Matias N. Golini
@golmatt
Auditor de Sistemas, Pentester, Linuxero, Piloto Comercial, Apasionado de la Tecnología, Seguridad, Crypto ,Fotografía y la Aeronáutica ... Viajero incansable..
You might like
oh my.. this GeoSpy AI can track your exact location using social media photos
🚨 ALERT: New sophisticated phishing attack targeting crypto influencers on X bypasses 2FA by exploiting X's app authorization system. Attackers use fake Google Calendar links that redirect to malicious apps requesting account access. Do not click unexpected links in DMs and do…
🚨 Un juego gratuito de Steam estuvo activo durante DOS MESES con un malware que robaba tus contraseñas al abrirlo 🔴 Robó +30.000 dólares a un streamer con cáncer 🔴 Tenía +200 reviews de bots 🔴 Lo recomendó un medio español en Agosto 🔴 Fue eliminado de Steam hoy Domingo tras…
Chat, I'm not video game developer, but this file looks strange. Why does this video game contain a .bat file that looks for your browser credentials and crypto wallets?
IMPORTANT: Trezor firmware and hardware wallets are not affected by the Nx/NPM supply-chain attack. The attack involved malicious JavaScript packages from the public npm registry. This technology is not being used in Trezor firmware at all. As always, remember: ✅ Hardware…
Update on the NPM attack: The attack fortunately failed, with almost no victims.🔒 It began with a phishing email from a fake npm support domain that stole credentials and gave attackers access to publish malicious package updates. The injected code targeted web crypto activity,…
🚨 There’s a large-scale supply chain attack in progress: the NPM account of a reputable developer has been compromised. The affected packages have already been downloaded over 1 billion times, meaning the entire JavaScript ecosystem may be at risk. The malicious payload works…
🚨 ATENCIÓN 🚨 Se descubrió hoy que hay una importante librería de Javascript infectada (con casi mil millones de descargas y presente en casi todas las wallets y sitios web), que modifica on the fly direcciones crypto: o sea que vos pones enviar a A y la reemplaza por B sin que…
⚠️ Multiple Hikvision Vulnerabilities Let Attackers Execute Malicious Commands Read more: cybersecuritynews.com/multiple-hikvi… Hikvision has disclosed three significant security vulnerabilities affecting multiple versions of its HikCentral product suite that could enable attackers to…
Google will soon require verified developer registration for all Android apps — including those installed outside the Google Play Store — aiming to reduce malware and scams. To simplify the process, an Android Developer Console will be made available. alternativeto.net/news/2025/8/an…
Este hombre encontró miles de secretos de usuarios de ChatGPT. Solo tuvo que buscar en Google… elconfidencial.com/tecnologia/202…
🚨 ALERT 🔐 Apple has released a patch for iOS and iPadOS for a Zero day being exploited for highly targeted attacks on what we have been warning for a long time: just by receiving an image in your iPhone or Mac, your device can be FULLY compromised. Update your devices ASAP
⚠️ A single click on a fake site can hijack your password manager. Researchers found 11 popular extensions (1Password, LastPass, iCloud & more) vulnerable—putting logins, 2FA codes, and credit cards at risk. 6 vendors still haven’t patched. Protect your PASSWORDS ↓…
📝 WhatsApp beta for iOS 25.17.10.70: what's new? WhatsApp is working on a feature to choose a username for phone number privacy, and it will be available in a future update! wabetainfo.com/whatsapp-beta-…
Trojanized KeePass Used to Deploy Cobalt Strike and Steal Credentials securityonline.info/trojanized-kee…
securityonline.info
Trojanized KeePass Used to Deploy Cobalt Strike and Steal Credentials
A trojanized KeePass installer is spreading malware! Learn how this sophisticated attack steals credentials and deploys Cobalt Strike.
🚨 ALERT: Microsoft has discovered a new trojan, StilachiRAT, targeting cryptocurrency wallets in the Google Chrome browser. The malware attacks 20 different extensions, including MetaMask, Coinbase Wallet, Trust Wallet, OKX Wallet, Bitget Wallet, Phantom, and more.
HOLY SHITT, Sesame Labs just dropped CSM (Conversational Speech Model) - Apache 2.0 licensed! 💥 > Trained on 1 MILLION hours of data 🤯 > Contextually aware, emotionally intelligent speech > Voice cloning & watermarking > Ultra fast, real-time synthesis > Based on llama…
⚠️ Warning: Lazarus Group Expanding Targeting in Crypto Industry We've updated our Lazarus blog with new intelligence: threat actors are not only targeting major crypto companies but also their prospective hires. These organizations have been mentioned in logs linked to recent…
Filtración de datos de DeepSeek: 12 000 claves de API y contraseñas activas codificadas expuestas cybersecuritynews.com/deepseek-data-…
So TL;DR the safe app frontend was compromised as far back as 19th February. Compromise happened through leaked infra keys via a safe developer's machine. They specifically went after bybit but could have hit any one of you Now after losing $1.5bn can we switch to local apps?
If you are using Safe for any significantly large amount of funds, this is your wake up call to self-host the UI on your own (secured) IT infrastructure, and/or run completely separate secured interface (such as ape-safe)
Damn. Bybit just released their audit report—the compromise was not Bybit, but SAFE's servers. They hot swapped the Gnosis SAFE UI with JS code that ONLY targeted Bybit's cold wallet. Independently confirmed by WaybackMachine snapshots. Lazarus Group is on another level.
Safe always put security first. Including securing its web frontend. It was compromised anyway. We need to add more layers of security like: * making it easy to verify transactions independent of what is shown on the front end * having additional processes to co-sign that also do…
United States Trends
- 1. #LingOrm1st_ImpactFANCON 1.05M posts
- 2. Good Saturday 16.7K posts
- 3. Talus Labs 25K posts
- 4. #KirbyAirRiders 2,039 posts
- 5. Frankenstein 85K posts
- 6. taylor york 9,435 posts
- 7. Brown Jackson 6,048 posts
- 8. #SmackDown 49.9K posts
- 9. Giulia 16.1K posts
- 10. #River 4,831 posts
- 11. Tulane 4,549 posts
- 12. The Supreme Court 148K posts
- 13. Aaron Gordon 5,806 posts
- 14. Pluribus 31.7K posts
- 15. Collar 17.2K posts
- 16. Justice Jackson 6,463 posts
- 17. Russ 14.6K posts
- 18. Tatis 2,318 posts
- 19. Connor Bedard 3,354 posts
- 20. #TheFutureIsTeal N/A
You might like
-
Patricio Castagnaro
@pcastagnaro -
Fede Pacheco
@FedeQuark -
Maxi Soler
@MaxiSoler -
Juan GiBa
@jpdborgna -
Federico Kirschbaum
@fede_k -
Claudio Caracciolo
@holesec -
Puky Sorondo
@iampuky -
Pablo Romanos
@pabloromanos -
Florencia Vilardel
@flor_vilardel -
Anibal Sacco
@hannibals -
Mariano M. del Río ⚡️
@mmdelrio -
Marcos
@artsweb -
Carlos Garay
@Chgaray -
Hernan M. Racciatti
@my4ng3l -
BlackMantiSec
@Blackmantisec
Something went wrong.
Something went wrong.