Brutkey

BeyondMachines :verified:
@beyondmachines1@infosec.exchange

Enabling Good Cybersecurity for Everyone:
Automated cybersecurity tools, learning and expert guidance for individuals and companies of all sizes.
Because cybersecurity shouldn't be an enterprise feature.

Sometimes a bot, sometimes not.

πŸ€– Bot
Notes
6533
Following
0
Followers
0
Website
https://beyondmachines.net
Linkedin
https://www.linkedin.com/company/73905832/
GitHub
https://github.com/BeyondMachines
BeyondMachines :verified:
@beyondmachines1@infosec.exchange

The naked truth of #cybersecurity

BeyondMachines :verified:
@beyondmachines1@infosec.exchange

#AI didn't make us smarter. It just gave idiots a superpower.
Hoping for a less triggering 2026

Tweet by 10x Bug Shipper @qit_blame_ai A lot of Al predictions flopped in 2025: - Juniors: Didn't disappear. They just stopped thinking. Now they copy-paste broken garbage 100x faster than you can fix it. - Prompt Engineering: Was never a job. It was a scam for people with zero talent to feel like engineers. - Agents: Didn't build empires. They just set money on fire in an infinite loop of stupidity. - No-Code: Didn't kill coding. It just let noobs build digital garbage that actual pros have to clean up. Al didn't make us smarter. It just gave idiots a superpower.
BeyondMachines :verified:
@beyondmachines1@infosec.exchange

The future's so bright, i gotta wear shades 😎😎

#AI #OpenAI #AIBubble

ChatGPT Android app 1.2025.329 beta includes new references to an "ads feature" with "bazaar content", "search ad" and "search ads carousel”
BeyondMachines :verified:
@beyondmachines1@infosec.exchange

Fortinet authentication bypass flaw enables device takeover

Fortinet patched an authentication bypass vulnerability (CVE-2024-26009) in the FortiGate-to-FortiManager protocol that allows attackers to gain administrative access by crafting malicious requests using a known FortiManager serial number, typically obtained through insider threats or social engineering. The flaw affects multiple Fortinet enterprise security products including FortiOS, FortiProxy, FortiPAM, and FortiSwitchManager.

If you are using FortiManager to manage Fortinet devices, make sure they are isolated from the internet and accessible only from trustef network. Communicate this flaw and the risk of phishing attempts to all admins. Finally, plan a patch process, which may be complex.
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/fortinet-authentication-bypass-flaw-enables-device-takeover-h-8-k-d-s/gD2P6Ple2L

BeyondMachines :verified:
@beyondmachines1@infosec.exchange

Critical remote code execution flaw in FortiSIEM actively exploited

Fortinet FortiSIEM platforms are under active attack through a critical OS command injection vulnerability (CVE-2025-25256, CVSS 9.8) that allows unauthenticated attackers to execute arbitrary commands, with working exploit code already being used against real-world targets. The flaw affects all FortiSIEM versions from 5.4 through 7.3.1 and is difficult to detect, requiring immediate patching or restricting access to port 7900 as a temporary workaround.

If you have FortiSIEM, block external access to port 7900 until you can update, then plan a quick patch. Attackers are already exploiting this flaw to take complete control without any login credentials.
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-remote-code-execution-flaw-in-fortisiem-actively-exploited-g-v-z-8-7/gD2P6Ple2L

BeyondMachines :verified:
@beyondmachines1@infosec.exchange

Melbourne boys' School Scotch College reports cybersecurity incident, data breach

Scotch College Melbourne suffered a cyberattack over the weekend of August 9-10, 2025, when unknown attackers gained unauthorized access to the school's IT systems, potentially exposing sensitive data of current families and graduates. The school immediately shut down all servers and disabled user accounts as a precautionary measure. Principal Dr Scott Marsh notified the community on August 12th. Details about the attack method, exposed data, and number of affected individuals are not disclosed.

****
#cybersecurity #infosec #incident #databreach
https://beyondmachines.net/event_details/melbourne-boys-school-scotch-college-reports-cybersecurity-incident-data-breach-c-z-3-1-b/gD2P6Ple2L

BeyondMachines :verified:
@beyondmachines1@infosec.exchange

Dual monitor setup when I was in high school (AI generated)

AI Generated image of IBM PC XT clone (8086 CPU) with two 14 inch CRT monitors one on top of the other above the computer desktop chassis. Both show some command line interface, one is MS DOS, the other one probably a terminal emulator.
BeyondMachines :verified:
@beyondmachines1@infosec.exchange

Adobe releases August 2025 patches for multiple products

Adobe released August 2025 security updates patching critical vulnerabilities across multiple products including Commerce, Creative Suite applications, and Substance 3D tools. Many of the flaws exnable arbitrary code execution through buffer overflows and memory corruption issues.

Another very large update release from Adobe. Fortunately, this month no critical flaws in Acrobat/Reader. Prioritize patching of Adobe Commerce & Magento Open Source, Illustrator and InDesign. Then review the rest of the list. Many products carry patches categorized as critical, so a proper review is needed for your organization
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/adobe-releases-august-2025-patches-for-multiple-products-z-8-q-0-7/gD2P6Ple2L

BeyondMachines :verified:
@beyondmachines1@infosec.exchange

Motorcycle manufacturer Royal Enfield hit by ransomware attack

Royal Enfield motorcycle manufacturer apparently suffered a ransomware attack where hackers claimed complete system compromise, encrypting all servers and wiping backups, resulting in paralyzed operations and temporary suspension of online ordering systems and workshop services. The company acknowledged the cybersecurity incident and launched an internal investigation.

****
#cybersecurity #infosec #incident #databreach
https://beyondmachines.net/event_details/motorcycle-manufacturer-royal-enfield-hit-by-ransomware-attack-y-y-8-u-e/gD2P6Ple2L

BeyondMachines :verified:
@beyondmachines1@infosec.exchange

Manpower staffing agency reports ransomware attack, data breach exposing 145K people

Manpower, a staffing company, suffered a ransomware attack between December 29, 2024, and January 12, 2025, that exposed sensitive personal information of 144,189 individuals. The company delayed breach notification for over six months, only informing affected individuals on July 28, 2025.

****
#cybersecurity #infosec #incident #databreach
https://beyondmachines.net/event_details/manpower-staffing-agency-reports-ransomware-attack-data-breach-exposing-145k-people-j-n-9-l-q/gD2P6Ple2L

BeyondMachines :verified:
@beyondmachines1@infosec.exchange

The critical Erlang/OTP SSH flaw actively exploited targeting operational technology networks

A critical vulnerability (CVE-2025-32433) in Erlang/OTP's SSH implementation allows unauthenticated remote code execution and is being actively exploited against internet-exposed systems, with Palo Alto Networks detecting 275 vulnerable hosts and noting that 70% of exploitation attempts target operational technology networks. Despite patches being available, widespread exploitation continues as organizations struggle to update critical infrastructure systems.

If you are running Erlang based SSH service, time to update NOW. Especially in OT networks. Naturally, make sure the OT systems are not exposed to the internet. Then start patching.
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/the-critical-erlang-otp-ssh-flaw-actively-exploited-targeting-operational-technology-networks-u-v-1-j-q/gD2P6Ple2L