IMPORTANT message for everyone using Gmail. You have been automatically OPTED IN to allow Gmail to access all your private messages & attachments to train AI models. You have to manually turn off Smart Features in the Setting menu in TWO locations. Retweet so every is aware.

#MDE custom collection is finally in public preview! It's a centrally managed solution to improve visibility and detection opportunities. We're releasing a management tool and rule repository in YAML format to share new rules with the community. medium.com/falconforce/mi…

Azure Bastion CVE-2025-49752 👀 CVSS Score: 10/10 Affected: All Azure Bastion deployments prior to the security update released on November 20, 2025 zeropath.com/blog/azure-bas…

𝗢𝘂𝘁𝗹𝗼𝗼𝗸 𝗦𝘁𝗮𝗿𝘁𝘂𝗽 𝗣𝗲𝗿𝘀𝗶𝘀𝘁𝗲𝗻𝗰𝗲 𝘃𝗶𝗮 𝗥𝗲𝗴𝗶𝘀𝘁𝗿𝘆 𝗠𝗼𝗱𝗶𝗳𝗶𝗰𝗮𝘁𝗶𝗼𝗻 (T1112) Recent research (e.g., Splunk’s NotDoor Insights) highlights that adversaries can achieve persistence in Microsoft Outlook by modifying the registry key

I just finished a big update for the EDR Telemetry website. We’re preparing for many exciting updates and want to make sure we’re ready 🙂 Check it out and let me know what you think - edr-telemetry.com

🐞 Microsoft Confirms Windows 11 24H2 Update is Breaking Multiple Core Features Read more: cybersecuritynews.com/windows-11-24h… Microsoft has officially acknowledged a significant disruption affecting Windows 11 version 24H2 users, specifically after installing the cumulative update

Someone going by "wwwiesel" on GitHub picked up Mike M’s tradition this year and dropped a full list of #BlackFriday deals in the #InfoSec space Online Courses & Training - 8kSec Academy - AI Security Professional Course - Altered Security - Belkasoft - Blu Raven Academy

A customer sent malware over. The file magic was CART.. What's that? Turns out, something pretty cool. "This is where CaRT (which stands for Compressed and RC4 Transport) comes in. CaRT is used to store and transfer malware, as well as its metadata. This is a product developed

🚨 I made a simple tool to check if you're affected by the latest NPM worm. The Shai Hulud NPM worm is back, infecting over 27,000 GitHub repos and big name packages from Zapier, Posthog, Postman and others. Are you vulnerable? Check here: corridor.dev/shai-check

👀Blog with full details & more updates can be found here: reversinglabs.com/blog/another-s… #npm #OSS #SoftwareSupplyChainSecurity #Shaihulud Tomislav Pericin

My first Huntress blog is live: we break down some funky ClickFix lures that lead to a loader which uses steganography to extract shellcode and ultimately deliver LummaC2/Rhadamanyths stealers. Big thanks to RussianPanda 🐼 🇺🇦 for the help! 😇 huntress.com/blog/clickfix-…

The SHA1-Hulud npm mess keeps growing, so we added additional detections for it today - new YARA rules by my colleague Marius Benthin in our public signature-base - cover bun_environment.js / setup_bun.js and the malicious preinstall script variants from the Wiz / Aikido

I was reading an older report from CrowdStrike the other day: "CrowdStrike was able to reconstruct the PowerShell script from the PowerShell Operational event log as the script’s execution was logged automatically due to the use of specific keywords." [1] Which reminded me of

Quick walkthrough using CyberChef to decode a short .hta script from Malware Bazaar. 1. Extract encoded text using capture groups 2. Remove whitespace added by Cyberchef 3. Base64 decode the results Sample: bazaar.abuse.ch/sample/198aa2e… #malware #cyberchef

🦊 GitLab i made a script to check repos in bulk gist.github.com/alexgreenland/…

Huntress researchers Anna Pham (RussianPanda 🐼 🇺🇦) & Ben Folland detail a multi-stage malware execution chain, originating from a ClickFix lure, that leads to the delivery of infostealing malware, including LummaC2 & Rhadamanthys. huntress.com/blog/clickfix-…

🚨 Indirect-Shellcode-Executor Tool Exploits Windows API Vulnerability to Evade AV and EDR Source: cybersecuritynews.com/indirect-shell… A new offensive security tool developed in Rust is demonstrating a novel method for bypassing modern Endpoint Detection and Response (EDR) systems by

Cobalt Strike has a chokepoint that is great for robust detection. 👇 #ThreatHunting #DetectionEngineering academy.bluraven.io/blog/detecting…

Reading a report from a recent Incident Response case from my teammate, Asger.jpg. "It was observed that an unknown hostname “DESKTOP-LDIG48N” from the VPN DHCP IP address 192.168.128.149 made multiple failed login attempts using the username “admin” against various hosts

Results of a wonderful partnership among LEA across the world to make it a better place! We have come far since this all started eating mealybugs(Emotet).🙂We are thankful for this partnership and to play a role in this to make a difference. We are a bit hungry though now... 🤔