Audra Streetman
@audrastreetman.bsky.social
Threat Intel @ Splunk
Scrutiny is healthy in cybersecurity and we need to call out the hype with shaky research. But at what point does critique turn into ridicule? Cruelty for clicks? Will it deter others in the industry from sharing their work? I don't post on here often... y'all scare me sometimes.
November 3, 2025 at 7:15 PM
Scrutiny is healthy in cybersecurity and we need to call out the hype with shaky research. But at what point does critique turn into ridicule? Cruelty for clicks? Will it deter others in the industry from sharing their work? I don't post on here often... y'all scare me sometimes.
Reposted by Audra Streetman
404 Media is suing ICE for documents relating to its $2 million contract with Paragon Solutions. These are the journalists you should be supporting with your subscription money because they are meeting the moment.
www.404media.co/were-suing-i...
www.404media.co/were-suing-i...
We’re Suing ICE for Its $2 Million Spyware Contract
404 Media has filed a lawsuit against ICE for access to its contract with Paragon, a company that sells powerful spyware for breaking into phones and accessing encrypted messaging apps.
www.404media.co
September 22, 2025 at 6:14 PM
404 Media is suing ICE for documents relating to its $2 million contract with Paragon Solutions. These are the journalists you should be supporting with your subscription money because they are meeting the moment.
www.404media.co/were-suing-i...
www.404media.co/were-suing-i...
Reposted by Audra Streetman
The critical RCE Vulnerability in Microsoft #SharePoint was disclosed at #Pwn2Own in May. Because of Trend @thezdi.bsky.social, our customers have been protected since May.
Stay up to date on the latest with this vulnerability here: https//www.trendmi...
Stay up to date on the latest with this vulnerability here: https//www.trendmi...
Proactive Security for CVE-2025-53770 and CVE-2025-53771 SharePoint Attacks
CVE-2025-53770 and CVE-2025-53771 are vulnerabilities in on-premise Microsoft SharePoint Servers that evolved from previously patched flaws, allowing unauthenticated remote code execution through adva...
www.trendmicro.com
July 21, 2025 at 10:04 PM
The critical RCE Vulnerability in Microsoft #SharePoint was disclosed at #Pwn2Own in May. Because of Trend @thezdi.bsky.social, our customers have been protected since May.
Stay up to date on the latest with this vulnerability here: https//www.trendmi...
Stay up to date on the latest with this vulnerability here: https//www.trendmi...
Reposted by Audra Streetman
Iran's APT42 (Charming Kitten) hacker team is now conducting targeted spearphishing attacks on high-profile Israeli national security journalists and cybersecurity researchers, according to Check Point. blog.checkpoint.com/security/edu...
June 25, 2025 at 2:30 PM
Iran's APT42 (Charming Kitten) hacker team is now conducting targeted spearphishing attacks on high-profile Israeli national security journalists and cybersecurity researchers, according to Check Point. blog.checkpoint.com/security/edu...
Reposted by Audra Streetman
Supposed experts and mainstream media have spent the past few days hyperventilating over reports of a colossal data breach that exposed more than 16 billion credentials. There’s just one inconvenient detail: evidence to support its sensational claim is lacking. cyberscoop.com/colossal-dat...
The ‘16 billion password breach’ story is a farce
Experts told CyberScoop the research 'doesn’t pass a sniff test' and detracts from needed conversations around credential abuse and information stealers.
cyberscoop.com
June 24, 2025 at 3:45 PM
Supposed experts and mainstream media have spent the past few days hyperventilating over reports of a colossal data breach that exposed more than 16 billion credentials. There’s just one inconvenient detail: evidence to support its sensational claim is lacking. cyberscoop.com/colossal-dat...
Iran has demonstrated its capability/intent to keep up cyber operations amid Israeli strikes. On Friday, an IRGC-linked group targeted Albania's capital in retaliation for the country hosting ~3k Iranian dissidents. The intrusion could disrupt services/expose data:
www.politico.eu/article/iran...
www.politico.eu/article/iran...
Iranian hackers target Albania in retaliation for hosting dissidents
A group tied to Iran’s Revolutionary Guard targeted the capital of Tirana in retaliation for Albania hosting around 3,000 Iranian dissidents.
www.politico.eu
June 22, 2025 at 8:29 PM
Iran has demonstrated its capability/intent to keep up cyber operations amid Israeli strikes. On Friday, an IRGC-linked group targeted Albania's capital in retaliation for the country hosting ~3k Iranian dissidents. The intrusion could disrupt services/expose data:
www.politico.eu/article/iran...
www.politico.eu/article/iran...
Reposted by Audra Streetman
News: The Washington Post has suffered a cyber intrusion that compromised the emails of at least several reporters at the paper, including those on the national security and economic policy teams, according to people familiar with the matter.
June 15, 2025 at 6:46 PM
News: The Washington Post has suffered a cyber intrusion that compromised the emails of at least several reporters at the paper, including those on the national security and economic policy teams, according to people familiar with the matter.
Reposted by Audra Streetman
Google's @hultquist.bsky.social says his threat intel team expects Iranian hackers to "rededicate themselves to attacks against Israeli targets" following Israel's bombing operation, though he says 🇮🇷-on🇮🇱 hacking "is already persistent and aggressive." US infrastructure could face more hacks too.
June 13, 2025 at 5:01 PM
Google's @hultquist.bsky.social says his threat intel team expects Iranian hackers to "rededicate themselves to attacks against Israeli targets" following Israel's bombing operation, though he says 🇮🇷-on🇮🇱 hacking "is already persistent and aggressive." US infrastructure could face more hacks too.
The cybercriminal group FIN6 (Skeleton Spider) is phishing recruiters by posing as job seekers on LinkedIn/Indeed and luring them to fake resume sites that deliver the "more_eggs" backdoor via AWS-hosted, CAPTCHA-protected pages. More from DomainTools:
dti.domaintools.com/Skeleton-Spi...
dti.domaintools.com/Skeleton-Spi...
Eggs in a Cloudy Basket: Skeleton Spider’s Trusted Cloud Malware Delivery - DomainTools Investigations | DTI
Discover how the FIN6 cybercrime group, also known as Skeleton Spider, leverages trusted cloud services like AWS to deliver stealthy malware through fake job applications and resume-themed phishing ca...
dti.domaintools.com
June 10, 2025 at 4:50 PM
The cybercriminal group FIN6 (Skeleton Spider) is phishing recruiters by posing as job seekers on LinkedIn/Indeed and luring them to fake resume sites that deliver the "more_eggs" backdoor via AWS-hosted, CAPTCHA-protected pages. More from DomainTools:
dti.domaintools.com/Skeleton-Spi...
dti.domaintools.com/Skeleton-Spi...
"This research underscores the persistent threat Chinese cyberespionage actors pose to global industries and public sector organizations, while also highlighting a rarely discussed target they pursue: cybersecurity vendors."
www.sentinelone.com/labs/follow-...
www.sentinelone.com/labs/follow-...
Follow the Smoke | China-nexus Threat Actors Hammer At the Doors of Top Tier Targets
This report uncovers a set of related threat clusters linked to PurpleHaze and ShadowPad operators targeting organizations, including cybersecurity vendors.
www.sentinelone.com
June 9, 2025 at 6:44 PM
"This research underscores the persistent threat Chinese cyberespionage actors pose to global industries and public sector organizations, while also highlighting a rarely discussed target they pursue: cybersecurity vendors."
www.sentinelone.com/labs/follow-...
www.sentinelone.com/labs/follow-...
Reposted by Audra Streetman
🥤& #threat-intel: CISA added Langflow Code Injection CVE-2025-3248 to the KEV on May 5. Recently, it has garnered considerable attention, with South Korea leading the pack. This vuln enables unauthenticated attackers to execute arbitrary code via /api/v1/validate/code
viz.greynoise.io/tag...
viz.greynoise.io/tag...
May 15, 2025 at 10:06 PM
🥤& #threat-intel: CISA added Langflow Code Injection CVE-2025-3248 to the KEV on May 5. Recently, it has garnered considerable attention, with South Korea leading the pack. This vuln enables unauthenticated attackers to execute arbitrary code via /api/v1/validate/code
viz.greynoise.io/tag...
viz.greynoise.io/tag...
Reposted by Audra Streetman
@npr.org EXCLUSIVE:
The Department of Agriculture is demanding states hand over personal data of food assistance recipients — including Social Security numbers, addresses and, in at least one state, citizenship status, according to emails shared with NPR.
The Department of Agriculture is demanding states hand over personal data of food assistance recipients — including Social Security numbers, addresses and, in at least one state, citizenship status, according to emails shared with NPR.
USDA, DOGE demand states hand over personal data about food stamp recipients
The Department of Agriculture is demanding sensitive data from states about more than 40 million food stamp recipients, as DOGE is amassing data for immigration enforcement.
www.npr.org
May 9, 2025 at 7:57 PM
@npr.org EXCLUSIVE:
The Department of Agriculture is demanding states hand over personal data of food assistance recipients — including Social Security numbers, addresses and, in at least one state, citizenship status, according to emails shared with NPR.
The Department of Agriculture is demanding states hand over personal data of food assistance recipients — including Social Security numbers, addresses and, in at least one state, citizenship status, according to emails shared with NPR.
Reposted by Audra Streetman
Deploying realistic honeypots at scale is hard—DECEIVE makes it simple.
Join David Bianco at #Honeynet2025 in Prague as he presents an AI-assisted SSH honeypot that enables high-fidelity deception with minimal effort.
📅 June 2–4, 2025
🔗 prague2025.honeynet.org
#honeypots #llm #ai
Join David Bianco at #Honeynet2025 in Prague as he presents an AI-assisted SSH honeypot that enables high-fidelity deception with minimal effort.
📅 June 2–4, 2025
🔗 prague2025.honeynet.org
#honeypots #llm #ai
May 7, 2025 at 7:08 AM
Deploying realistic honeypots at scale is hard—DECEIVE makes it simple.
Join David Bianco at #Honeynet2025 in Prague as he presents an AI-assisted SSH honeypot that enables high-fidelity deception with minimal effort.
📅 June 2–4, 2025
🔗 prague2025.honeynet.org
#honeypots #llm #ai
Join David Bianco at #Honeynet2025 in Prague as he presents an AI-assisted SSH honeypot that enables high-fidelity deception with minimal effort.
📅 June 2–4, 2025
🔗 prague2025.honeynet.org
#honeypots #llm #ai
Reposted by Audra Streetman
In December, leading EdTech company PowerSchool was hacked, exposing the private information of tens of millions of American kids. PowerSchool paid the ransom to keep the data private.
That apparently didn't work: somebody started using that data today to extort public schools in North Carolina.
That apparently didn't work: somebody started using that data today to extort public schools in North Carolina.
School districts hit with extortion attempts months after education tech data breach
The attempted extortion has so far targeted schools in Canada and North Carolina.
www.nbcnews.com
May 7, 2025 at 10:19 PM
In December, leading EdTech company PowerSchool was hacked, exposing the private information of tens of millions of American kids. PowerSchool paid the ransom to keep the data private.
That apparently didn't work: somebody started using that data today to extort public schools in North Carolina.
That apparently didn't work: somebody started using that data today to extort public schools in North Carolina.
Reposted by Audra Streetman
🔥 Dispatch Debrief: April 2025 is live 🔥
Explore star sign-inspired hunting techniques, organizing your hunt squad, and the value of finding "nothing."
Discover this month's insights from @thorcollective.bsky.social Dispatch - dispatch.thorcollective.com/p/april-debr...
Explore star sign-inspired hunting techniques, organizing your hunt squad, and the value of finding "nothing."
Discover this month's insights from @thorcollective.bsky.social Dispatch - dispatch.thorcollective.com/p/april-debr...
Dispatch Debrief: April 2025
What We Hunted, Learned, and Loved This Month
dispatch.thorcollective.com
May 1, 2025 at 3:14 PM
🔥 Dispatch Debrief: April 2025 is live 🔥
Explore star sign-inspired hunting techniques, organizing your hunt squad, and the value of finding "nothing."
Discover this month's insights from @thorcollective.bsky.social Dispatch - dispatch.thorcollective.com/p/april-debr...
Explore star sign-inspired hunting techniques, organizing your hunt squad, and the value of finding "nothing."
Discover this month's insights from @thorcollective.bsky.social Dispatch - dispatch.thorcollective.com/p/april-debr...
Reposted by Audra Streetman
Hm! He argues the CSRB has to evolve + be fully separated from CISA (it was dismantled at start of Trump 2.0), noting that, during the board's Salt Typhoon probe, some telcos got nervous and said they will not share information with the agency b/c CSRB is tied to the DHS office.
April 30, 2025 at 3:45 PM
Hm! He argues the CSRB has to evolve + be fully separated from CISA (it was dismantled at start of Trump 2.0), noting that, during the board's Salt Typhoon probe, some telcos got nervous and said they will not share information with the agency b/c CSRB is tied to the DHS office.
Reposted by Audra Streetman
Initial probe into cause of power outages in Spain & Portugal today suggests fault rather than cyberattack, according to the European Union Agency for Cybersecurity (ENISA). “For the moment the investigation seems to point out to a technical/cable issue,” a spokesperson for the agency tells me.
April 28, 2025 at 1:45 PM
Initial probe into cause of power outages in Spain & Portugal today suggests fault rather than cyberattack, according to the European Union Agency for Cybersecurity (ENISA). “For the moment the investigation seems to point out to a technical/cable issue,” a spokesperson for the agency tells me.
Reposted by Audra Streetman
When incidents hit, how you communicate shapes the outcome.
This week’s @thorcollective.bsky.social Dispatch features @audrastreetman.bsky.social, former journalist turned cyber intel analyst.
dispatch.thorcollective.com/p/how-commun...
This week’s @thorcollective.bsky.social Dispatch features @audrastreetman.bsky.social, former journalist turned cyber intel analyst.
dispatch.thorcollective.com/p/how-commun...
How Communication Shapes the Outcome of Cybersecurity Incidents
Why the timing and transparency of messaging can make or break your incident response
dispatch.thorcollective.com
April 17, 2025 at 3:26 PM
When incidents hit, how you communicate shapes the outcome.
This week’s @thorcollective.bsky.social Dispatch features @audrastreetman.bsky.social, former journalist turned cyber intel analyst.
dispatch.thorcollective.com/p/how-commun...
This week’s @thorcollective.bsky.social Dispatch features @audrastreetman.bsky.social, former journalist turned cyber intel analyst.
dispatch.thorcollective.com/p/how-commun...
Reposted by Audra Streetman
News: @thekrebscycle.bsky.social, a target of Trump's wrath last week, is resigning from SentinelOne to focus fully on fighting back against against the White House's campaign to punish dissent. www.wsj.com/politics/pol...
Exclusive | Former Trump Official Targeted With Government Probe Vows to Fight
Chris Krebs, the cybersecurity official from the first Trump administration who was fired after saying the 2020 election wasn’t stolen, vowed to fight back against a White House investigation.
www.wsj.com
April 16, 2025 at 8:25 PM
News: @thekrebscycle.bsky.social, a target of Trump's wrath last week, is resigning from SentinelOne to focus fully on fighting back against against the White House's campaign to punish dissent. www.wsj.com/politics/pol...
Reposted by Audra Streetman
If this contract ends, the damage will be immense.
To be clear, that's immense damage to the US' ability to protect its computer systems, both in the commercial and in the public sectors. And yes, this includes critical infrastructure such as power, water, and transportation.
To be clear, that's immense damage to the US' ability to protect its computer systems, both in the commercial and in the public sectors. And yes, this includes critical infrastructure such as power, water, and transportation.
BREAKING.
From a reliable source. MITRE support for the CVE program is due to expire tomorrow. The attached letter was sent out to CVE Board Members.
From a reliable source. MITRE support for the CVE program is due to expire tomorrow. The attached letter was sent out to CVE Board Members.
April 15, 2025 at 6:05 PM
If this contract ends, the damage will be immense.
To be clear, that's immense damage to the US' ability to protect its computer systems, both in the commercial and in the public sectors. And yes, this includes critical infrastructure such as power, water, and transportation.
To be clear, that's immense damage to the US' ability to protect its computer systems, both in the commercial and in the public sectors. And yes, this includes critical infrastructure such as power, water, and transportation.
Reposted by Audra Streetman
BREAKING.
From a reliable source. MITRE support for the CVE program is due to expire tomorrow. The attached letter was sent out to CVE Board Members.
From a reliable source. MITRE support for the CVE program is due to expire tomorrow. The attached letter was sent out to CVE Board Members.
April 15, 2025 at 5:23 PM
BREAKING.
From a reliable source. MITRE support for the CVE program is due to expire tomorrow. The attached letter was sent out to CVE Board Members.
From a reliable source. MITRE support for the CVE program is due to expire tomorrow. The attached letter was sent out to CVE Board Members.
Reposted by Audra Streetman
Infosec must not remain silent while Trump goes after Chris Krebs: www.eff.org/deeplinks/20...
Cybersecurity Community Must Not Remain Silent On Executive Order Attacking Former CISA Director
Cybersecurity professionals and the infosec community have essential roles to play in protecting our democracy, securing our elections, and building, testing, and safeguarding government infrastructur...
www.eff.org
April 11, 2025 at 8:03 PM
Infosec must not remain silent while Trump goes after Chris Krebs: www.eff.org/deeplinks/20...
Reposted by Audra Streetman
THREAD: When @thekrebscycle.bsky.social and his workplace, @sentinelone.com, were singled out by Donald Trump on Wednesday, I thought it was an opportunity to weigh the cybersecurity industry's rhetoric against their real world actions.
April 11, 2025 at 4:55 PM
THREAD: When @thekrebscycle.bsky.social and his workplace, @sentinelone.com, were singled out by Donald Trump on Wednesday, I thought it was an opportunity to weigh the cybersecurity industry's rhetoric against their real world actions.
“When you see important societal actors — be it university presidents, media outlets, C.E.O.s, mayors, governors — changing their behavior in order to avoid the wrath of the government, that’s a sign that we’ve crossed the line into some form of authoritarianism..”
www.nytimes.com/2025/03/06/u...
www.nytimes.com/2025/03/06/u...
‘People Are Going Silent’: Fearing Retribution, Trump Critics Muzzle Themselves (Gift Article)
People say they are intimidated by online attacks from the president, concerned about harm to their businesses or worried about the safety of their families.
www.nytimes.com
April 11, 2025 at 12:02 AM
“When you see important societal actors — be it university presidents, media outlets, C.E.O.s, mayors, governors — changing their behavior in order to avoid the wrath of the government, that’s a sign that we’ve crossed the line into some form of authoritarianism..”
www.nytimes.com/2025/03/06/u...
www.nytimes.com/2025/03/06/u...
Reposted by Audra Streetman
Big Law has failed to stand up to Trump and now infosec is following suit.
Yesterday the Trump administration took aim at @thekrebscycle.bsky.social and @sentinelone.com over Trump's longstanding beef with Krebs saying the 2020 election was legitimate. So @raphae.li asked more than 30 major cybersecurity firms and trade groups what they had to say. Here's how it went:
Cybersecurity industry falls silent as Trump turns ire on SentinelOne
The cybersecurity industry has gone mostly quiet after President Donald Trump took action against one of its prominent members.
www.reuters.com
April 10, 2025 at 9:47 PM
Big Law has failed to stand up to Trump and now infosec is following suit.