Prevent these things from running on your org, as Cybersecurity and Infrastructure Security Agency breaks down, this is what modern actors are abusing.

Grateful that a community project like LOLRMM went from this weekend hackathon to full blown project now mentioned by CISA: cisa.gov/news-events/cy…

Be wary of people who spew AI hype and screenshot their army of agents but don't seem to be shipping anything but demos. I'm a big fan of AI assistance and use agents and chat everyday, but there's a ton of engagement farming happening out there.

Want to truly test your defenses? 🛡️ Atomic Red Team offers simple, executable tests mapped directly to MITRE ATT&CK® techniques — for free! 💪 These vital resources help you: ✅ Set up your test environment. 🔍 Browse tests for Windows, macOS, Linux, & cloud. 🧪 Execute

LOLRMM.io now tracks over 290 RMMs, with new ones being added regularly. These tools provide legitimate functionality but are frequently repurposed by attackers. Read here: buff.ly/oNbWfa6 If you're not using them in your setup, why allow them to run?

#iwantone

If you didn't see it, check out the llm payload generation research from Kyle Avery . The best research I've seen in the offensive security AI space. I'm probably biased, but it shows what's possible. outflank.nl/blog/2025/08/0…

🚨 How #Rhadamanthys Stealer Slips Past Defenses using ClickFix ⚠️ Rhadamanthys is now delivered via ClickFix, combining technical methods and social engineering to bypass automated security solutions, making detection and response especially challenging. 👾 While earlier

Ever seen a spotted orb weaver?

Ever seen a spotted orb weaver?

I’m excited to announce two major upgrades in our free product line: 📦 Archive scanning is now unlocked in THOR Lite - including docx, xlsx, jar, war, and more 🧠 YARA Forge (my own project) is now integrated – extends the detection coverage with open source rules 🔍 Also

LOLdrivers.io now has SIEM queries and a tool section for those looking to operationalize the data. Thanks to Mehmet Ergene and The Haag™ for sharing the queries with the community! Also shout out to Tenable for sharing the Nessus plugin, Oddvar Moe for the

[New Blog 📚] The Fragile Balance: Assumptions, Tuning, and Telemetry Limits In Detection Engineering If you ever struggle with false positives and the idea of tuning detections. This is for you. Read More - nasbench.medium.com/the-fragile-ba…

github.com/0x4D31/finch is a really slick tool, super easy to use, flexible configs, great logs - thank you Adel Ka !

It's just not a good market for app control bypass research these days, so I moved on to researching other things no one cares about.

Attackers know how to find your weak and misconfigured Applocker rules. Now you can too.... 🧵Just finished putting together a new tool to find weak and misconfigured AppLocker policies. It’s called AppLocker Inspector. Here’s how this tool came to be and what it does that’s

Cisco Talos’ latest blog exposes Static Tundra, a Russian state-sponsored group targeting unpatched Cisco devices for long-term espionage worldwide. Apply the patch now and protect your network: cs.co/6018fvA0O

#Mood The Haag™ Bhavin Patel