Garuda transforms raw Sysmon telemetry into structured investigations: 28+ commands for Sysmon events 1–29, timeline/interactive views, advanced filtering and PowerShell 7 integration. #tool #sysmon #powershell https://bit.ly/4qZnQwv
November 14, 2025 at 6:48 PM
Garuda transforms raw Sysmon telemetry into structured investigations: 28+ commands for Sysmon events 1–29, timeline/interactive views, advanced filtering and PowerShell 7 integration. #tool #sysmon #powershell https://bit.ly/4qZnQwv
Nebulock's Vibe Hunting uses agentic hunters and prompt-based hypotheses to convert natural-language hunches into hunts, with synthetic-data testing and rapid behavioral-detection output. #tool #AI #threathunting https://bit.ly/3JPwvkA
November 14, 2025 at 6:27 PM
Nebulock's Vibe Hunting uses agentic hunters and prompt-based hypotheses to convert natural-language hunches into hunts, with synthetic-data testing and rapid behavioral-detection output. #tool #AI #threathunting https://bit.ly/3JPwvkA
Kraken uses SMB exploits for initial access, Cloudflared for persistence and SSHFS for exfiltration. Cross‑platform encryptors append .zpsc; ransom notes named readme_you_ws_hacked.txt. #Kraken #ransomware #SMB https://bit.ly/4hYbAYZ
November 14, 2025 at 5:51 PM
Kraken uses SMB exploits for initial access, Cloudflared for persistence and SSHFS for exfiltration. Cross‑platform encryptors append .zpsc; ransom notes named readme_you_ws_hacked.txt. #Kraken #ransomware #SMB https://bit.ly/4hYbAYZ
Anthropic reports a likely China-linked actor used Claude Code agents to attempt intrusions against ~30 targets in Sept 2025; several succeeded. Attack used agentic models + Model Context Protocol tool access. #ClaudeCode #AIagents #threatintel https://bit.ly/4i3hYyg
November 14, 2025 at 11:08 AM
Anthropic reports a likely China-linked actor used Claude Code agents to attempt intrusions against ~30 targets in Sept 2025; several succeeded. Attack used agentic models + Model Context Protocol tool access. #ClaudeCode #AIagents #threatintel https://bit.ly/4i3hYyg
Operation Endgame dismantled 1,025 servers, targeting Rhadamanthys (infostealer), VenomRAT (RAT) and the Elysium botnet; coordinated law-enforcement takedown. #OperationEndgame #Rhadamanthys #Elysium https://bit.ly/4nONiSx
November 14, 2025 at 11:04 AM
Operation Endgame dismantled 1,025 servers, targeting Rhadamanthys (infostealer), VenomRAT (RAT) and the Elysium botnet; coordinated law-enforcement takedown. #OperationEndgame #Rhadamanthys #Elysium https://bit.ly/4nONiSx
SpearSpecter (IRGC/APT42) uses long-term WhatsApp social engineering, OneDrive lure redirects, PowerShell backdoor TAMECAT, WebDAV staging and multi-channel C2 via Telegram and Discord. #SpearSpecter #TAMECAT #IRGC https://bit.ly/3M0ed0s
November 14, 2025 at 11:00 AM
SpearSpecter (IRGC/APT42) uses long-term WhatsApp social engineering, OneDrive lure redirects, PowerShell backdoor TAMECAT, WebDAV staging and multi-channel C2 via Telegram and Discord. #SpearSpecter #TAMECAT #IRGC https://bit.ly/3M0ed0s
NetHunter developer @yesimxev highlights kernel ports for OnePlus/Xiaomi, HID/Ducky Hungarian support, and WPA2 handshake capture from a TicWatch wrist. NetHunter Live podcast set for Nov 14. #tool #kali #nethunter https://bit.ly/3WN1yQV
November 12, 2025 at 8:44 AM
NetHunter developer @yesimxev highlights kernel ports for OnePlus/Xiaomi, HID/Ducky Hungarian support, and WPA2 handshake capture from a TicWatch wrist. NetHunter Live podcast set for Nov 14. #tool #kali #nethunter https://bit.ly/3WN1yQV
Magnet provides modular purple-team telemetry generation and malicious-activity simulation, including a Windows ransomware_sim that encrypts files and drops ransom notes. Useful for testing detections. #tool #telemetry #purpleteam https://bit.ly/3Lwafg5
November 12, 2025 at 8:37 AM
Magnet provides modular purple-team telemetry generation and malicious-activity simulation, including a Windows ransomware_sim that encrypts files and drops ransom notes. Useful for testing detections. #tool #telemetry #purpleteam https://bit.ly/3Lwafg5
Targeted password-spray using DonPAPI-derived wordlists, delay+jitter controls, NetExec integration and secretsdump NT-hash comparison for authorized AD testing. #tool #passwordspray #ActiveDirectory https://bit.ly/3Lwv9eS
November 9, 2025 at 7:33 PM
Targeted password-spray using DonPAPI-derived wordlists, delay+jitter controls, NetExec integration and secretsdump NT-hash comparison for authorized AD testing. #tool #passwordspray #ActiveDirectory https://bit.ly/3Lwv9eS
OWASP Top 10:2025 RC1: Broken Access Control remains #1 (3.73% of apps; SSRF moved into A01). Security Misconfiguration rose to #2 (3.00%). New A03 Software Supply Chain Failures shows high CVE impact but limited detections. #OWASP #AppSec #SupplyChain https://bit.ly/4ouiA2a
November 9, 2025 at 7:30 PM
OWASP Top 10:2025 RC1: Broken Access Control remains #1 (3.73% of apps; SSRF moved into A01). Security Misconfiguration rose to #2 (3.00%). New A03 Software Supply Chain Failures shows high CVE impact but limited detections. #OWASP #AppSec #SupplyChain https://bit.ly/4ouiA2a
LANDFALL: commercial Android spyware delivered via malformed DNG exploiting CVE-2025-21042 on Samsung Galaxy; active mid‑2024 until patched Apr 2025; capabilities included mic recording, location, photos, contacts. #LANDFALL #CVE-2025-21042 #Android https://bit.ly/47sVfbi
November 8, 2025 at 10:18 AM
LANDFALL: commercial Android spyware delivered via malformed DNG exploiting CVE-2025-21042 on Samsung Galaxy; active mid‑2024 until patched Apr 2025; capabilities included mic recording, location, photos, contacts. #LANDFALL #CVE-2025-21042 #Android https://bit.ly/47sVfbi
E-book maps five generative AI threats to SOCs, noting telemetry blind spots, prompt injection and model misuse that can enable data exfiltration. Guidance emphasizes detection, model monitoring and governance. #generative_ai #SOC #AIsecurity https://bit.ly/3JBzfSu
November 7, 2025 at 8:31 PM
E-book maps five generative AI threats to SOCs, noting telemetry blind spots, prompt injection and model misuse that can enable data exfiltration. Guidance emphasizes detection, model monitoring and governance. #generative_ai #SOC #AIsecurity https://bit.ly/3JBzfSu
Generative AI + exported IDA data enabled static reverse engineering of XLoader 8.0; researchers used ChatGPT cloud analysis plus MCP-driven runtime key extraction to recover decrypted strings and hidden C2 domains. #xloader #ChatGPT #malwareanalysis https://bit.ly/47PuRY1
November 7, 2025 at 8:12 PM
Generative AI + exported IDA data enabled static reverse engineering of XLoader 8.0; researchers used ChatGPT cloud analysis plus MCP-driven runtime key extraction to recover decrypted strings and hidden C2 domains. #xloader #ChatGPT #malwareanalysis https://bit.ly/47PuRY1
GTIG finds first "just-in-time" AI malware using LLMs mid-execution (PROMPTFLUX, PROMPTSTEAL) to generate code and evade detection; Gemini abused for phishing lures and C2 development. #AIThreats #PROMPTFLUX #Gemini https://bit.ly/3Lr8gJP
November 7, 2025 at 8:05 PM
GTIG finds first "just-in-time" AI malware using LLMs mid-execution (PROMPTFLUX, PROMPTSTEAL) to generate code and evade detection; Gemini abused for phishing lures and C2 development. #AIThreats #PROMPTFLUX #Gemini https://bit.ly/3Lr8gJP
NoMoreStealer hooks IRP_MJ_CREATE in a Windows kernel minifilter to block access to browser and wallet folders; uses hardcoded protected paths and shared-memory notifications to a Wails frontend. Demo trust model is filename-based. #tool #kernel #windows https://bit.ly/4ouT5hx
November 7, 2025 at 7:44 PM
NoMoreStealer hooks IRP_MJ_CREATE in a Windows kernel minifilter to block access to browser and wallet folders; uses hardcoded protected paths and shared-memory notifications to a Wails frontend. Demo trust model is filename-based. #tool #kernel #windows https://bit.ly/4ouT5hx
Event ID 1149 in Microsoft-Windows-Terminal-Services-RemoteConnectionManager shows a successful RDP network connection (login UI served), not credential acceptance. Logs organized as: network→auth→logon→disconnect→logoff. #RDP #DFIR #EventID1149 https://bit.ly/4hQSNPm
November 7, 2025 at 1:26 PM
Event ID 1149 in Microsoft-Windows-Terminal-Services-RemoteConnectionManager shows a successful RDP network connection (login UI served), not credential acceptance. Logs organized as: network→auth→logon→disconnect→logoff. #RDP #DFIR #EventID1149 https://bit.ly/4hQSNPm
Containers are ephemeral but vulnerabilities persist; the piece lists five lifecycle controls: build hygiene, image scanning and SBOMs, minimal images, runtime policy enforcement, and continuous monitoring. #containers #sbom #security https://bit.ly/4oR41Wd
November 6, 2025 at 4:30 PM
Containers are ephemeral but vulnerabilities persist; the piece lists five lifecycle controls: build hygiene, image scanning and SBOMs, minimal images, runtime policy enforcement, and continuous monitoring. #containers #sbom #security https://bit.ly/4oR41Wd
Forecast: adversaries will normalize AI use, increasing prompt injection and AI‑driven vishing with voice cloning. Expect ransomware + data extortion and attacks targeting virtualization infrastructure. #AI #promptinjection #ransomware https://bit.ly/43X22HU
November 6, 2025 at 1:47 PM
Forecast: adversaries will normalize AI use, increasing prompt injection and AI‑driven vishing with voice cloning. Expect ransomware + data extortion and attacks targeting virtualization infrastructure. #AI #promptinjection #ransomware https://bit.ly/43X22HU
Missing Windows Security 4624 left a host blind for the Oct 1, 2025 incident; last 4624 logged Sep 13, 4776 present, audit policy change suspected — lateral access inferred. #incidentresponse #windows_security https://bit.ly/3XciCzN
November 6, 2025 at 12:40 PM
Missing Windows Security 4624 left a host blind for the Oct 1, 2025 incident; last 4624 logged Sep 13, 4776 present, audit policy change suspected — lateral access inferred. #incidentresponse #windows_security https://bit.ly/3XciCzN
Hands‑on IR simulator with 70+ real cases from Standoff cyberbattles; provides reconstructed kill chains, logs and traffic dumps in isolated virtual environments for analyst practice. #incidentresponse #cybertraining #bookmark https://bit.ly/3LfzlzL
November 4, 2025 at 5:30 PM
Hands‑on IR simulator with 70+ real cases from Standoff cyberbattles; provides reconstructed kill chains, logs and traffic dumps in isolated virtual environments for analyst practice. #incidentresponse #cybertraining #bookmark https://bit.ly/3LfzlzL
Rhysida runs Bing malvertising to push fake installers (Teams, PuTTy) delivering OysterLoader; samples are packed and code-signed for low VT detections and persistent backdoor delivery. #Rhysida #malvertising #OysterLoader https://bit.ly/3WA83X9
November 4, 2025 at 5:25 PM
Rhysida runs Bing malvertising to push fake installers (Teams, PuTTy) delivering OysterLoader; samples are packed and code-signed for low VT detections and persistent backdoor delivery. #Rhysida #malvertising #OysterLoader https://bit.ly/3WA83X9
Containers are ephemeral but vulnerabilities persist; the piece links Wazuh-based ransomware defense to five build-to-runtime practices for managing container risk at scale. #containers #wazuh #security https://bit.ly/492JppA
November 4, 2025 at 5:11 PM
Containers are ephemeral but vulnerabilities persist; the piece links Wazuh-based ransomware defense to five build-to-runtime practices for managing container risk at scale. #containers #wazuh #security https://bit.ly/492JppA
SesameOp backdoor uses the OpenAI Assistants API as a command-and-control channel, showing Assistants endpoints can be abused; e-book summarizes five generative AI threats and steps to bolster security. #OpenAI #SesameOp #AIsecurity https://bit.ly/3LkRNH6
November 4, 2025 at 5:06 PM
SesameOp backdoor uses the OpenAI Assistants API as a command-and-control channel, showing Assistants endpoints can be abused; e-book summarizes five generative AI threats and steps to bolster security. #OpenAI #SesameOp #AIsecurity https://bit.ly/3LkRNH6
CoSAI released AI Incident Response Framework v1.0: NIST-aligned lifecycle, focus on prompt injection, memory/context poisoning and model extraction; includes OASIS CACAO playbooks for RAG and MINJA response. #AIsecurity #IR #CoSAI https://bit.ly/43NuP1B
November 4, 2025 at 2:40 PM
CoSAI released AI Incident Response Framework v1.0: NIST-aligned lifecycle, focus on prompt injection, memory/context poisoning and model extraction; includes OASIS CACAO playbooks for RAG and MINJA response. #AIsecurity #IR #CoSAI https://bit.ly/43NuP1B
Catalog of adversary techniques that exploit people: detailed taxonomy covering phishing, pretexting, baiting and insider risks, plus methodology and permissive reuse license. #socialengineering #humanrisk #bookmark https://bit.ly/492JXM2
November 4, 2025 at 2:35 PM
Catalog of adversary techniques that exploit people: detailed taxonomy covering phishing, pretexting, baiting and insider risks, plus methodology and permissive reuse license. #socialengineering #humanrisk #bookmark https://bit.ly/492JXM2