Some additional details emerge about the F5 breach: the hackers were in the company's network for at least 12 months, according to people familiar with the investigation. F5 sent customers on Wednesday a threat hunting guide for Brickstorm, which is leveraged by the UNC5221

We identified a malvertising campaign targeting users searching for legitimate software, leading to the download of a trojanized WinSCP installer that deployed Broomstick/OysterLoader. All files involved in the initial access phase were signed with valid certificates.

➡️ The above is from a recent Private Threat Brief: "Signed Malware, PowerShell Abuse, and Azure Exfiltration in Fake WinSCP Intrusion" ➡️➡️Interested in receiving reports like this one? Contact us for a demo or pricing - thedfirreport.com/contact/

Our final ticket release is at 1337hrs on 11/11/25, they're only available on our Eventbrite page, if none are shown, they are all gone, no code is required for to get one. If you have a ticket and can longer go, cancel your ticket so someone else can! #BSidesLDN2025 #Tickets

Pob lwc i'n cefnder Cymreig gyda'u digwyddiad heno! #BSidesCymru2025 #BSides #Cymru

📄 The Hunt Evil poster is your guide to understand what’s "normal" on a #Windows system. 👉 This poster breaks down expected behavior for core Windows processes, helping you spot suspicious activity. 📩 Grab your copy: buff.ly/j0Oww6b #ThreatHunting #IncidentResponse

Ever got a bunch of #IOCs or #YARA rules and thought “how do I quickly check a few endpoints without setting up anything?” Here’s a trick: use THOR Cloud. You can just upload your IOCs or YARA rules, create a small scan campaign, and send someone a link. They download the

Remove Default Microsoft Store Packages: Windows Debloat Done Right Now available in the Intune Settings Catalog!! The Remove Default Microsoft Store Packages policy gives admins a native and reliable way to remove built in Microsoft Store apps without the need to use fragile

🛠️ AsmLdr Shellcode loader for Windows x64 environments. Execute encrypted payloads while minimizing detection by advanced antivirus software, endpoint detection and response (EDR) systems, sandboxes, and debuggers Try: github.com/0xNinjaCyclone…

🚨 New PDF Tool to Detect Malicious PDF Using PDF Object Hashing Technique Read more: cybersecuritynews.com/pdf-tool-to-de… A new open-source tool called PDF Object Hashing is designed to detect malicious PDFs by analyzing their structural “fingerprints.” By focusing on document structure

New research shows Credential Guard can still leak creds By abusing Remote Credential Guard, attackers can request NTLMv1 challenge responses and recover NT hashes - even on fully patched Windows 11 with VBS and PPL - Microsoft confirmed and marked it “won’t fix.” - PoC called

LLMs to perform network discovery and security scanning tasks using the powerful Nmap tool. ⚔️ - github .com/0xSojalSec/Ai-powerd-nmap #infosec #cybersec #BugBountytips

People shouldn’t be scared by this CrowdStrike report. I don’t even know why they added the “AI-enabled ransomware” part -probably a PR idea that nobody stopped The real issue is wrong risk perception. CISOs worry about what sounds new instead of what actually causes incidents.

Just like chocolate and peanut butter, runZero and BloodHound are an amazing combination. Today we are introducing runZeroHound - an open source toolkit for bringing runZero Asset Inventory data into BloodHound attack graphs: runzero.com/blog/introduci…

🎉 Congraulations LeighTrinity ! We look forward to seeing you in December! #BSidesLDN2025

Administrator Protection in Windows 25H2 Changes Everything With update KB5067036, Windows quietly introduced Administrator Protection, and it changes how Windows handles admin rights. Until now, being a local admin meant living like Clark Kent: doing normal tasks in plain

Happy #BloodHoundBasics day from Martin Sohn! BloodHound's pre-built query "Principals with DCSync privileges" shows who can perform AD domain replication & obtain all domain creds. You may find both the DCSync & non-DCSync edges. 🤔 Why Are There Non-DCSync Edges? 🧵: 1/3

Today is the day! The last release of #BSidesLDN2025 tickets! No code required, release time 1337hrs today! ONLY available here: bit.ly/BSidesLDN2025T…

Proton has unveiled the Data Breach Observatory, a free and public hub that enables tracking of global data leaks in real-time on the dark web and provides insight into emerging cyber risks for individuals and businesses. alternativeto.net/news/2025/10/p…

New to CTI? The "deepdarkCTI” GitHub repo is your starter pack: buff.ly/9O7LCGl It's a goldmine of links to the tools and sites you need to know about, saving you hundreds of hours of searching. Find the best resources for CTI all in one place.