Aggregator

There’s an old story about a village that finally got electricity. Everyone bought fridges. A few months later, the elders gathered and suggested the unthinkable… “get rid of them!” Before the fridges, leftover food was shared. No one went to bed hungry. After the fridges, leftovers were hoarded “just in case,” forgotten for days, and … Continue reading Fridges, AI, and the Hidden Cost of Convenience →

The post Fridges, AI, and the Hidden Cost of Convenience appeared first on Security Boulevard.

New AI-powered penetration testing framework Villager combines Kali Linux toolsets with DeepSeek AI models to fully automate cyber attack workflows. Initially developed by the Chinese-based group Cyberspike, this tool has rapidly gained traction since its July 2025 release on the Python Package Index, accumulating over 10,000 downloads within its first two months of availability. Cybersecurity […]

The post AI-powered Pentesting Tool ‘Villager’ Combines Kali Linux Tools with DeepSeek AI for Automated Attacks appeared first on Cyber Security News.

A sudden and definitive statement emerged from the “Scattered LAPSUS$ Hunters 4.0” Telegram channel on September 8, signaling an abrupt end to their public operations. After months of high-profile campaigns targeting major corporations and critical infrastructure, the collective declared a permanent retreat. News of this unexpected decision reverberated through the cybersecurity community, prompting analysts to […]

The post Scattered LAPSUS$ Hunters 4.0 Announced That Their Going Dark Permanently appeared first on Cyber Security News.

You must login to view this content

You must login to view this content

When I was speaking to a group of Bank Security people in New York City yesterday, I mentioned "machine rooms" -- which are rooms full of Apple iPhones that are used to send iMessage phishing spam. Someone in the audience asked "Where would they get that many phones?"

The kids like to use the acronym "IYKYK" (If You Know You Know).  I learn new IYKYK phrases in Chinese Telegram every day. 

Today's new favorite phrase? 水果机 - Shuǐguǒ jī - "Fruit machine." 

 Example usage: 🔥低价出正品水果机 ("Genuine fruit machines at low prices") 

Fruit machine is coded language for Apple iPhones.

This advertiser pays HuionePay's Haowang Guarantee for the right to share an ad for their group once each hour in Huione, their highest rate, so that one line advertisement is posted 24 times per day to Haowang Guarantees "buy and sell" group. 

What? You thought Telegram had banned HuionePay? hahahahahaha ... but they do try to hide their traffic by rebranding their "Crime As A Service" vendors to be "Potato Guarantee" rather than Haowang Guarantee.

Links shared by this advertiser go to a 38,438 member "Potato Guarantee" group called "Yongle smuggles Apple phones" and share that Yongle has deposited "208,000 USDT" in order to insure that your transactions are safe. (The "Trust Model" of the Chinese Guarantee Syndicates is that vendors make a deposit to be listed in the vendor directory and the Syndicate promises that any transaction up to the level of the deposit will be backed by the Syndicate should anything go wrong.)

The welcome message for the group says:

"Various models of iPhone are available, all smuggled into the country as brand new, unopened, and unactivated official Chinese versions, suitable for personal use or resale." They go on to say that your phone will be delivered within 72 hours and that if it is shown to be used, they will refund 10x your purchase price!

Another September ad using the "Fruit machine" language in a major HuionePay group also now goes to a "Potato Guarantee" group with 12,154 members. (Group 2851, with a 38,000 USDT Deposit) The translated "welcome" message when joining the group calls the group "Xili Smuggles mobile phones and digital products" and promises "Various models of iPhone are available, all smuggled into the country as brand new, unopened, and unactivated national versions, suitable for personal use or resale."

Xili, who prefers to call himself "Heineken," is currently taking deposits for iPhone 17s. He also will throw in an Apple watch if you pay 1000 Yuan extra. Currently he charges 5999 Yuan for an iPhone 16 ProMax 1TB, or approximately $850. 

If that whole thing sounds insane, I would encourage you to read the book "Apple in China" by Patrick McGee. Smuggling iPhones is an EXTREMELY lucrative organized crime business in China!

There are of course many more Guarantee Syndicates, with many thousands of vendors who have paid to advertise their "Crime As A Service" offerings, from Gift Card and Cash Pickups, SMS/iMessage/RCS Phishing, Credit Card Theft, Trade-based Money Laundering and anything else you can imagine, from Human Trafficking to Cigarette smuggling.  

Here are a few that we are tracking ... 

#HuionePay #CMLO #Apple #iPhones #Guarantee #Danbao #Haowang #iMsgSpam #SMS #Smishing

The post Chinese Guarantee Syndicates and the Fruit Machine appeared first on Security Boulevard.

ESET researchers have discovered HybridPetya, a bootkit-and-ransomware combo that’s a copycat of the infamous Petya/NotPetya malware, augmented with the capability of compromising UEFI-based systems and weaponizing CVE-2024-7344 to bypass UEFI Secure Boot on outdated systems. The sample was uploaded from Poland to the malware-scanning platform VirusTotal, and ESET telemetry shows no signs of the malware being used in the wild yet. About HybridPetya “Late in July 2025, we encountered suspicious ransomware samples under various filenames, … More →

The post HybridPetya: (Proof-of-concept?) ransomware can bypass UEFI Secure Boot appeared first on Help Net Security.

You must login to view this content

Since its first appearance earlier this year, the ToneShell backdoor has demonstrated a remarkable capacity for adaptation, toyed with by the Mustang Panda group to maintain an enduring foothold in targeted environments. This latest variant, discovered in early September, arrives concealed within sideloaded DLLs alongside legitimate executables. Delivered via compressed archives purporting to contain innocuous […]

The post New ToneShell Backdoor With New Features Leverage Task Scheduler COM Service for Persistence appeared first on Cyber Security News.

Creator, Author and Presenter: Reed Loden

Our deep appreciation to Security BSides - San Francisco and the Creators, Authors and Presenters for publishing their BSidesSF 2025 video content on YouTube. Originating from the conference’s events held at the lauded CityView / AMC Metreon - certainly a venue like no other; and via the organization's YouTube channel.

Additionally, the organization is welcoming volunteers for the BSidesSF Volunteer Force, as well as their Program Team & Operations roles. See their succinct BSidesSF 'Work With Us' page, in which, the appropriate information is to be had!

Permalink

The post BSidesSF 2025: Closing Remarks appeared first on Security Boulevard.