#passwords — Public Fediverse posts

Passkey transfer: Some promising steps in an important part of the push to end passwords. You can move your passkey credentials between apps.
https://www.androidauthority.com/google-passkeys-move-to-another-password-manager-android-3666965/
#authentication #via:reddit #passwords #1password #passkeys #security #+

#Development #Findings
I left port 22 open for 54 days · What an open SSH honeypot revealed https://ilo.im/16cte0

_____
#Study #SSH #Honeypot #Passwords #Vulnerability #Security #Server #DevOps #WebDev #Backend

#Development #Findings
I left port 22 open for 54 days · What an open SSH honeypot revealed https://ilo.im/16cte0

_____
#Study #SSH #Honeypot #Passwords #Vulnerability #Security #Server #DevOps #WebDev #Backend

#Development #Findings
I left port 22 open for 54 days · What an open SSH honeypot revealed https://ilo.im/16cte0

_____
#Study #SSH #Honeypot #Passwords #Vulnerability #Security #Server #DevOps #WebDev #Backend

#Development #Findings
I left port 22 open for 54 days · What an open SSH honeypot revealed https://ilo.im/16cte0

_____
#Study #SSH #Honeypot #Passwords #Vulnerability #Security #Server #DevOps #WebDev #Backend

Website installer incident (May 2026)

In early May 2026, attackers compromised the official JDownloader website by manipulating specific installer download links through the content management system. Between May 6-7, 2026 (UTC), users who downloaded Windows installers via "Download Alternative Installer" links or the Linux shell installer were redirected to malicious third-party files instead of genuine installers. The attackers gained CMS-level access only, not server or filesystem control. The incident was detected on May 7 via Reddit alerts, and the server was immediately taken offline. Malicious links were removed, legitimate links restored, and security hardened before the site resumed normal operations on May 8-9. In-app updates and other download paths remained unaffected. Users who executed downloaded installers during the risk window are advised to perform clean OS reinstalls and change passwords from trusted devices.

Pulse ID: 6a01c237ee7d6056fbe6a77f
Pulse Link: https://otx.alienvault.com/pulse/6a01c237ee7d6056fbe6a77f
Pulse Author: AlienVault
Created: 2026-05-11 11:49:11

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #InfoSec #Linux #OTX #OpenThreatExchange #Password #Passwords #RAT #Rust #Windows #Word #bot #AlienVault

Honeypot reveals botnet exploiting scriptText to launch DDoS attacks on game servers

Analysts observed attackers exploiting a Jenkins honeypot to deploy a new DDoS botnet targeting video game servers. Leveraging Jenkins scriptText abuse, the threat actors achieved remote code execution by sending malicious Groovy scripts to intentionally misconfigured instances with weak passwords. The multi-platform payload targets both Windows and Linux systems, deploying malware that evades detection through process renaming and daemonization. The botnet supports multiple attack vectors including UDP floods, TCP attacks, HTTP requests, and game-specific techniques targeting Valve Source Engine servers. Infrastructure hosted in Vietnam serves dual purposes for payload distribution and command-and-control communications. The campaign demonstrates continued opportunistic exploitation of internet-facing services, with gaming industry servers being primary targets for distributed denial-of-service attacks.

Pulse ID: 6a0199674dd4cf450633dd32
Pulse Link: https://otx.alienvault.com/pulse/6a0199674dd4cf450633dd32
Pulse Author: AlienVault
Created: 2026-05-11 08:55:03

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #DDoS #DoS #HTTP #HoneyPot #InfoSec #Linux #Malware #OTX #OpenThreatExchange #Password #Passwords #RAT #RCE #RemoteCodeExecution #TCP #UDP #Vietnam #Windows #Word #bot #botnet #AlienVault

Honeypot reveals botnet exploiting scriptText to launch DDoS attacks on game servers

Analysts observed attackers exploiting a Jenkins honeypot to deploy a new DDoS botnet targeting video game servers. Leveraging Jenkins scriptText abuse, the threat actors achieved remote code execution by sending malicious Groovy scripts to intentionally misconfigured instances with weak passwords. The multi-platform payload targets both Windows and Linux systems, deploying malware that evades detection through process renaming and daemonization. The botnet supports multiple attack vectors including UDP floods, TCP attacks, HTTP requests, and game-specific techniques targeting Valve Source Engine servers. Infrastructure hosted in Vietnam serves dual purposes for payload distribution and command-and-control communications. The campaign demonstrates continued opportunistic exploitation of internet-facing services, with gaming industry servers being primary targets for distributed denial-of-service attacks.

Pulse ID: 6a0199674dd4cf450633dd32
Pulse Link: https://otx.alienvault.com/pulse/6a0199674dd4cf450633dd32
Pulse Author: AlienVault
Created: 2026-05-11 08:55:03

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #DDoS #DoS #HTTP #HoneyPot #InfoSec #Linux #Malware #OTX #OpenThreatExchange #Password #Passwords #RAT #RCE #RemoteCodeExecution #TCP #UDP #Vietnam #Windows #Word #bot #botnet #AlienVault

Honeypot reveals botnet exploiting scriptText to launch DDoS attacks on game servers

Analysts observed attackers exploiting a Jenkins honeypot to deploy a new DDoS botnet targeting video game servers. Leveraging Jenkins scriptText abuse, the threat actors achieved remote code execution by sending malicious Groovy scripts to intentionally misconfigured instances with weak passwords. The multi-platform payload targets both Windows and Linux systems, deploying malware that evades detection through process renaming and daemonization. The botnet supports multiple attack vectors including UDP floods, TCP attacks, HTTP requests, and game-specific techniques targeting Valve Source Engine servers. Infrastructure hosted in Vietnam serves dual purposes for payload distribution and command-and-control communications. The campaign demonstrates continued opportunistic exploitation of internet-facing services, with gaming industry servers being primary targets for distributed denial-of-service attacks.

Pulse ID: 6a0199674dd4cf450633dd32
Pulse Link: https://otx.alienvault.com/pulse/6a0199674dd4cf450633dd32
Pulse Author: AlienVault
Created: 2026-05-11 08:55:03

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #DDoS #DoS #HTTP #HoneyPot #InfoSec #Linux #Malware #OTX #OpenThreatExchange #Password #Passwords #RAT #RCE #RemoteCodeExecution #TCP #UDP #Vietnam #Windows #Word #bot #botnet #AlienVault

Honeypot reveals botnet exploiting scriptText to launch DDoS attacks on game servers

Analysts observed attackers exploiting a Jenkins honeypot to deploy a new DDoS botnet targeting video game servers. Leveraging Jenkins scriptText abuse, the threat actors achieved remote code execution by sending malicious Groovy scripts to intentionally misconfigured instances with weak passwords. The multi-platform payload targets both Windows and Linux systems, deploying malware that evades detection through process renaming and daemonization. The botnet supports multiple attack vectors including UDP floods, TCP attacks, HTTP requests, and game-specific techniques targeting Valve Source Engine servers. Infrastructure hosted in Vietnam serves dual purposes for payload distribution and command-and-control communications. The campaign demonstrates continued opportunistic exploitation of internet-facing services, with gaming industry servers being primary targets for distributed denial-of-service attacks.

Pulse ID: 6a0199674dd4cf450633dd32
Pulse Link: https://otx.alienvault.com/pulse/6a0199674dd4cf450633dd32
Pulse Author: AlienVault
Created: 2026-05-11 08:55:03

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #DDoS #DoS #HTTP #HoneyPot #InfoSec #Linux #Malware #OTX #OpenThreatExchange #Password #Passwords #RAT #RCE #RemoteCodeExecution #TCP #UDP #Vietnam #Windows #Word #bot #botnet #AlienVault

Honeypot reveals botnet exploiting scriptText to launch DDoS attacks on game servers

Analysts observed attackers exploiting a Jenkins honeypot to deploy a new DDoS botnet targeting video game servers. Leveraging Jenkins scriptText abuse, the threat actors achieved remote code execution by sending malicious Groovy scripts to intentionally misconfigured instances with weak passwords. The multi-platform payload targets both Windows and Linux systems, deploying malware that evades detection through process renaming and daemonization. The botnet supports multiple attack vectors including UDP floods, TCP attacks, HTTP requests, and game-specific techniques targeting Valve Source Engine servers. Infrastructure hosted in Vietnam serves dual purposes for payload distribution and command-and-control communications. The campaign demonstrates continued opportunistic exploitation of internet-facing services, with gaming industry servers being primary targets for distributed denial-of-service attacks.

Pulse ID: 6a0199674dd4cf450633dd32
Pulse Link: https://otx.alienvault.com/pulse/6a0199674dd4cf450633dd32
Pulse Author: AlienVault
Created: 2026-05-11 08:55:03

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #DDoS #DoS #HTTP #HoneyPot #InfoSec #Linux #Malware #OTX #OpenThreatExchange #Password #Passwords #RAT #RCE #RemoteCodeExecution #TCP #UDP #Vietnam #Windows #Word #bot #botnet #AlienVault

Abuse of Cloud-Native Infrastructure in Modern Phishing Campaigns

An investigation has revealed a structural evolution in phishing operations where threat actors conduct entire campaigns through legitimate, enterprise-trusted cloud infrastructure rather than attacker-controlled systems. Adversaries weaponize platforms employees use daily, including cloud storage, productivity suites, and OAuth authentication endpoints. Attacks originate from legitimate Google or Microsoft systems, passing all authentication checks while linking to whitelisted cloud services. Multi-factor authentication is bypassed without touching passwords, and victim organizations show no anomalous SIEM events at compromise time. Campaigns employ five stages: delivery via provider-owned infrastructure, payload hosting on legitimate cloud storage, execution within browser memory using native APIs, credential theft through legitimate authentication flows, and persistent presence through licensed services. Detection requires behavioral analysis rather than traditional indicators, as attackers operate enti...

Pulse ID: 69fe0ae9bf660196169e557b
Pulse Link: https://otx.alienvault.com/pulse/69fe0ae9bf660196169e557b
Pulse Author: AlienVault
Created: 2026-05-08 16:10:17

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Browser #Cloud #CyberSecurity #Endpoint #Google #InfoSec #Microsoft #OTX #OpenThreatExchange #Password #Passwords #Phishing #RAT #Rust #Troll #Word #bot #AlienVault

Abuse of Cloud-Native Infrastructure in Modern Phishing Campaigns

An investigation has revealed a structural evolution in phishing operations where threat actors conduct entire campaigns through legitimate, enterprise-trusted cloud infrastructure rather than attacker-controlled systems. Adversaries weaponize platforms employees use daily, including cloud storage, productivity suites, and OAuth authentication endpoints. Attacks originate from legitimate Google or Microsoft systems, passing all authentication checks while linking to whitelisted cloud services. Multi-factor authentication is bypassed without touching passwords, and victim organizations show no anomalous SIEM events at compromise time. Campaigns employ five stages: delivery via provider-owned infrastructure, payload hosting on legitimate cloud storage, execution within browser memory using native APIs, credential theft through legitimate authentication flows, and persistent presence through licensed services. Detection requires behavioral analysis rather than traditional indicators, as attackers operate enti...

Pulse ID: 69fe0ae9bf660196169e557b
Pulse Link: https://otx.alienvault.com/pulse/69fe0ae9bf660196169e557b
Pulse Author: AlienVault
Created: 2026-05-08 16:10:17

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Browser #Cloud #CyberSecurity #Endpoint #Google #InfoSec #Microsoft #OTX #OpenThreatExchange #Password #Passwords #Phishing #RAT #Rust #Troll #Word #bot #AlienVault

Abuse of Cloud-Native Infrastructure in Modern Phishing Campaigns

An investigation has revealed a structural evolution in phishing operations where threat actors conduct entire campaigns through legitimate, enterprise-trusted cloud infrastructure rather than attacker-controlled systems. Adversaries weaponize platforms employees use daily, including cloud storage, productivity suites, and OAuth authentication endpoints. Attacks originate from legitimate Google or Microsoft systems, passing all authentication checks while linking to whitelisted cloud services. Multi-factor authentication is bypassed without touching passwords, and victim organizations show no anomalous SIEM events at compromise time. Campaigns employ five stages: delivery via provider-owned infrastructure, payload hosting on legitimate cloud storage, execution within browser memory using native APIs, credential theft through legitimate authentication flows, and persistent presence through licensed services. Detection requires behavioral analysis rather than traditional indicators, as attackers operate enti...

Pulse ID: 69fe0ae9bf660196169e557b
Pulse Link: https://otx.alienvault.com/pulse/69fe0ae9bf660196169e557b
Pulse Author: AlienVault
Created: 2026-05-08 16:10:17

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Browser #Cloud #CyberSecurity #Endpoint #Google #InfoSec #Microsoft #OTX #OpenThreatExchange #Password #Passwords #Phishing #RAT #Rust #Troll #Word #bot #AlienVault

Abuse of Cloud-Native Infrastructure in Modern Phishing Campaigns

An investigation has revealed a structural evolution in phishing operations where threat actors conduct entire campaigns through legitimate, enterprise-trusted cloud infrastructure rather than attacker-controlled systems. Adversaries weaponize platforms employees use daily, including cloud storage, productivity suites, and OAuth authentication endpoints. Attacks originate from legitimate Google or Microsoft systems, passing all authentication checks while linking to whitelisted cloud services. Multi-factor authentication is bypassed without touching passwords, and victim organizations show no anomalous SIEM events at compromise time. Campaigns employ five stages: delivery via provider-owned infrastructure, payload hosting on legitimate cloud storage, execution within browser memory using native APIs, credential theft through legitimate authentication flows, and persistent presence through licensed services. Detection requires behavioral analysis rather than traditional indicators, as attackers operate enti...

Pulse ID: 69fe0ae9bf660196169e557b
Pulse Link: https://otx.alienvault.com/pulse/69fe0ae9bf660196169e557b
Pulse Author: AlienVault
Created: 2026-05-08 16:10:17

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Browser #Cloud #CyberSecurity #Endpoint #Google #InfoSec #Microsoft #OTX #OpenThreatExchange #Password #Passwords #Phishing #RAT #Rust #Troll #Word #bot #AlienVault

Abuse of Cloud-Native Infrastructure in Modern Phishing Campaigns

An investigation has revealed a structural evolution in phishing operations where threat actors conduct entire campaigns through legitimate, enterprise-trusted cloud infrastructure rather than attacker-controlled systems. Adversaries weaponize platforms employees use daily, including cloud storage, productivity suites, and OAuth authentication endpoints. Attacks originate from legitimate Google or Microsoft systems, passing all authentication checks while linking to whitelisted cloud services. Multi-factor authentication is bypassed without touching passwords, and victim organizations show no anomalous SIEM events at compromise time. Campaigns employ five stages: delivery via provider-owned infrastructure, payload hosting on legitimate cloud storage, execution within browser memory using native APIs, credential theft through legitimate authentication flows, and persistent presence through licensed services. Detection requires behavioral analysis rather than traditional indicators, as attackers operate enti...

Pulse ID: 69fe0ae9bf660196169e557b
Pulse Link: https://otx.alienvault.com/pulse/69fe0ae9bf660196169e557b
Pulse Author: AlienVault
Created: 2026-05-08 16:10:17

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Browser #Cloud #CyberSecurity #Endpoint #Google #InfoSec #Microsoft #OTX #OpenThreatExchange #Password #Passwords #Phishing #RAT #Rust #Troll #Word #bot #AlienVault

In my opinion, this was only a matter of time and not whether this would happen.

«OpenClaw Malware Targets Crypto Wallets and Bitwarden Credentials:
OpenClaw users are being targeted in a fresh malware campaign that abuses a fake installer to steal credentials from popular crypto wallets and password managers, including MetaMask, Phantom, and Bitwarden.»

🦞 https://gbhackers.com/openclaw-malware/

#bitwarden #metamask #phantom #ai #crypto #malware #openclaw #credential #passwords #cryptowallet #fakeinstaller

In my opinion, this was only a matter of time and not whether this would happen.

«OpenClaw Malware Targets Crypto Wallets and Bitwarden Credentials:
OpenClaw users are being targeted in a fresh malware campaign that abuses a fake installer to steal credentials from popular crypto wallets and password managers, including MetaMask, Phantom, and Bitwarden.»

🦞 https://gbhackers.com/openclaw-malware/

#bitwarden #metamask #phantom #ai #crypto #malware #openclaw #credential #passwords #cryptowallet #fakeinstaller

In my opinion, this was only a matter of time and not whether this would happen.

«OpenClaw Malware Targets Crypto Wallets and Bitwarden Credentials:
OpenClaw users are being targeted in a fresh malware campaign that abuses a fake installer to steal credentials from popular crypto wallets and password managers, including MetaMask, Phantom, and Bitwarden.»

🦞 https://gbhackers.com/openclaw-malware/

#bitwarden #metamask #phantom #ai #crypto #malware #openclaw #credential #passwords #cryptowallet #fakeinstaller

In my opinion, this was only a matter of time and not whether this would happen.

«OpenClaw Malware Targets Crypto Wallets and Bitwarden Credentials:
OpenClaw users are being targeted in a fresh malware campaign that abuses a fake installer to steal credentials from popular crypto wallets and password managers, including MetaMask, Phantom, and Bitwarden.»

🦞 https://gbhackers.com/openclaw-malware/

#bitwarden #metamask #phantom #ai #crypto #malware #openclaw #credential #passwords #cryptowallet #fakeinstaller

In my opinion, this was only a matter of time and not whether this would happen.

«OpenClaw Malware Targets Crypto Wallets and Bitwarden Credentials:
OpenClaw users are being targeted in a fresh malware campaign that abuses a fake installer to steal credentials from popular crypto wallets and password managers, including MetaMask, Phantom, and Bitwarden.»

🦞 https://gbhackers.com/openclaw-malware/

#bitwarden #metamask #phantom #ai #crypto #malware #openclaw #credential #passwords #cryptowallet #fakeinstaller

Weekly output: Google I/O teaser, satellite-to-phone services, passkeys, connected-home considerations, Matter

I’m spending a few days in cooler confines–Monday morning, I head to Vancouver for the second year of Web Summit’s conference there. And just like last year, I won’t have enough time to do much wandering around British Columbia’s largest city and taking in its stunningly beautiful mountains-and-sea scenery, because I have three panels to moderate over Tuesday and Wednesday (with the conference hosts paying for my hotel and reimbursing my airfare).

5/5/2026: Google Teases I/O Pregame Event. How to Watch ‘The Android Show’ on May 12, PCMag

This was one of the shortest posts I’ve written for PCMag, owing to the paucity of information in the brief teaser video Google published.

5/7/2026: FCC Chair: Starlink Isn’t Enough. We Need at Least 3 Satellite-to-Phone Services, PCMag

I spent Wednesday afternoon at the wireless trade group CTIA’s annual summit in Washington. Most of the talks on the program didn’t yield anything too newsworthy, but Federal Communications Commission chair Brendan Carr’s appearance met that bar even though he didn’t talk about his clumsy attempts to leverage the FCC’s broadcast licensing authority to punish TV shows and TV hosts for being mean to Republicans.

5/7/2026: Passkey-Adoption Report Finds Many Orgs Don’t Know How to Quit Passwords, PCMag

I had an advance copy of this FIDO Alliance survey but didn’t have time to write it up in advance; fortunately, Thursday did have enough idle time for me to get this post written and filed.

5/8/2026: Smart Homes In Practice: Bridging Design, Integration, And Market Promises With Real Human-Centered Living Outcomes, Smarter Infrastructure Summit

I had a brief trip to Chicago–well, its suburb Rosemont–for this small conference. I was a late addition to this panel, in which moderator Lisa An Wong quizzed me and architect Stephen Yas and connect-home integrator Corey Ardell about ways to get homes and the appliances in them thoughtfully wired.

5/9/2026: Matter Smart Home Standard Still Looks Immaterial At Retail, Smarter Infrastructure Summit

The title of this talk I did mirrors the story I did for PCMag almost three years ago; that post caught the attention of the conference organizers, and the chance to revisit the topic and get in some practice with doing a solo presentation led me to accept their travel-expenses-covered invitation.

Weekly output: Google I/O teaser, satellite-to-phone services, passkeys, connected-home considerations, Matter

I’m spending a few days in cooler confines–Monday morning, I head to Vancouver for the second year of Web Summit’s conference there. And just like last year, I won’t have enough time to do much wandering around British Columbia’s largest city and taking in its stunningly beautiful mountains-and-sea scenery, because I have three panels to moderate over Tuesday and Wednesday (with the conference hosts paying for my hotel and reimbursing my airfare).

5/5/2026: Google Teases I/O Pregame Event. How to Watch ‘The Android Show’ on May 12, PCMag

This was one of the shortest posts I’ve written for PCMag, owing to the paucity of information in the brief teaser video Google published.

5/7/2026: FCC Chair: Starlink Isn’t Enough. We Need at Least 3 Satellite-to-Phone Services, PCMag

I spent Wednesday afternoon at the wireless trade group CTIA’s annual summit in Washington. Most of the talks on the program didn’t yield anything too newsworthy, but Federal Communications Commission chair Brendan Carr’s appearance met that bar even though he didn’t talk about his clumsy attempts to leverage the FCC’s broadcast licensing authority to punish TV shows and TV hosts for being mean to Republicans.

5/7/2026: Passkey-Adoption Report Finds Many Orgs Don’t Know How to Quit Passwords, PCMag

I had an advance copy of this FIDO Alliance survey but didn’t have time to write it up in advance; fortunately, Thursday did have enough idle time for me to get this post written and filed.

5/8/2026: Smart Homes In Practice: Bridging Design, Integration, And Market Promises With Real Human-Centered Living Outcomes, Smarter Infrastructure Summit

I had a brief trip to Chicago–well, its suburb Rosemont–for this small conference. I was a late addition to this panel, in which moderator Lisa An Wong quizzed me and architect Stephen Yas and connect-home integrator Corey Ardell about ways to get homes and the appliances in them thoughtfully wired.

5/9/2026: Matter Smart Home Standard Still Looks Immaterial At Retail, Smarter Infrastructure Summit

The title of this talk I did mirrors the story I did for PCMag almost three years ago; that post caught the attention of the conference organizers, and the chance to revisit the topic and get in some practice with doing a solo presentation led me to accept their travel-expenses-covered invitation.

Weekly output: Google I/O teaser, satellite-to-phone services, passkeys, connected-home considerations, Matter

I’m spending a few days in cooler confines–Monday morning, I head to Vancouver for the second year of Web Summit’s conference there. And just like last year, I won’t have enough time to do much wandering around British Columbia’s largest city and taking in its stunningly beautiful mountains-and-sea scenery, because I have three panels to moderate over Tuesday and Wednesday (with the conference hosts paying for my hotel and reimbursing my airfare).

5/5/2026: Google Teases I/O Pregame Event. How to Watch ‘The Android Show’ on May 12, PCMag

This was one of the shortest posts I’ve written for PCMag, owing to the paucity of information in the brief teaser video Google published.

5/7/2026: FCC Chair: Starlink Isn’t Enough. We Need at Least 3 Satellite-to-Phone Services, PCMag

I spent Wednesday afternoon at the wireless trade group CTIA’s annual summit in Washington. Most of the talks on the program didn’t yield anything too newsworthy, but Federal Communications Commission chair Brendan Carr’s appearance met that bar even though he didn’t talk about his clumsy attempts to leverage the FCC’s broadcast licensing authority to punish TV shows and TV hosts for being mean to Republicans.

5/7/2026: Passkey-Adoption Report Finds Many Orgs Don’t Know How to Quit Passwords, PCMag

I had an advance copy of this FIDO Alliance survey but didn’t have time to write it up in advance; fortunately, Thursday did have enough idle time for me to get this post written and filed.

5/8/2026: Smart Homes In Practice: Bridging Design, Integration, And Market Promises With Real Human-Centered Living Outcomes, Smarter Infrastructure Summit

I had a brief trip to Chicago–well, its suburb Rosemont–for this small conference. I was a late addition to this panel, in which moderator Lisa An Wong quizzed me and architect Stephen Yas and connect-home integrator Corey Ardell about ways to get homes and the appliances in them thoughtfully wired.

5/9/2026: Matter Smart Home Standard Still Looks Immaterial At Retail, Smarter Infrastructure Summit

The title of this talk I did mirrors the story I did for PCMag almost three years ago; that post caught the attention of the conference organizers, and the chance to revisit the topic and get in some practice with doing a solo presentation led me to accept their travel-expenses-covered invitation.

Weekly output: Google I/O teaser, satellite-to-phone services, passkeys, connected-home considerations, Matter

I’m spending a few days in cooler confines–Monday morning, I head to Vancouver for the second year of Web Summit’s conference there. And just like last year, I won’t have enough time to do much wandering around British Columbia’s largest city and taking in its stunningly beautiful mountains-and-sea scenery, because I have three panels to moderate over Tuesday and Wednesday (with the conference hosts paying for my hotel and reimbursing my airfare).

5/5/2026: Google Teases I/O Pregame Event. How to Watch ‘The Android Show’ on May 12, PCMag

This was one of the shortest posts I’ve written for PCMag, owing to the paucity of information in the brief teaser video Google published.

5/7/2026: FCC Chair: Starlink Isn’t Enough. We Need at Least 3 Satellite-to-Phone Services, PCMag

I spent Wednesday afternoon at the wireless trade group CTIA’s annual summit in Washington. Most of the talks on the program didn’t yield anything too newsworthy, but Federal Communications Commission chair Brendan Carr’s appearance met that bar even though he didn’t talk about his clumsy attempts to leverage the FCC’s broadcast licensing authority to punish TV shows and TV hosts for being mean to Republicans.

5/7/2026: Passkey-Adoption Report Finds Many Orgs Don’t Know How to Quit Passwords, PCMag

I had an advance copy of this FIDO Alliance survey but didn’t have time to write it up in advance; fortunately, Thursday did have enough idle time for me to get this post written and filed.

5/8/2026: Smart Homes In Practice: Bridging Design, Integration, And Market Promises With Real Human-Centered Living Outcomes, Smarter Infrastructure Summit

I had a brief trip to Chicago–well, its suburb Rosemont–for this small conference. I was a late addition to this panel, in which moderator Lisa An Wong quizzed me and architect Stephen Yas and connect-home integrator Corey Ardell about ways to get homes and the appliances in them thoughtfully wired.

5/9/2026: Matter Smart Home Standard Still Looks Immaterial At Retail, Smarter Infrastructure Summit

The title of this talk I did mirrors the story I did for PCMag almost three years ago; that post caught the attention of the conference organizers, and the chance to revisit the topic and get in some practice with doing a solo presentation led me to accept their travel-expenses-covered invitation.

Heritage Foundation Leak

source: ddosecrets.org/article/heritag…

Includes "full names, #email #addresses, #passwords, and #usernames" of people associating with the #Heritage #Foundation between 2007 and November 2022, as well as the organization's blogs and material related to The Daily Signal.

#hack #hacker #leak #heritagefoundation #politics #security #cybersecurity #internet #ddos #bigdata #user #password #emails #fail #problem #news

Heritage Foundation Leak

source: ddosecrets.org/article/heritag…

Includes "full names, #email #addresses, #passwords, and #usernames" of people associating with the #Heritage #Foundation between 2007 and November 2022, as well as the organization's blogs and material related to The Daily Signal.

#hack #hacker #leak #heritagefoundation #politics #security #cybersecurity #internet #ddos #bigdata #user #password #emails #fail #problem #news

Heritage Foundation Leak

source: ddosecrets.org/article/heritag…

Includes "full names, #email #addresses, #passwords, and #usernames" of people associating with the #Heritage #Foundation between 2007 and November 2022, as well as the organization's blogs and material related to The Daily Signal.

#hack #hacker #leak #heritagefoundation #politics #security #cybersecurity #internet #ddos #bigdata #user #password #emails #fail #problem #news

Researchers found Microsoft Edge loads every saved password into plaintext memory at launch, increasing exposure after session compromise 🔐
Unlike other Chromium browsers, Edge keeps credentials readable in RAM, raising scraping risks on shared and admin-access systems 🛡️

🔗 https://proton.me/business/blog/microsoft-edge-passwords-exposed

#TechNews #Browser #MicrosoftEdge #Microsoft #Edge #Cybersecurity #PasswordManager #Privacy #FOSS #OpenSource #Security #Encryption #Windows #Passwords #DataProtection #Infosec

The Register: 60% of MD5 password hashes are crackable in under an hour. “Using a dataset of more than 231 million unique passwords sourced from dark web leaks – including 38 million added since its previous study – and hashing them with MD5, researchers at security firm Kaspersky found that, using a single Nvidia RTX 5090 graphics card, 60 percent of passwords could be cracked in less than an […]

Threat Actors Weaponize Tiflux RMMs in Malspam Attacks

Since late February, there has been an uptick in incidents involving Tiflux, a lesser-known Brazilian commercial remote management tool being weaponized by threat actors. The attack chain begins with phishing emails containing fake document lures that deliver a malicious MSI installer. Once executed, the installer deploys multiple remote access tools including UltraVNC, Splashtop, and ScreenConnect for persistent access. The Tiflux installer contains concerning components such as outdated VNC versions from 2014, expired certificates, hardcoded passwords, and a vulnerable HwRwDrv.sys driver known for privilege escalation abuse. The threat actors leverage these tools to establish persistence, capture screenshots, and collect system profiling information. This campaign exemplifies the continuing pattern of adversaries abusing legitimate remote management software for stealthy access to victim environments while chaining multiple tools together to maintain control.

Pulse ID: 69fd4f31a337de81bfb907d5
Pulse Link: https://otx.alienvault.com/pulse/69fd4f31a337de81bfb907d5
Pulse Author: AlienVault
Created: 2026-05-08 02:49:21

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Brazil #CyberSecurity #Email #InfoSec #MalSpam #OTX #OpenThreatExchange #Password #Passwords #Phishing #ScreenConnect #Spam #VNC #Word #bot #AlienVault

Yesterday was World Password Day, sorry for posting late… I forgot my Mastodon password again 😅🔑

#WorldPasswordDay #Password #Passwords #CyberSecurity #Security #TechHumor #Relatable #Privacy #Internet #LOL #TechLife #Tech #TechNews #Technology #OpenSource #FOSS #Linux

Hackers don’t always need advanced tricks.

Sometimes your password habits are enough.

I covered 5 dangerous password mistakes that make accounts easy to hack and how to protect yourself online.

Read here:
https://techputs.com/dangerous-password-habits-to-avoid/

#CyberSecurity #InternetSafety #Passwords #Tech #CyberAwareness #technology

Hackers don’t always need advanced tricks.

Sometimes your password habits are enough.

I covered 5 dangerous password mistakes that make accounts easy to hack and how to protect yourself online.

Read here:
https://techputs.com/dangerous-password-habits-to-avoid/

#CyberSecurity #InternetSafety #Passwords #Tech #CyberAwareness #technology

Hackers don’t always need advanced tricks.

Sometimes your password habits are enough.

I covered 5 dangerous password mistakes that make accounts easy to hack and how to protect yourself online.

Read here:
https://techputs.com/dangerous-password-habits-to-avoid/

#CyberSecurity #InternetSafety #Passwords #Tech #CyberAwareness #technology

Hackers don’t always need advanced tricks.

Sometimes your password habits are enough.

I covered 5 dangerous password mistakes that make accounts easy to hack and how to protect yourself online.

Read here:
https://techputs.com/dangerous-password-habits-to-avoid/

#CyberSecurity #InternetSafety #Passwords #Tech #CyberAwareness #technology

Hackers don’t always need advanced tricks.

Sometimes your password habits are enough.

I covered 5 dangerous password mistakes that make accounts easy to hack and how to protect yourself online.

Read here:
https://techputs.com/dangerous-password-habits-to-avoid/

#CyberSecurity #InternetSafety #Passwords #Tech #CyberAwareness #technology

Kaspersky Study Finds Majority of MD5 Password Hashes Vulnerable to Fast Cracking

📰 Original title: 60% of MD5 Password Hashes Are Crackable In Under an Hour

🤖 IA: It's clickbait ⚠️
👥 Usuarios: It's clickbait ⚠️

View full AI summary: https://killbait.com/en/kaspersky-study-finds-majority-of-md5-password-hashes-vulnerable-to-fast-cracking/?redirpost=a5cad763-e467-4c9a-8a0e-11cdbfdf47ab&utm_source=mastodon_world&utm_medium=social&utm_campaign=killbait

#technology #passwords #security #md5

Top 20 passwords

123456
123456789
12345678
password
qwerty123
qwerty1
111111
12345
secret
123123
1234567890
1234567
000000
qwerty
abc123
password1
iloveyou
11111111
dragon
monkey

This is the #Nordpass list, I'd like to see the #kaspersky one (probably the same) from their recent 230 million hash data set.

Kaspersky cracked 40% of hashes in under 60 seconds.

#passwordday #passwords #fixyourshit

ZDNet: Why Edge stores your passwords in plaintext, according to Microsoft. “A security researcher found that Edge stores your plaintext passwords in memory when you use the browser to manage them. In a social media post, researcher Tom Jøran Sønstebyseter Rønning explained how the process works and posted a video showing it in action.”

ZDNet: Why Edge stores your passwords in plaintext, according to Microsoft. “A security researcher found that Edge stores your plaintext passwords in memory when you use the browser to manage them. In a social media post, researcher Tom Jøran Sønstebyseter Rønning explained how the process works and posted a video showing it in action.”

ZDNet: Why Edge stores your passwords in plaintext, according to Microsoft. “A security researcher found that Edge stores your plaintext passwords in memory when you use the browser to manage them. In a social media post, researcher Tom Jøran Sønstebyseter Rønning explained how the process works and posted a video showing it in action.”

ZDNet: Why Edge stores your passwords in plaintext, according to Microsoft. “A security researcher found that Edge stores your plaintext passwords in memory when you use the browser to manage them. In a social media post, researcher Tom Jøran Sønstebyseter Rønning explained how the process works and posted a video showing it in action.”

ZDNet: Why Edge stores your passwords in plaintext, according to Microsoft. “A security researcher found that Edge stores your plaintext passwords in memory when you use the browser to manage them. In a social media post, researcher Tom Jøran Sønstebyseter Rønning explained how the process works and posted a video showing it in action.”

A security researcher demonstrated that Microsoft Edge stores saved passwords in plaintext memory after launch, making them accessible to malware or attackers with elevated system access.

Read more: https://hackread.com/edge-browser-stores-saved-plaintext-passwords/

#MicrosoftEdge #Cybersecurity #Passwords #Privacy

In honor of #WorldPasswordDay, I looked at the Internet exposure of 5 different password manager products with web-accessible vaults.

Vaultwarden was the most popular by far (62% of instances observed), followed by Passbolt and Bitwarden.

I did a deeper dive on Vaultwarden and Bitwarden and was surprised to see how relatively current these instances were:

+ 64% of Bitwarden instances appear to be running a version ~6 months old or newer
+ 65% of Vaultwarden instances appear to be ~5 months old or newer

Read more:

https://censys.com/blog/password-manager-infrastructure/

#passwords #vaultwarden #bitwarden #passbolt

#MicrosoftEdge keeps all saved #passwords unencrypted

https://proton.me/business/blog/microsoft-edge-passwords-exposed

#cybersecurity #Microsoft #Edge

A famous hacker who was on the FBI most wanted list used his cat’s name as his password, followed by ‘123.’

Happy World Password Day!

https://topicaltens.blogspot.com/2026/05/6-may-passwords.html

#WorldPasswordDay #Passwords

#Microsoft #Edge Stores #Passwords In #Plaintext In RAM
#privacy #security

https://yro.slashdot.org/story/26/05/06/2014204/microsoft-edge-stores-passwords-in-plaintext-in-ram?utm_source=rss1.0mainlinkanon&utm_medium=feed

Ever science Lastpass get #hacked years ago, i have an idea to create some kind of #passwordmanager #device,that follows the user everywhere they go. At first i only create it for managing #passwords but it blew up into capability list you see in first pic and named it #PrjTurtlePSA I finally started to execute my idea in Aug 25 by creating its keyboard module and then the screen dwaw module but encountering issue and gave up. Resuming it again, currently doing the PB Logic, New updates soon!