Mastodon Digest
for the past
scorer
threshold
Posts

Critical vulnerabilities in Ivanti Sentry (CERT-EU Security Advisory 2026-008)

On 9 June 2026, Ivanti released a security advisory addressing two critical vulnerabilities in their Sentry products[1]. An attacker could exploit those flaws to achieve unauthenticated remote code execution on the vulnerable device.

cert.europa.eu/publications/se

This is a super interesting analysis of the English-language cybercrime communities on Telegram and Discord, from a convicted (and reformed?) SIM-swapper who says he found at least 164 call centers that are recruiting callers for telephone-based social engineering scams.

LinkedIn post: linkedin.com/in/cfrmn/?lipi=ur

History on the researcher: krebsonsecurity.com/2020/11/co

a

New and scoopy, by me: Who Runs the Ransomware Group 'The Gentlemen?'

A cybercrime group known as The Gentlemen has emerged as the second most active ransomware gang by victim count, rapidly attracting a talented pool of hackers through an aggressive recruitment strategy that promises affiliates 90 percent of any ransom paid by victims. This post examines clues pointing to a real life identity for the administrator of The Gentlemen ransomware group.

krebsonsecurity.com/2026/06/wh

A

Suddenly seeing a renewed interest in the Com, or the "community" of English-speaking cybercrime cliques scattered across Telegram and Discord. The Financial Times reports teenagers carrying out sabotage and arson attacks in the UK were recruited by Russia and Iran on Telegram, Discord and gaming platforms. Some of those recruited were reportedly as young as 11.

I've been writing about Com-based cybercriminals and breaches for more than a decade, but it mostly felt like screaming into a void because law enforcement has until very recently completely dropped the ball on coming up with strategies to counter Com-based activity, and the non-stop criminal recruitment that occurs quite openly on gaming platforms like Roblox and Minecraft. The fact that nation states and our adversaries are now using these same criminal communities to carry out their agendas should surprise no one at this point.

archive.ph/LTBWZ

Boosts

The interesting thing about the German court ruling against Google is not the verdict. The fact that, if you put libel on your web site, you are liable for it even if you used a machine to automatically generate libel, should not surprise anyone who has paid attention to the law at any point in the last century or so: humans have agency, the tools that they use do not shield them from liability, no matter how obfuscating they are.

The bit I suspect will have much more impact longer term is one of the defences entered by Google's lawyers. Somewhat more verbose in the original German, but it boiled down to: Everyone knows LLMs produce nonsense, no one should ever trust the output of an LLM in any situation that matters, it's not Google's fault if people read the output of an LLM and believed it might have some connection to reality.

It's debatable whether everyone knows that, but this is now an official statement entered into the court record that at least one of the major LLM vendors knows this. And that's now an on-the-record statement made under penalty of perjury that can be entered as evidence in any court case against companies selling LLM-integrated tooling.

I suspect that this will show up in a lot of court cases over the next few years and probably have a much bigger long-term impact than the ruling. Any claim about utility made by vendors of 'AI' tools is now open to lawsuits ranging from misleading advertising to outright fraud as a result of this.

Google would probably have been much better advised to settle the case rather than enter that claim as evidence. Imagine if a car manufacturer had entered a defence against liability in case of a collision by saying 'everyone knows automobiles are impossible to operate safely on the roads and anyone who buys one should know better than to take it on the public highway'. Google's lawyers have just done the equivalent for the 'AI' industry.

EDIT: It hopefully goes without saying, but just in case: I am not a lawyer, this is commentary from someone who watches the industry with a growing sense of disgust, not legal advice.

🎈🎈🎈🎈🎈🎈🎈🎈🎈🎈
🎈🎈🎈🎈🎈🎈🎈🎈🎈
🎈🎈🎈🎈🎈🎈🎈🎈
🎈🎈🎈🎈🎈🎈🎈
🎈🎈🎈🎈🎈🎈
🎈🎈🎈🎈🎈
🎈🎈🎈🎈
🎈🎈🎈
🎈🎈
🎂

🗣 RELEASE THE HAPPY #BIRTHDAY MEMES!

it’s finally my bornday and i have, finally, beat an actuarial statistic and lived to being 60.

spite is a powerful energy source that i tap into when am reminded there are a lot of fuckers i want to outlive, BUT! there are far many more things I LOVE that keep me going.

LOVE is my renewable energy source, and on my birthday, CAKE!

🗣 AM SIXTY, AND AM GONNA KICK ASS AND TAKE NAMES 🔥🔥🔥