Nostr notes by IFIN - The Independent Federated Intelligence Network

RE: https://infosec.exchange/@ifin/116605052950779161 Important ...

2026-05-21T15:04:23Z

RE: https://infosec.exchange/@ifin/116605052950779161

Important note. A lot of sources are reporting that the Nx Console extension is the vector by which GitHub was compromised. Although that extension was breached concurrently with the GitHub announcement, GitHub has neither confirmed nor denied this publicly. The connection remains speculation, not fact.

quoting
note1xwp…uz0v

GitHub's internal repositories have been exfiltrated and offered for sale.

https://discourse.ifin.network/t/github-internal-repositories-compromised-offered-for-sale/484

We've updated the post with the full list of ...

2026-05-20T13:10:18Z

In reply to nevent1q…da0w
_________________________

We've updated the post with the full list of claimed-compromised repositories.

GitHub's internal repositories have been exfiltrated and ...

2026-05-20T04:38:26Z

GitHub's internal repositories have been exfiltrated and offered for sale.

https://discourse.ifin.network/t/github-internal-repositories-compromised-offered-for-sale/484

One maintainer's compromised tokens are responsible for the ...

2026-05-19T06:22:39Z

One maintainer's compromised tokens are responsible for the takeover of 500+ NPM packages, including the AntV family of packages.

https://discourse.ifin.network/t/500-npm-packages-including-antv-compromised-via-single-maintainer/476

#ThreatIntel #ThreatIntelligence #IFIN

Also added to our MISP instance!

2026-05-18T21:59:57Z

In reply to nevent1q…u3dg
_________________________

Also added to our MISP instance!

Microsoft Power BI is under a DDoS attack claimed by 313 Team, ...

2026-05-18T17:00:28Z

Microsoft Power BI is under a DDoS attack claimed by 313 Team, the same group that recently claimed the attack on Ubuntu.

Their booter is still protected by Cloudflare, btw.

https://discourse.ifin.network/t/power-bi-ddosed-claimed-by-313-team/470

#ThreatIntel #ThreatIntelligence #IFIN

Two sides of the same mullet. @npub16kg…afn8 @npub1ezn…nyq3

2026-05-16T19:41:56Z

In reply to nevent1q…qt4c
_________________________

Two sides of the same mullet.
Cat 🐈🥗 (D.Burch) :paw:⁠:paw: (npub16kg…afn8) GAYINT (npub1ezn…nyq3)

We have a breakdown of the current attack campaign against Cisco ...

2026-05-15T18:24:30Z

We have a breakdown of the current attack campaign against Cisco SD-WAN devices

https://discourse.ifin.network/t/cve-2026-20182-cisco-catalyst-sd-wan-eitw/457

#ThreatInte #ThreatIntelligence #IFIN

Dear threat research firms, A modest proposal for your threat ...

2026-05-15T16:34:51Z

Dear threat research firms,

A modest proposal for your threat intel blog posts:

A *single table* of Indicators of Compromise.

3 columns: Value, Type, Description

The same format. Every time.

Easier for you, easier for your readers, easier for us.

XOXO IFIN

I am sure you're shocked to hear about another NPM ...

2026-05-14T22:20:47Z

I am sure you're shocked to hear about another NPM compromise.

This one was because a maintainer let their email domain expire!

https://discourse.ifin.network/t/node-ipc-npm-packages-infected-with-stealer/454

#ThreatIntel #ThreatIntelligence #IFIN

This new Nginx vuln is worth some scrutiny. A heap buffer ...

2026-05-13T19:21:30Z

This new Nginx vuln is worth some scrutiny. A heap buffer overflow that can lead to service restart and, on systems with ASLR, code execution. Patches available.

https://discourse.ifin.network/t/cve-2026-42945-heap-buffer-overflow-in-nginx/441

We are tracking the new Nightmare Eclipse exploits, and we even ...

2026-05-12T21:59:37Z

We are tracking the new Nightmare Eclipse exploits, and we even have some listed IoCs from the code/repo files for you.

https://discourse.ifin.network/t/chaotic-eclipse-nightmare-eclipse-drops-two-windows-0days/437

#ThreatIntel #ThreatIntelligence #IFIN

If you or someone you know has received Instructure ...

2026-05-12T18:34:43Z

If you or someone you know has received Instructure #Canvas-themed phishing messages, we want to hear about it! Samples welcome, but also any other circumstances.

Something seems phishy about the claim that no data is out in the open.

Did you know we have a @npub1mly…rl2t feed? We do! Discourse ...

2026-05-12T18:32:17Z

Did you know we have a MISP (npub1mly…rl2t) feed? We do!

Discourse posts with valuable indicators are added to our feed, which is free for all.

https://misp.ifin.network/feed (/manifest.json for manual review)

#MISP #ThreatIntel #ThreatIntelligence #IFIN

Aaaand now it's in PyPi

2026-05-12T15:47:22Z

In reply to nevent1q…au6n
_________________________

Aaaand now it's in PyPi

RE: https://infosec.exchange/@ifin/116558531955700753 This has ...

2026-05-12T13:22:50Z

RE: https://infosec.exchange/@ifin/116558531955700753

This has evolved to impact 170 packages, including those from Mistral and OpenSearch.

quoting
note1w6n…z3sx

TanStack, a popular web UI framework has had its NPM packages compromised by another installment of Mini Shai-Hulud.

https://discourse.ifin.network/t/mini-shai-hulud-strikes-again-tanstack-npm-packages-compromised/428

#ThreatIntel #ThreatIntelligence #IFIN

TanStack, a popular web UI framework has had its NPM packages ...

2026-05-11T23:27:32Z

TanStack, a popular web UI framework has had its NPM packages compromised by another installment of Mini Shai-Hulud.

https://discourse.ifin.network/t/mini-shai-hulud-strikes-again-tanstack-npm-packages-compromised/428

#ThreatIntel #ThreatIntelligence #IFIN

Cloudflare is reporting issues as well, since, uh, all their ...

2026-05-08T20:15:25Z

In reply to nevent1q…8pzr
_________________________

Cloudflare is reporting issues as well, since, uh, all their services get their certs from LetsEncrypt

BREAKING: LetsEncrypt appears to be stopping certificate issuance ...

2026-05-08T19:47:21Z

BREAKING: LetsEncrypt appears to be stopping certificate issuance due to a "potential incident."

https://discourse.ifin.network/t/letsencrypt-stopping-issuance/415

Fixes for both Debian-derivative and RHEL-like systems listed!

2026-05-07T22:34:38Z

In reply to nevent1q…48tj
_________________________

Fixes for both Debian-derivative and RHEL-like systems listed!

We're also tracking the new #CopyFail variants here. ...

2026-05-07T21:08:50Z

We're also tracking the new #CopyFail variants here. DirtyFrag requires the same af_alg module as CopyFail, but another variant does not.

https://discourse.ifin.network/t/new-copyfail-variants/395

RE: https://infosec.exchange/@wdormann/116533862391306228 We love ...

2026-05-07T15:38:05Z

RE: https://infosec.exchange/@wdormann/116533862391306228

We love direct action you can take to confound the adversary! Disable .URL files (and .js files) today.

https://discourse.ifin.network/t/disable-url-files-before-the-baddies-use-them/393

quoting
note1lp3…u5wj

Let's talk about Windows .URL (InternetShortcut) files.

Last year there was discussion about a vulnerability in how Windows handles .URL files. Specifically, when a .URL file specifies a WorkingDirectory directive, an otherwise harmless app being launched would load DLLs from the remote (e.g. WebDAV) server specified. You know, being the current working directory of the app being launched and all. This vulnerability was being [exploited in the wild](https://www.virustotal.com/gui/file/e0a44274d5eb01a0379894bb59b166c1482a23fede1f0ee05e8bf4f7e4e2fcc6 ), and it worked well because it bypassed annoying (to attackers) things like SmartScreen. Sure, it required the victim to click Open on a dialog saying Type: Unknown File Type (😂), but we all know that users are click-happy, so this is fine. Besides, the file clearly has a .pdf extension, so it should be safe (😂).

Microsoft recognized the vulnerability and published an [update in the form of CVE-2025-33053](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33053 ).

If we were to believe the [Microsoft documentation at the time](https://web.archive.org/web/20250710095434/https://learn.microsoft.com/en-us/windows/win32/lwef/internet-shortcuts ),

> When the user clicks the icon, the browser is launched and displays the site associated with the shortcut.

But wait...
How did this .URL file cause a program to be launched? The URL= parameter specifies a website address to be loaded in the browser.

Oh, naive child. Obviously a .URL file can directly point to code on a remote (e.g. WebDAV) server. This technique is also [being exploited ITW as well](https://www.virustotal.com/gui/file/93a2d60d1ccfe3e009b1a81951653b559e0cae01c2454244a3a0fbd49a5e4539 ).

I reported this to Microsoft, as this has the **EXACT SAME IMPACT** as CVE-2025-33053. So if that's a vulnerability, then this too is a vulnerability, right?

Bless your innocent soul. Per MSRC:

> When the Shell invokes an app from a remote share, it's expected that you will see the legacy Windows Security prompt, not the SmartScreen one. SmartScreen Application Reputation (AppRep) evaluation applies to locally downloaded files that bear an Internet Zone mark of the web. It is not meant to apply to execution of files from Network Shares.

Okie dokie. I'm sure Windows users surely appreciate this. But what about the [incorrect documentation](https://archive.ph/MgBI8 )? After my prodding, they [updated the wording](https://learn.microsoft.com/en-us/windows/win32/lwef/internet-shortcuts ):

> When the user clicks the icon, the URL path is opened by the handler application, typically the user's default web browser.

Leaving in the quite misleading first sentence:

> The Internet shortcut object is used to create desktop shortcuts to Internet sites.

(An "Internet site" is a web page, right?)

How can CVE-2025-33053 warrant a CVE, while the behavior I described has the exact same trigger and impact is **not** CVE worthy? That's pretty easy. Microsoft assigns CVEs to **updates**, not **vulnerabilities**. They are the decider as to what is a vulnerability and what is not.

What can we do about it?

At the very least, turn off the Windows feature that hides file extensions, **even if you have the option turned on to see file extensions**. The disdain that Microsoft has for Windows users is tangible here. On what planet would I not want to see the actual extension of a file? Go to HKCU\InternetShortcut and delete the NeverShowExt value. After this, your pwned.pdf file will reveal its true self as being pwned.pdf.url.

More powerful protection would be to block the ability to receive .URL files via email, web browsers, etc. There is no workflow that I can imagine that requires a user to double-click on a .URL file that **came from the internet**.

Even more powerful than that would be to disassociate .URL files from opening in Windows (thx Taggart :ifin: (npub1yg8…ccz0) ).

This screen recording is a Windows 11 system that has no internet connectivity. The fact that no warning was displayed that SmartScreen cannot be reached is evidence that SmartScreen is not in play at all. And that dialog...Do you want to open this file?

andType: Unknown File Type

Do you think that users are presented with enough information to make an informed security decision? Of course not. But obviously we all know that we can't rely on users making informed security decisions in general. Don't put users in that position.

As a chaser, here are two other CVEs on Ollama from yesterday. ...

2026-05-06T17:44:46Z

In reply to nevent1q…gwmk
_________________________

As a chaser, here are two *other* CVEs on Ollama from yesterday.

https://discourse.ifin.network/t/cve-2026-42248-cve-2026-42249-ollama-on-windows-doesnt-verify-updates-writes-anywhere/378

Another AI service that's dangerous when exposed to the ...

2026-05-06T17:35:41Z

Another AI service that's dangerous when exposed to the internet? Well I never!

Anyway go check for exposed Ollama endpoints.

https://discourse.ifin.network/t/unauthenticated-memory-leak-in-ollama-cve-2026-7482/389

#CVE #ThreatIntel #ThreatIntelligence #IFIN

This morning we decided to launch a "Vulnerabilities" ...

2026-05-06T13:57:47Z

This morning we decided to launch a "Vulnerabilities" category to track vulns without further actionable intelligence besides patching and monitoring. And wouldn't you know it, a crit on Palo Alto's User-ID portal showed up to ring it in!

https://discourse.ifin.network/t/cve-2026-0300-9-3-cvss-pan-os-unauthenticated-user-initiated-buffer-overflow-captive-portal/382

#CVE-2026-0300 #CVE #IFIN

As of 0740 UTC, Ubuntu's security and archive sites are ...

2026-05-05T15:44:17Z

As of 0740 UTC, Ubuntu's security and archive sites are *finally* behind Cloudflare's CDN...sorta. So while it's still ridiculous that Cloudflare is serving both sides, at least Ubuntu's repos should be more stable.

313 Team, the Iraqi-aligned group claiming credit for the Ubuntu ...

2026-05-03T05:02:01Z

313 Team, the Iraqi-aligned group claiming credit for the Ubuntu attack, are now encouraging the use of #CopyFail against Ubuntu targets while servers may not be able to reach updates.

https://discourse.ifin.network/t/ubuntu-services-under-attack/356

The worms keep worming, unfortunately. The "Mini ...

2026-04-30T21:22:01Z

The worms keep worming, unfortunately. The "Mini Shai-Hulud" attack appears to pivot to #PyPi with a compromise of a #pytorch library:

https://discourse.ifin.network/t/pytorch-lightning-library-hit-by-supply-chain-attack/357

#ThreatIntel #ThreatIntelligence #IFIN #Python

It's not just you: Ubuntu services are down. ...

2026-04-30T20:32:51Z

It's not just you: Ubuntu services are down.

https://discourse.ifin.network/t/ubuntu-services-appear-down/356

Since the CopyFail disclosure left some of us feeling a ...

2026-04-30T17:10:12Z

Since the CopyFail disclosure left some of us feeling a little...unsupported, we're talking about what we love to see in vulnerability disclosures. Come join the conversation!

https://discourse.ifin.network/t/your-ideal-vuln-disclosure/350

Regarding #CopyFail, It is worth noting that the exploit can ...

2026-04-30T15:41:19Z

Regarding #CopyFail,

It is worth noting that the exploit can target *any* file and overwrite its contents. That's not just privilege escalation; that's the potential for stealthy persistence.

Our thread now has more technical discussion and also some clever detections.

https://discourse.ifin.network/t/copy-fail-732-bytes-to-root-on-every-major-linux-distributions/342/26

#ThreatIntel #ThreatIntelligence #IFIN

After careful analysis, we believe the best option for ...

2026-04-29T20:12:57Z

After careful analysis, we believe the best option for remediation is to turn off the computers and go for a nice walk. Maybe call your mother.

What is going on today?? We're also tracking #CopyFail. ...

2026-04-29T18:51:59Z

What is going on today??

We're also tracking #CopyFail.

https://discourse.ifin.network/t/copy-fail-732-bytes-to-root-on-every-major-linux-distributions/342

#ThreatIntel #ThreatIntelligence #IFIN

Looks like we have another #supplychain attack underway, this ...

2026-04-29T16:25:36Z

Looks like we have another #supplychain attack underway, this time facing #SAP-related NPM packages.

https://discourse.ifin.network/t/sap-npm-packages-targeted-with-credential-stealing-malware/340

#ThreatIntel #ThreatIntelligence #IFIN

RE: https://infosec.exchange/@mttaggart/116461922134943653 When ...

2026-04-24T21:59:20Z

RE: https://infosec.exchange/@mttaggart/116461922134943653

When opportunity (malware) comes a-knocking, you let it in (fire up the sandbox and disassembler).

#malware #ThreatIntel #ThreatIntelligence #IFIN
nostr:note1nq6ga2rz9d8jrkgpzg93n6fdswsjlu840gy69wvldumpmhh6j0ns8dctqd

Since we were the ones subtooted, it's worth clarifying: it ...

2026-04-24T20:54:27Z

In reply to nevent1q…mwks
_________________________

Since we were the ones subtooted, it's worth clarifying: it is *impossible* to get every moderation decision right, and avenues for appeal are absolutely possible. If we make a mistake, we'll own it. Always.

However, on balance, this signal tends to demonstrate the seriousness with which you approach the issue and our community. If leaning on the side of safety means an occasional false positive, that's a price worth paying.

Tell your friends. Mess around with the single field we ask for ...

2026-04-24T18:05:47Z

Tell your friends. Mess around with the single field we ask for during onboarding, and we will toss you. If you don't take this seriously, we have no reason to expect you to respect our community's safety.

We've been on a tear adding new sources to our RSS ...

2026-04-23T17:39:38Z

We've been on a tear adding new sources to our RSS aggregator! All the cyber news that's fit to print, in one place: https://news.ifin.network

Bitwarden's CLI NPM package was hijacked and used to spread ...

2026-04-23T15:08:31Z

Bitwarden's CLI NPM package was hijacked and used to spread credential stealer malware. This is related to the previous Checkmarx compromise.

We'll be updating this thread as always with new information. Come join the effort!

https://discourse.ifin.network/t/teampcp-campaign-spreads-to-npm-via-a-hijacked-bitwarden-cli/305

The best time to block api.telegram[.]org was like, I dunno, five ...

2026-04-22T15:25:32Z

The best time to block api.telegram[.]org was like, I dunno, five years ago? The second best time to do it is now.

Seriously. Cross that one off the easy wins list today.

#ThreatIntel #ThreatIntelligence #IFIN

RE: https://infosec.exchange/@ifin/116432853020620365 Thanks to ...

2026-04-21T16:58:33Z

RE: https://infosec.exchange/@ifin/116432853020620365

Thanks to some excellent reporting from Infostealers by Hudson Rock, we know a context[.]ai employee was seeking Roblox cheats when they got hit with LummaStealer, leading to the initial breach which impacted Vercel.

https://discourse.ifin.network/t/vercel-confirms-breach-as-hackers-claim-to-be-selling-stolen-data/293/7

quoting
note1v6v…k8zn

We're actively tracking developments here: https://discourse.ifin.network/t/vercel-confirms-breach-as-hackers-claim-to-be-selling-stolen-data/293

What a hassle! We'll look into it. Apologies for the ...

2026-04-21T14:27:01Z

In reply to nevent1q…zvsy
_________________________

What a hassle! We'll look into it. Apologies for the inconvenience!
Fritz Adalis (npub1kp7…rszc) Rob Carlson (npub1v9r…d02r)

Today we're talking about another (???) issue in the Cursor ...

2026-04-20T19:08:26Z

Today we're talking about another (???) issue in the Cursor AI IDE. Well actually it's two issues, one of which is simple command injection; the other is takeover via Dev tunnels. Don't know what dev tunnels are? Come find out—then block them with extreme prejudice.

https://discourse.ifin.network/t/cursors-remote-tunnel-capability-is-vulnerable-to-malicious-prompt-injection/295

#IFIN #ThreatIntel #ThreatIntelligence

#Vercel update. We now know, thanks to Vercel's CEO, that the ...

2026-04-20T12:16:39Z

#Vercel update. We now know, thanks to Vercel's CEO, that the compromise came by way of the context[.]ai Office Suite, using OAuth tokens collected from a breach last month. Details here:

https://discourse.ifin.network/t/vercel-confirms-breach-as-hackers-claim-to-be-selling-stolen-data/293/6

We're actively tracking developments here: ...

2026-04-19T18:45:44Z

In reply to nevent1q…2v3j
_________________________

We're actively tracking developments here: https://discourse.ifin.network/t/vercel-confirms-breach-as-hackers-claim-to-be-selling-stolen-data/293

#Vercel customers: don't wait. Proactively rotate keys, ...

2026-04-19T17:46:34Z

#Vercel customers: don't wait. Proactively rotate keys, passwords and environment variables ASAP.

https://vercel.com/kb/bulletin/vercel-april-2026-security-incident

Thanks so much for including us! @npub1ljm…w8tm ...

2026-04-18T11:47:39Z

In reply to nevent1q…q7p7
_________________________

Thanks so much for including us!
jonny (good kind) (npub1ljm…w8tm) Lenny Zeltser (npub1n7z…jm2n) Fractal Kitty (npub1ur9…v3q2) ploum (npub18ak…untn) [@otterlove](https://mastodon.art/@otterlove ) Max Leibman (npub1388…sxrr) Hyde 📷 🖋 :debian: (npub1jjw…2z5l) Naty (npub1xhj…hq9k) Taggart :ifin: (npub1yg8…ccz0) readbeanicecream (npub1c99…ljas) Joel :casio: :blobcatderpy: (npub1x74…ruph) Taran Rampersad (npub1j33…55x2) Red 🟥 (npub1wp7…7eym) [@_elena](https://mastodon.social/@_elena ) Space Hobo (npub1c2u…zg55) Connected Places (npub1l2k…6m2l) gloriouscow (npub1dhl…ud8y) Nicolas Gouny (npub1090…cff7)

Proud of you bb

2026-04-18T00:26:55Z

In reply to nevent1q…nca2
_________________________

Proud of you bb

After working on it a bit, we have a fix for a recent #ClickFix ...

2026-04-16T01:05:08Z

After working on it a bit, we have a fix for a recent #ClickFix attack against #macOS that leverages AppleScript. Here's the writeup, and a link to the forum thread!

https://ifin-intel.org/blog/applescript/

#ThreatIntel #ThreatIntelligence #IFIN

Well well well, would you look at that ...

2026-04-15T04:33:44Z

Well well well, would you look at that

https://discourse.ifin.network/t/activitypub-test/271/1

Following up on an excellent blog post we discovered (linked in ...

2026-04-14T17:13:23Z

Following up on an excellent blog post we discovered (linked in thread), we dug a little deeper on a recent #WordPress plugin compromise. We have more IoCs for you, and what we believe to be a use of the blockchain for an initial access auction for the plugin install base.

https://discourse.ifin.network/t/someone-bought-30-wordpress-plugins-and-planted-a-backdoor-in-all-of-them/265/8

#ThreatIntel #ThreatIntelligence #ThreatHunting #IFIN

CISA is claiming that #Iran is once again targeting Programmable ...

2026-04-13T19:21:03Z

CISA is claiming that #Iran is once again targeting Programmable Logic Controllers (PLCs), similar to efforts in 2024. Has anyone seen recent evidence of this? None was provided from CISA, and we'd love independent confirmation.

We ask for preferred pronouns when you register. We do this so ...

2026-04-11T14:56:14Z

We ask for preferred pronouns when you register. We do this so everyone can address you how you wish. But it's also a signal of how you'll treat others.

We just rejected a forum account application because of joke pronouns. That is such a low barrier and if you don't take it seriously, we have no confidence you'll treat our community members with respect.

RE: https://infosec.exchange/@cR0w/116052391841771930 Come gather ...

2026-04-10T21:04:23Z

RE: https://infosec.exchange/@cR0w/116052391841771930

Come gather round. We'll tell stories together for free.
nostr:note17teqm8m359cjtwf6qcafdl02c44l94j5k02ypkylgjsf9savh4gq2e9am9

CPUID downloads were temporarily compromised earlier today. We ...

2026-04-10T13:49:31Z

CPUID downloads were temporarily compromised earlier today. We have a thread compiling analysis and IoCs for you to investigate:

https://discourse.ifin.network/t/hwmonitor-download-compromised/249

#ThreatIntel #IFIN #ThreatIntelligence

:ablobcatpopcorn:

2026-04-09T16:20:46Z

In reply to nevent1q…qp6w
_________________________

:ablobcatpopcorn:

This right here? This is a huge part of why we exist. It's ...

2026-04-09T13:09:12Z

This right here?

This is a huge part of why we exist. It's time to trust in each other for our mutual protection, because nobody is coming to save us.

https://www.securityweek.com/white-house-seeks-to-slash-cisa-funding-by-707-million/

So, how this works is:<li>Our community finds something ...

2026-04-08T19:09:36Z

In reply to nevent1q…ch6q
_________________________

So, how this works is:<li>Our community finds something interesting</li><li>We make a thread</li><li>We investigate together</li><li>The data <u>remains searchable</u> for future reference</li><li>We all win</li>

Come join us!

Looks like we have a live one here. Weird Rust maintainer ...

2026-04-08T18:53:37Z

Looks like we have a live one here. Weird Rust maintainer phishing campaign using crates[.]ws:

https://discourse.ifin.network/t/bizarre-crates-io-phishing-campaign/232

I've been trying to think of a way to describe our ...

2026-04-07T19:05:27Z

In reply to nevent1q…g55t
_________________________

I've been trying to think of a way to describe our relationship and this is pretty much flawless.

IFIN :rainbow_heart: GAYINT (npub1ezn…nyq3)

CISA just published an advisory about IRGC activity against ...

2026-04-07T18:35:33Z

CISA just published an advisory about IRGC activity against Rockwell/Allen-Bradley PLCs. This is a return to form for IRGC, following patterns observed in 2023.

https://discourse.ifin.network/t/iran-conflict-cyber-threat-activity/145/25

Folks here will probably be interested in our AI policy: > ...

2026-04-07T17:30:23Z

Folks here will probably be interested in our AI policy:

> With so many downside risks, and with such dubious benefit to usage, the choice for IFIN is clear: we choose not to participate in the toxic cult of generative AI. Our published material and code are not produced with these models.

https://ifin-intel.org/policies/ai/

Haha insta-hugged. Standby!

2026-04-07T15:48:30Z

In reply to nevent1q…xwed
_________________________

Haha insta-hugged. Standby!

And our first contribution: here is our thread on currently ...

2026-04-07T15:45:24Z

And our first contribution: here is our thread on currently tracked #Iran-based cyber threat activity, including motivations and targeting information.

https://discourse.ifin.network/t/iran-conflict-cyber-threat-activity/145/23

Hello, world! We are IFIN, the Independent Federated Intelligence ...

2026-04-07T15:31:14Z

Hello, world!

We are IFIN, the Independent Federated Intelligence Network, and we want to change how threat intelligence is done.

We believe we're all safer when we share what we know. Come learn more and join us!

https://ifin-intel.org/blog/hello/

#ThreatIntel #ThreatIntelligence #Cybersecurity #Infosec