This is the second in a three-part series of blog posts discussing how to abuse Kerberos delegation! If you haven't already, feel free to read the first blog post, as it discusses the Kerberos authentication process and how delegation plays an important role in solving the double-hop problem. The post Abusing Delegation with Impacket (Part 2): Constrained Delegation appeared first on Black Hills Information Security, Inc..

Introducing a custom model for understanding privileged roles in Microsoft Entra ID, developed by TrustedSecWhenever our team conducts a Hardening Review of Microsoft Entra, 365, or Azure, we always emphasize protecting…

HTTP Anomaly Rank If you've ever used Burp Intruder or Turbo Intruder, you'll be familiar with the ritual of manually digging through thousands of responses by repeatedly sorting the table via length,

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com Are you defending against yesterday’s threats while China is preparing for tomorrow’s? Over the past couple of years, China has upped their game. With the Salt Typhon and Volt Typhon campaigns, we’ve seen a massive increase in capability and focus in Chinese cyber operations. Join me (Founder/Owner, Black Hills Information Security) for a free one-hour webcast where I’ll discuss the historical context behind what China is doing right now and how we got here. Look, I usually hate talking about specific threat actors and what they’re doing. Defense is a game of consistently applied fundamentals. But this is different. What China is becoming is far more frightening than what we’ve been dealing with. I seriously doubt most orgs are ready for it because they’ve been so focused on ransomware. Fair warning: my undergrad degree was in PoliSci, so there will be a fair amount of history and background around the key players. Chat with your fellow attendees in the Black Hills Infosec Discord server: https://discord.gg/BHIS in the #🔴live-chat channel.

A new type of authentication coercion attack exploits an obscure and rarely monitored remote procedure call (RPC) interface. The post You Thought It Was Over? Authentication Coercion Keeps Evolving appeared first on Unit 42.

A 2025 look at real-world Kubernetes version adoption

Inside the Salesloft-Drift Breach: What It Means for SaaS & Identity Security In this session, Permiso’s CTO will cover:– How attackers moved from GitHub → AWS → Salesforce using stolen OAuth tokens.– Why this “all-machine” attack is a wake-up call for SaaS supply chains and NHIs.– Practical steps to detect and contain similar threats in […]

Join us LIVE on Mondays, 4:30pm EST. A weekly Podcast with BHIS and Friends. (https://blubrry.com/bhis/) We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team. Chat with us on Discord! - https://discord.gg/bhis 🔴live-chat 🔗 Register for FREE webcasts, summits, and workshops - https://poweredbybhis.com Brought to you by: 🔗 Black Hills Information Security https://www.blackhillsinfosec.com/ 🔗 Antisyphon Training https://www.antisyphontraining.com/ #livestream #infosec #news #BHIS #podcast #Cybersecurity #infosecnews

Identity-based attacks dominate the cyber threat landscape (and headlines). Is this an entirely new trend, or is only this emphasis on identity-based attacks new? Security researcher and host of Leaky Weekly Nick Ascoli spoke with Mike Iaconianni, Identity Security Expert at Flare, about the 2025 Microsoft Digital Defense Report and their questions about it.  In […] The post Attack on Identity: Dissecting the 2025 Microsoft Digital Defense Report appeared first on Flare | Threat Exposure Management | Cyber Threat Intel.

Experts from Red Canary, MITRE ATT&CK®, and CrowdStrike walk through how to detect and prevent the many varieties of phishing.

Commercial-grade LANDFALL spyware exploits CVE-2025-21042 in Samsung Android’s image processing library. The spyware was embedded in malicious DNG files. The post LANDFALL: New Commercial-Grade Android Spyware in Exploit Chain Targeting Samsung Devices appeared first on Unit 42.

Defense contractors are preparing their systems for the start of the upcoming CMMC rollout but what they may not have considered is how their relationship with Subcontractors and External Service Providers (ESPs),…

In Active Directory exploitation, Kerberos delegation is easily among my top favorite vectors of abuse, and in the years I’ve been learning Kerberos exploitation, I’ve noticed that Impacket doesn’t get nearly as much coverage as tools like Rubeus or Mimikatz. The post Abusing Delegation with Impacket (Part 1): Unconstrained Delegation appeared first on Black Hills Information Security, Inc..

Effective cyber defense starts with knowing your own network. Unit 42 explains why asset management is the foundation of threat intelligence. The post Know Ourselves Before Knowing Our Enemies: Threat Intelligence at the Expense of Asset Management appeared first on Unit 42.

Analysis of a threat actor campaign targeting Windows users with Vidar infostealer malware via malicious npm packages

Today, we announced our Series B extension of $15 million, led by Inovia Capital’s Growth Fund, with participation from existing investors Base10 Partners and White Star Capital. It also includes $15 million in debt financing from BMO. This brings Flare’s total funding to $60 million over the past year. We’re proud to have seen triple-digit […] The post Flare Secures $30 Million to Accelerate Growth, Innovation, and Strategic Acquisitions appeared first on Flare | Threat Exposure Management | Cyber Threat Intel.

Imagine discovering that your company's login credentials are sitting in plain sight on the internet, accessible to anyone who knows where to look. Unfortunately, this isn't hypothetical – it's happening right now to organizations worldwide through malware-stolen credentials. The Hidden Threat: Malware-Stolen Credentials Every day, cybercriminals deploy malicious software that quietly steals passwords from infected computers. These "stealer" programs harvest credentials from browsers and appl

Microsoft Incident Response – Detection and Response Team (DART) researchers uncovered a new backdoor that is notable for its novel use of the OpenAI Assistants Application Programming Interface (API) as a mechanism for command-and-control (C2) communications. Instead of relying on more traditional methods, the threat actor behind this backdoor abuses OpenAI as a C2 channel as a way to stealthily communicate and orchestrate malicious activities within the compromised environment. To do this, a component of the backdoor uses the OpenAI Assistants API as a storage or relay mechanism to fetch commands and run tasks for the threat actor. The post SesameOp: Novel backdoor uses OpenAI Assistants API for command and control appeared first on Microsoft Security Blog.

If cybercrime were a country, it would be the world’s third-largest economy, and by the end of this year, cybercrime will have cost the global economy $10.5 trillion. The amount of money lost to cybercrime has been steadily (and rapidly) increasing for years. In 2018, the Center for Strategic and International Studies projected that cybercrime […] The post The Cybercrime Assembly Line in 2025: Everything as a Service, Telegram, and AI appeared first on Flare | Threat Exposure Management | Cyber Threat Intel.

Red Canary's monthly roundup of upcoming security conferences and calls for papers (CFP) submission deadlines

Inside the Salesloft-Drift Breach: What It Means for SaaS & Identity Security In this session, Permiso’s CTO will cover:– How attackers moved from GitHub → AWS → Salesforce using stolen OAuth tokens.– Why this “all-machine” attack is a wake-up call for SaaS supply chains and NHIs.– Practical steps to detect and contain similar threats in […]

Join us LIVE on Mondays, 4:30pm EST. A weekly Podcast with BHIS and Friends. (https://blubrry.com/bhis/) We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team. Chat with us on Discord! - https://discord.gg/bhis 🔴live-chat 🔗 Register for FREE webcasts, summits, and workshops - https://poweredbybhis.com Brought to you by: 🔗 Black Hills Information Security https://www.blackhillsinfosec.com/ 🔗 Antisyphon Training https://www.antisyphontraining.com/ #livestream #infosec #news #BHIS #podcast #Cybersecurity #infosecnews

A spooky guide to supply chain vulnerabilities with advice on how to scare off adversaries from your system

Threat insights from Datadog Security Labs for Q3 2025.

Summary of Releases v10.3.0 & v10.3.1 This month, we had two major releases of Nuclei Templates, introducing numerous improvements and new templates for Nuclei users. 🚀 Hacktober Stats Release New Templates Added CVEs Added First-time Contributors Bounties Awarded v10.3.0 124 90 6 12 v10.3.1 119 88 10 12 Total 243 178 16 24 Introduction October was huge for Nuclei Templates, two releases (v10.3.0 & v10.3.1) dropped during Hacktoberfest, adding coverage for 44 actively expl