“Meet the AI-powered—“ no, I don’t want to ❤️ I don’t think I will actually ❤️❤️❤️

Analysis of a recent KawaLocker #ransomware incident with what might be my favorite title of all time huntress.com/blog/kawalocke…

Cybercriminals are using USB infections for coinmining operations. This blog post unpacks their multi-stage attack, including DLL side-loading, process injection, and using PostgreSQL as C2. Learn more: bit.ly/4lA7hDA

Getting Milo and Otis vibes from this movie

iOS 18.6.2 is out, fixing already-exploited 0day

FBI releasing this advisory alongside new Talos research about “Static Tundra” exploiting a 7-year-old Cisco IOS flaw (CVE-2018-0171) blog.talosintelligence.com/static-tundra/

2 doggos>1 doggo

Occasionally you see a new or newish threat in the SOC. One such example is Syphilis- oops, I mean, Cephalus Ransomware Either way: Don’t Lose Your Head 👇 huntress.com/blog/cephalus-…

Ransomware groups don’t just encrypt files, they steal them first. Data staging + exfiltration is the most common step before encryption. Here's how it happens (with real tactics + command lines):👇 okt.to/UWIZev

You can have all the best opsec in the world, but your moms Facebook page will ruin it every single time

attribution often finds you, yet sometimes...

Insikt Group releases a deep dive into the Lumma infostealer, active since 2022, and the affiliates behind it. The analysis highlights new, previously undocumented tools and evidence that affiliates run multiple schemes simultaneously. recordedfuture.com/research/behin…

the recording of my talk on the Black Hat show floor is up on yout00b :) youtu.be/whhOYRWd_rs

We recently came across Cephalus #ransomware: -Initial access: RDP compromised accounts -DLL sideloading to launch the ransomware -Ransom notes w/ articles about Cephalus in an apparent attempt to underscore the legitimacy of the ransomware as a threat huntress.com/blog/cephalus-…

Of all the web technologies we’ve had and lost, I miss RSS the most. I controlled how I consumed the content, not how an algorithm decides. That and google reader

On August 21, GreyNoise observed nearly 2,000 malicious IPs probing Microsoft Remote Desktop (RDP) services in a single day — a sharp deviation from baseline activity. Full blog: greynoise.io/blog/surge-mal… #ThreatIntel #RDP #Cybersecurity #GreyNoise #Analysis #RemoteDesktop

2025 State of the Internet Report: Summary and Conclusions censys.com/blog/2025-stat… (Screenshot: PolarEdge infections as of 5 August 2025)

I hate it here

New blog! Widespread Data Theft Targets Salesforce Instances via Salesloft Drift cloud.google.com/blog/topics/th…

Citrix: "Exploits of CVE-2025-7775 on unmitigated appliances have been observed." NetScaler ADC and NetScaler Gateway emergency patch support.citrix.com/support-home/k…