📊 Poll of the Day
Past polls got great engagement — let’s go even bigger this time! 🚀

This is Mastodon, so we know the audience is a bit more techie... let’s see how that reflects in the results! 👀

Which OS are you using right now? 💻
(Feel free to reply with why you use it too 👇)

Vote + Boost 🔁 = ❤️

#Linux #Arch #LinuxMint #Fedora #Debian #Ubuntu #Desktop #FOSS #Privacy #Security #OpenSource #Microsoft #Windows #TechNews #CyberSecurity #Tech #Technology #Apple #OS #iOS #MacOS #OperatingSystem

Apple: spaceship 🛸
Microsoft: glass tower 🏢
Linux: basement... still runs the internet 🐧😎

Root access > real estate.

Pic source: https://www.reddit.com/r/linuxmemes/comments/1mrtah8/stay_real/?utm_source=share&utm_medium=web3x&utm_name=web3xcss&utm_term=1&utm_content=share_button

📸👇

#Linux #Desktop #FOSS #Privacy #Security #OpenSource #Microsoft #Windows #TechNews #CyberSecurity #UserFreedom #Freedom #Tech #Technology #AI #OS #MacOS #Meme #TechMeme

Alt...

Three images showing the headquarters of major operating systems. The top left shows Apple's massive circular "spaceship" HQ labeled "iOS". Top right shows Microsoft's sleek modern building labeled "Windows". Bottom image shows a man standing in a modest home office setup, labeled "Linux", humorously suggesting Linux has no official headquarters.

The Record: Feds charge alleged administrator of ‘sophisticated’ Rapper Bot botnet https://therecord.media/feds-charge-botnet-admin @therecord_media

KrebsonSecurity: Oregon Man Charged in ‘Rapper Bot’ DDoS Service https://krebsonsecurity.com/2025/08/oregon-man-charged-in-rapper-bot-ddos-service/ @briankrebs

DoJ, from yesterday: http://justice.gov/usao-ak/pr/oregon-man-charged-administering-rapper-bot-ddos-hire-botnet #cybersecurity #infosec

This dumb password rule is from AOK (German Health Insurance).

This is the online customer portal of the German health insurance company AOK. They have an extensive set of rules for both passwords and usernames.
The password rules are:
- Length between 8 and 14 characters
- At least one letter, one number and one special character
- Special characters are: !...

https://dumbpasswordrules.com/sites/aok-german-health-insurance/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

TrendMicro has published an analysis of Warlock, the ransomware group that most likely was behind the attack on Colt.

https://www.trendmicro.com/en_us/research/25/h/warlock-ransomware.html

@GossiTheDog @campuscodi
#ThreatIntel #Cybersecurity #Infosec

VPNs are vital for online safety, but they're now in the firing line.

People have turned to them to protect their privacy, rather than splurge their data to unregulated age verification providers following the UK Online Safety Act.

But they have an important role to guard against predators online.

ORG's @JamesBaker explains why we must resist moves to age-gate this tech ⬇️

https://peertube.openrightsgroup.org/w/dmtYyFMktAE4hhdZWYSzH9

#OnlineSafetyAct #onlinesafety #VPN #ukpolitics #ukpol #cybersecurity #privacy

🔧 You may not notice, but to improve server security, we’ve decided to disable IPv6. Since our provider, OVHCloud, doesn’t offer DDoS protection or edge firewall for IPv6, we made this decision to ensure a better and more stable service.

#ServerSecurity #IPv6 #OVHCloud #NetworkSafety #CyberSecurity

"While the UK may have dropped its demands for Apple to backdoor all of its users across the globe, UK users may still be banned from benefiting from [Advanced Data Protection] encryption."

"And if Apple does restore ADP to UK users, there will be serious questions of trust."

🗣️ ORG's @jim.

https://news.sky.com/story/uk-drops-apple-encryption-demands-says-us-spy-chief-13414482

#apple #encryption #e2ee #privacy #cybersecurity #security #ukpolitics #ukpol

This dumb password rule is from NordVPN.

- Password cannot be longer than 48 characters.

https://dumbpasswordrules.com/sites/nordvpn/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

🚨 Hacked India's biggest dating app Flutrr (backed by The Times of India). Critical security flaws expose millions of users.

Technical details:

• Zero authentication checks on ANY API endpoint
• Can read/send messages as any user via WebSocket
• Access anyone's sensitive profile data, matches, conversations
• Update any user's data by just changing UID in requests
• Delete anyones account

Reported November 2024, they responded in March 2025 with a $100 gift card offer. Still unfixed.

Every single endpoint trusts client-provided user IDs without verification. This is as bad as it gets for a dating app handling sensitive personal data.

Full Technical Writeup: https://bobdahacker.com/blog/indias-biggest-dating-app-hacked

#infosec #security #vulnerability #india #datingapp #responsibledisclosure #apisecurity #bugbounty #cybersecurity

🤖 Most people still treat AI chatbots like a private confessional, but they aren’t. 😳 Every question is logged, stored, and potentially discoverable, sometimes even after you’ve deleted it. OpenAI, Google, and Anthropic all retain user prompts by default, often under the guise of “memory” or “service improvement.”

And here’s the kicker: a federal court order now forces OpenAI to preserve all ChatGPT conversations, including “Temporary” ones users assumed were erased. So the notion of ephemeral chats is gone. That should change how people think about what they type into these systems.

The bigger issue is that the line between “helpful personalization” and “permanent surveillance record” is blurring fast. What looks convenient today could look like an exposure tomorrow.

TL;DR
⚠️ AI queries are logged
🔐 Deleted chats still saved
🧠 “Memory” is default setting
📂 Court orders enforce retention

https://www.theregister.com/2025/08/18/opinion_column_ai_surveillance/
#AI #Privacy #DataSecurity #Surveillance #FRCP #EDRM #security #privacy #cloud #infosec #cybersecurity #LegalHold

The cybersecurity wrecking ball is turning to VPNs ‼️

It's dangerous to attack a tool that can help to keep adults and children safe online.

Age-gating this tech for UK users would increase cybercrime and put under 18s at a greater risk of predators.

https://www.bbc.co.uk/news/articles/cn438z3ejxyo

#OnlineSafetyAct #onlinesafety #VPN #cybersecurity #privacy #ukpolitics #ukpol

This dumb password rule is from Trade Me.

Won't allow spaces or single quotes. Maybe other characters as well -
they do not say up front - but the password they accepted contained lots
of other special characters.

https://dumbpasswordrules.com/sites/trade-me/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

The UK has pulled its order to put a backdoor into Apple's encrypted services.

BUT "powers to attack encryption are still on the law books, and pose a serious risk to user security and protection against criminal abuse of our data."

🗣️ @jim, ORG Exec Director.

https://www.bbc.co.uk/news/articles/cdj2m3rrk74o

#apple #encryption #e2ee #privacy #security #cybersecurity #ukpolitics #ukpol

This dumb password rule is from CWT Business Travel Management Company.

Password:
- 8 to 32 characters long
- Must contain a combination of letters, numbers and symbols
- Must be different from your username
- Must be different from 5 previous passwords

https://dumbpasswordrules.com/sites/cwt-business-travel-management-company/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Another week, another data breach at a big-name Australian company, this time ISP iiNet.

No idea who did it, yet, but we're on the lookout.

#databreach #cybersecurity

https://www.cyberdaily.au/security/12518-aussie-isp-iinet-confirms-data-breach-impacting-more-than-200-000-customers

This dumb password rule is from Targobank.

Your password must:
- must not be your username
- must at least eight characters
- must contain at least one number character
- must contain at least one uppercase character and 1 lowercase character
- must not contain spaces
- must not contain three identical characters in a row
- must not conta...

https://dumbpasswordrules.com/sites/targobank/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

How hacker gangs abuse Microsoft Teams for social engineering attacks to target companies

Ransomware gangs are exploiting Microsoft Teams' default permissive external access settings to conduct sophisticated social engineering attacks. They flood victims with spam emails, then impersonate IT support via fake Microsoft tenants to trick users into executing malicious PowerShell commands that steal data and compromise systems.

**Share this technique with your employees. The targeted people will not be IT. Consider blocking external Teams access in your admin settings to avoid fake "help desk" accounts. Advise that teams should check back with their IT via a well known channel and never run commands or programs sent via Teams messages from an unknown person, even if they claim to be from IT support.**
#cybersecurity #infosec #scam #phishing #activephishing
https://beyondmachines.net/event_details/how-hacker-gangs-abuse-microsoft-teams-for-social-engineering-attacks-to-target-companies-0-2-h-k-4/gD2P6Ple2L

🍔 Found huge security flaws in McDonald's - crew members could access sites reserved for corporate employees with internal functions, API keys exposed, and more. Had to call their HQ and pretend to know people just to report it 🤦

Technical details:

• Design Hub: Used to be client sided password, Registration endpoint exists and works even tho they dont want signups
• TRT portal: Crew accounts could enumerate/impersonate all employees from general manager to CEO
• GRS panel: Complete authentication bypass, arbitrary HTML injection
• Magicbell API keys/secrets exposed in client-side JS
• Algolia indexes listable with user PII
• CosMc's: Server-side validation missing for coupon redemption

They fixed it but fired my friend who helped find the OAuth vulnerabilities.

Full Technical Writeup: https://bobdahacker.com/blog/mcdonalds-security-vulnerabilities

#infosec #bugbountry #responsibledisclosure #security #cybersecurity #hacking #vulnerability

🎢 Hacked South Park's Casa Bonita. Could access their entire POS system and see all customer payments/tips and more 😬

Technical details:

• Founders Club admin panel: No auth required, all member emails exposed
• POS registration: Form disabled client-side only, API endpoint still functional
• Reservation enumeration: Sequential IDs exposed full customer data
• Full control over customer tabs, payments, and inventory
• Supabase misconfiguration: Public signups triggered automated membership cards

No security.txt anywhere. Had to email parkcounty.com addresses then get help from my friend whose company partners with South Park.

Fixed fast but never thanked me. Got a Founders Club card 6 months later though, because the system automatically sends them 😂

Full Technical Writeup: https://bobdahacker.com/blog/i-hacked-southpark

#infosec #bugbounty #responsibleDisclosure #security #vulnerability #hacking #cybersecurity #southpark #CasaBonita

This dumb password rule is from Coventry Building Society.

Password has to be between 6 and 10 characters, can't contain any punctuation and you have to give characters from it on the phone to confirm identity.

https://dumbpasswordrules.com/sites/coventry-building-society/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from CenturyLink Residential.

Your password is too long. But how long can it be? Oh, we won't tell you.

https://dumbpasswordrules.com/sites/centurylink-residential/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from SAS Eurobonus.

The best thing about rules, is that you can multiple different ones!
Like SAS that allows you to have a long password at least when signing
up, but you'll be sorry if you want to change your password later on.

https://dumbpasswordrules.com/sites/sas-eurobonus/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from California Department of Motor Vehicles.

They also prohibit pasting into the password field by using a JavaScript
`alert()` whenever you right-click or press the `Ctrl` button, so
you can't use a password manager.

https://dumbpasswordrules.com/sites/california-department-of-motor-vehicles/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Happy Birthday!

Founded: 16.08.1993

Thank you to everyone in the community that has contributed to the project.

Website: https://www.debian.org
Mastodon: @debian

#Debian #Linux #FreeSoftware #OpenSource #FOSS #Privacy #InfoSec #CyberSecurity #GNU

Alt...

Debian logo.

This dumb password rule is from ING Australia.

4 numeric digits.
"Added security" by randomising the positions on the keypad. Must be clicked.

https://dumbpasswordrules.com/sites/ing-australia/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Why security experts recommend standalone password managers over browser-based options

https://bitwarden.com/blog/beyond-your-browser/

#passwords #PasswordManager #cybersecurity

This dumb password rule is from ASN Bank.

Your password needs to be between 8 and 20 characters long - at least 1 number, 1 lower case letter, 1 upper case letter, 1 special character.

https://dumbpasswordrules.com/sites/asn-bank/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Hetzner.

- 8 or more characters
- At least one uppercase and one lowercase letter
- At least one number or special character

Okay, fair enough, but after putting in a password with some special characters this message appears:
- Invalid characters, allowed are: A-Z a-z 0-9 ä ö ü ß Ä Ö Ü ^ ! $ % / ( ) = ?...

https://dumbpasswordrules.com/sites/hetzner/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

@briankrebs You are a #cybersecurity Icons🏆 so they fake it till you make it.

This dumb password rule is from College Board.

Password must be 9-30 characters with at least one upper case letter, one lower case letter, one number and one special character (no spaces) and be different than your username.

https://dumbpasswordrules.com/sites/college-board/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Targobank.

Your password must:
- must not be your username
- must at least eight characters
- must contain at least one number character
- must contain at least one uppercase character and 1 lowercase character
- must not contain spaces
- must not contain three identical characters in a row
- must not conta...

https://dumbpasswordrules.com/sites/targobank/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Mastered pwn.college's Orange Belt "Reverse Engineering" module - whew! Things learned include disassembling & decompiling with x86 binaries, analysing, parsing and generating application logic, patching data and code in binaries.

#ctf #cybersecurity #pwncollege #ReverseEngineering

This dumb password rule is from Williams-Sonoma.

25 maximum characters and disallowing some specials.

https://dumbpasswordrules.com/sites/williams-sonoma/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

So yesterday, I emailed a state court system that appears to be linked to the exposed data I mentioned recently and that the host notified on or about July 28.

No reply was received.

Today, I sent a contact form message to the lawyer for a juvenile whose records were sealed. Sealed, except 11 of them were exposed to anyone who can access the data. I told him what was going on and suggested he contact the court and tell them to get the data secured.

No reply was received.

Today, I sent an email to the judge who ordered the juvenile's records sealed and I cc:d the district attorney. I gave them the juvenile's name, case number and that I could see all the sealed records. I urged them to have their IT or vendor call me and I could give them the IP address over the phone, etc.

No reply was received.

Dear Russia, China, and North Korea:

You do not need to hack our courts. They are leaking like sieves and do not respond when we try to tell them they need to secure the data.

Yours in total frustration,

/Dissent

#infosec #cybersecurity #incident_response #dataleak #databreach #WAKETHEFUCKUP

At #DEFCON33, #Meshtastic ran its biggest mesh yet—2K+ nodes, thousands of msgs & an unexpected live vulnerability demo. Lessons learned ✅ Big plans for security, identity & UX.

Full recap 👉 https://meshtastic.org/blog/that-one-time-at-defcon/

#Cybersecurity #OpenSource

🚨 How #Rhadamanthys Stealer Slips Past Defenses using ClickFix
⚠️ Rhadamanthys is now delivered via ClickFix, combining technical methods and social engineering to bypass automated security solutions, making detection and response especially challenging.
👾 While earlier ClickFix campaigns mainly deployed #NetSupport RAT or #AsyncRAT, this C++ infostealer ranks in the upper tier for advanced evasion techniques and extensive data theft capabilities.

#ANYRUN Sandbox lets SOC teams observe and execute complex chains, revealing evasive behavior and providing intelligence that can be directly applied to detection rules, playbooks, and proactive hunting.

🔗 Execution Chain:
ClickFix ➡️ msiexec ➡️ exe-file ➡️ infected system file ➡️ PNG-stego payload

In a recent campaign, the phishing domain initiates a ClickFix flow (#MITRE T1566), prompting the user to execute a malicious MSI payload hosted on a remote server.

🥷 The installer is silently executed in memory (#MITRE T1218.007), deploying a stealer component into a disguised software directory under the user profile.

The dropped binary performs anti-VM checks (T1497.001) to avoid analysis.

In later stages, a compromised system file is used to initiate a TLS connection directly to an IP address, bypassing DNS monitoring.

📌 For encryption, attackers use self-signed TLS certificates with mismatched fields (e.g., Issuer or Subject), creating distinctive indicators for threat hunting and expanding an organization’s visibility into its threat landscape.

🖼️ The C2 delivers an obfuscated PNG containing additional payloads via steganography (T1027.003), extending dwell time and complicating detection.

🎯 See execution on a live system and download actionable report: https://app.any.run/tasks/a101654d-70f9-40a5-af56-1a8361b4ceb0/?utm_source=mastodon&utm_medium=post&utm_campaign=rhadamanthys&utm_term=120825&utm_content=linktoservice

🔍 Use these #ANYRUN TI Lookup search queries to track similar campaigns and enrich #IOCs with live attack data from threat investigations across 15K SOCs:
https://intelligence.any.run/analysis/lookup?utm_source=mastodon&utm_medium=post&utm_campaign=rhadamanthys&utm_content=linktoti&utm_term=120825#%7B%2522query%2522:%2522threatName:%255C%2522clickfix%255C%2522%2522,%2522dateRange%2522:180%7D
https://intelligence.any.run/analysis/lookup?utm_source=mastodon&utm_medium=post&utm_campaign=rhadamanthys&utm_content=linktoti&utm_term=120825#%7B%2522query%2522:%2522threatName:%255C%2522rhadamanthys%255C%2522%2522,%2522dateRange%2522:180%7D
https://intelligence.any.run/analysis/lookup?utm_source=mastodon&utm_medium=post&utm_campaign=rhadamanthys&utm_content=linktoti&utm_term=120825#%7B%2522query%2522:%2522(threatName:%255C%2522clickfix%255C%2522%2520OR%2520threatName:%255C%2522susp-clipboard%255C%2522)%2520AND%2520threatName:%255C%2522netsupport%255C%2522%2522,%2522dateRange%2522:180%7D
https://intelligence.any.run/analysis/lookup?utm_source=mastodon&utm_medium=post&utm_campaign=rhadamanthys&utm_content=linktoti&utm_term=120825#%7B%2522query%2522:%2522(threatName:%255C%2522clickfix%255C%2522%2520OR%2520threatName:%255C%2522susp-clipboard%255C%2522)%2520AND%2520threatName:%255C%2522asyncrat%255C%2522%2522,%2522dateRange%2522:180%7D

👾 IOCs:
84.200[.]80.8
179.43[.]141.35
194.87[.]29.253
flaxergaurds[.]com
temopix[.]com
zerontwoposh[.]live
loanauto[.]cloud
wetotal[.]net
Find more indicators in the comments 💬

Protect critical assets with faster, deeper visibility into complex threats using #ANYRUN 🚀

#cybersecurity #infosec

This dumb password rule is from Taiwan Pingtung University.

Password must:
- Be between 8 ~ 15 characters long.
- Exceeding 15 will result in an account lockout instead of
erroring on submit. Otherwise, the max character
length should be 20.
- Contains at least 1 number character
- Contains at least 1 lowercase character
- Contains at least 1 uppercase ...

https://dumbpasswordrules.com/sites/taiwan-pingtung-university/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from KPMG Talent Community.

While stating otherwise, the site actually *accepts a backslash* in the password
and displays a forward slash as the example of the disallowed backslash
Password:
- Must be at least 8 characters long
- Must contain at least 1 number
- Must contain at least 1 letter
- Must contain at least 1 spec...

https://dumbpasswordrules.com/sites/kpmg-talent-community/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Wells Fargo Identity Theft Protection.

Your password on an Identity Theft Protection service is limited to
between 8 and 20 characters. Your username is allowed to be longer than
your password.

https://dumbpasswordrules.com/sites/wells-fargo-identity-theft-protection/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

NL. Horrible data breach.

The data of 485,000 women who participated in the population screening for cervical cancer has been stolen via a hack. Not just personal information, such as name and address, was involved. Official identification numbers and test results were also captured.

https://www.rtl.nl/nieuws/binnenland/artikel/5522737/bevolkingsonderzoek-baarmoederhalskanker-data-gehackt-vrouwen

#privacy #security #cybersecurity #gdpr #tech

UK retail giant M&S restores Click & Collect months after cyber attack, some services still down

#CyberAttackRecovery #OnlineServicesRestoration #CyberSecurity #RetailTech #UKRetail

https://go.theregister.com/feed/www.theregister.com/2025/08/11/ms_restores_click_collect_following/

This dumb password rule is from Premera Blue Cross.

Password must contain 8-30 characters, including one letter and one number.
"Special characters allowed" seems to mean a very small handful of choices you can only find through trial and error `-_'.@`

https://dumbpasswordrules.com/sites/premera-blue-cross/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Scandinavian Airlines.

The password rules itself is fine, but, it doesn't inform about the max length of the password.
Their max length is 14 characters, so even if you enter a password of 42 chars, you can login with the first 14 of it.
In this case, I changed my password to **Super_l0ng_password_that_fits_all_criteri...

https://dumbpasswordrules.com/sites/scandinavian-airlines/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

So when it's this easy to get a MITM going things like making posts in public chats as anyone you want feels kinda low key.

But I do hope that extended warranty works out, everyone seems pretty concerned about them.

#defcon #meshtastic #lora #cybersecurity

Which brings me to part two, MeshMarauder.

An open source tool demonstrating proof-of-concept exploits against the DEFCON 33 Meshtastic firmware.

MeshMarauder will demostrate:

- Tracking user activity on any mesh regardless of encryption usage
- Hijack all meshtastic user profile metadata
- Change any users public key
- Send messages as any user in channel chats that appear authentic
- MITM direct messages

https://meshmarauder.net

#defcon #meshtastic #meshmarauder #cybersecurity

I've been busy as hell this past week.

A lot of people have been asking hard questions about the security of LoRa systems when they hear about mesh radios.

I'm not one to trust the marketing so I and several friends put together two new LoRa tools to help us audit the security claims of LoRa mesh systems!

🤘🏿 📡 ✨

#radio #cybersecurity #privacy #meshtastic #lorapipe #meshmarauder #lora #mesh

This dumb password rule is from Unicaja.

Username is your national Spanish ID (easy to find).
Your password must be 6 characters long. You can't type, only select characters from the virtual keyboard

https://dumbpasswordrules.com/sites/unicaja/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

🚨 Scam Alert: "Verify your Fedi account" Phishing Attempt 🚧

Attention everyone on Mastodon! There's a scam making the rounds where malicious actors impersonate moderators or admins. They send private messages or make posts that mimic notifications, claiming that your account needs verification. These messages often include a link for you to "complete the verification process."

⚠️ This is a Scam!

Your server admin will never ask you to click a link to verify your account.
No other admin from any other server will either, even if they appear to be part of the main Mastodon team.
If your account is suspended, you won't receive a message about it. Instead, you'll see a notification upon logging in that your account is temporarily suspended.

How to Identify the Scam:

Fake admin accounts often use names containing "moderator" or "admin," but this doesn't mean they are legitimate.
Legitimate admins or instance owners usually have a badge or marking on their profile indicating their role.

What to Do:

If you receive a message or post urging you to click a link to verify your account, report it immediately.
If you have any doubts about your account status, contact your server admin or moderation team directly.
To verify the authenticity of an admin or instance owner, visit the "About" page of your instance. This page typically lists contact information for the real team administering your instance.
Always be cautious when interacting with accounts claiming to be from Mastodon or your instance's admin team.

Important Reminder:

Mastodon does not perform age verification. If you receive a message or post claiming to be from Mastodon or your instance's admin team, always verify its authenticity before taking any action.

Reporting the Scam:

If you encounter this scam, report it to your instance's admin team and use relevant tags, such as #FediBlock, to help raise awareness.

Personal Note:

I'm not a cybersecurity expert, but I find this new scam in the Fediverse quite interesting. If you feel like sharing your experiences with me, I would appreciate it! I'm looking to collect cases and get a broader view of this phishing attack. Maybe I'll even try to write a report about it. Feel free to tag me in any relevant posts.

Let's stay vigilant and help each other stay safe online!

#Mastodon #Fediverse #ScamAlert #Phishing #CyberSecurity #OnlineSafety #FediBlock #StaySafe #TechCommunity #SocialMedia #ScamAwareness #SecurityTips #ReportScams #VerifyBeforeYouTrust

Alt...

The image features a warning about a potential scam on the Mastodon platform. The background is yellow with black diagonal stripes, and a large yellow triangle with an exclamation mark is prominently displayed at the top, indicating a warning. The text "SCAM ALERT" is written in bold black letters at the top of the image. The main content is a screenshot of a social media notification from #16453 ([@]Mastodon_Moderator) to a user. The notification is: "[⚠️ Important Notice] Your account has been temporarily suspended for identity verification. We’re reaching out manually to guide you through the required steps. ⚡️ Deadline: 12 hours ⚡️ Action Required: Complete the verification via the link below. Failure to do so will result in your account remaining locked until further review. 🔗 Verification Link: https://mstd.id-83636.world/239101758 Best regards, Mastodon Support Team"

NEW: Federal judiciary says it is boosting security after cyberattack; researcher finds new leaks

More of those frustrating leaks where, despite our best efforts, we have been unable to get the network shares locked down so far, even with the host's assistance.

This one involves two courts: one state and one federal, and yes, we saw some files that were supposed to be sealed or confidential.

https://databreaches.net/2025/08/10/federal-judiciary-says-it-is-boosting-security-after-cyberattack-researcher-finds-new-leaks/

#dataleak #infosec #cybersecurity #databreach #govsec