AI Driven intelligence for next-generation threat detection, profiling, and defense automation github.com/r13xr13/helix-…

Interested in exploiting LLMs? This learning path teaches you how to construct attacks using Large Language Models (LLMs) to exploit their access to data, APIs, and user information you would not be able to reach directly. You’ll learn: 🔶 What a large language model is, how to

🚨 KawaiiGPT – Free WormGPT Variant Leveraging DeepSeek, Gemini, and Kimi-K2 AI Models Source: cybersecuritynews.com/kawaiigpt-free… KawaiiGPT emerges as an accessible, open-source tool that mimics the controversial WormGPT, providing unrestricted AI assistance via jailbroken large language

‼️🇰🇵 Meet North Korean recruiter 'Aaron,' who infiltrates Western companies by using AI and posing as a remote IT worker using stolen or rented identities. He was lured into a sandbox by researchers, who observed the wild APT in a controlled setting to see what he would do.

#Voidlink, A new era of malware has arrived! We discovered that the framework was built nearly end-to-end using agentic AI. It stands as an alarming example of what experienced actors are capable of using artificial intelligence. research.checkpoint.com/2026/voidlink-…

Police said they took down an operation that used a fake cell tower hidden inside of a car trunk to mimic legitimate telecom infrastructure and send mass scam messages therecord.media/greek-police-a…

New Blog! And the first of a new ‘adversary infrastructure profile’ blog series I am starting with TEAM CYMRU 😁 I’ve shared an explanation of the types of infra routinely used by threat groups, as well as Team Cymru Scout queries for investigations: team-cymru.com/post/scattered…

"PurpleBravo’s Targeting of the IT Software Supply Chain" published by Recorded Future. #BeaverTail, #ClickFix, #ContagiousInterview, #GolangGhost, #PurpleBravo, #PylangGhost, #DPRK, #CTI recordedfuture.com/research/purpl…

The CVE Spammer

Bypassing Windows Administrator Protection projectzero.google/2026/26/window…

TAMECAT is a PowerShell-based malware used by Iranian APT42 in espionage campaigns targeting high-value defense and government officials, leveraging social engineering, Telegram C2, and multi-stage exfiltration of data. blog.pulsedive.com/tamecat-analys…

#Lazarus -> CrowdStrike Intelligence assesses that three distinct, highly specialized operational subgroups have emerged since 2018, each with specialized malware, objectives, and tradecraft. LABYRINTH CHOLLIMA subgroups as GOLDEN CHOLLIMA, PRESSURE CHOLLIMA, and the core

THE CHINESE GOVERNMENT USED MICROSOFT WARBIRD APIS FOR OBFUSCATION > proof-of-concept by Michael B. in 2023 > 30 stars on GitHub > 62 likes on Xitter This is fucking FIRE research. Insanely slept on research. I am FLABBERGASTED.

New post on what AI cybersecurity research looks like when it actually works! I wrote up what we've learned discovering 12 of 12 new OpenSSL zero-days, 5 CVEs in curl, and additional 100+ validated CVEs across critical open source infrastructure, middleware, and secure apps 🔗⏬

Infrastructure overlap confirms it: The #C2 server for GhostFetch (promoverse[.]org) shares HTML artifacts with a known MuddyWater domain from Oct 2025. Meanwhile, the HTTP_VIP C2 server stores victim geolocation and security products in a SQL DB. Read the full technical

Socket’s Threat Research linked SANDWORM_MODE to a Shai-Hulud–style npm worm that typosquats 19+ packages, exfiltrates CI secrets via GitHub API and DNS, injects MCP servers into AI tooling, and coord's multi-channel data theft including LLM keys and wal… socket.dev/blog/sandworm-…

Yeah, so basically Mandiant and iVerify released a paper today about this spoopy thingy called "Coruna". Coruna is very, very silly. Mandiant and iVerify discovered SOMEONE (they don't say who) developed some hardcore iOS zero day exploits. It exploited how iOS devices handled

meet VMkatz, github.com/nikaiw/VMkatz

Month of Azure Red Teaming Pre-Celebration New UI for Red Labs Platform + 15 new challenges (Azure Automation Accounts) All of this is FREE Explore new Azure attack paths now redlabs.enterprisesecurity.io #AzureRedTeam #CloudSecurity #RedTeam #CyberSecurity #Azure

The Top AI Papers of the Week (March 23 - 29) - Claudini - MemCollab - ARC-AGI-3 - Composer 2 - Hyperagents - Attention Residuals - Agentic AI and the Next Intelligence Explosion Read on for more: