-a-bug-bounty-story-c5bd3a6f5f9b
https://medium.com/@sharon.brizinov/how-i-made-64k-from-deleted-files-a-bug-bounty-story-c5bd3a6f5f9b
Medium
How I made $64k from deleted files — a bug bounty story
TL;DR — I built an automation that cloned and scanned tens of thousands of public GitHub repos for leaked secrets. For each repository I…