Category: Security

Before the World Economic Forum 2026 kicks off in Davos, the global spotlight is once again turning to Switzerland. This not only for high‑level political and economic talks, but also for its exposure to cyber risks. In the past two years, pro‑Russian hacktivist groups like NoName057(16) have repeatedly used the WEF as a stage for DDoS campaigns against Swiss institutions, seeking attention rather than data theft, and there is every reason to assume that similar activities will attempt to ride on the media wave of WEF 2026.

Between July 14-17, police and cybersecurity agencies from multiple countries worked together to go after NoName057(16), a pro-Russian cybercrime network. The operation, called “Eastwood,” was coordinated by Europol and Eurojust. Authorities from 12 countries took action at the same time, targeting both the group’s members and their computer infrastructure. The main participating countries included the US, Germany, France, Italy, and several others across Europe. Eight additional countries provided support for the investigation, including Ukraine, Canada, and some Baltic nations. Two private cybersecurity organizations, ShadowServer and abuse.ch, also helped with the technical aspects.
The joint action represents the kind of international cooperation that’s become more common when dealing with cybercrime groups, particularly those with political ties. Law enforcement agencies have been increasingly working across borders to tackle these networks that operate internationally.

Now the big question is, was this the end of NoName057(16)?

It was visible that on witha.name, after July 18th, 2025, at 01:05, there was a lengthy and unusual gap in the updates of the configurations. As a result, the group’s operations were noticeably disrupted.

I’m a big fan of Tailscale ever since I heard about it. I connect my devices, but I always had an issue with not being able to route traffic for specific domains through the exit node. Something like split tunneling via the exit node. The main problem was that I just couldn’t find this feature, and LLMs sent me on a wild goose chase trying to achieve this with network hacks. None of them worked.

What I didn’t know is that this feature has existed for a while and is called App Connectors.

It’s official: the CA/Browser Forum has voted to approve Ballot SC-081v3, which will significantly reduce TLS certificate lifespans over the next few years. This is a major shift in the web security landscape that will affect millions of website operators.

I was trying to figure out how to sign PowerShell scripts with a self-signed certificate. This is a simple step-by-step guide on how you can provision your own certificate for testing and sign and verify PowerShell scripts.

If you plan to use a publicly trusted code signing certificate, this is however not the exact process as you should be using an HSM to secure your certificate.

This is a quick bit: I recently had to add a reCAPTCHA key to a website. However, the keys provided did not work directly and I saw the Invalid key type error.

ERROR for site owner: Invalid key type

In my case, this could be fixed by reissuing the key, switching from a version 3 key to a version 2 key.

Some considerations

A Large-Scale Real-World User Study of reCAPTCHAv2

A 2023 UC Irvine study titled “Dazed and Confused: A Large-Scale Real-World User Study of reCAPTCHAv2” revealed startling findings about Google’s reCAPTCHA system, suggesting it has become more of a data harvesting tool than an effective security measure. The research, which analyzed 3,600 users over 13 months, found that CAPTCHAs not only fail to prevent bot traffic effectively (with bots often outperforming humans), but have also collectively wasted an estimated 819 million hours of human time—equivalent to 1,182 lifetimes—while generating up to $888 billion in value for Google through tracking cookies and valuable AI training data. The study concluded that reCAPTCHA has essentially become “a tracking cookie farm for profit masquerading as a security service,” raising serious questions about the widespread use of this purported security tool.

• Studies show that CAPTCHA tests are ineffective against modern AI bots.
• Google uses reCAPTCHA v2 and v3 primarily for data collection.
• AI programs solve image puzzles with nearly 100% success rates.
• reCAPTCHA v3, with the “I’m not a robot” checkbox, is easily bypassed by bots.
• Users with VPNs or anonymized data are blocked more frequently than bots.
• The value of the data collected through CAPTCHAs is estimated at $888 billion.
• The study recommends eliminating reCAPTCHA v2 and similar systems.

I recently had to upgrade my Linux tiny VM from Ubuntu 23.04 to 24.04.1 LTS. However, as I waited too long, a simple do-release-upgrade no longer worked in January 2025.

An upgrade from 'lunar' to 'noble' is not supported with this tool.

On January 20-24, 2025, we have the World Economic Forum in Switzerland. Last year this caused various DDoS attacks on Swiss websites. If this year we see DDoS activity again is yet unknown. Being only days away from the forum taking place, we might soon see if Switzerland is again in focus of NoName057(16) or other actors.

Since the update to macOS Sequoia, you might encounter an error in your browser, specifically in Chrome, when trying to access a resource on your local network, such as a NAS, Plex, or anything else you host yourself.

ERR_ADDRESS_UNREACHABLE 

In the realm of website management and cybersecurity, effective communication regarding vulnerabilities is crucial. This is where security.txt comes into play an standard designed to simplify the process of reporting security issues.