Nostr notes by IFIN - The Independent Federated Intelligence Network

RE: https://infosec.exchange/@mttaggart/116461922134943653 When ...

2026-04-24T21:59:20Z

RE: https://infosec.exchange/@mttaggart/116461922134943653

When opportunity (malware) comes a-knocking, you let it in (fire up the sandbox and disassembler).

#malware #ThreatIntel #ThreatIntelligence #IFIN

quoting
note1nq6…ctqd

Been a while since I've gotten to do real malware analysis. That was fun!

https://discourse.ifin.network/t/winos-4-0-holdinghands-expanding-beyond-asia-an-opportunistic-analysis/316

Since we were the ones subtooted, it's worth clarifying: it ...

2026-04-24T20:54:27Z

In reply to nevent1q…mwks
_________________________

Since we were the ones subtooted, it's worth clarifying: it is *impossible* to get every moderation decision right, and avenues for appeal are absolutely possible. If we make a mistake, we'll own it. Always.

However, on balance, this signal tends to demonstrate the seriousness with which you approach the issue and our community. If leaning on the side of safety means an occasional false positive, that's a price worth paying.

Tell your friends. Mess around with the single field we ask for ...

2026-04-24T18:05:47Z

Tell your friends. Mess around with the single field we ask for during onboarding, and we will toss you. If you don't take this seriously, we have no reason to expect you to respect our community's safety.

We've been on a tear adding new sources to our RSS ...

2026-04-23T17:39:38Z

We've been on a tear adding new sources to our RSS aggregator! All the cyber news that's fit to print, in one place: https://news.ifin.network

Bitwarden's CLI NPM package was hijacked and used to spread ...

2026-04-23T15:08:31Z

Bitwarden's CLI NPM package was hijacked and used to spread credential stealer malware. This is related to the previous Checkmarx compromise.

We'll be updating this thread as always with new information. Come join the effort!

https://discourse.ifin.network/t/teampcp-campaign-spreads-to-npm-via-a-hijacked-bitwarden-cli/305

The best time to block api.telegram[.]org was like, I dunno, five ...

2026-04-22T15:25:32Z

The best time to block api.telegram[.]org was like, I dunno, five years ago? The second best time to do it is now.

Seriously. Cross that one off the easy wins list today.

#ThreatIntel #ThreatIntelligence #IFIN

RE: https://infosec.exchange/@ifin/116432853020620365 Thanks to ...

2026-04-21T16:58:33Z

RE: https://infosec.exchange/@ifin/116432853020620365

Thanks to some excellent reporting from Infostealers by Hudson Rock, we know a context[.]ai employee was seeking Roblox cheats when they got hit with LummaStealer, leading to the initial breach which impacted Vercel.

https://discourse.ifin.network/t/vercel-confirms-breach-as-hackers-claim-to-be-selling-stolen-data/293/7

quoting
note1v6v…k8zn

We're actively tracking developments here: https://discourse.ifin.network/t/vercel-confirms-breach-as-hackers-claim-to-be-selling-stolen-data/293

What a hassle! We'll look into it. Apologies for the ...

2026-04-21T14:27:01Z

In reply to nevent1q…zvsy
_________________________

What a hassle! We'll look into it. Apologies for the inconvenience!
Fritz Adalis (npub1kp7…rszc) Rob Carlson (npub1v9r…d02r)

Today we're talking about another (???) issue in the Cursor ...

2026-04-20T19:08:26Z

Today we're talking about another (???) issue in the Cursor AI IDE. Well actually it's two issues, one of which is simple command injection; the other is takeover via Dev tunnels. Don't know what dev tunnels are? Come find out—then block them with extreme prejudice.

https://discourse.ifin.network/t/cursors-remote-tunnel-capability-is-vulnerable-to-malicious-prompt-injection/295

#IFIN #ThreatIntel #ThreatIntelligence

#Vercel update. We now know, thanks to Vercel's CEO, that the ...

2026-04-20T12:16:39Z

#Vercel update. We now know, thanks to Vercel's CEO, that the compromise came by way of the context[.]ai Office Suite, using OAuth tokens collected from a breach last month. Details here:

https://discourse.ifin.network/t/vercel-confirms-breach-as-hackers-claim-to-be-selling-stolen-data/293/6

We're actively tracking developments here: ...

2026-04-19T18:45:44Z

In reply to nevent1q…2v3j
_________________________

We're actively tracking developments here: https://discourse.ifin.network/t/vercel-confirms-breach-as-hackers-claim-to-be-selling-stolen-data/293

#Vercel customers: don't wait. Proactively rotate keys, ...

2026-04-19T17:46:34Z

#Vercel customers: don't wait. Proactively rotate keys, passwords and environment variables ASAP.

https://vercel.com/kb/bulletin/vercel-april-2026-security-incident

Thanks so much for including us! @npub1ljm…w8tm ...

2026-04-18T11:47:39Z

In reply to nevent1q…q7p7
_________________________

Thanks so much for including us!
jonny (nonvenomous) (npub1ljm…w8tm) Lenny Zeltser (npub1n7z…jm2n) Fractal Kitty (npub1ur9…v3q2) ploum (npub18ak…untn) [@otterlove](https://mastodon.art/@otterlove ) Max Leibman (npub1388…sxrr) Hyde 📷 🖋 :debian: (npub1jjw…2z5l) Naty (npub1xhj…hq9k) Taggart :ifin: (npub1yg8…ccz0) readbeanicecream (npub1c99…ljas) Joel :casio: :blobcatderpy: (npub1x74…ruph) Taran Rampersad (npub1j33…55x2) Red 🟥 (npub1wp7…7eym) [@_elena](https://mastodon.social/@_elena ) Space Hobo (npub1c2u…zg55) Connected Places (npub1l2k…6m2l) gloriouscow (npub1dhl…ud8y) Nicolas Gouny (npub1090…cff7)

Proud of you bb

2026-04-18T00:26:55Z

In reply to nevent1q…nca2
_________________________

Proud of you bb

After working on it a bit, we have a fix for a recent #ClickFix ...

2026-04-16T01:05:08Z

After working on it a bit, we have a fix for a recent #ClickFix attack against #macOS that leverages AppleScript. Here's the writeup, and a link to the forum thread!

https://ifin-intel.org/blog/applescript/

#ThreatIntel #ThreatIntelligence #IFIN

Well well well, would you look at that ...

2026-04-15T04:33:44Z

Well well well, would you look at that

https://discourse.ifin.network/t/activitypub-test/271/1

Following up on an excellent blog post we discovered (linked in ...

2026-04-14T17:13:23Z

Following up on an excellent blog post we discovered (linked in thread), we dug a little deeper on a recent #WordPress plugin compromise. We have more IoCs for you, and what we believe to be a use of the blockchain for an initial access auction for the plugin install base.

https://discourse.ifin.network/t/someone-bought-30-wordpress-plugins-and-planted-a-backdoor-in-all-of-them/265/8

#ThreatIntel #ThreatIntelligence #ThreatHunting #IFIN

CISA is claiming that #Iran is once again targeting Programmable ...

2026-04-13T19:21:03Z

CISA is claiming that #Iran is once again targeting Programmable Logic Controllers (PLCs), similar to efforts in 2024. Has anyone seen recent evidence of this? None was provided from CISA, and we'd love independent confirmation.

We ask for preferred pronouns when you register. We do this so ...

2026-04-11T14:56:14Z

We ask for preferred pronouns when you register. We do this so everyone can address you how you wish. But it's also a signal of how you'll treat others.

We just rejected a forum account application because of joke pronouns. That is such a low barrier and if you don't take it seriously, we have no confidence you'll treat our community members with respect.

RE: https://infosec.exchange/@cR0w/116052391841771930 Come gather ...

2026-04-10T21:04:23Z

RE: https://infosec.exchange/@cR0w/116052391841771930

Come gather round. We'll tell stories together for free.
nostr:note17teqm8m359cjtwf6qcafdl02c44l94j5k02ypkylgjsf9savh4gq2e9am9

CPUID downloads were temporarily compromised earlier today. We ...

2026-04-10T13:49:31Z

CPUID downloads were temporarily compromised earlier today. We have a thread compiling analysis and IoCs for you to investigate:

https://discourse.ifin.network/t/hwmonitor-download-compromised/249

#ThreatIntel #IFIN #ThreatIntelligence

:ablobcatpopcorn:

2026-04-09T16:20:46Z

In reply to nevent1q…qp6w
_________________________

:ablobcatpopcorn:

This right here? This is a huge part of why we exist. It's ...

2026-04-09T13:09:12Z

This right here?

This is a huge part of why we exist. It's time to trust in each other for our mutual protection, because nobody is coming to save us.

https://www.securityweek.com/white-house-seeks-to-slash-cisa-funding-by-707-million/

So, how this works is:<li>Our community finds something ...

2026-04-08T19:09:36Z

In reply to nevent1q…ch6q
_________________________

So, how this works is:<li>Our community finds something interesting</li><li>We make a thread</li><li>We investigate together</li><li>The data <u>remains searchable</u> for future reference</li><li>We all win</li>

Come join us!

Looks like we have a live one here. Weird Rust maintainer ...

2026-04-08T18:53:37Z

Looks like we have a live one here. Weird Rust maintainer phishing campaign using crates[.]ws:

https://discourse.ifin.network/t/bizarre-crates-io-phishing-campaign/232

I've been trying to think of a way to describe our ...

2026-04-07T19:05:27Z

In reply to nevent1q…g55t
_________________________

I've been trying to think of a way to describe our relationship and this is pretty much flawless.

IFIN :rainbow_heart: GAYINT (npub1ezn…nyq3)

CISA just published an advisory about IRGC activity against ...

2026-04-07T18:35:33Z

CISA just published an advisory about IRGC activity against Rockwell/Allen-Bradley PLCs. This is a return to form for IRGC, following patterns observed in 2023.

https://discourse.ifin.network/t/iran-conflict-cyber-threat-activity/145/25

Folks here will probably be interested in our AI policy: > ...

2026-04-07T17:30:23Z

Folks here will probably be interested in our AI policy:

> With so many downside risks, and with such dubious benefit to usage, the choice for IFIN is clear: we choose not to participate in the toxic cult of generative AI. Our published material and code are not produced with these models.

https://ifin-intel.org/policies/ai/

Haha insta-hugged. Standby!

2026-04-07T15:48:30Z

In reply to nevent1q…xwed
_________________________

Haha insta-hugged. Standby!

And our first contribution: here is our thread on currently ...

2026-04-07T15:45:24Z

And our first contribution: here is our thread on currently tracked #Iran-based cyber threat activity, including motivations and targeting information.

https://discourse.ifin.network/t/iran-conflict-cyber-threat-activity/145/23

Hello, world! We are IFIN, the Independent Federated Intelligence ...

2026-04-07T15:31:14Z

Hello, world!

We are IFIN, the Independent Federated Intelligence Network, and we want to change how threat intelligence is done.

We believe we're all safer when we share what we know. Come learn more and join us!

https://ifin-intel.org/blog/hello/

#ThreatIntel #ThreatIntelligence #Cybersecurity #Infosec