"We’ve been saying this for years now, and we’re going to keep saying it until the message finally sinks in: mandatory age verification creates massive, centralized honeypots of sensitive biometric data that will inevitably be breached. Every single time. And every single time it happens, the politicians who mandated these systems and the companies that built them act shocked—shocked!—that collecting enormous databases of government IDs, facial scans, and biometric data from millions of people turns out to be a security nightmare."

https://www.techdirt.com/2026/02/25/hackers-expose-the-massive-surveillance-stack-hiding-inside-your-age-verification-check/

#Discord #AgeVerification #Infosec

"We’ve been saying this for years now, and we’re going to keep saying it until the message finally sinks in: mandatory age verification creates massive, centralized honeypots of sensitive biometric data that will inevitably be breached. Every single time. And every single time it happens, the politicians who mandated these systems and the companies that built them act shocked—shocked!—that collecting enormous databases of government IDs, facial scans, and biometric data from millions of people turns out to be a security nightmare."

https://www.techdirt.com/2026/02/25/hackers-expose-the-massive-surveillance-stack-hiding-inside-your-age-verification-check/

#Discord #AgeVerification #Infosec

🐛 NEW SECURITY CONTENT 🐛

📱 iOS and iPadOS 15.8.7 - 4 bugs fixed
https://support.apple.com/en-us/126632
📱 iOS and iPadOS 16.7.15 - 1 bug fixed
https://support.apple.com/en-us/126646

#apple #cybersecurity #infosec #security #ios

🐛 NEW SECURITY CONTENT 🐛

📱 iOS and iPadOS 15.8.7 - 4 bugs fixed
https://support.apple.com/en-us/126632
📱 iOS and iPadOS 16.7.15 - 1 bug fixed
https://support.apple.com/en-us/126646

#apple #cybersecurity #infosec #security #ios

NotDoor Insights: A Closer Look at Outlook Macros and More | Splunk

Pulse ID: 69b18fed69f535b5abb5d95b
Pulse Link: https://otx.alienvault.com/pulse/69b18fed69f535b5abb5d95b
Pulse Author: CyberHunter_NL
Created: 2026-03-11 15:53:17

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #InfoSec #Mac #OTX #OpenThreatExchange #Outlook #bot #CyberHunter_NL

NotDoor Insights: A Closer Look at Outlook Macros and More | Splunk

Pulse ID: 69b18fed69f535b5abb5d95b
Pulse Link: https://otx.alienvault.com/pulse/69b18fed69f535b5abb5d95b
Pulse Author: CyberHunter_NL
Created: 2026-03-11 15:53:17

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #InfoSec #Mac #OTX #OpenThreatExchange #Outlook #bot #CyberHunter_NL

Valse CleanMyMac-website installeert SHub Stealer en backdoors voor cryptovaluta-wallets | Malwarebytes

Pulse ID: 69b175e015961402a9e5f335
Pulse Link: https://otx.alienvault.com/pulse/69b175e015961402a9e5f335
Pulse Author: CyberHunter_NL
Created: 2026-03-11 14:02:08

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #CyberSecurity #InfoSec #Mac #MalWareBytes #Malware #OTX #OpenThreatExchange #bot #CyberHunter_NL

Valse CleanMyMac-website installeert SHub Stealer en backdoors voor cryptovaluta-wallets | Malwarebytes

Pulse ID: 69b175e015961402a9e5f335
Pulse Link: https://otx.alienvault.com/pulse/69b175e015961402a9e5f335
Pulse Author: CyberHunter_NL
Created: 2026-03-11 14:02:08

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #CyberSecurity #InfoSec #Mac #MalWareBytes #Malware #OTX #OpenThreatExchange #bot #CyberHunter_NL

🐛 NEW SECURITY CONTENT 🐛

💻 macOS Tahoe 26.3.2 - no CVE entries

#apple #cybersecurity #infosec #security #ios

🐛 NEW SECURITY CONTENT 🐛

💻 macOS Tahoe 26.3.2 - no CVE entries

#apple #cybersecurity #infosec #security #ios

New “Coruna” iOS exploit kit shows how fast spy‑grade hacks become mass cybercrime. Likely leaked from a U.S. framework, it used 23 bugs across iOS 13–17.2.1 in campaigns from Ukraine to Chinese scam sites. 🔗 https://zurl.co/ywNqR #cybersecurity #iOS #mobilesecurity #infosec

New “Coruna” iOS exploit kit shows how fast spy‑grade hacks become mass cybercrime. Likely leaked from a U.S. framework, it used 23 bugs across iOS 13–17.2.1 in campaigns from Ukraine to Chinese scam sites. 🔗 https://zurl.co/ywNqR #cybersecurity #iOS #mobilesecurity #infosec

@lackthereof no, it's not because unlike #Phones and #PhoneNumbers, #eMail is not necessarily traceable by circumstances.

• Because a Phone "Line" (regardless of whether it's POTS, ISDN, VoIP, GSM, VoLTE, …) and #telephony in general are designed for realtime communication, they inherently necessitate an active, ongoing connection.
  • Even if it's just some App/PBX/… to connect to the provider and constantly state "I am on the network and able to recieve calls!" (with PSTN networks, there a physical line that gets assumed to have a phone connected)…

Whereas with eMail (and any #asynchronous #communication) you don't have that requirement.

• So unless the provider is being taken over or otherwise "cooperative" there's no means for a sender to know where, when and how a message was retrieved unless the recipient wants the sender to know of it!
  • Besides, even if you don't have an eMail provider like cock.li which natively supports @torproject / #Tor useage with an #OnionService, unless said provider explicitly prevents you from doing so, you can use not just Tor but also other techniques to make it extremely hard (not necessarily impossible, but at least unfeasible at scale!) to get tracked down.
  • In fact, you could even use #Sneakernet - Style distribution through " #MeatProxies" and #DeadDrops (aka. #dr0p) to further twart tracing attempts.

Or to put it simple:

• You can ring up someone and thus circumstantially verify the chain of #PhoneNumber -> #IMSI -> #ICCID -> #SIM -> #IMEI -> Device -> Location -> Owner quite quickly.
  • Whereas you can't positively verify whether an eMail address and/or #XMPP+ #OMEMO account belongs to me unless I want you to know that it does!

So either way a phone number is just a horrible means of doing that.

• And don't even get me started on the fact that legally speaking noone truly owns their number.
  • Because even if you got some spechal case number (like UPT was) you still depend on neither regulators nor telcos to not block or otherwise interfere with it. Which is in contrast to say an OnionService which can only be shutdown effectively by sabotage aka. (more or less figurately) "unplugging" it.

I mean, it's not as if I didn't gave @signalapp a fair chance.

• I wanted #Signal to be good - honestly...
  • But I'm old enough that things rarely are that simple as #TechPopulism & #Propaganda claim it to be.
  • Just like 5th grade #SexEd is not a substitute for Endocrinology, Gynecology and Andrology and actually licensed, medical professionals.

So any #Messenger service that requires a #Phone Number for signup and/or useage is truly not a real replacement and inherently makes PROVEN WRONG assumptions [i.e. that it is legal and possible to obtain a phone number anonymously at someone's juristiction] about it's customers' ability to shield their privacy…

• Cuz all the " #Metadata" claims of Signal are complete #MarketingLies by virtue of them storing a Phone Number and not just being (as per admission by @Mer__edith) 'hard locked-in' with #aws but also subject to #CloudAct.
• They certainly are nit deploying real #E2EE cuz you neither get #SelfCustody nor #SelfHosting and have to blindly trust them (aka. " #TrustMeBro!") that what they release as #SourceCode is actually what they deploy.
  • It's like all those " #VPN" shillings which one cannot verify to be true or false!

THIS is why I am going fucking ballistic on #TechPopulism aiming at #TechIlliterates because it's spreading a "false sense of #security" whilst completely disregarding absolute fundamentals when it comes to the underlying systems.

• And I don't mean shit like #Govware of the #SS7 kind, but absolute basics in #ITsec, #InfoSec, #OpSec & #ComSec that every @cryptoparty@chaos.social / @cryptoparty@mastodon.earth / #CryptoParty worth it's name touches on.
  • Signal can't and won't save peoples' asses and the sooner we realize that "complex problems are hard to fix" the less we waste Resources on #HoneyPots that stench like #CrytpoAG & #ANØM!

@lackthereof no, it's not because unlike #Phones and #PhoneNumbers, #eMail is not necessarily traceable by circumstances.

• Because a Phone "Line" (regardless of whether it's POTS, ISDN, VoIP, GSM, VoLTE, …) and #telephony in general are designed for realtime communication, they inherently necessitate an active, ongoing connection.
  • Even if it's just some App/PBX/… to connect to the provider and constantly state "I am on the network and able to recieve calls!" (with PSTN networks, there a physical line that gets assumed to have a phone connected)…

Whereas with eMail (and any #asynchronous #communication) you don't have that requirement.

• So unless the provider is being taken over or otherwise "cooperative" there's no means for a sender to know where, when and how a message was retrieved unless the recipient wants the sender to know of it!
  • Besides, even if you don't have an eMail provider like cock.li which natively supports @torproject / #Tor useage with an #OnionService, unless said provider explicitly prevents you from doing so, you can use not just Tor but also other techniques to make it extremely hard (not necessarily impossible, but at least unfeasible at scale!) to get tracked down.
  • In fact, you could even use #Sneakernet - Style distribution through " #MeatProxies" and #DeadDrops (aka. #dr0p) to further twart tracing attempts.

Or to put it simple:

• You can ring up someone and thus circumstantially verify the chain of #PhoneNumber -> #IMSI -> #ICCID -> #SIM -> #IMEI -> Device -> Location -> Owner quite quickly.
  • Whereas you can't positively verify whether an eMail address and/or #XMPP+ #OMEMO account belongs to me unless I want you to know that it does!

So either way a phone number is just a horrible means of doing that.

• And don't even get me started on the fact that legally speaking noone truly owns their number.
  • Because even if you got some spechal case number (like UPT was) you still depend on neither regulators nor telcos to not block or otherwise interfere with it. Which is in contrast to say an OnionService which can only be shutdown effectively by sabotage aka. (more or less figurately) "unplugging" it.

I mean, it's not as if I didn't gave @signalapp a fair chance.

• I wanted #Signal to be good - honestly...
  • But I'm old enough that things rarely are that simple as #TechPopulism & #Propaganda claim it to be.
  • Just like 5th grade #SexEd is not a substitute for Endocrinology, Gynecology and Andrology and actually licensed, medical professionals.

So any #Messenger service that requires a #Phone Number for signup and/or useage is truly not a real replacement and inherently makes PROVEN WRONG assumptions [i.e. that it is legal and possible to obtain a phone number anonymously at someone's juristiction] about it's customers' ability to shield their privacy…

• Cuz all the " #Metadata" claims of Signal are complete #MarketingLies by virtue of them storing a Phone Number and not just being (as per admission by @Mer__edith) 'hard locked-in' with #aws but also subject to #CloudAct.
• They certainly are nit deploying real #E2EE cuz you neither get #SelfCustody nor #SelfHosting and have to blindly trust them (aka. " #TrustMeBro!") that what they release as #SourceCode is actually what they deploy.
  • It's like all those " #VPN" shillings which one cannot verify to be true or false!

THIS is why I am going fucking ballistic on #TechPopulism aiming at #TechIlliterates because it's spreading a "false sense of #security" whilst completely disregarding absolute fundamentals when it comes to the underlying systems.

• And I don't mean shit like #Govware of the #SS7 kind, but absolute basics in #ITsec, #InfoSec, #OpSec & #ComSec that every @cryptoparty@chaos.social / @cryptoparty@mastodon.earth / #CryptoParty worth it's name touches on.
  • Signal can't and won't save peoples' asses and the sooner we realize that "complex problems are hard to fix" the less we waste Resources on #HoneyPots that stench like #CrytpoAG & #ANØM!

Fake CleanMyMac Site Spreads SHub Stealer Targeting Crypto Wallets

Threat actors were observed targeting cryptocurrency wallets through a
fake CleanMyMac website distributing SHub Stealer malware. The campaign uses a phishing technique that prompts users to paste a command into the Terminal, which initiates the malware. Once executed, the malware steals browser data such as saved passwords, cookies and autofill information also targets cryptocurrency wallet data.

Pulse ID: 69af64c1b2d211fb43d4d899
Pulse Link: https://otx.alienvault.com/pulse/69af64c1b2d211fb43d4d899
Pulse Author: cryptocti
Created: 2026-03-10 00:24:33

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Browser #Cookies #CyberSecurity #InfoSec #Mac #Malware #OTX #OpenThreatExchange #Password #Passwords #Phishing #Word #bot #cryptocurrency #cryptocti

Fake CleanMyMac Site Spreads SHub Stealer Targeting Crypto Wallets

Threat actors were observed targeting cryptocurrency wallets through a
fake CleanMyMac website distributing SHub Stealer malware. The campaign uses a phishing technique that prompts users to paste a command into the Terminal, which initiates the malware. Once executed, the malware steals browser data such as saved passwords, cookies and autofill information also targets cryptocurrency wallet data.

Pulse ID: 69af64c1b2d211fb43d4d899
Pulse Link: https://otx.alienvault.com/pulse/69af64c1b2d211fb43d4d899
Pulse Author: cryptocti
Created: 2026-03-10 00:24:33

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Browser #Cookies #CyberSecurity #InfoSec #Mac #Malware #OTX #OpenThreatExchange #Password #Passwords #Phishing #Word #bot #cryptocurrency #cryptocti

Fake CleanMyMac site installs SHub Stealer and backdoors crypto wallets

Pulse ID: 69af46e2aca26f57f198051b
Pulse Link: https://otx.alienvault.com/pulse/69af46e2aca26f57f198051b
Pulse Author: Tr1sa111
Created: 2026-03-09 22:17:06

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #CyberSecurity #InfoSec #Mac #OTX #OpenThreatExchange #bot #Tr1sa111

Fake CleanMyMac site installs SHub Stealer and backdoors crypto wallets

Pulse ID: 69af46e2aca26f57f198051b
Pulse Link: https://otx.alienvault.com/pulse/69af46e2aca26f57f198051b
Pulse Author: Tr1sa111
Created: 2026-03-09 22:17:06

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #CyberSecurity #InfoSec #Mac #OTX #OpenThreatExchange #bot #Tr1sa111

Your Phone Number Can Reveal Everything #infosec #numbers #iphone #android #cybersecurityawareness #cybernaumad

Your Phone Number Can Reveal Everything #infosec #numbers #iphone #android #cybersecurityawareness #cybernaumad