Anybody got a good place/website for Ugly Christmas sweater APT style? Think of crowdstrike APT logos but on a Christmas sweater, any idea Tyler McLellan chicagocyber J. A. Guerrero-Saade Katie Nickels

SickKids is responding to a cybersecurity incident affecting several network systems and has called a Code Grey – system failure. The code is ongoing. Patient care is unaffected at this time. Read more: bit.ly/3VaeUDm

Retweeting for reach

- Malvertising: notepadplusplus[.]site - #Vidar stealer: download-notepad-plus-plus.duckdns[.]org - Gets C2 location from Telegram and Steam - C2s: 95.217.16[.]127 157.90.148[.]112 116.203.6[.]107 More indicators in this blog post I wrote: darktrace.com/blog/vidar-inf…

I highly recommend folks to go and read the latest blog from LastPass on their recent incident. Thank you for the transparency so far. I think one question I have would be who/what is the ultimate target/s of this support.lastpass.com/help/incident-…

My 2c on the #BlackLotus UEFI bootkit (thanks, ESET Research): - "Exploitation Less Likely" is proven wrong, hope for a new DBX revocation list. - not trusting UEFI CA saves the day yet again. - having a single NV+BS variable as a gateway to booting whatever is a bad idea.

Today, we've released #APT43 🇰🇵. As part of this release, I wanted to highlight some of the background research that went into this. No blue checkmark, so I have to do a normal thread 😅mandiant.com/resources/blog…

Thank you Andrew Thompson for this... I could not have said it any better

Waiting for Tom Hegel translation of the screenshots 👀👀

Lo key one of the best blogs I have read in a while... Hot daaaamn!!! Well done

Today we are highlighting an actor we are tracking as Volt Typhoon. This activity is targeting US and Guam critical infrastructure. Volt Typhoon has been observed mostly living off the land during our investigations.

💜Adversary Simulation and Purple friends💜 I'm happy to share this simulation plan which regroups a TOP 35 ATT&CK TTPs from 22-23. Based on open source intel, it's meant to ease the onboarding of more into Purple! Have a look at the readme #CTI #TTP github.com/Sam0x90/CTI/tr…

More like the chollima in the room, am I right? 🥁🥁🤣

- Legacy could indicate lack of MFA - Spray and pray attacks continue to show valuable outcomes for attackers and you don't always need 0days - IAM and account logging and monitoring is essential - more firms were probably targeted - finally, Kudos to MS for the transparency

I highly recommend watching Kris's talk from 2022. I specifically love the methodology used for their analysis and it is just a work of art.

Part 2 with some hashes, domains and IoCs for good measure and an ask to help identify these raw shellcode sec0wn.blogspot.com/2026/01/part-2… James tlansec MalwareHunterTeam