⚠️ Developers, please be careful when installing Homebrew. Google is serving sponsored links to a Homebrew site clone that has a cURL command to malware. The URL for this site is one letter different than the official site.

stay frosty out there, friends. homebrew typosquat serving malware.

also, hello friends, i hope 2025 is treating you well

I'm super proud of my employer DomainTools and our DT Investigations team under Daniel Schwalbe today. Consider this historical analysis piece on Russian disinfo actors the first of many disinformation-related pieces to come!

.Ian Campbell shares his top cybersecurity picks: podcasts, blogs, research papers, and more! Starting with "To Catch a Thief: China's Rise to Cyber Supremacy" by Nicole Perlroth. Episode 1 features Dmitri Alperovitch. Three episodes out now! dti.domaintools.com/cybersecurity-…

DTI reveals a phishing campaign targeting defense and aerospace firms linked to the Ukraine conflict. The infrastructure uses mail servers to spoof organizations and steal credentials, motivated by cyber espionage. dti.domaintools.com/phishing-campa… #Ukraine #phishing #CyberEspionage

Looking for smart reads & listens in cyber? @Neurovagrant shares what’s buzzing on our team’s radar this week: 🎧 Maltego's Human Element 📚 The Citizen Lab 📰 Nextgov/FCW 🔍 Threat Insight Full list 👉 dti.domaintools.com/cybersecurity-…

CyberAv3ngers: From Infrastructure Hacks to Propaganda Machines in the Iran-Israel Cyber War dti.domaintools.com/cyberav3ngers-… DomainTools

Introducing a new attack vector: AI-Induced Destruction. After a shared volume of incident responses, we can confirm: AI coding assistants are now a legitimate threat category. Not sci-fi. Not theoretical. Happening daily. Thread (1/4)

The pattern is simple: - Dev gives vague instruction - AI has production access - Literal interpretation - Catastrophic damage Your SOC won't flag it. Your SIEM won't alert. The attack comes from inside, from tools you authorized.

LABScon 2025, the movie 🎥 youtube.com/watch?v=4ZF0fV…

Trapper-Creeper

Been a while, Twitter. Everybody okay?

We been doin some fun stuff lately even more fun stuff coming soon. Feels like I've reached a place where around every corner lies a fascinating rabbit-hole, especially thanks to my teammates.

Prompt||GTFO events have been extremely educational for me as an AI skeptic, as well as fun and entertaining. Worth checking them out. Google Form for getting the invite (or applying to present): docs.google.com/forms/d/e/1FAI… LinkedIn post with more info: linkedin.com/feed/update/ur…

If you need something to read this morning, we published research on Friday around an activity cluster targeting 18+ interests, especially gambling and porn. Well. Also tax websites. Which I suppose is an adult interest. Sigh. #threatintel #infosec dti.domaintools.com/securitysnack-…

This Phrack timeline of the Kimsuky dump is wiiiiiiild. phrack.org/issues/72/7_md… (we did some deeper analysis of the dump, linked below, but wow...) ( dti.domaintools.com/inside-the-kim… )

Hey folks, just a reminder I'll be at BSides NoVA this weekend, giving a talk on DNS and domain intel in investigative journalism! It's an intersection of passions for me, so I'm wicked excited. bsidesnova-2025.sessionize.com/session/1001159

Shout out to Silobreaker for putting out *really* well-done weekly geopolitical briefs that provide substantial, timely, and relevant analysis without feeling like a chore to make time for. #threatintel #infosec #cybersecurity silobreaker.com/resources/repo… linkedin.com/newsletters/ge…

Microsoft casually patched CVE-2025-59287 last week, which is an easy to find & exploit pre-auth RCE in the WSUS! Mind that, vulnerable versions go back to 2012 (oldest still supported OS ver.). Yeah Microsoft invented SDLC yada yada, but can someone explain that? It's not even a