Zach Corum
@infrasecalliance.org
IT | OT | Cybersecurity | GICSP | Whisk(e)y | Bonsai
Open to Work
Infrasec Aliance: A non-profit dedicated to securing critical infrastructure
https://imtr.net/intelligence
https://blog.infrasecalliance.org
https://bio.site/zachcorum
Open to Work
Infrasec Aliance: A non-profit dedicated to securing critical infrastructure
https://imtr.net/intelligence
https://blog.infrasecalliance.org
https://bio.site/zachcorum
We are starting to generate Attack Flows for some articles on IMTR. Attack Flows are built using #FlowViz.io from the source article. We have a few created already you can browse on the Would love to hear your feedback.
imtr.net/gallery/T156...
#cybersec #threat #backdoor #threatintel
imtr.net/gallery/T156...
#cybersec #threat #backdoor #threatintel
Operation SkyCloak Deploys Tor-Enabled OpenSSH Backdoor Targeting Defense Sectors - Attack Flow Visualization
# Threat Actor: Unidentified (Associated with Operation SkyCloak)
## Attribution & Identity
The threat actor remains unidentified, but the activity h... Powered by FlowViz. Explore threat intelligenc...
imtr.net
November 5, 2025 at 1:38 AM
We are starting to generate Attack Flows for some articles on IMTR. Attack Flows are built using #FlowViz.io from the source article. We have a few created already you can browse on the Would love to hear your feedback.
imtr.net/gallery/T156...
#cybersec #threat #backdoor #threatintel
imtr.net/gallery/T156...
#cybersec #threat #backdoor #threatintel
It is worth highlighting that the Allen Bradley Stratix products running the 5200 and 5800 firmware are vulnerable to this exploit chain assuming they have not been patched since October 2023. Now is a good time to check
imtr.net/share/-LxT57...
imtr.net/share/-LxT57...
ASD Warns of Ongoing BADCANDY Attacks Exploiting Cisco IOS XE Vulnerability
The Australian Signals Directorate (ASD) has issued a bulletin about ongoing cyber attacks targeting unpatched Cisco IOS XE devices in the country with a previously undocumented implant known as BADCA
imtr.net
November 1, 2025 at 7:49 PM
It is worth highlighting that the Allen Bradley Stratix products running the 5200 and 5800 firmware are vulnerable to this exploit chain assuming they have not been patched since October 2023. Now is a good time to check
imtr.net/share/-LxT57...
imtr.net/share/-LxT57...
A friendly reminder to apply patches to your firewalls on a regular and consistent basis. This is not new news to most these scans are automated and easy to deploy. Don't be the low hanging fruit!
imtr.net/share/gaOg-j...
imtr.net/share/gaOg-j...
Chinese hackers scanning, exploiting Cisco ASA firewalls used by governments worldwide
In a report shared with Recorded Future News, Unit 42 attributed the targeting of Cisco ASA devices to Storm-1849 — a China-based threat group that Cisco previously said has been attacking the tools s
imtr.net
October 31, 2025 at 6:27 PM
A friendly reminder to apply patches to your firewalls on a regular and consistent basis. This is not new news to most these scans are automated and easy to deploy. Don't be the low hanging fruit!
imtr.net/share/gaOg-j...
imtr.net/share/gaOg-j...
I am doing some research on the usage of llms.txt / llms-full.txt and thought it useful to create an index site for anyone to search for these files. llms-text.ai
I also added a simple API endpoint for programmatic access if you need it.
llms-text.ai/api/search-l...
#ai #llms #aidevelopment
I also added a simple API endpoint for programmatic access if you need it.
llms-text.ai/api/search-l...
#ai #llms #aidevelopment
LLMS.txt Explorer
Explore and analyze LLMS.txt files from various domains across the web
llms-text.ai
May 27, 2025 at 11:05 PM
I am doing some research on the usage of llms.txt / llms-full.txt and thought it useful to create an index site for anyone to search for these files. llms-text.ai
I also added a simple API endpoint for programmatic access if you need it.
llms-text.ai/api/search-l...
#ai #llms #aidevelopment
I also added a simple API endpoint for programmatic access if you need it.
llms-text.ai/api/search-l...
#ai #llms #aidevelopment
No honor amongst thieves.
There's a ransomware group named DragonForce going around hacking its rivals.
After Mamona and BlackLock, the group has now hacked RansomHub—a major RaaS platform and one of the most active groups today.
After Mamona and BlackLock, the group has now hacked RansomHub—a major RaaS platform and one of the most active groups today.
April 6, 2025 at 1:28 AM
No honor amongst thieves.
Reposted by Zach Corum
There's a ransomware group named DragonForce going around hacking its rivals.
After Mamona and BlackLock, the group has now hacked RansomHub—a major RaaS platform and one of the most active groups today.
After Mamona and BlackLock, the group has now hacked RansomHub—a major RaaS platform and one of the most active groups today.
April 5, 2025 at 11:11 PM
There's a ransomware group named DragonForce going around hacking its rivals.
After Mamona and BlackLock, the group has now hacked RansomHub—a major RaaS platform and one of the most active groups today.
After Mamona and BlackLock, the group has now hacked RansomHub—a major RaaS platform and one of the most active groups today.
Reposted by Zach Corum
Website outages were observed across Russia this week, with regulators attributing them to issues with foreign servers. Observers said the problems might be tied to Russian government moves to block the Cloudflare service. https://therecord.media/russia-websites-dark-reported-cloudflare-block
Major web services go dark in Russia amid reported Cloudflare block
Website outages were observed across Russia this week, with regulators attributing them to issues with foreign servers. Observers said the problems might be tied to Russian government moves to block the Cloudflare service.
therecord.media
March 20, 2025 at 7:48 PM
Website outages were observed across Russia this week, with regulators attributing them to issues with foreign servers. Observers said the problems might be tied to Russian government moves to block the Cloudflare service. https://therecord.media/russia-websites-dark-reported-cloudflare-block
🧵1/4 Hackers are ramping up attacks using year-old ServiceNow security bugs to target unpatched systems. Threat intelligence startup GreyNoise warns that 70% of recent malicious activity targeted systems in Israel, Germany, Japan, and Lithuania. #Security #ServiceNow
March 20, 2025 at 7:51 PM
🧵1/4 Hackers are ramping up attacks using year-old ServiceNow security bugs to target unpatched systems. Threat intelligence startup GreyNoise warns that 70% of recent malicious activity targeted systems in Israel, Germany, Japan, and Lithuania. #Security #ServiceNow
🤖 #LLMsTxt: A Game-Changer for AI & Websites
The /llms.txt file is a new web standard that helps LLMs better understand your website content.
Here is a simple google dork with roughly 700+ results
www.google.com/search?q=fil...
The /llms.txt file is a new web standard that helps LLMs better understand your website content.
Here is a simple google dork with roughly 700+ results
www.google.com/search?q=fil...
Google Search
www.google.com
March 20, 2025 at 7:47 PM
🤖 #LLMsTxt: A Game-Changer for AI & Websites
The /llms.txt file is a new web standard that helps LLMs better understand your website content.
Here is a simple google dork with roughly 700+ results
www.google.com/search?q=fil...
The /llms.txt file is a new web standard that helps LLMs better understand your website content.
Here is a simple google dork with roughly 700+ results
www.google.com/search?q=fil...
Reposted by Zach Corum
PAN's Unit42 solves an old APT mystery and links the Stately Taurus APT to Bookworm, a mysterious trojan used in espionage campaigns for the past decade.
unit42.paloaltonetworks.com/stately-taur...
unit42.paloaltonetworks.com/stately-taur...
Stately Taurus Activity in Southeast Asia Links to Bookworm Malware
Unit 42 details the just-discovered connection between threat group Stately Taurus (aka Mustang Panda) and the malware Bookworm, found during analysis of the group's infrastructure. Unit 42 details th...
unit42.paloaltonetworks.com
February 20, 2025 at 1:50 PM
PAN's Unit42 solves an old APT mystery and links the Stately Taurus APT to Bookworm, a mysterious trojan used in espionage campaigns for the past decade.
unit42.paloaltonetworks.com/stately-taur...
unit42.paloaltonetworks.com/stately-taur...
Reposted by Zach Corum
A trove of chat logs allegedly belonging to the prolific Black Basta ransomware group has leaked online, revealing unprecedented insights into the gang's operations
The logs, seen by TechCrunch, also name several previously unknown targeted organizations techcrunch.com/2025/02/21/a...
The logs, seen by TechCrunch, also name several previously unknown targeted organizations techcrunch.com/2025/02/21/a...
A huge trove of leaked Black Basta chat logs expose the ransomware gang’s key members and victims | TechCrunch
A leaker allegedly published the leaked internal messages after the group allegedly targeted Russian banks
techcrunch.com
February 21, 2025 at 3:25 PM
A trove of chat logs allegedly belonging to the prolific Black Basta ransomware group has leaked online, revealing unprecedented insights into the gang's operations
The logs, seen by TechCrunch, also name several previously unknown targeted organizations techcrunch.com/2025/02/21/a...
The logs, seen by TechCrunch, also name several previously unknown targeted organizations techcrunch.com/2025/02/21/a...
When did this "feature" get added to the Edge browser? Don't do this, its dumb. #nothanks #cybersecurity #privacy
February 7, 2025 at 2:47 AM
When did this "feature" get added to the Edge browser? Don't do this, its dumb. #nothanks #cybersecurity #privacy
It may seem like a daunting task to upgrade 5 decades worth of equipment. It enrages me when they blame the outdated equipment like it has a choice. It was their choice not to update it! Don't let them get away with that decision it will happen again.
And you thought your business had a lot of unpatched edge devices that enable long-dwell persistence!
I love how so many problems in cybersecurity are basic and ubiquitous — like common networking appliances having code riddled with vulnerabilities — but people wanna invest in AI or whatever…
I love how so many problems in cybersecurity are basic and ubiquitous — like common networking appliances having code riddled with vulnerabilities — but people wanna invest in AI or whatever…
There's a reason why it's going to take U.S. telcos a pretty long time to toss Beijing out of their networks: They have so much equipment they need to map out, patch and update.
But until each device is secured, Beijing is likely going to keep finding new ways in.
www.axios.com/2024/12/06/t...
But until each device is secured, Beijing is likely going to keep finding new ways in.
www.axios.com/2024/12/06/t...
December 6, 2024 at 9:45 PM
It may seem like a daunting task to upgrade 5 decades worth of equipment. It enrages me when they blame the outdated equipment like it has a choice. It was their choice not to update it! Don't let them get away with that decision it will happen again.
This is another one of those turning point moments isn't it?
From now on, every time there is a new proposal to backdoor e2ee apps, we're just going to point to this, right?
www.nbcnews.com/tech/securit...
www.nbcnews.com/tech/securit...
U.S. officials urge Americans to use encrypted apps amid cyberattack that exposed live phone calls
Officials from the FBI and CISA said it was impossible to predict when the telecommunications companies would be fully safe from interlopers.
www.nbcnews.com
December 4, 2024 at 4:44 AM
This is another one of those turning point moments isn't it?
Reposted by Zach Corum
Happy birthday @haveibeenpwned.com! 11 years today, and now with its very own Bluesky account 😊 www.troyhunt.com/introducing-...
Introducing “Have I been pwned?” – aggregating accounts across website breaches
I often write up analyses of the passwords disclosed in website breaches. For
example, there was A brief Sony password analysis
[https://www.troyhunt.com/2011/06/brief-sony-password-analysis.html] bac...
www.troyhunt.com
December 4, 2024 at 3:32 AM
Happy birthday @haveibeenpwned.com! 11 years today, and now with its very own Bluesky account 😊 www.troyhunt.com/introducing-...
Security through obscurity is not the answer...
Until you share a screen shot of your SCADA network topology (That you have been meaning to update for the last 6 years) by accident in the background of a webinar slide you were trying to save.
#cybersecurity
Now it's security through deception!! 🤘
Until you share a screen shot of your SCADA network topology (That you have been meaning to update for the last 6 years) by accident in the background of a webinar slide you were trying to save.
#cybersecurity
Now it's security through deception!! 🤘
December 3, 2024 at 2:19 PM
Security through obscurity is not the answer...
Until you share a screen shot of your SCADA network topology (That you have been meaning to update for the last 6 years) by accident in the background of a webinar slide you were trying to save.
#cybersecurity
Now it's security through deception!! 🤘
Until you share a screen shot of your SCADA network topology (That you have been meaning to update for the last 6 years) by accident in the background of a webinar slide you were trying to save.
#cybersecurity
Now it's security through deception!! 🤘
Another Justice Hammer 🔨 brought down on crimials. This time 1000! across 19 african countries.
- African cybercrime crackdown nets more than 1,000 suspects in enforcement operation dubbed Operation Serengeti.
- It linked the criminals to 35,000 victims and $193 million worth of losses.
- African cybercrime crackdown nets more than 1,000 suspects in enforcement operation dubbed Operation Serengeti.
- It linked the criminals to 35,000 victims and $193 million worth of losses.
December 2, 2024 at 5:46 AM
Another Justice Hammer 🔨 brought down on crimials. This time 1000! across 19 african countries.
- African cybercrime crackdown nets more than 1,000 suspects in enforcement operation dubbed Operation Serengeti.
- It linked the criminals to 35,000 victims and $193 million worth of losses.
- African cybercrime crackdown nets more than 1,000 suspects in enforcement operation dubbed Operation Serengeti.
- It linked the criminals to 35,000 victims and $193 million worth of losses.
“Kremlin-Ordered Assassinations Abroad Will Probably Persist.” is a now declassified document detailing a series of extra judicial killings most likely ordered by the Kremlin. Although a little dated it's still an interesting read. @jasonleopold.bsky.social
#odni #foia
#odni #foia
November 22, 2024 at 7:05 PM
“Kremlin-Ordered Assassinations Abroad Will Probably Persist.” is a now declassified document detailing a series of extra judicial killings most likely ordered by the Kremlin. Although a little dated it's still an interesting read. @jasonleopold.bsky.social
#odni #foia
#odni #foia
More Justice Hammers being served
The Justice Department unsealed charges against five men accused of running prolific phishing campaigns that allowed them to steal employee credentials, gain access to sensitive data and pilfer millions.
By @jgreig.bsky.social on @therecordmedia.bsky.social
therecord.media/five-scatter...
By @jgreig.bsky.social on @therecordmedia.bsky.social
therecord.media/five-scatter...
Five members of Scattered Spider cybercrime group charged for breaches, theft of $11 million
Court documents say the five — who live in the U.S. and U.K. — are accused of stealing $11 million worth of cryptocurrency from at least 29 victims in addition to taking troves of corporate documents ...
therecord.media
November 20, 2024 at 10:01 PM
More Justice Hammers being served
Reposted by Zach Corum
Advertisement infrastructure allows data collection enabling tracking of US military and intelligence personnel, revealing movements from homes and schools to sensitive sites like airbases and intelligence centers, posing serious security risks. www.wired.com/story/phone-...
November 20, 2024 at 12:59 PM
Advertisement infrastructure allows data collection enabling tracking of US military and intelligence personnel, revealing movements from homes and schools to sensitive sites like airbases and intelligence centers, posing serious security risks. www.wired.com/story/phone-...
This is a very frustraiting video to watch having known about a lot of these disinfo\misinfo tactics but Benn's presentation and subsequent analysis of the topic was soo good that I hope you watch it too.
Enjoy the premiere with me tomorrow morning while a script slowly deletes every single thing I've posted on X in the last 15 years.
The Really Dark Truth About Bots
www.youtube.com/watch?v=GZ5X...
The Really Dark Truth About Bots
www.youtube.com/watch?v=GZ5X...
The Really Dark Truth About Bots
YouTube video by Benn Jordan
www.youtube.com
November 20, 2024 at 6:40 PM
This is a very frustraiting video to watch having known about a lot of these disinfo\misinfo tactics but Benn's presentation and subsequent analysis of the topic was soo good that I hope you watch it too.
A just remarcable summary of how social media is weaponized to make you think differently no matter who or what you support. If the topic has the potential to cause division and chaos that topic is being weaponized against you.
Enjoy the premiere with me tomorrow morning while a script slowly deletes every single thing I've posted on X in the last 15 years.
The Really Dark Truth About Bots
www.youtube.com/watch?v=GZ5X...
The Really Dark Truth About Bots
www.youtube.com/watch?v=GZ5X...
The Really Dark Truth About Bots
YouTube video by Benn Jordan
www.youtube.com
November 20, 2024 at 6:11 PM
A just remarcable summary of how social media is weaponized to make you think differently no matter who or what you support. If the topic has the potential to cause division and chaos that topic is being weaponized against you.
This is a good time to share Cory Doctrows speech "Disenshittify or Die" Speech of the year in my book.
youtu.be/4EmstuO0Em8?...
youtu.be/4EmstuO0Em8?...
November 20, 2024 at 5:55 AM
This is a good time to share Cory Doctrows speech "Disenshittify or Die" Speech of the year in my book.
youtu.be/4EmstuO0Em8?...
youtu.be/4EmstuO0Em8?...