Exclusive: US investigation points to likely US responsibility in Iran school strike, sources say U.S. military investigators believe it is likely that U.S. forces were responsible for an apparent ​strike on an Iranian girls' school that killed scores of children on Saturday but have not yet reach...

www.reuters.com/world/middle...

Glad that Spain made a stand against this nonsense. The moment of truth for the EU. Let’s see if there is any sovereignty left, or if the only way forward is being a bunch of pathetic US vassals.

Cyber-Physical Attacks on Nuclear Safeguards (II) | Ruben Santamarta In the first part, I provided an introduction and context on the cyber-physical aspects of mechanisms to detect and deter nuclear proliferation. In this second part, I will continue introducing the ph...

www.linkedin.com/posts/rubens...

If that wasn’t the case before, at this point in history you have to be medically stupid to believe any kind of rhetoric coming from the U.S. government.

Cyberattack Targeting Poland’s Energy Grid Used a Wiper A cyberattack that targeted power plants and other energy producers in Poland at the end of December used malware known as a “wiper” that was intended to erase computers and cause a power outage and o...

Exclusive: A cyberattack targeting Poland's energy infrastructure in December used wiper malware that would have erased grid computers and rendered them inoperable had it not been thwarted, a researcher at @ESET told me. The researcher calls the attack "unprecedented" for Poland and "substantial"

The cyberattack targeting Poland's Distributed Energy Resources (DER) was a sophisticated operation, showing patterns consistent with the infamous Industroyer malware family. Of the possible scenarios, I believe this is the worst.

www.linkedin.com/posts/rubens...

What happened in Poland? Part II Based on additional details I've been collecting, it appears the cyberattack was indeed real, probably more sophisticated than expected, and, to be honest, both interesting and concerning. Introductio...

www.linkedin.com/pulse/what-h...

What happened in Poland? (Part I) | Ruben Santamarta The Polish government announced that Russia is behind a "first-of-its-kind" cyberattack on Poland's Distributed Energy Resources (DERs). If you're a regular reader, that will probably ring a bell abou...

www.linkedin.com/posts/rubens...

Signal’s Censorship Circumvention is susceptible to AiTM attacks TL;DR This post describes the conditions and technical details that enable Adversary-in-The-Middle (AiTM) attacks against Signal when Cens...

I've just published "Signal's Censorship Circumvention is susceptible to AiTM attacks".
It is possible to carry out Adversary-in-The-Middle (AiTM) attacks against Signal when Censorship Circumvention is enabled, but E2EE layer is not affected. www.reversemode.com/2026/01/sign...

“The failed attack aimed to disrupt the communication between renewable installations and the power distribution operators”

2026: Time to Update our Threat Model Capabilities remain, but intentions can shift overnight…the significance of this basic idea behind any defense strategy has become very real in recent days. For anyone who might be interested, in this...

For anyone who might be interested, in this post I’ll share my updated approach to cyber-physical security research for this year (and likely for the years ahead), from the perspective of a European citizen and independent researcher. www.linkedin.com/pulse/2026-t...

Fucking fascists

Hacktivist deletes white supremacist websites live on stage during hacker conference | TechCrunch A hacker known as Martha Root broke in and deleted three white supremacists websites at the end of a talk during the annual hacker conference Chaos Communication Congress in Germany.

NEW: A hacktivist dressed as Pink Ranger from the Power Rangers wiped three white supremacist websites on stage at the end of a talk at a hacker conference.

The hacker also published users’ data on the website okstupid.lol.

The three sites are still down, a week after the live hack.

defrag.exe

Un navire infecté par un logiciel-espion au cœur d’une mystérieuse enquête pour espionnage en France EXCLUSIF. Un ressortissant letton a été mis en examen et écroué dimanche à Paris dans le cadre d’une inquiétante enquête pilotée par la DGSI

Yesterday, French newspaper LeParisien published an interesting story "A ship infected with spyware is at the heart of a mysterious espionage investigation in France." www.leparisien.fr/faits-divers...

So, in case you haven’t heard, a recent upset of an A320:
avherald.com/h?article=52...
Was traced back to, of all things, solar flares disrupting an onboard system:
avherald.com/files/AOT-A2...
The fix is a software patch on most of the 6000 affected aircraft, but it still takes 3 hours to complete

Cyber-Physical Attacks on Nuclear Safeguards (I) | Ruben Santamarta In these series of posts, I will explore the cyber-physical perspective of nuclear safeguards and detail some real-world vulnerabilities I identified during my research.

www.linkedin.com/posts/rubens...

Exclusive: Apple alerts exploit developer that his iPhone was targeted with government spyware A developer at Trenchant, a leading Western spyware and zero-day maker, was suspected of leaking company tools and fired. Weeks later, Apple notified him that his personal iPhone was targeted with spy...

SCOOP: A man who worked on developing hacking and surveillance tools for defense contractor L3Harris Trenchant was notified by Apple that his iPhone was targeted with mercenary spyware.

The developer believes he was targeted after he was wrongly accused of leaking zero-days developed by Trenchant.

What happened at Iberdrola's 'Núñez de Balboa' PV Power Plant? The "mystery" of what happened at the "Núñez de Balboa" photovoltaic power plant is, to this day, one of the most significant unresolved q...

www.reversemode.com/2025/10/what...

The innocuous but interesting case of Signal’s UNENCRYPTED_FOR_TESTING username A couple of months ago I spent some time reading code from Signal (libsignal, Android/iOS apps, server, etc.) and came across some interesti...

www.reversemode.com/2025/10/the-...

The US Secret Service just saved the world from 80 millions of Antifa SIMs that were about to turn unvaccinated people trans via 5G.

États-Unis : quand la lutte antimigrants s'arme de logiciels espions Un contrat de deux millions de dollars a été conclu entre l'ICE, l’agence américaine de contrôle de l’immigration, et Paragon, éditeur sulfureux de logiciels espions ultraperfectionnés. Le bras armé…

I’ve been talking about Paragon and ICE with @france24.com www.france24.com/fr/%C3%A9co-... (french)

Was Von Der Leyen’s Plane the Target of a GPS Jamming Attack? Yesterday, the Financial Times reported that the EU Chief's plane had been the target of a GPS jamming attack while approaching Plovdiv Airport in Bulgaria. However, certain technical details continue...

Was Von Der Leyen’s Plane the Target of a GPS Jamming Attack? I spoke with some of them to gain a clearer understanding of the incident…
www.linkedin.com/pulse/von-de...

Cyberattack against Iranian Vessels' SATCOM systems Lab Dookhtegan, a self-proclaimed 'hacktivist' group, has conducted a destructive attack against the SATCOM terminals of numerous Iranian vessels, disabling this critical communication link on 39 tank...

Cyberattack against Iranian Vessels' SATCOM systems www.linkedin.com/pulse/cybera...

Coincidentally, Romania’s Cernavoda Nuclear Power Plant suffered an automatic shutdown that infamous day. One year later, that remains the only Cernavoda reactor trip event in recent years for which the operator has never published a root cause.

Wild story. It feels like the hacker didn’t hack their way in, but rather paid their way in.

El tema es que 90 minutos antes del apagón, a las 11:00 sin oscilaciones en ese momento, se perdieron 1.2 GW en 10 minutos, de autoconsumo y < 1MW. Y la falta de datos no ha permitido investigar la causa segun los informes oficiales.

Está visto que la observabilidad del autoconsumo es mejorable

Hola Paco, soy Ruben. El interes no son las mediciones sino cómo reaccionó el inversor. Por eso pido logs de error del inversor o cualquier tipo de alarma que saltara durante esas horas.

A new Cyber-Physical Angle in Spain’s Blackout Just a few days ago, a reliable but anonymous source shared with me telemetry data from the day of the blackout, covering thousands of solar...

Just a few days ago, a reliable but anonymous source shared with me telemetry data from the day of the blackout, covering thousands of solar inverters deployed across Spain. www.reversemode.com/2025/06/a-ne...