New #osx #amos stealer distribution domain, based on old "Brew" topic. brrewsh\.org raw.brrewsh\.org B: bazaar.abuse.ch/sample/20fac81… V: virustotal.com/gui/file/20fac…

⚡ As we highlight in our recent report "Leveraging Windows Defender Application Control (WDAC) to Block Dual-Use Application Abuse", nation‑state aligned actors (including Iran‑linked groups like MuddyWater and OilRig) are increasingly weaponizing legitimate tools for

🚨 1- CVE-2025-53770 is a variant of CVE-2025-49704 - a critical auth bypass in SharePoint's ToolPane.aspx endpoint. It lets attackers reach a page that can parse webparts without valid credentials, and with a chained deserialization bug, they can achieve RCE entirely in memory

Nothing too exciting by APT41 🇨🇳 here IMO, using Impacket, CobaltStrike, Mimikatz, Pillager, RawCopy, Neo-reGeorg Using a compromised SharePoint server for C2 is interesting I guess, especially with this new ToolShell exploit for SharePoint servers securelist.com/apt41-in-afric…

#ZeroTrust is complex. #AI helps simplify implementation. SANS’ Ismael Valenzuela (Ismael Valenzuela) breaks down predictive, generative & agentic AI in action. 📖 Read on The Hacker News: thehackernews.com/2025/07/assess…

The Arctic Wolf Labs team has uncovered a new campaign by APT group Dropping Elephant targeting major Turkish defense contractors and weapons manufacturers. Learn more in our latest blog: ow.ly/xLih50WueNn #HypersonicEspionage #TurkeyPakistan #DroppingElephant #Türkiye

Right after disclosing financially motivated "Greedy Sponge's" campaign targeting organizations in #Mexico (arcticwolf.com/resources/blog…), our Arctic Wolf Labs team has identified a new campaign by cyber-espionage group #DroppingElephant targeting Turkish defense contractors,

Thanks for the report Arctic Wolf! Further connected infrastructure based on upstream traffic patterns: 2.56.127.158 - cypowertech[.]org 94.131.108.94 - techzcore[.]org (recent & potentially live campaign) All four IPs in the attached image were suspended THE.Hosting 🐉🤝🤖

🔐 New guidance for #SMEs: Microsegmentation in Zero Trust is here! Apply it across IT, OT, ICS & more to shrink attack surfaces, boost resilience & modernize networks.

My latest talk on the practical application of AI in #cyberdefense is now live! 🔗 youtube.com/watch?v=HT3f66… This presentation was part of the SANS Institute “Secure Your Fortress” event back in April 2025, with 4,000 registrations and over 1,200+ live views from 76 countries.

In late July 2025, we observed an increase in #ransomware activity targeting SonicWall firewalls for initial access. In the intrusions reviewed, multiple pre-ransomware intrusions were observed within a short period of time, each involving VPN access. Ransomware groups often use

YARA-X 1.5.0 has been released! It comes with new features and multiple bug fixes. github.com/VirusTotal/yar…

“Thinking like a Red Teamer doesn’t mean becoming one, it means becoming a more dangerous defender.” That’s the heart of my #ThinkRedActBlue 🔴 🔵 philosophy, and I’m proud to see how well Galen Gough captured it after taking SANS Institute #SEC530. In his recent article, Galen