Joe Roosen
@jroosen.bsky.social
SpyCloud - Director of Security Research, Cryptolaemus Coordinator, Emotet(Ivan)/QBot(Boris) Destroyer, gold prospector & former sysadmin.
Reposted by Joe Roosen
The F5 BIG-IP Breach: Your Blueprint for Defense Against the Incoming Zero-Day Storm
Introduction: The confirmed theft of F5 BIG-IP source code by a nation-state actor represents a critical inflection point for enterprise and federal network security. This breach provides threat actors with an…
Introduction: The confirmed theft of F5 BIG-IP source code by a nation-state actor represents a critical inflection point for enterprise and federal network security. This breach provides threat actors with an…
The F5 BIG-IP Breach: Your Blueprint for Defense Against the Incoming Zero-Day Storm
Introduction: The confirmed theft of F5 BIG-IP source code by a nation-state actor represents a critical inflection point for enterprise and federal network security. This breach provides threat actors with an unprecedented roadmap to engineer novel zero-day exploits, turning widely used network appliances into potential entry points for systemic compromise. The immediate mitigation directives from CISA underscore the severity of the situation, demanding urgent and decisive action from all organizations reliant on F5 infrastructure.
undercodetesting.com
October 16, 2025 at 5:17 AM
The F5 BIG-IP Breach: Your Blueprint for Defense Against the Incoming Zero-Day Storm
Introduction: The confirmed theft of F5 BIG-IP source code by a nation-state actor represents a critical inflection point for enterprise and federal network security. This breach provides threat actors with an…
Introduction: The confirmed theft of F5 BIG-IP source code by a nation-state actor represents a critical inflection point for enterprise and federal network security. This breach provides threat actors with an…
Reposted by Joe Roosen
Tonight, Iran International TV exposed the identity of a Handala hacking group admin—part of the Banished Kitten cyber unit I've previously reported on—and unmasked his handler in Iran's Ministry of Intelligence.
- Morteza Aftabi-Far
- Ali Bermoudeh
- Morteza Aftabi-Far
- Ali Bermoudeh
August 13, 2025 at 8:15 PM
Tonight, Iran International TV exposed the identity of a Handala hacking group admin—part of the Banished Kitten cyber unit I've previously reported on—and unmasked his handler in Iran's Ministry of Intelligence.
- Morteza Aftabi-Far
- Ali Bermoudeh
- Morteza Aftabi-Far
- Ali Bermoudeh
Reposted by Joe Roosen
Reposted by Joe Roosen
Thanks to a scan conducted by @leakix.bsky.social, we have shared SharePoint IPs confirmed vulnerable to CVE-2025-53770, CVE-2025-53771.
424 SharePoint IPs found on 2025-07-23. One-off data in www.shadowserver.org/what-we-do/n...
Tree map overview: dashboard.shadowserver.org/statistics/c...
424 SharePoint IPs found on 2025-07-23. One-off data in www.shadowserver.org/what-we-do/n...
Tree map overview: dashboard.shadowserver.org/statistics/c...
July 24, 2025 at 7:05 AM
Thanks to a scan conducted by @leakix.bsky.social, we have shared SharePoint IPs confirmed vulnerable to CVE-2025-53770, CVE-2025-53771.
424 SharePoint IPs found on 2025-07-23. One-off data in www.shadowserver.org/what-we-do/n...
Tree map overview: dashboard.shadowserver.org/statistics/c...
424 SharePoint IPs found on 2025-07-23. One-off data in www.shadowserver.org/what-we-do/n...
Tree map overview: dashboard.shadowserver.org/statistics/c...
Reposted by Joe Roosen
🤡 Russia and Belarus plan to create AI model based on "traditional values"
Russia and Belarus plan to create AI model based on “traditional values”
Russia and Belarus intend to develop their own artificial intelligence model built on “traditional values” that would be “understandable” to citizens of both countries.
www.pravda.com.ua
July 11, 2025 at 9:30 PM
🤡 Russia and Belarus plan to create AI model based on "traditional values"
Reposted by Joe Roosen
BREAKING: Massive explosion at fireworks factory in Yolo County, California.
July 2, 2025 at 2:21 AM
BREAKING: Massive explosion at fireworks factory in Yolo County, California.
Reposted by Joe Roosen
Why do Russians insist Crimea belongs to them?
The answer isn’t just about strategy or borders but a deeply ingrained national myth.
The answer isn’t just about strategy or borders but a deeply ingrained national myth.
Why Does Russia Want Crimea So Badly? Cambridge Professor Rory Finnin Unpacks the “Crimea Is Ours” Mindset
Russia seized Crimea in 2014, sparking global outrage. Why does this peninsula matter so much, and why is its liberation the only viable solution?
united24media.com
June 27, 2025 at 6:08 PM
Why do Russians insist Crimea belongs to them?
The answer isn’t just about strategy or borders but a deeply ingrained national myth.
The answer isn’t just about strategy or borders but a deeply ingrained national myth.
Reposted by Joe Roosen
Reposted by Joe Roosen
Mandiant is now aware of multiple incidents in the airline sector that resemble Scattered Spider. The industry should button up its call centers where this actor has had a lot of success with social engineering. www.axios.com/2025/06/27/a...
A prolific hacking group that's shutdown retailers and insurance companies turns to aviation
A cyberattack on WestJet last week is likely tied to the Scattered Spider gang, a source tells Axios.
www.axios.com
June 27, 2025 at 5:28 PM
Mandiant is now aware of multiple incidents in the airline sector that resemble Scattered Spider. The industry should button up its call centers where this actor has had a lot of success with social engineering. www.axios.com/2025/06/27/a...
Reposted by Joe Roosen
The General Staff of Ukraine reports: a strike by long-range drones destroyed two Russian Su-34 fighter-bombers at the Marinovka airbase in Russia’s Volgograd region. Two more were damaged.
June 27, 2025 at 5:44 PM
The General Staff of Ukraine reports: a strike by long-range drones destroyed two Russian Su-34 fighter-bombers at the Marinovka airbase in Russia’s Volgograd region. Two more were damaged.
Reposted by Joe Roosen
The General Staff of Ukraine reports: a strike by long-range drones destroyed two Russian Su-34 fighter-bombers at the Marinovka airbase in Russia’s Volgograd region. Two more were damaged.
June 27, 2025 at 5:37 PM
The General Staff of Ukraine reports: a strike by long-range drones destroyed two Russian Su-34 fighter-bombers at the Marinovka airbase in Russia’s Volgograd region. Two more were damaged.
Reposted by Joe Roosen
I'm going to start a company which will just be entirely driven by people named Al, then I'm going to see how much VC funding I can raise before someone realizes it's an Al company not an AI company.
June 26, 2025 at 12:07 AM
I'm going to start a company which will just be entirely driven by people named Al, then I'm going to see how much VC funding I can raise before someone realizes it's an Al company not an AI company.
Reposted by Joe Roosen
Police Arrest BreachForums Admins, Including ShinyHunters and IntelBroker
Police Arrest BreachForums Admins, Including ShinyHunters and IntelBroker
French authorities have arrested five alleged administrators of BreachForums, including prominent figures like ShinyHunters and IntelBroker.
cyberinsider.com
June 25, 2025 at 1:26 PM
Police Arrest BreachForums Admins, Including ShinyHunters and IntelBroker
Reposted by Joe Roosen
"ShinyHunters", "Hollow", "Noct" and "Depressed" have allegedly been arrested by the Brigade for the Fight against Cybercrime (BL2C) of the Paris police headquarters on Monday.
IntelBroker was allegedly arrested by French law enforcement in February 2025.
Source: www.leparisien.fr/high-tech/la...
IntelBroker was allegedly arrested by French law enforcement in February 2025.
Source: www.leparisien.fr/high-tech/la...
La police interpelle cinq hackers français de haut vol, derrière un célèbre forum de vol de données
Les cybercriminels administraient BreachForums, le plus grand site de revente de données piratées, selon nos informations.
www.leparisien.fr
June 25, 2025 at 2:13 PM
"ShinyHunters", "Hollow", "Noct" and "Depressed" have allegedly been arrested by the Brigade for the Fight against Cybercrime (BL2C) of the Paris police headquarters on Monday.
IntelBroker was allegedly arrested by French law enforcement in February 2025.
Source: www.leparisien.fr/high-tech/la...
IntelBroker was allegedly arrested by French law enforcement in February 2025.
Source: www.leparisien.fr/high-tech/la...
Reposted by Joe Roosen
The French police have reportedly arrested five operators of the BreachForum cybercrime forum, a website used by cybercriminals to leak and sell stolen data that exposed the sensitive information of millions.
BreachForums hacking forum operators reportedly arrested in France
The French police have reportedly arrested five operators of the BreachForum cybercrime forum, a website used by cybercriminals to leak and sell stolen data that exposed the sensitive information of millions.
www.bleepingcomputer.com
June 25, 2025 at 2:26 PM
The French police have reportedly arrested five operators of the BreachForum cybercrime forum, a website used by cybercriminals to leak and sell stolen data that exposed the sensitive information of millions.
Reposted by Joe Roosen
A recent vulnerability in Citrix NetScaler ADC and Gateway is dubbed "CitrixBleed 2," after its similarity to an older exploited flaw that allowed unauthenticated attackers to hijack authentication session cookies from vulnerable devices.
New ‘CitrixBleed 2’ NetScaler flaw let hackers hijack sessions
A recent vulnerability in Citrix NetScaler ADC and Gateway is dubbed "CitrixBleed 2," after its similarity to an older exploited flaw that allowed unauthenticated attackers to hijack authentication session cookies from vulnerable devices.
www.bleepingcomputer.com
June 25, 2025 at 4:10 PM
A recent vulnerability in Citrix NetScaler ADC and Gateway is dubbed "CitrixBleed 2," after its similarity to an older exploited flaw that allowed unauthenticated attackers to hijack authentication session cookies from vulnerable devices.
Hierarchy of Credential Data Tiers
1. Infostealer Log
2. Stealer Log DBs
3. ULPs/Combolists
2 & 3 are very close to each other in adjacency to the source but 2 is above your average combolist(3). If your creds show in 2 or 3 there is 95%+ chance there is a 1 for that cred too.
1. Infostealer Log
2. Stealer Log DBs
3. ULPs/Combolists
2 & 3 are very close to each other in adjacency to the source but 2 is above your average combolist(3). If your creds show in 2 or 3 there is 95%+ chance there is a 1 for that cred too.
June 20, 2025 at 9:45 PM
Hierarchy of Credential Data Tiers
1. Infostealer Log
2. Stealer Log DBs
3. ULPs/Combolists
2 & 3 are very close to each other in adjacency to the source but 2 is above your average combolist(3). If your creds show in 2 or 3 there is 95%+ chance there is a 1 for that cred too.
1. Infostealer Log
2. Stealer Log DBs
3. ULPs/Combolists
2 & 3 are very close to each other in adjacency to the source but 2 is above your average combolist(3). If your creds show in 2 or 3 there is 95%+ chance there is a 1 for that cred too.
As you may have already heard, 16 billion credentials were leaked for popular sites. The fine print is this has been happening for years and is a result of the rise of Infostealer malware. These 30 different DBs mentioned in the original article are personalized collections. 1/5
June 20, 2025 at 12:17 AM
As you may have already heard, 16 billion credentials were leaked for popular sites. The fine print is this has been happening for years and is a result of the rise of Infostealer malware. These 30 different DBs mentioned in the original article are personalized collections. 1/5
Reposted by Joe Roosen
No, the 16 billion credentials leak is not a new data breach vapt.me/16B
No, the 16 billion credentials leak is not a new data breach
News broke today of a "mother of all breaches," sparking wide media coverage filled with warnings and fear-mongering. However, it appears to be a compilation of previously leaked credentials stolen…
buff.ly
June 20, 2025 at 12:12 AM
No, the 16 billion credentials leak is not a new data breach vapt.me/16B
Reposted by Joe Roosen
Flash flooding caused by torrential rains has killed five people in northern West Virginia and rescue crews are out searching for three other people who are missing.
Flash flooding kills 5 in West Virginia, rescue teams searching for missing people
Flash flooding caused by torrential rains has killed five people in northern West Virginia and rescue crews are out searching for three other people who are missing.
bit.ly
June 16, 2025 at 12:00 AM
Flash flooding caused by torrential rains has killed five people in northern West Virginia and rescue crews are out searching for three other people who are missing.
Reposted by Joe Roosen
TASS: "Iranian television channel Press TV reported new explosions in the city of Tabriz in the northwest of the country."
June 14, 2025 at 9:12 AM
TASS: "Iranian television channel Press TV reported new explosions in the city of Tabriz in the northwest of the country."
Reposted by Joe Roosen
BREAKING: New photos shows the destruction from Iranian missile attack on Rishon Lezion, Israel; at least 2 dead, dozens injured.
June 14, 2025 at 9:16 AM
BREAKING: New photos shows the destruction from Iranian missile attack on Rishon Lezion, Israel; at least 2 dead, dozens injured.
Reposted by Joe Roosen
Reports say Jordan closed its airspace to allow Israeli Air Force to intercept incoming Iranian Shahed-136 kamikaze drones. Video shows an Israeli AH-64A/D Apache chasing the drones.
June 14, 2025 at 9:19 AM
Reports say Jordan closed its airspace to allow Israeli Air Force to intercept incoming Iranian Shahed-136 kamikaze drones. Video shows an Israeli AH-64A/D Apache chasing the drones.
Reposted by Joe Roosen
NHS England issued a call on Monday for 1 million people to give blood this week as stocks remain low following a cyberattack last year. Just 2% of the population “is keeping the nation’s blood stocks afloat” said Monday’s announcement, and “there is now a pressing need to avoid a Red Alert.”
NHS calls for 1 million blood donors as UK stocks remain low following cyberattack
A cyberattack on London hospitals last year led to the depletion of stocks of crucial O-type blood, and the U.K.'s National Health Service is calling for a nationwide effort to shore up supplies.
therecord.media
June 9, 2025 at 12:25 PM
NHS England issued a call on Monday for 1 million people to give blood this week as stocks remain low following a cyberattack last year. Just 2% of the population “is keeping the nation’s blood stocks afloat” said Monday’s announcement, and “there is now a pressing need to avoid a Red Alert.”
Reposted by Joe Roosen
FakeCaptcha Infrastructure HelloTDS Infects Millions of Devices With Malware
FakeCaptcha Infrastructure HelloTDS Infects Millions of Devices With Malware
cybersecuritynews.com
June 9, 2025 at 12:29 PM
FakeCaptcha Infrastructure HelloTDS Infects Millions of Devices With Malware