💻 Sabotare il dominio, occupare il digitale! 🏴☠️
Non basta usare la rete, dobbiamo liberarla. L'esperienza del collettivo Bida ci mostra come l'azione anarchica si traduca in infrastrutture autogestite, fuori dal controllo di Stato e Capitale. 🚫🏦
Meno algoritmi estrattivi, più mutuo soccorso tecnologico. La resistenza digitale è qui e ora.✊🔥
🔗 https://umanitanova.org/resistenza-digitale-lesperienza-del-collettivo-bida/
#Anarchia #Bida #ResistenzaDigitale #Autogestione #Hacktivism #UmanitàNova
Our company is an anonymous Muslim hacktivist group involved in cyberattacks 365 days a year through operations such as Operation Israel, Operation Saudi Arabia, Operation Jordan, Operation Egypt, and Operation UAE OperationUSA. We create security analyses of the Iron Dome system and provide intelligence. In recent years, we have collaborated with hacktivists worldwide and have also targeted the Japanese government.
#OpIsrael #Anonymous #Hacktivism #MuslimCyberArmy Stand With Palestine✌️🇵🇸🏴
#VitaDaCretino
#Hacktivism
Mi sono trovato costretto ad accendere il mio profilo Instagram, tenuto in ibernazione da un anno e mezzo, per leggere i comunicati del centro sociale Askatasuna dopo i tumulti di ieri (sic sigh). La sensazione di intossicazione del mio cervello per opera di un'interfaccia malevola è stata così pungente che mi sono deciso, finalmente, a cancellare il profilo: chiunque sentirà la mia mancanza e mi contatterà, lə porterò unə a unə nel Fediverso.
E niente, buona domenica
"It’s important to remember that we are not powerless. Even in the face of a domestic law enforcement presence with massive surveillance capabilities and military-esque technologies, there are still ways to engage in surveillance self-defense. We cannot give into nihilism and fear. We must continue to find small ways to protect ourselves and our communities, and when we can, fight back."
"... a few enterprising hackers have started projects to do counter surveillance against ICE, and hopefully protect their communities through clever use of technology."
https://www.techdirt.com/2026/01/27/how-hackers-are-fighting-back-against-ice/
Techdirt: How Hackers Are Fighting Back Against ICE. “ICE has spent hundreds of millions of dollars on surveillance technology to spy on anyone—and potentially everyone—in the United States. It can be hard to imagine how to defend oneself against such an overwhelming force. But a few enterprising hackers have started projects to do counter surveillance against ICE, and hopefully protect […]
https://rbfirehose.com/2026/01/29/techdirt-how-hackers-are-fighting-back-against-ice/What radicalised me lately? #Meta facing no penalty for training AI on more than 82TB of academic journals (as they should, fuck JSTOR and other publishers). At the same time, prosecution wanted to charge Aaron Swartz with 50 years imprisonment and $1 million in fines.
A-K-M-E – serata aperta di giochi da tavolo
Venerdì 30 gennaio, dalle 21:00 alle 23:55, presso Piano Terra, via Federico Confalonieri 3, Milano
A-K-M-E – serata aperta di giochi da tavolo
t.me/akme_lab
30.01 – dalle ore 21:00
serata aperta di giochi da tavolo
Carte, dadi, tessere, regole discutibili.
Porta un gioco. O gioca a quello che c’è. Il resto succede.
30 gennaio a partire dalle 21:00
akme.vado.li
#hacking #PanDiStelle #PerdiTempo #tecnologie #AKME #chiacchiere #GiochiDaTavolo #hacktivism
A-K-M-E – serata aperta di giochi da tavolo
Piano Terra, viernes, 30 de enero, 21:00 CET
A-K-M-E – serata aperta di giochi da tavolo
30.01 – dalle ore 21:00
serata aperta di giochi da tavolo
Carte, dadi, tessere, regole discutibili.
Porta un gioco. O gioca a quello che c’è.
Il resto succede.
30 gennaio a partire dalle 21:00
https://hacker.convoca.la/event/a-k-m-e-serata-aperta-di-giochi-da-tavolo
EVENTO RINVIATO // 👾 HACKOLLO GENNAIO // 3D PRINTERS 👾
Domenica 25 gennaio, dalle 16:00, presso socs, via celoria 22, entra dal cancello oramai lo sai.
Ciao Carie,
questa volta ci armiamo di filamenti per intessere ciò che più ci piace.
Porta i tuoi progetti e le voglie, una stampante l'abbiamo, se vuoi portare anche la tua sarà la benvenuta.
(=^・ω・^=)
Attention/ Atención!! 🛡️
Como muchos ya saben, una persona ha estado creando cuentas falsas en Mastodon para difundir discursos de odio, racismo y acoso contra miembros de nuestra comunidad durante semanas. Solicitamos el apoyo colectivo para hacer justicia y evitar que esto vuelva a ocurrir. La administración de Mastodon ya lo ha bloqueado, pero dicha persona regresa con nuevas identidades digitales.
Creo que, unidos, podemos actuar para proteger este espacio.
---
As many are already aware, an individual has been creating fake accounts on Mastodon to spread hate speech, racism, and harassment against members of our community for weeks. We call on collective support to achieve justice and prevent recurrence. The Mastodon administration has already blocked them, but this person returns under new digital identities.
I believe that, united, we can take action to protect this space.
#fediverse #fediverso #hacktivism #dev #cibersecurity #ciberseguridad
Alright team, it's been a busy 24 hours in the cyber world with significant updates on AI-related vulnerabilities, new malware, ongoing cybercrime operations, and shifts in the threat landscape. Let's dive in:
AI-Powered Vulnerabilities and RCE Risks 🛡️
- Anthropic has patched three critical flaws (path validation bypass, unrestricted git_init, argument injection) in its Git Model Context Protocol (MCP) server. When chained with the Filesystem MCP server, these bugs could enable remote code execution (RCE) via indirect prompt injection.
- The open-source AI framework Chainlit (used by financial, energy, and academic sectors) was found to have two "easy-to-exploit" vulnerabilities: an arbitrary file read (CVE-2026-22218) and a server-side request forgery (SSRF) (CVE-2026-22219). These could lead to data leakage, account takeover, and lateral movement in enterprise cloud environments.
- Google Gemini was hit by a prompt injection flaw, weaponising Calendar invites to bypass privacy controls, access private meeting data, and create deceptive events without user interaction. This highlights a "structural limitation" in how AI-integrated products interpret user intent in natural language.
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/20/anthropic_prompt_injection_flaws/
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/20/ai_framework_flaws_enterprise_clouds/
🕶️ Dark Reading | https://www.darkreading.com/cloud-security/google-gemini-flaw-calendar-invites-attack-vector
New Malware and AI-Assisted Development 🤖
- VoidLink, a sophisticated Linux malware targeting cloud environments (AWS, GCP, Azure, Alibaba, Tencent) with 37 plugins, was "almost entirely generated by artificial intelligence." Researchers believe a single individual, using the Trae Solo AI assistant, developed the functional implant in under a week.
- A regionally focused threat actor, tracked as Nomad Leopard, is targeting Afghan government employees with phishing emails disguised as official correspondence. These emails deliver FalseCub malware, designed for data exfiltration, and leverage GitHub for temporary payload hosting.
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/20/voidlink_ai_developed/
🗞️ The Record | https://therecord.media/hackers-target-afghan-workers
Mass Spam and Illicit Marketplace Shutdowns ⚠️
- Multiple users are reporting a wave of mass spam emails originating from Zendesk domains, leveraging instances belonging to legitimate companies like Live Nation, Capcom, and Tinder. These emails are often bypassing spam filters, with Zendesk investigating potential relay attacks or misconfigurations.
- Tudou Guarantee, a major Telegram-based illicit marketplace that processed over $12 billion in transactions, appears to be winding down its operations. This shutdown is linked to recent law enforcement actions against Cambodian conglomerate Prince Group and its CEO, Chen Zhi, implicated in "pig butchering" scams.
🕶️ Dark Reading | https://www.darkreading.com/threat-intelligence/mass-spam-attacks-zendesk-instances
📰 The Hacker News | https://thehackernews.com/2026/01/tudou-guarantee-marketplace-halts.html
Evolving Threat Landscape: AI and Hacktivism 🚨
- Cybercrime has fully embraced AI, with "Dark LLMs" and deepfake tools now available as cheap, off-the-shelf services. Group-IB reports Dark LLMs for scams and malware can be rented for as little as $30/month, and synthetic identity kits for $5, significantly scaling social engineering and fraud.
- The UK's NCSC has warned of a sustained cyber threat from pro-Russian hacktivist groups, such as NoName057(16), continuing to target UK and international organisations with disruptive cyberattacks, including DDoS. These ideologically motivated groups, though less sophisticated than state-sponsored actors, can still cause significant real-world disruption.
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/20/group_ib_ai_cycercrime_subscriptions/
🗞️ The Record | https://therecord.media/uk-ncsc-warning-russia-aligned-hacktivist-groups
Cybersecurity Legislation and Funding Updates 🏛️
- US lawmakers have once again moved to temporarily extend two key cybersecurity laws: the 2015 Cybersecurity and Information Sharing Act (CISA 2015) and the State and Local Cybersecurity Grant Program, through September 30. This is part of a compromise government funding bill, highlighting ongoing challenges for long-term reauthorization.
- The proposed funding bill also allocates $2.6 billion for the Cybersecurity and Infrastructure Security Agency (CISA), including $39.6 million for election security programs. The legislation also includes directives on CISA staffing levels, aiming to ensure sufficient personnel for its statutory missions.
🗞️ The Record | https://therecord.media/lawmakers-move-to-extend-two-cyber-programs-again
🤫 CyberScoop | https://cyberscoop.com/congressional-appropriators-move-to-extend-information-sharing-law-fund-cisa
Cloudflare WAF Bypass Fixed 🌐
- Cloudflare has patched a security vulnerability in its Automatic Certificate Management Environment (ACME) validation logic. The flaw could have allowed a bypass of Web Application Firewall (WAF) rules, enabling requests to reach origin servers. No evidence of malicious exploitation was found.
📰 The Hacker News | https://thehackernews.com/2026/01/cloudflare-fixes-acme-validation-bug.html
Predator Bots and API Security 🤖
- The rise of "predator bots" — self-learning programs leveraging AI to mimic human behaviour and exploit APIs — is causing up to $186 billion in annual economic harm through credential theft, scalping, and fraud. Defending against these adaptive threats requires deep API knowledge, complete API discovery, and machine-speed behavioral detection.
🤫 CyberScoop | https://cyberscoop.com/malicious-bots-predator-bots-api-security-machine-speed-defense/
#CyberSecurity #ThreatIntelligence #Vulnerabilities #AI #PromptInjection #RCE #Malware #CloudSecurity #APIsecurity #Hacktivism #Cybercrime #InfoSec #IncidentResponse #ThreatLandscape
#UK govt. warns about ongoing Russian #hacktivist group attacks
It's been a pretty packed 24 hours in the cyber world, with several significant breaches, some interesting new threat research, a push to finally kill off an old protocol, and a look at the privacy implications of AI in healthcare. Let's dive in:
Recent Cyber attacks and Breaches 🚨
- Higham Lane School in Nuneaton, UK, was forced to close after a "serious cyberattack" crippled core IT systems, including physical safety mechanisms like electronic gates and fire alarms. While the school is reopening, staff still have "very limited" IT access, highlighting the significant operational impact beyond just data theft.
- The distributor Ingram Micro confirmed a July 2025 ransomware attack by SafePay exposed personal data of over 42,500 employees and job applicants. This included sensitive details like names, contact information, dates of birth, identity document numbers (passports, SSNs), and employment evaluations.
- Several Iranian state television channels were briefly taken over via satellite, broadcasting protest footage and messages from an exiled opposition figure, urging continued demonstrations amid economic unrest. The unauthorised broadcast lasted around 10 minutes.
- Jordanian national Feras Khalil Ahmad Albashiti, an Initial Access Broker (IAB) operating as "r1z", pleaded guilty to facilitating cyberattacks on at least 50 US companies. He unwittingly sold network access and EDR-disabling malware to an undercover FBI agent, revealing his IP and linking him to a $50 million ransomware attack.
- A US Navy sailor was sentenced to 16 years and eight months for selling technical manuals and operational information to a Chinese intelligence official. Separately, Nicholas Moore pleaded guilty to illegally accessing the US Supreme Court's electronic document filing system for 25 days in 2023.
- Interpol recently apprehended 34 individuals in Spain linked to the Nigeria-based crime syndicate Black Axe, known for cyber-enabled fraud, drug/human trafficking, and armed robbery. This follows previous busts in 2022 and 2023, underscoring the persistent nature of this large criminal organisation.
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/18/infosec_news_in_brief/
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/19/higham_lane_school_reopens/
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/19/ingram_micro_ransomware_affects/
🗞️ The Record | https://therecord.media/iran-state-television-reported-hack-opposition
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/19/iab_sentencing/
New Threat Research 🔬
- Cybersecurity researchers exploited a cross-site scripting (XSS) vulnerability in the web-based control panel of the StealC information stealer. This allowed them to gather insights into threat actor operations, including system fingerprints, active sessions, and even steal cookies from the cookie stealer's own infrastructure.
- One StealC customer, dubbed YouTubeTA, was identified as a lone-wolf actor operating from an Eastern European country. Their real IP address was exposed when they forgot to use a VPN while connecting to the StealC panel, highlighting a significant operational security failure.
- A new "CrashFix" campaign uses a malicious Chrome extension ("NexShield") that masquerades as an ad blocker. It deliberately crashes the browser and then presents fake security warnings, tricking victims into running arbitrary commands to deploy ModeloRAT, a Python-based Windows RAT, primarily targeting domain-joined corporate environments.
📰 The Hacker News | https://thehackernews.com/2026/01/security-bug-in-stealc-malware-panel.html
📰 The Hacker News | https://thehackernews.com/2026/01/crashfix-chrome-extension-delivers-modelorat-using-clickfix-style-browser-crash-lures.html
Vulnerabilities 🛡️
- Mandiant has released rainbow tables and tools that can crack credentials using Microsoft's legacy Net-NTLMv1 authentication protocol in under 12 hours with consumer-grade hardware. The goal is to highlight the protocol's long-known weakness and accelerate its deprecation, urging organisations to disable Net-NTLMv1 immediately.
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/18/infosec_news_in_brief/
Threat Landscape Commentary 🌍
- The UK's NCSC is warning critical services operators, especially local authorities and CNI, not to underestimate pro-Russia hacktivists like NoName057(16). While often technically simple denial-of-service (DoS) attacks, their impact can be significant, causing disruption and financial costs. NCSC recommends DDoS mitigation services and CDNs.
- A honeynet sensor deployed by the University of Dhaka, Bangladesh, attracted over 63,000 attacks from 4,262 unique IP addresses within 12 days of going online, with the first attack occurring in under an hour. Many attacks relied on default or common credentials, underscoring the prevalence of opportunistic scanning and basic attack methods.
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/19/dont_underestimate_prorussia_hacktivists_warns/
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/19/asia_tech_news_roundup/
Data Privacy 🔒
- OpenAI's new ChatGPT Health, designed for secure health inquiries, is raising significant security and safety concerns. While it promises "layered protections," the ability for users to connect medical records and share with third parties means data control can be lost, and end-to-end encryption is not explicitly confirmed.
- The product's launch in the US, but not in the EEA, Switzerland, or the UK (due to stricter GDPR regulations), highlights potential gaps in consumer protection. Experts advise extreme caution before entrusting personal health information to any third-party AI product.
- Australia's eSafety Commissioner announced that 10 tech companies removed access to 4.7 million accounts belonging to users under 16, following the nation's ban on social media for this age group. This aims to reset cultural norms and reduce harm, despite some users finding ways around restrictions.
🕶️ Dark Reading | https://www.darkreading.com/remote-workforce/chatgpt-health-security-safety-concerns
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/19/asia_tech_news_roundup/
Regulatory Issues 🏛️
- US lawmakers are pushing a bill to restrict the use of ICE's Mobile Fortify app, which identifies suspects and protestors, to only ports of entry. Democrats argue its current widespread use enables civil liberties violations, and the bill would also prohibit sharing the app outside DHS and require deletion of US citizens' captured biometric data.
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/18/infosec_news_in_brief/
Everything Else 🌐
- Microsoft is actively hiring Senior Energy Program Managers and engineers in Australia and Singapore to strategise and execute energy plans for its expanding, power-hungry datacenters across the APAC region, particularly for AI applications.
- Vietnamese telco Viettel has broken ground on the nation's first chipmaking plant, aiming to offer 32-nanometer foundry services by 2027 for industries like aerospace, telecoms, and IoT, marking a strategic step for Vietnam's semiconductor industry.
- Indian threat intelligence firm CloudSEK secured a strategic investment from Connecticut Innovations, marking the first time a US state's investment arm has funded an Indian infosec company. CloudSEK is known for its strong analysis and threat discoveries.
- ASUS has received US FDA approval to sell its ultrasound devices in America, paving the way for expansion into key regions with growing demand for smart and remote healthcare, including Southeast Asia and South America.
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/19/asia_tech_news_roundup/
#CyberSecurity #ThreatIntelligence #Ransomware #Malware #InfoSec #CyberAttack #DataPrivacy #AI #Vulnerability #Hacktivism #IncidentResponse #OpSec #ThreatResearch
👾 HACKOLLO GENNAIO // 3D PRINTERS 👾
Domenica 25 gennaio, dalle 16:00, presso socs, via celoria 22, entra dal cancello oramai lo sai.
Ciao Carie,
questa volta ci armiamo di filamenti per intessere ciò che più ci piace.
Porta i tuoi progetti e le voglie, una stampante l'abbiamo, se vuoi portare anche la tua sarà la benvenuta.
(=^・ω・^=)
Chi di ICE ferisce...
#ice #immigration #trump #usa #hacktivism
P.S. No, non fornisco la URL del sito.
The Register: How hackers are fighting back against ICE surveillance tech . “Clever hackers and digital privacy advocates are fighting back against the snooping activities of Kristi Noem’s masked agents. The Electronic Frontier Foundation (EFF) has rounded up several of these counter surveillance projects, and perhaps unsurprisingly many of these have to do with Flock, best known for its […]
https://rbfirehose.com/2026/01/12/the-register-how-hackers-are-fighting-back-against-ice-surveillance-tech/TechCrunch: Hacktivist deletes white supremacist websites live onstage during hacker conference. “The pseudonymous hacker, who goes by Martha Root — dressed as Pink Ranger from the Power Rangers — deleted the servers of WhiteDate, WhiteChild, and WhiteDeal in real time at the end of a talk at the annual Chaos Communication Congress in Hamburg, Germany.”
https://rbfirehose.com/2026/01/11/techcrunch-hacktivist-deletes-white-supremacist-websites-live-onstage-during-hacker-conference/Moin, du da draußen. Setz dich mal mit mir an Deck, während der salzige Wind durch die Takelage pfeift, und lass uns 'ne Fahrt durch 'nen frischen digitalen Sturm machen. Nich über Wellen aus Wasser, sondern über die giftigen Strömungen im Netz, wo Hass wie 'n alter Piratenschoner lauert. Heute graben wir uns durch die Aktion von Martha Root auf dem #39C3 in Hamburg, wo sie im Kostüm des pinken Power Rangers live 'ne Ladung rassistischer Webseiten über Bord geworfen hat.
https://nerdbear.de/post/pinker-ranger-39c3.shtml
#Hacktivism #39C3 #MarthaRoot #PinkRanger #Cyberaktivismus #Antirassismus
RYBN.ORG – ALGOFFSHORE, The Art of Automating Tax Evasion
https://neural.it/2026/01/rybn-org-algoffshore-the-art-of-automating-tax-evasion/
#neuralmag #neuralmagazine #neuralarchive #algoffshore #hacktivism #newmediaart
