tlansec
@tlansec.bsky.social
Threat Intel @volexity.com n stuff.
London, UK.
London, UK.
Reposted by tlansec
github.com/VirusTotal/y... - 1.11.0 is out! Lots of new features, modules and bug fixes. Read the release notes and congrats to Victor and the contributors!
Release v1.11.0 · VirusTotal/yara-x
Make the parser stricter (#502).
Implement dex module (#458).
Implement C api console log (#515).
Implement permhash for the crx module (#510).
Implement the imports() method for the Rules object i...
github.com
January 9, 2026 at 1:43 PM
github.com/VirusTotal/y... - 1.11.0 is out! Lots of new features, modules and bug fixes. Read the release notes and congrats to Victor and the contributors!
Reposted by tlansec
Microsoft is so fucking stupid.
Microsoft renamed Microsoft Office to Microsoft 365 Copilot App
I'm not joking
Microsoft renamed Microsoft Office to Microsoft 365 Copilot App
I'm not joking
January 5, 2026 at 5:31 PM
Microsoft is so fucking stupid.
Microsoft renamed Microsoft Office to Microsoft 365 Copilot App
I'm not joking
Microsoft renamed Microsoft Office to Microsoft 365 Copilot App
I'm not joking
Reposted by tlansec
Volexity Volcano Server & Volcano One v25.12.18 adds 300+ YARA rules, full parsing of Windows prefetch and Linux cron jobs, inline syscall hooking detection, and 5-level page table support. [1/3]
January 5, 2026 at 4:40 PM
Volexity Volcano Server & Volcano One v25.12.18 adds 300+ YARA rules, full parsing of Windows prefetch and Linux cron jobs, inline syscall hooking detection, and 5-level page table support. [1/3]
Reposted by tlansec
Narrator Voice: And so thousands of infosec people looking for relevance and attention logged into VirusTotal looking for samples uploaded from Venezuela in the last year.
January 4, 2026 at 11:32 PM
Narrator Voice: And so thousands of infosec people looking for relevance and attention logged into VirusTotal looking for samples uploaded from Venezuela in the last year.
Reposted by tlansec
finally, we're living through precedented times
January 4, 2026 at 6:56 AM
finally, we're living through precedented times
Reposted by tlansec
Some phishers have taken inspiration from Russian cyber-espionage group UTA0355 and are using a technique that tricks users into sharing their OAuth material in a web page (UAT0355 did it via email replies)
pushsecurity.com/blog/consent...
pushsecurity.com/blog/consent...
December 11, 2025 at 6:13 PM
Some phishers have taken inspiration from Russian cyber-espionage group UTA0355 and are using a technique that tricks users into sharing their OAuth material in a web page (UAT0355 did it via email replies)
pushsecurity.com/blog/consent...
pushsecurity.com/blog/consent...
everyone in the uk, internally hears: _OH DARLING HOLD MY HAND_
December 8, 2025 at 9:38 AM
everyone in the uk, internally hears: _OH DARLING HOLD MY HAND_
Reposted by tlansec
A study in the evolution of SVR cyberespionage tradecraft
December 6, 2025 at 7:07 PM
A study in the evolution of SVR cyberespionage tradecraft
Reposted by tlansec
@volexity.com tracks a variety of threat actors abusing Device Code & OAuth authentication workflows to phish credentials, which continue to see success due to creative social engineering. Our latest blog post details Russian threat actor UTA0355’s campaigns impersonating European security events.
Dangerous Invitations: Russian Threat Actor Spoofs European Security Events in Targeted Phishing Attacks
In early 2025, Volexity published two blog posts detailing a new trend among Russian threat actors targeting organizations through the abuse of Microsoft 365 OAuth and Device Code authentication workf...
www.volexity.com
December 4, 2025 at 6:36 PM
@volexity.com tracks a variety of threat actors abusing Device Code & OAuth authentication workflows to phish credentials, which continue to see success due to creative social engineering. Our latest blog post details Russian threat actor UTA0355’s campaigns impersonating European security events.
On the plus side, everytime there's a Cloudflare outage 1000s of threat actors around the world have their malware C2 go down for a few hours.
December 5, 2025 at 10:16 AM
On the plus side, everytime there's a Cloudflare outage 1000s of threat actors around the world have their malware C2 go down for a few hours.
I don't work for Insikit group.
December 5, 2025 at 10:03 AM
I don't work for Insikit group.
Reposted by tlansec
🎵🎶All I want for Christmas is… electrons 🎶🎵
November 21, 2025 at 3:09 PM
🎵🎶All I want for Christmas is… electrons 🎶🎵
Reposted by tlansec
Yara-x 1.10.0 released today! It can now automatically fix some warnings, and some improvements in code generation. This is another great step forward for the project.
github.com/VirusTotal/y...
github.com/VirusTotal/y...
Release v1.10.0 · VirusTotal/yara-x
New yr fix warnings command (#493).
Generate more efficient WASM code for some expressions, reducing the size of compiled rules (5efc214, a865681).
Improve the API for traversing the AST in DFS ord...
github.com
November 20, 2025 at 6:33 PM
Yara-x 1.10.0 released today! It can now automatically fix some warnings, and some improvements in code generation. This is another great step forward for the project.
github.com/VirusTotal/y...
github.com/VirusTotal/y...
Reposted by tlansec
Really digging this year’s CYBERWARCON logo
November 19, 2025 at 3:51 PM
Really digging this year’s CYBERWARCON logo
Reposted by tlansec
#PIVOTcon26 registration is now OPEN 🤟📷 #ThreatResearch #ThreatIntel 📷https://pivotcon.org
Please read carefully the whole 🧵 for the rules about invite -> registration (1/6)🌐
Please read carefully the whole 🧵 for the rules about invite -> registration (1/6)🌐
a man says where do i register in front of a woman
ALT: a man says where do i register in front of a woman
media.tenor.com
November 13, 2025 at 3:28 PM
#PIVOTcon26 registration is now OPEN 🤟📷 #ThreatResearch #ThreatIntel 📷https://pivotcon.org
Please read carefully the whole 🧵 for the rules about invite -> registration (1/6)🌐
Please read carefully the whole 🧵 for the rules about invite -> registration (1/6)🌐
Enhance your CyberChef experience with GeoCities mode!
November 13, 2025 at 8:42 PM
Enhance your CyberChef experience with GeoCities mode!
Reposted by tlansec
Remember NFTs? 😂😂😂😂😂😂😂
November 11, 2025 at 1:00 AM
Remember NFTs? 😂😂😂😂😂😂😂
Private jets don't pay fuel tax. Now I don't either.
YouTube video by Oli Frost
www.youtube.com
November 7, 2025 at 10:27 AM
Reposted by tlansec
At @ncsc.gov.uk we have just launched the CyberUK tech talks call for papers across three topics
- Cyber applications of AI
- What works: approaches that reduce cyber harm
- The evolving threat
www.cyberuk.uk/2026/call-fo...
- Cyber applications of AI
- What works: approaches that reduce cyber harm
- The evolving threat
www.cyberuk.uk/2026/call-fo...
Tech Talks - Call for Papers
www.cyberuk.uk
November 6, 2025 at 8:12 PM
At @ncsc.gov.uk we have just launched the CyberUK tech talks call for papers across three topics
- Cyber applications of AI
- What works: approaches that reduce cyber harm
- The evolving threat
www.cyberuk.uk/2026/call-fo...
- Cyber applications of AI
- What works: approaches that reduce cyber harm
- The evolving threat
www.cyberuk.uk/2026/call-fo...
Reposted by tlansec
my response to this is the loudest OK BRO you've ever heard in your life
Famed Russian spy hunter Christo Grozev claimed on this podcast four months ago that North Korea hacked the Democratic National Committee in 2016 and passed the info to Russia, which in exchange divulged access to Bangladesh Bank. 🤔 #infosec Passage at 13m 31s:
www.youtube.com/watch?v=dimh...
www.youtube.com/watch?v=dimh...
November 6, 2025 at 10:10 PM
my response to this is the loudest OK BRO you've ever heard in your life
Reposted by tlansec
New Iran drop from me tracking an attribution nightmare - UNK_SmudgedSerpent! A little Charming, a little Muddy, and a lot C5. Targeting policy experts with benign conversation starters, health-themed infra, OnlyOffice spoofs, and RMMs. Check out the full story www.proofpoint.com/us/blog/thre...
Crossed wires: a case study of Iranian espionage and attribution | Proofpoint US
Proofpoint would like to thank Josh Miller for his initial research on UNK_SmudgedSerpent and contribution to this report. Key findings Between June and August 2025,
www.proofpoint.com
November 5, 2025 at 1:37 PM
New Iran drop from me tracking an attribution nightmare - UNK_SmudgedSerpent! A little Charming, a little Muddy, and a lot C5. Targeting policy experts with benign conversation starters, health-themed infra, OnlyOffice spoofs, and RMMs. Check out the full story www.proofpoint.com/us/blog/thre...
Reposted by tlansec
Meet our speaker Patrick Whitsell!
Patrick has expertise in monitoring and defending against cyber espionage threat actors.
His talk, "Cyber(trade)war: Paradigm Shift in Economic Espionage", will cover the shift in PRC state-sponsored cyber espionage.
Learn more! www.cyberwarcon.com
Patrick has expertise in monitoring and defending against cyber espionage threat actors.
His talk, "Cyber(trade)war: Paradigm Shift in Economic Espionage", will cover the shift in PRC state-sponsored cyber espionage.
Learn more! www.cyberwarcon.com
November 5, 2025 at 7:47 PM
Meet our speaker Patrick Whitsell!
Patrick has expertise in monitoring and defending against cyber espionage threat actors.
His talk, "Cyber(trade)war: Paradigm Shift in Economic Espionage", will cover the shift in PRC state-sponsored cyber espionage.
Learn more! www.cyberwarcon.com
Patrick has expertise in monitoring and defending against cyber espionage threat actors.
His talk, "Cyber(trade)war: Paradigm Shift in Economic Espionage", will cover the shift in PRC state-sponsored cyber espionage.
Learn more! www.cyberwarcon.com
Reposted by tlansec
i heard my kids singing about "APT"s and i was sorely disappointed www.youtube.com/watch?v=ekr2...
ROSÉ & Bruno Mars - APT. (Official Music Video)
YouTube video by ROSÉ
www.youtube.com
October 24, 2025 at 2:46 PM
i heard my kids singing about "APT"s and i was sorely disappointed www.youtube.com/watch?v=ekr2...