Turns out the same ClickFix mitigation of ‘disabling’ the Win+R shortcut (HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer - NoRun DWORD 1) also prevents exploitation of the address bar FileFix technique💡

Always learned about these but never seen ITW myself until yesterday. WebDAV abuse in phishing kits isn’t dead. file:// UNC paths + Cloudflare Tunnels = modern twist on an old trick. 🔥

I've started the rather tedious project of labeling every Cloudflared account ID that is observed on multiple, unrelated organizations. A shocking number of Cloudflared tunnels draw lineage to benign software applications such as pharmacy software, municipal government

If your organisation uses a third-party managed IT provider, and said IT provider says you have a shiny VPN with logging enabled. Please challenge the provider to prove that the VPN logs are configured correctly. A trusted IT partner will be happy to do this.

It's the week of BSides Cheltenham, and we're looking for some final prize donations for our Charity Raffle. We're supporting The Ollie Foundation - a suicide prevention and wellbeing charity on an important mission. Any prizes, virtual or physical, are welcome. Get in touch!

Researchers from The DFIR Report, in partnership with Proofpoint, have identified a PHP variant of Interlock RAT (aka NodeSnake) distributed via KongTuke FileFix. thedfirreport.com/2025/07/14/kon…

Congratulations to RussianPanda 🐼 🇺🇦 & Ben for having talks accepted at #defcon33! Follow these folks and if you're headed to DEF CON put it on you to-do list to be in attendance!

We’ve started seeing Crux ransomware, which seems to be related to / affiliated with BlackByte ransomware (maybe?). Since we haven’t really seen anything about them, we wrote up a bit of info: huntress.com/blog/crux-rans…

I am very pleased to announce I will be speaking at Adversary Village at @DEFCON 33! My first time in Las Vegas 🇺🇸🎰 Come to Creator Stage 3 (Room 231) on 10 August at 11am to catch my talk! adversaryvillage.org/adversary-even…

im so pumped to be talking through some fun north korean malware with Stuart Ashenbrenner 🇺🇸 🇨🇦 at #OBTS v8 🤠 it's truly a goated lineup and i'm very humbled to be speaking along side so many sick researchers (also dw i will be dressed up in a blues clues onesie for the talk)

Simplehelp Rogue RMM is so hot right now. Nothing suspicious about your zodiac and social security information.

🚨 Suspected admin of xss.is, a top Russian-speaking cybercrime forum, was arrested in Ukraine. The suspect, active for nearly 20 years, allegedly made €7M facilitating cybercrime. 🇫🇷🇺🇦🇪🇺 Operation led by France with Europol support. europol.europa.eu/media-press/ne…

this part is brutal.

That’s the best pentest report from the ransomware ops - deploy Huntress agent 💙

BlackSuit Ransomware site seized by US Homeland Security

🎉🎉🎉🎉