Red Siege
LightNews LightNews
banner
redsiege.com
Red Siege
@redsiege.com
930 followers 58 following 560 posts
Penetration Testing, Purple Team, Red Team & Adversary Emulation.
Let our Offense, Prepare your Defense. https://redsiege.com

#weareoffensive
Posts Replies Media Videos
Pinned
redsiege.com
Red Siege @redsiege.com · Aug 12
Offense for Defense is now On-Demand: Brought to you by CEO @timmedin.bsky.social and Security Consultant Jason Downey 🔗 training.redsiege.com

Your Lab, On Your Time

0️⃣ Zero setup. Total control.
🏰 Built for defenders who want to think like attackers
🖥️ No virtual machines. No VPNs. No downloads.
redsiege.com
Researchers found 27 flaws in major cloud password managers, enabling vault compromise and challenging zero-knowledge encryption claims.

via Infosecurity Magazine

www.infosecurity-magazine.com/news/vulnera...

#hacking #infosec #cybersecurity
Vulnerabilities in Password Managers Allow Hackers to Change Passwords
Security researchers have challenged end-to-end encryption claims from popular commercial password managers
www.infosecurity-magazine.com
February 16, 2026 at 9:47 PM
redsiege.com
New ClickFix variant abuses DNS/nslookup to fetch and run PowerShell malware via DNS responses, evading detection and deploying ModeloRAT.

via @bleepingcomputer.com

www.bleepingcomputer.com/news/securit...

#hacking #infosec #cybersecurity
New ClickFix attack abuses nslookup to retrieve PowerShell payload via DNS
Threat actors are now abusing DNS queries as part of ClickFix social engineering attacks to deliver malware, making this the first known use of DNS as a channel in these campaigns.
www.bleepingcomputer.com
February 16, 2026 at 6:06 PM
redsiege.com
Here's what we've got coming up!

#hacking #infosec #cybersecurity
February 16, 2026 at 2:33 PM
Reposted by Red Siege
hardwaterhacker.bsky.social
While I generally use this account for photography, I get to hack stuff for @redsiege.com for a living. I had a great time teaching and speaking @wildwesthackinfest.bsky.social this week. Thanks @bhinfosecurity.bsky.social for hosting another wonderful event! See y’all again in Deadwood!
February 14, 2026 at 8:13 PM
redsiege.com
Wake up, it's Wednesday! On today's Wednesday Offensive we have our Security Consultant Jason Downey talking about the evolution of pentesting- why certain test types don't cut it anymore and what gives more value going forward.

See you at 130pm ET 🔗 redsiege.com/wedoff
February 11, 2026 at 2:37 PM
redsiege.com
Denverrrrrrrrrr! We have arrived!

The fun is just getting started today with pre-con training, check out our full offensive guide to Wild West Hackin' Fest Mile High 🔗 redsiege.com/wwhfmilehigh26

We'll see y'all soon 😎 🤠

#hacking #infosec #cybersecurity #wwhf
February 10, 2026 at 2:57 PM
redsiege.com
BeyondTrust disclosed a critical pre-auth RCE flaw (CVE-2026-1731) in its Remote Support and Privileged Remote Access products that lets unauthenticated attackers execute OS commands remotely.

via @bleepingcomputer.com

www.bleepingcomputer.com/news/securit...

#hacking #infosec #cybersecurity
BeyondTrust warns of critical RCE flaw in remote support software
BeyondTrust warned customers to patch a critical security flaw in its Remote Support (RS) and Privileged Remote Access (PRA) software that could allow unauthenticated attackers to execute arbitrary co...
www.bleepingcomputer.com
February 9, 2026 at 6:08 PM
redsiege.com
Here's what we've got coming up!

Tomorrow we kick things off with pre-con training at @wildwesthackinfest.bsky.social Mile High

Then it’s full send the rest of the week: talks, workshops, and top-tier booth hangs with the Red Siege squad.

#hacking #infosec #cybersecurity #wwhf
February 9, 2026 at 3:03 PM
redsiege.com
Helping defenses train like it's the Super Bowl, day in and day out.

#hacking #infosec #cybersecurity
February 6, 2026 at 2:44 PM
redsiege.com
Senior Security Consultant Douglas Berdeaux breaks down the best process for incorporating penetration testing into the Software Development Life Cycle in this blog 🔗 redsiege.com/sdlcpentesting

#hacking #infosec #cybersecurity #sdlc
February 5, 2026 at 8:02 PM
redsiege.com
Mind blowing discussion and demonstration today from Travis Weathers and Ralph May of their ATLAS app. (link in comments) We thank you x1000000 for your time!

We'll see y'all next week 🔗 redsiege.com/wedoff

#hacking #infosec #cybersecurity
February 4, 2026 at 7:20 PM
redsiege.com
It's midweek! Time for the 2nd Best Show on the Internet- The Wednesday Offensive! Today we have Travis Weathers and Ralph May talking about physical security and ATLAS.

See you at 130pm ET 🔗 redsiege.com/wedoff

#hacking #infosec #cybersecurity
February 4, 2026 at 2:32 PM
redsiege.com
Get your Red Siege training at @wildwesthackinfest.bsky.social Mile High! Our CEO @timmedin.bsky.social will be teaching "Penetration Testing: Beyond the Basics".

Register now 🔗 www.antisyphontraining.com/product/pene...

#hacking #infosec #cybersecurity #training #wwhf
February 3, 2026 at 2:55 PM
redsiege.com
"This ain't good." -Security Consultant Jason Downey

via @thehackernews.bsky.social

#hacking #infosec #cybersecurity

thehackernews.com/2026/02/note...
thehackernews.com
February 2, 2026 at 9:15 PM
redsiege.com
Here's what we have coming up!

#hacking #infosec #cybersecurity
February 2, 2026 at 6:44 PM
redsiege.com
Marquis says its August 2025 ransomware attack hit banks after hackers used SonicWall cloud backup data stolen via MySonicWall, not an unpatched firewall, and may seek damages.

via @bleepingcomputer.com

#hacking #infosec #cybersecurity

www.bleepingcomputer.com/news/securit...
Marquis blames ransomware breach on SonicWall cloud backup hack
Marquis Software Solutions, a Texas-based financial services provider, is blaming a ransomware attack that impacted its systems and affected dozens of U.S. banks and credit unions in August 2025 on a ...
www.bleepingcomputer.com
February 2, 2026 at 6:42 PM
redsiege.com
Together we break, together we fix.

#iamoffensive #weareoffensive #hacking #infosec #cybersecurity
January 30, 2026 at 2:41 PM
redsiege.com
Fortinet confirmed a critical zero-day (CVE-2026-24858) enabling FortiCloud SSO login bypass. Active attacks led Fortinet to temporarily disable SSO and urge immediate patching.

via @darkreading.bsky.social

www.darkreading.com/vulnerabilit...

#hacking #infosec #cybersecurity
Fortinet Confirms New Zero-Day Behind Malicious SSO Logins
To stop the ongoing attacks, the cybersecurity vendor took the drastic step of temporarily disabling FortiCloud single sign-on (SSO) authentication.
www.darkreading.com
January 29, 2026 at 7:29 PM
redsiege.com
Security researchers are warning that insecure deployments of Moltbot (formerly Clawdbot), can expose sensitive data including API keys, OAuth tokens, credentials, and full conversation histories.

via @bleepingcomputer.com

www.bleepingcomputer.com/news/securit...
Viral Moltbot AI assistant raises concerns over data security
Security researchers are warning of insecure deployments in enterprise environments of the Moltbot (formerly Clawdbot) AI assistant, which can lead to leaking API keys, OAuth tokens, conversation hist...
www.bleepingcomputer.com
January 29, 2026 at 2:31 PM
Reposted by Red Siege
wildwesthackinfest.bsky.social
We would like to thank @redsiege.com for being a Gold Sponsor for Wild West Hackin' Fest @ Mile High 2026! We are very grateful for your support! Be sure to check out all their services here: redsiege.com
#WWHF #MileHigh2026
January 28, 2026 at 2:22 PM
redsiege.com
Thank you @chriselgee.bsky.social e for another fantastic discussion! Next week we got Travis Weathers and Ralph May talkin about physical security and Atlas!

Join us next time 🔗 redsiege.com/wedoff

#hacking #infosec #cybersecurity
January 28, 2026 at 7:29 PM
redsiege.com
It's midweek! Time for The Wednesday Offensive! Today we have @chriselgee.bsky.social talking about all things cybersecurity training exercises: ranges, CTFs, red vs blue, etc

See you at 130pm ET 🔗 redsiege.com/wedoff

#hacking #infosec #cybersecurity
January 28, 2026 at 2:44 PM
redsiege.com
We’re two weeks away from Red Siege riding into Wild West Hackin'​ Fest Mile High!

Check out our full conference guide and start gearing up.

We’ll see you in Denver!

🔗 redsiege.com/wwhfmilehigh26

#hacking #infosec #cybersecurity #training #wwhf
January 27, 2026 at 2:47 PM
redsiege.com
Researchers warn npm’s post–Shai-Hulud defenses can be bypassed via Git dependencies, enabling code execution despite protections. Flaws affect multiple JS tools; npm disputes the risk.

via @bleepingcomputer.com

www.bleepingcomputer.com/news/securit...

#hacking #infosec #cybersecurity
Hackers can bypass npm’s Shai-Hulud defenses via Git dependencies
The defense mechanisms that NPM introduced after the 'Shai-Hulud' supply-chain attacks have weaknesses that allow threat actors to bypass them via Git dependencies.
www.bleepingcomputer.com
January 26, 2026 at 9:43 PM
redsiege.com
ReliaQuest reports a LinkedIn DM phishing campaign targeting executives and IT admins, abusing trust and a legitimate open-source penetration testing tool to sideload a RAT via a fake PDF reader.

via Infosecurity Magazine

www.infosecurity-magazine.com/news/linkedi...
LinkedIn Phishing Campaign Exploits Open-Source Pen Testing Tool
Cybersecurity Researchers at ReliaQuest warn of an ongoing campaign delivered to “high-value individuals” via LinkedIn messages
www.infosecurity-magazine.com
January 26, 2026 at 6:03 PM