So Twitter you ask, "What is happening?!" It happens that I will use Twitter less, I'm not liking the change in X. My blog is definitely the first place to follow and contact me! andreadraghetti.it

Tracking a large-scale Booking-themed phishing campaign targeting hotel partners, hundreds of fake domains impersonating Booking.com used to steal credentials and deliver malware. query: urlscan.io/search/#hash%3A78… report: blog.sekoia.io/phishing-camp…

How many hours will @Max33Verstappen spend on the simulator tonight? To find the right setup and make a spectacular comeback like last year (from 17th to first). #F1 #Formula1 #BrazilGP #Verstappen

🚨 New Android malware family KomeXRAT detected. Provides live-screen streaming, camera/mic access, SMS control, keylogging & full file access. Sold for $500/month or $3K source. Likely a variant of #BTMOB RAT. #KomeXRAT #Android #Malware #CTI #CyberThreats

🚨 #Herodotus evolves again! The Android malware now includes multilingual strings to adapt to victims’ locale. C2 & obfuscation methods link it to Copybara, suggesting a fork. A control panel manages APK delivery by domain — campaigns look structured. #CTI #Android @ThreatFabric

Apple just released an official SDK for Android, crazy times. swift.org/blog/nightly-swift…

🔥 Attenzione - #malware #RemcosRat in Italia 🇮🇹 Email: Ord. No.85655 del 24102025 📎 Allegato DOCX malevolo MD5: 2acd1d28a527afe689b4974c0adf39fe 🌐 IoC peprolinbot[.]es/P1hT0c 192[.]3[.]136[.]212[/]488 sufficientblessings132[.]duckdns[.]org 👉 Restare vigili

[1] Kimsuky APT Deploys "HancomAgent" Downloader A multi-stage attack chain has been discovered targeting South Korean organizations. The North Korean threat actor is leveraging RAR archives → GO-written launcher → HancomAgent downloader to deliver payloads.

🚨ALERT🚨 ⚠️We have spotted a massive #phishing campaign in #Italy targeting various firms mail > pdf lure > #TypoSquatting 👀Typo squatting domain: hxxps://mircosotfonilne[.]ru

Statement: pastebin.com/KGXZkayM

🎭 #BreachForums is back online… only to fall apart within days. But by Oct 28th, the alleged founder “September” released a statement accusing co-admin Koko of hijacking the project, stealing ownership, and even demanding a $1,500. 🍿 Grab your popcorn and enjoy the show!

Scattered Lapsus Shiny Hunters onion leak site has been seized if you believe the FBI would use the BreachForums takedown png 🤣🤣🤣

Cooking, slowly but steadily.

🥷New #italy #Banking #scam #Website found! 👍legit: bancaifis.com 🚫scam: bankaifis.]com @dynadot please can you revoke the domain bankaifis.]com? @malwrhunterteam @JAMESWT_WT @James_inthe_box @illegalFawn @guelfoweb

Bello @cavicchioli questo tuo falso profilo: @cavicchioli01 ! Utilizza il nome “.” per impedire una più facile identificazione!

🔥 Allerta malware — PureLogsStealer - Italy 📧 Email con oggetto: “vs. offerta - GES.PO BERLINGO EER 191204” 📎 Allegato RAR — MD5: 20587448fce82d48ded4246d452ff6d7 💀 C2: 176[.]65[.]139[.]19 👉 Non aprire l’allegato! #malware #cybersecurity #PureLog

🔐 DECLASSIFIED // XUnprotect — macOS XProtect Remediator decoded (live at #OBTS 🍏) | Koh Nakagawa @tsunek0h Findings: • Not “just YARA.” XPR’s detections live in a custom DSL built with Swift Result Builders (SwiftUI vibes, but for rules). • Stripped Swift binaries? Cracked with custom static/dynamic tooling. • Wild card: OCR used to spot Gatekeeper-bypass shenanigans right on screen. • Hidden intel: Apple-exclusive TI, incl. clues touching TriangleDB implants. Only at #OBTS 🍏 do we turn a black box into a blueprint you can actually run with.

New Pixnapping Attack: allows any Android app without permissions to leak info displayed by other apps exploiting Android APIs and a hardware side channel (CVE-2025-48561) Pixnapping is not fixed and probably affects all Androids. PoC: Not available yet. Steal 2FA codes 👇

Please bump Electron to fix MacOS 26 performance issue @windsurf_ai github.com/electron/electron…

The story of FCKGW-RHQQ2-YXRKT-8TG6W-2B7Q8. If you're not the type to pay for your software, you probably know this key. What you might not know is that I worked on the first version of Windows Product Activation, and this was our first major "hack". And yet, it wasn't a 'hack' at all - it was a disastrous leak. The FCKGW key was a valid volume licensing key, so all you needed was special volume media to go with it. Eventually, they were bundled and put online by pirates. WPA worked by generating a hardware ID from your CPU, RAM, and other components, then sending it to Microsoft alongside your product key for validation. A mismatched or suspicious key would flag the install as pirated. But as a legitimate VLK, FCKGW-RHQQ2-YXRKT-8TG6W-2B7Q8 was whitelisted in XP's activation logic—it told the system, "This is corporate volume licensing; no need to phone home." During installation, users selected the "Yes, I have a product key" option, entered the code, and WPA simply... skipped the activation prompt. The OS booted fully functional, with no 30-day timer or watermarks. It even fooled early validation checks for updates. This loophole let pirates distribute "pre-activated" ISOs, making XP as easy to "acquire" as a free mixtape. Technically, you could still use it today on an old XP disc (if you can find one), but Microsoft's servers shut down validation years ago, and the key's long since been blacklisted.

🔥 WarzoneRat in Italia 🇮🇹 Nuova campagna via email con oggetto: "GLS Italy - N Ordine ddt 1244 da Vent Srl" MD5: 54f64a136e9aeddaa2b545b7f02c1e35 Drop URL: hookandnetmarketing[.]com/zap/ConvertedFile[.]txt 🎯 C2: 23[.]95[.]62[.]27[:]5200 👉 Restare vigili! #Malware #Formbook