<![CDATA[Spear - World News]]> https://spear.cx/ Sat, 06 Jun 2026 09:24:40 +0000 MyBB <![CDATA[Chrome Device Bound Session Credentials [DBSC]]]> https://spear.cx/Thread-Chrome-Device-Bound-Session-Credentials-DBSC Mon, 01 Jun 2026 03:12:01 +0200 kaya]]> https://spear.cx/Thread-Chrome-Device-Bound-Session-Credentials-DBSC
Quote:Google says the Chrome Device Bound Session Credentials (DBSC) security feature is now generally available and is rolling out to all users to prevent account takeovers.
Available in beta since April, DBSC was first announced in 2024 as a way to cryptographically bind session cookies to a specific device, preventing hackers from using such stolen cookies to bypass multi-factor authentication (MFA) and hijack users' accounts.
DBSC works by cryptographically linking user sessions to the hardware, such as their computer's security chip (e.g., the Trusted Platform Module (TPM) on Windows and the Secure Enclave on macOS).
Since the unique public/private keys used to encrypt and decrypt sensitive data are generated by the security chip, they cannot be stolen, preventing attackers from using stolen session cookies.
"DBSC fundamentally changes the web's capability to defend against this threat by shifting the paradigm from reactive detection to proactive prevention, ensuring that successfully exfiltrated cookies cannot be used to access users' accounts," Google said in April.
"DBSC strengthens account security after users are logged in and helps bind a session cookie — small files used by websites to remember user information — to the device a user authenticated from. Even if malware was present on the user's device, DBSC reduces the risk of session theft and makes it meaningfully more difficult for malicious actors to exploit stolen session cookies," it added this week.
The feature is now rolling out to all Google Workspace customers, Workspace Individual subscribers, and users with personal Google accounts.
Google added that it will be enabled by default for all Google Workspace customers upon rollout and that administrators cannot disable it.
In the past, threat actors have abused the undocumented Google OAuth "MultiLogin" API endpoint to generate new authentication cookies after stolen ones expired.
The Lumma and Rhadamanthys information-stealing malware operations have also claimed that they could restore expired Google authentication cookies stolen in attacks to gain access to infected users' Google accounts.
At the time, Google advised customers to remove malware from their devices and recommended enabling Chrome's Enhanced Safe Browsing security mode to defend against phishing and malware attacks.
However, the new Chrome Device Bound Session Credentials (DBSC) security feature should effectively block malicious actors from abusing such stolen cookies, as they will not have access to the cryptographic keys required to use them.


Source:
https://www.bleepingcomputer.com/news/se...all-users/]]>
Quote:Google says the Chrome Device Bound Session Credentials (DBSC) security feature is now generally available and is rolling out to all users to prevent account takeovers.
Available in beta since April, DBSC was first announced in 2024 as a way to cryptographically bind session cookies to a specific device, preventing hackers from using such stolen cookies to bypass multi-factor authentication (MFA) and hijack users' accounts.
DBSC works by cryptographically linking user sessions to the hardware, such as their computer's security chip (e.g., the Trusted Platform Module (TPM) on Windows and the Secure Enclave on macOS).
Since the unique public/private keys used to encrypt and decrypt sensitive data are generated by the security chip, they cannot be stolen, preventing attackers from using stolen session cookies.
"DBSC fundamentally changes the web's capability to defend against this threat by shifting the paradigm from reactive detection to proactive prevention, ensuring that successfully exfiltrated cookies cannot be used to access users' accounts," Google said in April.
"DBSC strengthens account security after users are logged in and helps bind a session cookie — small files used by websites to remember user information — to the device a user authenticated from. Even if malware was present on the user's device, DBSC reduces the risk of session theft and makes it meaningfully more difficult for malicious actors to exploit stolen session cookies," it added this week.
The feature is now rolling out to all Google Workspace customers, Workspace Individual subscribers, and users with personal Google accounts.
Google added that it will be enabled by default for all Google Workspace customers upon rollout and that administrators cannot disable it.
In the past, threat actors have abused the undocumented Google OAuth "MultiLogin" API endpoint to generate new authentication cookies after stolen ones expired.
The Lumma and Rhadamanthys information-stealing malware operations have also claimed that they could restore expired Google authentication cookies stolen in attacks to gain access to infected users' Google accounts.
At the time, Google advised customers to remove malware from their devices and recommended enabling Chrome's Enhanced Safe Browsing security mode to defend against phishing and malware attacks.
However, the new Chrome Device Bound Session Credentials (DBSC) security feature should effectively block malicious actors from abusing such stolen cookies, as they will not have access to the cryptographic keys required to use them.


Source:
https://www.bleepingcomputer.com/news/se...all-users/]]> <![CDATA[Russian Research Institute Announces Hack]]> https://spear.cx/Thread-Russian-Research-Institute-Announces-Hack Thu, 28 May 2026 16:55:20 +0200 SVA2027]]> https://spear.cx/Thread-Russian-Research-Institute-Announces-Hack The Russian Federal State Autonomous Institution Scientific Research Institute SpetsVuzAvtomatika announced they were hacked.. They are a state-owned scientific and IT organization based in Rostov-on-Don, Russia. The institute operates in the fields of information security, cybersecurity, cryptography, and advanced computing. They support a bunch of Russian government customers. They announce their hack here -  https://niisva.dev/tpost/lmbdpr6991-vazhnaya-novost.
 ]]> The Russian Federal State Autonomous Institution Scientific Research Institute SpetsVuzAvtomatika announced they were hacked.. They are a state-owned scientific and IT organization based in Rostov-on-Don, Russia. The institute operates in the fields of information security, cybersecurity, cryptography, and advanced computing. They support a bunch of Russian government customers. They announce their hack here -  https://niisva.dev/tpost/lmbdpr6991-vazhnaya-novost.
 ]]> <![CDATA[Microsoft Patches 138 Vulnerabilities]]> https://spear.cx/Thread-Microsoft-Patches-138-Vulnerabilities Wed, 20 May 2026 17:11:16 +0200 love630]]> https://spear.cx/Thread-Microsoft-Patches-138-Vulnerabilities
Of the 138 flaws, 30 are rated Critical, 104 are rated Important, three are rated Moderate, and one is rated Low in severity. As many as 61 vulnerabilities are classified as privilege escalation bugs, followed by 32 remote code execution, 15 information disclosure, 14 spoofing, eight denial-of-service, six security feature bypass, and two tampering flaws.]]>
Of the 138 flaws, 30 are rated Critical, 104 are rated Important, three are rated Moderate, and one is rated Low in severity. As many as 61 vulnerabilities are classified as privilege escalation bugs, followed by 32 remote code execution, 15 information disclosure, 14 spoofing, eight denial-of-service, six security feature bypass, and two tampering flaws.]]> <![CDATA[18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE]]> https://spear.cx/Thread-18-Year-Old-NGINX-Rewrite-Module-Flaw-Enables-Unauthenticated-RCE Wed, 20 May 2026 17:09:16 +0200 love630]]> https://spear.cx/Thread-18-Year-Old-NGINX-Rewrite-Module-Flaw-Enables-Unauthenticated-RCE Cybersec
Cybersecurity researchers have disclosed multiple security vulnerabilities impacting NGINX Plus and NGINX Open, including a critical flaw that remained undetected for 18 years.

The vulnerability, discovered by depthfirst, is a heap buffer overflow issue impacting ngx_http_rewrite_module (CVE-2026-42945, CVSS v4 score: 9.2) that could allow an attacker to achieve remote code execution or cause a denial-of-service (DoS) with crafted requests. It has been codenamed NGINX Rift.

"NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module," F5 said in an advisory released Wednesday. "This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression (PCRE) capture (for example, $1, $2) with a replacement string that includes a question mark (?)."

"An unauthenticated attacker, along with conditions beyond its control, can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process, leading to a restart. Additionally, for systems with Address Space Layout Randomization (ASLR ) disabled, code execution is possible."]]> Cybersec
Cybersecurity researchers have disclosed multiple security vulnerabilities impacting NGINX Plus and NGINX Open, including a critical flaw that remained undetected for 18 years.

The vulnerability, discovered by depthfirst, is a heap buffer overflow issue impacting ngx_http_rewrite_module (CVE-2026-42945, CVSS v4 score: 9.2) that could allow an attacker to achieve remote code execution or cause a denial-of-service (DoS) with crafted requests. It has been codenamed NGINX Rift.

"NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module," F5 said in an advisory released Wednesday. "This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression (PCRE) capture (for example, $1, $2) with a replacement string that includes a question mark (?)."

"An unauthenticated attacker, along with conditions beyond its control, can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process, leading to a restart. Additionally, for systems with Address Space Layout Randomization (ASLR ) disabled, code execution is possible."]]> <![CDATA[Microsoft Takes Down Malware-Signing Service Behind Ransomware Attacks]]> https://spear.cx/Thread-Microsoft-Takes-Down-Malware-Signing-Service-Behind-Ransomware-Attacks Wed, 20 May 2026 17:05:48 +0200 love630]]> https://spear.cx/Thread-Microsoft-Takes-Down-Malware-Signing-Service-Behind-Ransomware-Attacks Microsoft on Tuesday said it disrupted a malware-signing-as-a-service (MSaaS) operation that weaponized the company's Artifact Signing system to deliver malicious code and conduct ransomware and other attacks, compromising thousands of machines and networks across the world.
The tech giant attributed the activity to a threat actor it calls Fox Tempest, which it said offered the MSaaS scheme to allow cybercriminals to disguise malware as legitimate software. The threat actor has been active since May 2025. The seizure effort has been codenamed OpFauxSign.
"To disrupt the service, we seized Fox Tempest's website signspace[.]cloud, took offline hundreds of the virtual machines running the operation, and blocked access to a site hosting the underlying code," Steven Masada, assistant general counsel at Microsoft's Digital Crimes Unit]]> Microsoft on Tuesday said it disrupted a malware-signing-as-a-service (MSaaS) operation that weaponized the company's Artifact Signing system to deliver malicious code and conduct ransomware and other attacks, compromising thousands of machines and networks across the world.
The tech giant attributed the activity to a threat actor it calls Fox Tempest, which it said offered the MSaaS scheme to allow cybercriminals to disguise malware as legitimate software. The threat actor has been active since May 2025. The seizure effort has been codenamed OpFauxSign.
"To disrupt the service, we seized Fox Tempest's website signspace[.]cloud, took offline hundreds of the virtual machines running the operation, and blocked access to a site hosting the underlying code," Steven Masada, assistant general counsel at Microsoft's Digital Crimes Unit]]> <![CDATA[SESSION SHUTTING DOWN]]> https://spear.cx/Thread-SESSION-SHUTTING-DOWN Wed, 13 May 2026 15:17:01 +0200 icesig]]> https://spear.cx/Thread-SESSION-SHUTTING-DOWN With paid developers gone and only volunteers remaining, the app has until July 8 to secure funding or fade into irrelevance.

If you care about privacy and don't take too well to governments and Big Tech companies snooping on your messages, then Session has probably come up at some point. It's a free, open source, end-to-end encrypted messaging app that doesn't ask for your phone number or email to sign up.
Messages are routed through an onion network rather than a central server, and the combination of no-metadata messaging, anonymous sign-up, and decentralized architecture has earned it a loyal following among privacy-conscious users.
Unfortunately, the project has sent out a mayday call as it risks closure.

The Session Technology Foundation (STF) sent out what can only be described as a distress signal, announcing that the app's survival is now in serious peril. The day it was posted on was also the last working day for all paid staff and developers at the STF.
From that point on, Session is being kept running entirely by volunteers.
The donations that they received earlier are enough to keep critical infrastructure online until July 8, but not nearly enough to retain a development team. With nobody left on payroll, development has been paused.
Due to that, introducing new features is off the table, existing bugs will most likely go unaddressed, and the STF says new releases are unlikely during this period.
Session co-founder Chris McCabe had already flagged the trouble coming. In a personal appeal published earlier in March, he wrote that the organizations safeguarding Session had faced many challenges over the years and that the project's very survival was now at risk.


https://itsfoss.com/news/session-call-for-donations/



***Whats everyone going to use moving forward ?***]]> With paid developers gone and only volunteers remaining, the app has until July 8 to secure funding or fade into irrelevance.

If you care about privacy and don't take too well to governments and Big Tech companies snooping on your messages, then Session has probably come up at some point. It's a free, open source, end-to-end encrypted messaging app that doesn't ask for your phone number or email to sign up.
Messages are routed through an onion network rather than a central server, and the combination of no-metadata messaging, anonymous sign-up, and decentralized architecture has earned it a loyal following among privacy-conscious users.
Unfortunately, the project has sent out a mayday call as it risks closure.

The Session Technology Foundation (STF) sent out what can only be described as a distress signal, announcing that the app's survival is now in serious peril. The day it was posted on was also the last working day for all paid staff and developers at the STF.
From that point on, Session is being kept running entirely by volunteers.
The donations that they received earlier are enough to keep critical infrastructure online until July 8, but not nearly enough to retain a development team. With nobody left on payroll, development has been paused.
Due to that, introducing new features is off the table, existing bugs will most likely go unaddressed, and the STF says new releases are unlikely during this period.
Session co-founder Chris McCabe had already flagged the trouble coming. In a personal appeal published earlier in March, he wrote that the organizations safeguarding Session had faced many challenges over the years and that the project's very survival was now at risk.


https://itsfoss.com/news/session-call-for-donations/



***Whats everyone going to use moving forward ?***]]> <![CDATA[Drift Protocol $285M Drained]]> https://spear.cx/Thread-Drift-Protocol-285M-Drained Thu, 02 Apr 2026 10:45:31 +0200 tequila]]> https://spear.cx/Thread-Drift-Protocol-285M-Drained
absolutely mad! how did the admin get compromised? 2/5 sigs were needed, why did the 2nd confirm right away without verifying specifics? inside job?]]>
absolutely mad! how did the admin get compromised? 2/5 sigs were needed, why did the 2nd confirm right away without verifying specifics? inside job?]]> <![CDATA[DarkSword]]> https://spear.cx/Thread-DarkSword Tue, 24 Mar 2026 18:45:59 +0100 Lapidus]]> https://spear.cx/Thread-DarkSword
https://techcrunch.com/2026/03/23/someon...f-iphones/]]>
https://techcrunch.com/2026/03/23/someon...f-iphones/]]> <![CDATA[( )-SnowSoul ID-1263 (statement)]]> https://spear.cx/Thread-SnowSoul-ID-1263-statement Thu, 19 Mar 2026 07:23:49 +0100 SnowSoul]]> https://spear.cx/Thread-SnowSoul-ID-1263-statement
Shandong Province, Yantai International Labor Service Company (Yantai International)

? 100GB 2000 ?

?

? 2000 ?

?,, ?

We have encrypted your system and stolen 100GB of your data. All you had to do was pay $2,000, and the matter would have been settled once and for all. ?

Yet, you chose to ignore us. You chose silence, refusing to engage in any communication ?standing idly by as your data was exposed to the public, utterly indifferent and displaying complete apathy. Look at this: this is the true face of those damn Chinese elites. The true face of the damn rich.

They simply do not care about the consequences. They do not care about the harm they cause... The only thing they care about is that measly $2,000.


We will continue to launch attacks against China's wealthy elite ?and this is precisely what we have been doing all along.]]>
Shandong Province, Yantai International Labor Service Company (Yantai International)

? 100GB 2000 ?

?

? 2000 ?

?,, ?

We have encrypted your system and stolen 100GB of your data. All you had to do was pay $2,000, and the matter would have been settled once and for all. ?

Yet, you chose to ignore us. You chose silence, refusing to engage in any communication ?standing idly by as your data was exposed to the public, utterly indifferent and displaying complete apathy. Look at this: this is the true face of those damn Chinese elites. The true face of the damn rich.

They simply do not care about the consequences. They do not care about the harm they cause... The only thing they care about is that measly $2,000.


We will continue to launch attacks against China's wealthy elite ?and this is precisely what we have been doing all along.]]> <![CDATA[Trump planning to go to war with Iran]]> https://spear.cx/Thread-Trump-planning-to-go-to-war-with-Iran Sun, 22 Feb 2026 12:51:12 +0100 Neo]]> https://spear.cx/Thread-Trump-planning-to-go-to-war-with-Iran <![CDATA[Trump declassifying UFO documents]]> https://spear.cx/Thread-Trump-declassifying-UFO-documents Sun, 22 Feb 2026 11:47:41 +0100 Neo]]> https://spear.cx/Thread-Trump-declassifying-UFO-documents
Source: https://xcancel.com/PressSec/status/2024654420332425572]]>
Source: https://xcancel.com/PressSec/status/2024654420332425572]]> <![CDATA[USA and venezuela]]> https://spear.cx/Thread-USA-and-venezuela Fri, 09 Jan 2026 17:36:02 +0100 ragnarok]]> https://spear.cx/Thread-USA-and-venezuela
honestly Maduro seems like a good guy, but ive done some research apparently he " owns " cocaine factories and imports them into the united states and to my opinion that is probably true but we can never know till solid proof is out. back to the main subject I think trump captured Maduro due to his oil reserves and not the fact of the cocaine smuggling and creation of it because theres a massive background about oil and united states, trump is known to target countries for oil this goes back to the 2003 war including the main target iraq he said " USA should have taken Iraq ?s oil " but the keyword in this quote is should. which states that he WANTS oil reserves HE NEEDS oil reserves. and if we look onto the news now hes targeting venezuela due to their massive oil reserves and theres clear videos of his army actually extracting them from venezuela and seizing it.]]>
honestly Maduro seems like a good guy, but ive done some research apparently he " owns " cocaine factories and imports them into the united states and to my opinion that is probably true but we can never know till solid proof is out. back to the main subject I think trump captured Maduro due to his oil reserves and not the fact of the cocaine smuggling and creation of it because theres a massive background about oil and united states, trump is known to target countries for oil this goes back to the 2003 war including the main target iraq he said " USA should have taken Iraq ?s oil " but the keyword in this quote is should. which states that he WANTS oil reserves HE NEEDS oil reserves. and if we look onto the news now hes targeting venezuela due to their massive oil reserves and theres clear videos of his army actually extracting them from venezuela and seizing it.]]>