NEW DATES available for both my world class courses on Implementing AppLocker & Implementing PAW! More info: corellia.fi/sami-laiho-cou…

🚨 The RMM threat landscape is evolving! 🚨 Recent attacks, like those highlighted by Huntress 🛡️ & CERT-UA 🇺🇦, show how adversaries 🎭 weaponize RMM tools 🛠️ for persistence 🔒 & lateral movement ↔️. 🔍 Enter LOLRMM: your 🧙‍♂️ ally in detecting 👀 & preventing 🚫 RMM abuse.

Ransomware gang uses SSH tunnels for stealthy VMware ESXi access bleepingcomputer.com/news/security/…

Missed this: blog.scrt.ch/2025/02/18/rei… “In this blog post, I showed how every single security feature of PowerShell could be defeated using native code instead of the higher-level .NET framework. You can check out the code here:” github.com/scrt/PowerChell

tired of looking at email headers as disgusting plaintext? only want things of value to stand out? look no further than this VSCode extension built by @jacoblatonis marketplace.visualstudio.com/items?itemName…

“Spammers are more consistent at making SPF, DKIM, and DMARC correct than are legitimate senders.” — Bill Cole

📢 SERVICE UPDATE | Starting June 30, 2025, authentication will be required to access data via API across all our platforms. Making this change will allow us to better manage heavy usage and improve platform stability for everyone. Don't wait until the last minute ⏰ -

The definition of putting all your 🥚🥚 in one 🧺 is relying on EDR alone to detect ALL THE THREATS. This was never true, it will never be true.

We've only got two workshops submitted so far, come on people, we need to fill up Friday. Even if it is just an hour, come along and teach us something fun. docs.google.com/forms/d/e/1FAI…

Record 769 arrests and USD 65 million in illicit pharmaceuticals seized in global bust.💊 An operation across 90 countries has resulted in the seizure of 50.4 million doses of illicit pharmaceuticals, highlighting the alarming scale of the global trade in counterfeit medicines.

Just like there should be no data in your main Splunk index - default behavior is uncontrolled behavior ;)

At long last - Phrack 72 has been released online for your reading pleasure! Check it out: phrack.org

We recently saw a vendor celebrate a high score in the EDR Telemetry Project (Windows), and we’re always glad to see vendors improve their telemetry visibility. At the same time, our attempts to independently verify the submitted evidence were unsuccessful due to lack of access.

we don't know how to write software anymore

Your Kubernetes cluster exists because someone wanted Kubernetes on their resume. Not because you needed it.

ESXi intrusion was stopped but the lesson is uncomfortable: • Initial access via VPN • VM isolation failed • Hypervisor C2 hid in VSOCK • Network tools saw nothing Patch ESXi. Lock down VPNs. Monitor the host itself. huntress.com/blog/esxi-vm-e… RussianPanda 🐼 🇺🇦 Matt Anderson

Various pizzerias report above average traffic nearby the Pentagon. Including one of the closest pizzerias, Extreme Pizza. As of 1:47pm ET

Complete the survey today to support a new global well-being study from Forensic Focus and Northumbria University for digital forensic investigators. forensicfocus.com/news/forensic-… #DigitalForensics #DFIRWellBeing

today is january 13, 2026, reminder that most american OEMs (aerospace, defense, automotive, etc) have basically zero supply chain visibility and things at the third tier are basically all chinese.

Anyone else out there vibe circuit-building?