The Banshee Queen 👑
@cyberoverdrive.bsky.social
#threatintel @Recorded Future | Formerly @PwC GTI | Malware & infrastructure analysis with a side of cyberpunk. 🌃🌌 She/her, support 🏳️🌈🏳️⚧️✨
Pinned
RedNovember Targets Government, Defense, and Technology Organizations
RedNovember, a likely Chinese state-sponsored cyber-espionage group, has targeted global government, defense, and tech sectors using advanced tools like Pantegana and Cobalt Strike. Discover the lates...
www.recordedfuture.com
First public report at Recorded Future by yours truly is out! RedNovember (formerly TAG-100, a.k.a. Storm-2077) is a Chinese state-sponsored threat group focused on intelligence collection, especially on flashpoint issues of strategic interest to China. www.recordedfuture.com/research/red...
Reposted by The Banshee Queen 👑
Anthropoic describes this as “AI-orchestrated cyber espionage”.
A grown-up would describe it as “a cyber espionage operator delegated the most basic and tedious tasks of an intrusion to an automation tool that said operator still had to consistently supervise and sanity check.”
brb becoming joker
A grown-up would describe it as “a cyber espionage operator delegated the most basic and tedious tasks of an intrusion to an automation tool that said operator still had to consistently supervise and sanity check.”
brb becoming joker
November 14, 2025 at 8:52 PM
Anthropoic describes this as “AI-orchestrated cyber espionage”.
A grown-up would describe it as “a cyber espionage operator delegated the most basic and tedious tasks of an intrusion to an automation tool that said operator still had to consistently supervise and sanity check.”
brb becoming joker
A grown-up would describe it as “a cyber espionage operator delegated the most basic and tedious tasks of an intrusion to an automation tool that said operator still had to consistently supervise and sanity check.”
brb becoming joker
Reposted by The Banshee Queen 👑
NEW: Five people who live in the U.S. pleaded guily for "facilitating" and helping the North Korean regime place fake remote IT workers inside American companies.
U.S. Department of Justice said their actions affected 136 U.S. companies and netted Kim Jong Un’s regime $2.2 million in revenue.
U.S. Department of Justice said their actions affected 136 U.S. companies and netted Kim Jong Un’s regime $2.2 million in revenue.
Five people plead guilty to helping North Koreans infiltrate US companies as 'remote IT workers' | TechCrunch
The U.S. Department of Justice said five people — including four U.S. nationals — "facilitated" North Korean IT workers to get jobs at American companies, allowing the regime to earn money from their ...
techcrunch.com
November 14, 2025 at 5:16 PM
NEW: Five people who live in the U.S. pleaded guily for "facilitating" and helping the North Korean regime place fake remote IT workers inside American companies.
U.S. Department of Justice said their actions affected 136 U.S. companies and netted Kim Jong Un’s regime $2.2 million in revenue.
U.S. Department of Justice said their actions affected 136 U.S. companies and netted Kim Jong Un’s regime $2.2 million in revenue.
Reposted by The Banshee Queen 👑
Another Reuters exclusive
The Biden administration acquired evidence in the last months of its term that senior officials in the Israeli government were openly discussing the ongoing use of Palestinians as human shields by the IDF in Gaza. They sat on the evidence.
The Biden administration acquired evidence in the last months of its term that senior officials in the Israeli government were openly discussing the ongoing use of Palestinians as human shields by the IDF in Gaza. They sat on the evidence.
November 13, 2025 at 2:54 PM
Another Reuters exclusive
The Biden administration acquired evidence in the last months of its term that senior officials in the Israeli government were openly discussing the ongoing use of Palestinians as human shields by the IDF in Gaza. They sat on the evidence.
The Biden administration acquired evidence in the last months of its term that senior officials in the Israeli government were openly discussing the ongoing use of Palestinians as human shields by the IDF in Gaza. They sat on the evidence.
Reposted by The Banshee Queen 👑
Ok my beloved APT crowd.... it's time to update all those APT charts
The DPRK RGB is now the RIGB
Let's go! I want new charts by next month!
The DPRK RGB is now the RIGB
Let's go! I want new charts by next month!
November 13, 2025 at 12:53 AM
Ok my beloved APT crowd.... it's time to update all those APT charts
The DPRK RGB is now the RIGB
Let's go! I want new charts by next month!
The DPRK RGB is now the RIGB
Let's go! I want new charts by next month!
Reposted by The Banshee Queen 👑
"Having saturated its own market with solar panels, wind turbines and batteries, Chinese companies are now exporting their wares to energy-hungry countries in the developing world." www.nytimes.com/2025/11/10/c...
At COP30 in Belém, Brazil, Chinese Technology Is Shifting Climate Politics
At this year’s climate summit, the United States is out and Europe is struggling. But emerging countries are embracing renewable energy thanks to a glut of cheap equipment.
www.nytimes.com
November 12, 2025 at 9:30 PM
"Having saturated its own market with solar panels, wind turbines and batteries, Chinese companies are now exporting their wares to energy-hungry countries in the developing world." www.nytimes.com/2025/11/10/c...
Reposted by The Banshee Queen 👑
The Cybersecurity Forecast 2026 report is here!
Based on insights from dozens of Google security leaders and experts, the report helps organizations feel prepared for the year ahead.
Read some key highlights, and then download the full report for a deeper look: cloud.google.com/security/res...
Based on insights from dozens of Google security leaders and experts, the report helps organizations feel prepared for the year ahead.
Read some key highlights, and then download the full report for a deeper look: cloud.google.com/security/res...
November 12, 2025 at 5:00 PM
The Cybersecurity Forecast 2026 report is here!
Based on insights from dozens of Google security leaders and experts, the report helps organizations feel prepared for the year ahead.
Read some key highlights, and then download the full report for a deeper look: cloud.google.com/security/res...
Based on insights from dozens of Google security leaders and experts, the report helps organizations feel prepared for the year ahead.
Read some key highlights, and then download the full report for a deeper look: cloud.google.com/security/res...
Reposted by The Banshee Queen 👑
CISA has updated its directive to agencies about patching vulnerable Cisco firewalls after some agencies attested to compliance despite updating to software versions that were still vulnerable. Hackers are still breaching agencies using these vulns. www.cisa.gov/ed-25-03-gui...
November 12, 2025 at 9:03 PM
CISA has updated its directive to agencies about patching vulnerable Cisco firewalls after some agencies attested to compliance despite updating to software versions that were still vulnerable. Hackers are still breaching agencies using these vulns. www.cisa.gov/ed-25-03-gui...
Reposted by The Banshee Queen 👑
Omfg
"NSO’s new executive chairman, David Friedman, a former U.S. ambassador to Israel and onetime bankruptcy lawyer for President Trump, said he wants to use his ties to the Trump administration to help rebuild the company’s spyware business in the U.S."
www.wsj.com/tech/israeli...
"NSO’s new executive chairman, David Friedman, a former U.S. ambassador to Israel and onetime bankruptcy lawyer for President Trump, said he wants to use his ties to the Trump administration to help rebuild the company’s spyware business in the U.S."
www.wsj.com/tech/israeli...
Israeli Spyware Maker NSO Gets New Owners, Leadership and Seeks to Mend Reputation
Investors led by Hollywood producer Robert Simonds have taken a controlling stake in the company behind Pegasus, and former Trump official David Friedman has been named executive chairman.
www.wsj.com
November 10, 2025 at 12:26 PM
Omfg
"NSO’s new executive chairman, David Friedman, a former U.S. ambassador to Israel and onetime bankruptcy lawyer for President Trump, said he wants to use his ties to the Trump administration to help rebuild the company’s spyware business in the U.S."
www.wsj.com/tech/israeli...
"NSO’s new executive chairman, David Friedman, a former U.S. ambassador to Israel and onetime bankruptcy lawyer for President Trump, said he wants to use his ties to the Trump administration to help rebuild the company’s spyware business in the U.S."
www.wsj.com/tech/israeli...
Reposted by The Banshee Queen 👑
Kyiv Post - Russia launched a massive overnight attack on Ukraine with drones, Kalibr and Kinzhal missiles, hitting Dnipro's residential building and energy sites, causing casualties and blackouts. www.kyivpost.com/post/63877
Russia Launches Massive Air Attack on Ukraine, Killing Civilians, Hitting Energy Infrastructure
Russia launched a massive overnight attack on Ukraine with drones, Kalibr and Kinzhal missiles, hitting Dnipro’s residential building and energy sites, causing casualties and blackouts.
www.kyivpost.com
November 8, 2025 at 11:06 AM
Kyiv Post - Russia launched a massive overnight attack on Ukraine with drones, Kalibr and Kinzhal missiles, hitting Dnipro's residential building and energy sites, causing casualties and blackouts. www.kyivpost.com/post/63877
Reposted by The Banshee Queen 👑
One analytical model shows that, as of November 5th, the dismantling of U.S.A.I.D. has already caused the deaths of 600,000 people, two-thirds of them children. https://newyorkermag.visitlink.me/jUzNSc
The Shutdown of U.S.A.I.D. Has Already Killed Hundreds of Thousands
The short documentary “Rovina’s Choice” tells the story of what goes when aid goes.
newyorkermag.visitlink.me
November 6, 2025 at 9:00 PM
One analytical model shows that, as of November 5th, the dismantling of U.S.A.I.D. has already caused the deaths of 600,000 people, two-thirds of them children. https://newyorkermag.visitlink.me/jUzNSc
Reposted by The Banshee Queen 👑
Lol
BREAKING: OpenAI is requesting US government support to help guarantee financing for the massive investments in AI chips and data centers it needs for expansion, per Bloomberg.
November 6, 2025 at 7:21 AM
Lol
Reposted by The Banshee Queen 👑
Received an alert from us? Act!
Background on CVE-2023-20198/CVE-2023-20273 & the BadCandy implant from over 2 years ago:
blog.talosintelligence.com/active-explo...
#CyberCivilDefense
Background on CVE-2023-20198/CVE-2023-20273 & the BadCandy implant from over 2 years ago:
blog.talosintelligence.com/active-explo...
#CyberCivilDefense
Active exploitation of Cisco IOS XE Software Web Management User Interface vulnerabilities
Cisco has identified active exploitation of two previously unknown vulnerabilities in the Web User Interface (Web UI) feature of Cisco IOS XE software — CVE-2023-20198 and CVE-2023-20273 — when expose...
blog.talosintelligence.com
November 3, 2025 at 8:30 PM
Received an alert from us? Act!
Background on CVE-2023-20198/CVE-2023-20273 & the BadCandy implant from over 2 years ago:
blog.talosintelligence.com/active-explo...
#CyberCivilDefense
Background on CVE-2023-20198/CVE-2023-20273 & the BadCandy implant from over 2 years ago:
blog.talosintelligence.com/active-explo...
#CyberCivilDefense
Reposted by The Banshee Queen 👑
"Don’t take BADCANDY from strangers ..."
The Australian Signals Directorate (ASD) recently published an advisory on the BadCandy implant still present in many Cisco IOS XE devices: www.cyber.gov.au/about-us/vie...
We still see around 15 000 Cisco IOS XE devices with the implant
The Australian Signals Directorate (ASD) recently published an advisory on the BadCandy implant still present in many Cisco IOS XE devices: www.cyber.gov.au/about-us/vie...
We still see around 15 000 Cisco IOS XE devices with the implant
November 3, 2025 at 8:30 PM
"Don’t take BADCANDY from strangers ..."
The Australian Signals Directorate (ASD) recently published an advisory on the BadCandy implant still present in many Cisco IOS XE devices: www.cyber.gov.au/about-us/vie...
We still see around 15 000 Cisco IOS XE devices with the implant
The Australian Signals Directorate (ASD) recently published an advisory on the BadCandy implant still present in many Cisco IOS XE devices: www.cyber.gov.au/about-us/vie...
We still see around 15 000 Cisco IOS XE devices with the implant
Reposted by The Banshee Queen 👑
"The intimidation included approaching country officials during coffee breaks to warn them they might not be able to transit via the US, or that they and their families could face restrictions on entering the country if they acted against American interests..." www.ft.com/content/4e0a...
November 3, 2025 at 10:13 PM
"The intimidation included approaching country officials during coffee breaks to warn them they might not be able to transit via the US, or that they and their families could face restrictions on entering the country if they acted against American interests..." www.ft.com/content/4e0a...
Reposted by The Banshee Queen 👑
-Operation SkyCloak targets Russian, Belarusian militaries
-DarkHotel was pretty active this summer
-Kimsuky's new HttpTroy backdoor
-Linux bug exploited by ransomware groups
-GameMaker IDE vulnerability
-New agent session smuggling attack
-Loads of new tools
-Infosec drama, episode 28,311
-DarkHotel was pretty active this summer
-Kimsuky's new HttpTroy backdoor
-Linux bug exploited by ransomware groups
-GameMaker IDE vulnerability
-New agent session smuggling attack
-Loads of new tools
-Infosec drama, episode 28,311
November 3, 2025 at 9:35 AM
-Operation SkyCloak targets Russian, Belarusian militaries
-DarkHotel was pretty active this summer
-Kimsuky's new HttpTroy backdoor
-Linux bug exploited by ransomware groups
-GameMaker IDE vulnerability
-New agent session smuggling attack
-Loads of new tools
-Infosec drama, episode 28,311
-DarkHotel was pretty active this summer
-Kimsuky's new HttpTroy backdoor
-Linux bug exploited by ransomware groups
-GameMaker IDE vulnerability
-New agent session smuggling attack
-Loads of new tools
-Infosec drama, episode 28,311
Reposted by The Banshee Queen 👑
-Couple loses fortune to scammers
-Valid accounts still rule the day for initial access
-Open VSX rotate leaked creds
-ZeroAccess botnet dev is now a software dev
-BadCandy flourishes in Australia
-New Katreus miner
-Malware reports on Aura Stealer, SectopRAT, SleepyDuck RAT, OysterLoader
-Valid accounts still rule the day for initial access
-Open VSX rotate leaked creds
-ZeroAccess botnet dev is now a software dev
-BadCandy flourishes in Australia
-New Katreus miner
-Malware reports on Aura Stealer, SectopRAT, SleepyDuck RAT, OysterLoader
November 3, 2025 at 9:32 AM
-Couple loses fortune to scammers
-Valid accounts still rule the day for initial access
-Open VSX rotate leaked creds
-ZeroAccess botnet dev is now a software dev
-BadCandy flourishes in Australia
-New Katreus miner
-Malware reports on Aura Stealer, SectopRAT, SleepyDuck RAT, OysterLoader
-Valid accounts still rule the day for initial access
-Open VSX rotate leaked creds
-ZeroAccess botnet dev is now a software dev
-BadCandy flourishes in Australia
-New Katreus miner
-Malware reports on Aura Stealer, SectopRAT, SleepyDuck RAT, OysterLoader
Reposted by The Banshee Queen 👑
"The documents she obtained showed the university "had negotiated directly with a foreign intelligence service to trade my academic freedom for access to the Chinese student market," she told the BBC".
www.bbc.com/news/article...
www.bbc.com/news/article...
China intimidated UK university to ditch human rights research, documents show
Sheffield Hallam University apologises to Professor Laura Murphy for restricting her academic freedom.
www.bbc.com
November 3, 2025 at 9:06 AM
"The documents she obtained showed the university "had negotiated directly with a foreign intelligence service to trade my academic freedom for access to the Chinese student market," she told the BBC".
www.bbc.com/news/article...
www.bbc.com/news/article...
Reposted by The Banshee Queen 👑
It shows how platform incentives reshape democratic behaviour. What gains attention defines what feels real, even when it is hollow, and creates the risk that discourse and politics slide into simulated, disordered forms.
November 3, 2025 at 9:04 AM
It shows how platform incentives reshape democratic behaviour. What gains attention defines what feels real, even when it is hollow, and creates the risk that discourse and politics slide into simulated, disordered forms.
Reposted by The Banshee Queen 👑
Looks like extraordinary cowardice. "...following pressure from the Chinese state and a separate defamation law suit against the university, Sheffield Hallam decided not to publish a final piece of research by Prof Murphy and her team into forced labour." www.bbc.co.uk/news/article...
November 3, 2025 at 6:29 AM
Looks like extraordinary cowardice. "...following pressure from the Chinese state and a separate defamation law suit against the university, Sheffield Hallam decided not to publish a final piece of research by Prof Murphy and her team into forced labour." www.bbc.co.uk/news/article...
Reposted by The Banshee Queen 👑
More research being conducted on the Geedge Networks dataset. @domaintools.bsky.social started a series dissecting the Geedge leak and posted their 1st part out of 3. dti.domaintools.com/inside-the-g... #GFWExport
Inside the Great Firewall Part 1: The Dump - DomainTools Investigations | DTI
Analysis of the 500GB+ Great Firewall data breach revealing China’s state censorship network, VPN evasion tactics, and the operators behind it.
dti.domaintools.com
October 31, 2025 at 12:05 PM
More research being conducted on the Geedge Networks dataset. @domaintools.bsky.social started a series dissecting the Geedge leak and posted their 1st part out of 3. dti.domaintools.com/inside-the-g... #GFWExport
Reposted by The Banshee Queen 👑
"Such technofixes for the climate, in fact, lead us down a dangerous road, both because they displace far safer and more reliable options—namely the clean energy transition—and because they provide an excuse for business-as-usual burning of fossil fuels."
"You can’t reboot the planet if you crash it" | My commentary on Bill Gates' flawed new climate missive for @thebulletin.org: thebulletin.org/2025/10/you-...
You can’t reboot the planet if you crash it
What Gates is putting forward aren’t legitimate arguments that can be made in good faith. They are shopworn fossil fuel industry talking points.
thebulletin.org
November 1, 2025 at 3:29 PM
"Such technofixes for the climate, in fact, lead us down a dangerous road, both because they displace far safer and more reliable options—namely the clean energy transition—and because they provide an excuse for business-as-usual burning of fossil fuels."
This year’s BlackHat Europe lineup actually looks FIRE 🔥
We're pleased to announce the final lineup for Black Hat Europe '25. Terrific security research spanning 21 tracks. In a separate thread, I'll highlight a few of my favorites.
www.blackhat.com/eu-25/briefi...
www.blackhat.com/eu-25/briefi...
Black Hat
Black Hat
www.blackhat.com
November 1, 2025 at 3:25 PM
This year’s BlackHat Europe lineup actually looks FIRE 🔥
Reposted by The Banshee Queen 👑
A scoop that I’m not happy to report:
CBS News has gutted its climate change reporting team, one of the best in the business, and one of the only ones on cable news that consistently called out fossil fuels as the main source of climate pollution.
heated.world/p/cbs-news-k...
CBS News has gutted its climate change reporting team, one of the best in the business, and one of the only ones on cable news that consistently called out fossil fuels as the main source of climate pollution.
heated.world/p/cbs-news-k...
CBS News kills its climate unit
David Ellison, the new pro-Trump chief executive of Paramount Skydance, has dismantled the best climate change reporting team in cable news.
heated.world
October 31, 2025 at 3:51 PM
A scoop that I’m not happy to report:
CBS News has gutted its climate change reporting team, one of the best in the business, and one of the only ones on cable news that consistently called out fossil fuels as the main source of climate pollution.
heated.world/p/cbs-news-k...
CBS News has gutted its climate change reporting team, one of the best in the business, and one of the only ones on cable news that consistently called out fossil fuels as the main source of climate pollution.
heated.world/p/cbs-news-k...
Reposted by The Banshee Queen 👑
This three-hops theory is especially insane. Even if you assume each person is connected to only 100 other people, there are 1m people within three hops of every suspected drug trafficker—and remember that even *known* drug traffickers aren’t legitimate targets. www.nytimes.com/2025/10/30/u...
October 31, 2025 at 12:07 PM
This three-hops theory is especially insane. Even if you assume each person is connected to only 100 other people, there are 1m people within three hops of every suspected drug trafficker—and remember that even *known* drug traffickers aren’t legitimate targets. www.nytimes.com/2025/10/30/u...