Targeted password-spray using DonPAPI-derived wordlists, delay+jitter controls, NetExec integration and secretsdump NT-hash comparison for authorized AD testing. #tool #passwordspray #ActiveDirectory https://bit.ly/3Lwv9eS
November 9, 2025 at 7:33 PM
Targeted password-spray using DonPAPI-derived wordlists, delay+jitter controls, NetExec integration and secretsdump NT-hash comparison for authorized AD testing. #tool #passwordspray #ActiveDirectory https://bit.ly/3Lwv9eS
OWASP Top 10:2025 RC1: Broken Access Control remains #1 (3.73% of apps; SSRF moved into A01). Security Misconfiguration rose to #2 (3.00%). New A03 Software Supply Chain Failures shows high CVE impact but limited detections. #OWASP #AppSec #SupplyChain https://bit.ly/4ouiA2a
November 9, 2025 at 7:30 PM
OWASP Top 10:2025 RC1: Broken Access Control remains #1 (3.73% of apps; SSRF moved into A01). Security Misconfiguration rose to #2 (3.00%). New A03 Software Supply Chain Failures shows high CVE impact but limited detections. #OWASP #AppSec #SupplyChain https://bit.ly/4ouiA2a
LANDFALL: commercial Android spyware delivered via malformed DNG exploiting CVE-2025-21042 on Samsung Galaxy; active mid‑2024 until patched Apr 2025; capabilities included mic recording, location, photos, contacts. #LANDFALL #CVE-2025-21042 #Android https://bit.ly/47sVfbi
November 8, 2025 at 10:18 AM
LANDFALL: commercial Android spyware delivered via malformed DNG exploiting CVE-2025-21042 on Samsung Galaxy; active mid‑2024 until patched Apr 2025; capabilities included mic recording, location, photos, contacts. #LANDFALL #CVE-2025-21042 #Android https://bit.ly/47sVfbi
E-book maps five generative AI threats to SOCs, noting telemetry blind spots, prompt injection and model misuse that can enable data exfiltration. Guidance emphasizes detection, model monitoring and governance. #generative_ai #SOC #AIsecurity https://bit.ly/3JBzfSu
November 7, 2025 at 8:31 PM
E-book maps five generative AI threats to SOCs, noting telemetry blind spots, prompt injection and model misuse that can enable data exfiltration. Guidance emphasizes detection, model monitoring and governance. #generative_ai #SOC #AIsecurity https://bit.ly/3JBzfSu
Generative AI + exported IDA data enabled static reverse engineering of XLoader 8.0; researchers used ChatGPT cloud analysis plus MCP-driven runtime key extraction to recover decrypted strings and hidden C2 domains. #xloader #ChatGPT #malwareanalysis https://bit.ly/47PuRY1
November 7, 2025 at 8:12 PM
Generative AI + exported IDA data enabled static reverse engineering of XLoader 8.0; researchers used ChatGPT cloud analysis plus MCP-driven runtime key extraction to recover decrypted strings and hidden C2 domains. #xloader #ChatGPT #malwareanalysis https://bit.ly/47PuRY1
GTIG finds first "just-in-time" AI malware using LLMs mid-execution (PROMPTFLUX, PROMPTSTEAL) to generate code and evade detection; Gemini abused for phishing lures and C2 development. #AIThreats #PROMPTFLUX #Gemini https://bit.ly/3Lr8gJP
November 7, 2025 at 8:05 PM
GTIG finds first "just-in-time" AI malware using LLMs mid-execution (PROMPTFLUX, PROMPTSTEAL) to generate code and evade detection; Gemini abused for phishing lures and C2 development. #AIThreats #PROMPTFLUX #Gemini https://bit.ly/3Lr8gJP
NoMoreStealer hooks IRP_MJ_CREATE in a Windows kernel minifilter to block access to browser and wallet folders; uses hardcoded protected paths and shared-memory notifications to a Wails frontend. Demo trust model is filename-based. #tool #kernel #windows https://bit.ly/4ouT5hx
November 7, 2025 at 7:44 PM
NoMoreStealer hooks IRP_MJ_CREATE in a Windows kernel minifilter to block access to browser and wallet folders; uses hardcoded protected paths and shared-memory notifications to a Wails frontend. Demo trust model is filename-based. #tool #kernel #windows https://bit.ly/4ouT5hx
Event ID 1149 in Microsoft-Windows-Terminal-Services-RemoteConnectionManager shows a successful RDP network connection (login UI served), not credential acceptance. Logs organized as: network→auth→logon→disconnect→logoff. #RDP #DFIR #EventID1149 https://bit.ly/4hQSNPm
November 7, 2025 at 1:26 PM
Event ID 1149 in Microsoft-Windows-Terminal-Services-RemoteConnectionManager shows a successful RDP network connection (login UI served), not credential acceptance. Logs organized as: network→auth→logon→disconnect→logoff. #RDP #DFIR #EventID1149 https://bit.ly/4hQSNPm
Containers are ephemeral but vulnerabilities persist; the piece lists five lifecycle controls: build hygiene, image scanning and SBOMs, minimal images, runtime policy enforcement, and continuous monitoring. #containers #sbom #security https://bit.ly/4oR41Wd
November 6, 2025 at 4:30 PM
Containers are ephemeral but vulnerabilities persist; the piece lists five lifecycle controls: build hygiene, image scanning and SBOMs, minimal images, runtime policy enforcement, and continuous monitoring. #containers #sbom #security https://bit.ly/4oR41Wd
Forecast: adversaries will normalize AI use, increasing prompt injection and AI‑driven vishing with voice cloning. Expect ransomware + data extortion and attacks targeting virtualization infrastructure. #AI #promptinjection #ransomware https://bit.ly/43X22HU
November 6, 2025 at 1:47 PM
Forecast: adversaries will normalize AI use, increasing prompt injection and AI‑driven vishing with voice cloning. Expect ransomware + data extortion and attacks targeting virtualization infrastructure. #AI #promptinjection #ransomware https://bit.ly/43X22HU
Missing Windows Security 4624 left a host blind for the Oct 1, 2025 incident; last 4624 logged Sep 13, 4776 present, audit policy change suspected — lateral access inferred. #incidentresponse #windows_security https://bit.ly/3XciCzN
November 6, 2025 at 12:40 PM
Missing Windows Security 4624 left a host blind for the Oct 1, 2025 incident; last 4624 logged Sep 13, 4776 present, audit policy change suspected — lateral access inferred. #incidentresponse #windows_security https://bit.ly/3XciCzN
Hands‑on IR simulator with 70+ real cases from Standoff cyberbattles; provides reconstructed kill chains, logs and traffic dumps in isolated virtual environments for analyst practice. #incidentresponse #cybertraining #bookmark https://bit.ly/3LfzlzL
November 4, 2025 at 5:30 PM
Hands‑on IR simulator with 70+ real cases from Standoff cyberbattles; provides reconstructed kill chains, logs and traffic dumps in isolated virtual environments for analyst practice. #incidentresponse #cybertraining #bookmark https://bit.ly/3LfzlzL
Rhysida runs Bing malvertising to push fake installers (Teams, PuTTy) delivering OysterLoader; samples are packed and code-signed for low VT detections and persistent backdoor delivery. #Rhysida #malvertising #OysterLoader https://bit.ly/3WA83X9
November 4, 2025 at 5:25 PM
Rhysida runs Bing malvertising to push fake installers (Teams, PuTTy) delivering OysterLoader; samples are packed and code-signed for low VT detections and persistent backdoor delivery. #Rhysida #malvertising #OysterLoader https://bit.ly/3WA83X9
Containers are ephemeral but vulnerabilities persist; the piece links Wazuh-based ransomware defense to five build-to-runtime practices for managing container risk at scale. #containers #wazuh #security https://bit.ly/492JppA
November 4, 2025 at 5:11 PM
Containers are ephemeral but vulnerabilities persist; the piece links Wazuh-based ransomware defense to five build-to-runtime practices for managing container risk at scale. #containers #wazuh #security https://bit.ly/492JppA
SesameOp backdoor uses the OpenAI Assistants API as a command-and-control channel, showing Assistants endpoints can be abused; e-book summarizes five generative AI threats and steps to bolster security. #OpenAI #SesameOp #AIsecurity https://bit.ly/3LkRNH6
November 4, 2025 at 5:06 PM
SesameOp backdoor uses the OpenAI Assistants API as a command-and-control channel, showing Assistants endpoints can be abused; e-book summarizes five generative AI threats and steps to bolster security. #OpenAI #SesameOp #AIsecurity https://bit.ly/3LkRNH6
CoSAI released AI Incident Response Framework v1.0: NIST-aligned lifecycle, focus on prompt injection, memory/context poisoning and model extraction; includes OASIS CACAO playbooks for RAG and MINJA response. #AIsecurity #IR #CoSAI https://bit.ly/43NuP1B
November 4, 2025 at 2:40 PM
CoSAI released AI Incident Response Framework v1.0: NIST-aligned lifecycle, focus on prompt injection, memory/context poisoning and model extraction; includes OASIS CACAO playbooks for RAG and MINJA response. #AIsecurity #IR #CoSAI https://bit.ly/43NuP1B
Catalog of adversary techniques that exploit people: detailed taxonomy covering phishing, pretexting, baiting and insider risks, plus methodology and permissive reuse license. #socialengineering #humanrisk #bookmark https://bit.ly/492JXM2
November 4, 2025 at 2:35 PM
Catalog of adversary techniques that exploit people: detailed taxonomy covering phishing, pretexting, baiting and insider risks, plus methodology and permissive reuse license. #socialengineering #humanrisk #bookmark https://bit.ly/492JXM2
P2P desktop transfer using iroh: end-to-end QUIC+TLS1.3, Blake3-verified streaming and resumable downloads; macOS unsigned builds may trigger Gatekeeper. #p2p #blake3 #tool https://bit.ly/49yc7P5
November 4, 2025 at 12:59 PM
P2P desktop transfer using iroh: end-to-end QUIC+TLS1.3, Blake3-verified streaming and resumable downloads; macOS unsigned builds may trigger Gatekeeper. #p2p #blake3 #tool https://bit.ly/49yc7P5
mcp-scanner detects prompt‑injection vectors and insecure agent behavior via LLM analysis; supports Cisco AI Defense, AWS Bedrock (Claude), OpenAI and Azure integrations. #tool #promptinjection #LLMsecurity https://bit.ly/4qDUnrO
November 3, 2025 at 7:31 PM
mcp-scanner detects prompt‑injection vectors and insecure agent behavior via LLM analysis; supports Cisco AI Defense, AWS Bedrock (Claude), OpenAI and Azure integrations. #tool #promptinjection #LLMsecurity https://bit.ly/4qDUnrO
High-accuracy OCR: Chandra outputs layout-preserving HTML/Markdown/JSON, handles handwriting, tables and forms, and supports local (HuggingFace) and remote (vLLM) inference modes. #ocr #chandra #tool https://bit.ly/4okXIKY
November 1, 2025 at 7:02 PM
High-accuracy OCR: Chandra outputs layout-preserving HTML/Markdown/JSON, handles handwriting, tables and forms, and supports local (HuggingFace) and remote (vLLM) inference modes. #ocr #chandra #tool https://bit.ly/4okXIKY
Google details Android’s layered anti‑scam stack: Play Protect app verification, Safe Browsing signals, and on‑device ML models to detect phishing and fraudulent apps. #android #MobileSecurity #PlayProtect https://bit.ly/3LC3g52
October 31, 2025 at 7:08 PM
Google details Android’s layered anti‑scam stack: Play Protect app verification, Safe Browsing signals, and on‑device ML models to detect phishing and fraudulent apps. #android #MobileSecurity #PlayProtect https://bit.ly/3LC3g52
Author bypassed NeuroShield (AI WAF) with ChatGPT-crafted payloads and exploited an overlooked API rate limit, enabling full account takeover. Key finding: AI defenses can be evaded by adversarially generated inputs. #AI #WAF #security https://bit.ly/4qUiHpJ
October 31, 2025 at 6:39 PM
Author bypassed NeuroShield (AI WAF) with ChatGPT-crafted payloads and exploited an overlooked API rate limit, enabling full account takeover. Key finding: AI defenses can be evaded by adversarially generated inputs. #AI #WAF #security https://bit.ly/4qUiHpJ
Aardvark (ChatGPT-5) auto-scans code, builds threat models, sandboxes exploits, and proposes patches. Reported 92% detection in golden repos and 10 CVEs assigned so far. #Aardvark #OpenAI #tool https://bit.ly/4nxZXJA
October 31, 2025 at 6:36 PM
Aardvark (ChatGPT-5) auto-scans code, builds threat models, sandboxes exploits, and proposes patches. Reported 92% detection in golden repos and 10 CVEs assigned so far. #Aardvark #OpenAI #tool https://bit.ly/4nxZXJA
Kerberos reflection using Ghost SPNs can lead to remote SYSTEM elevation (CVE-2025-58726). Default AD DNS registration and missing SMB signing enable the chain; Microsoft patched Oct 2025. #CVE202558726 #Kerberos #GhostSPN https://bit.ly/3LmOMpz
October 31, 2025 at 6:28 PM
Kerberos reflection using Ghost SPNs can lead to remote SYSTEM elevation (CVE-2025-58726). Default AD DNS registration and missing SMB signing enable the chain; Microsoft patched Oct 2025. #CVE202558726 #Kerberos #GhostSPN https://bit.ly/3LmOMpz
Skills in Claude are markdown files with YAML metadata, token‑efficient, and operate across Claude.ai, Claude Code, and the API. Key capabilities: Rube MCP integrations, Playwright test generation, Document Suite for Office/PDF. #tool #Claude #Playwright https://bit.ly/48Xwm8K
October 31, 2025 at 5:48 PM
Skills in Claude are markdown files with YAML metadata, token‑efficient, and operate across Claude.ai, Claude Code, and the API. Key capabilities: Rube MCP integrations, Playwright test generation, Document Suite for Office/PDF. #tool #Claude #Playwright https://bit.ly/48Xwm8K