b4n1shed
LightNews LightNews
banner
b4n1shed.bsky.social
b4n1shed
@b4n1shed.bsky.social
350 followers 760 following 31 posts
Security Research, Threat Intelligence, Malware Analysis, Embedded Systems, Misc. Hackery and Shenanigans.
Posts Media Videos Starter Packs
Pinned
b4n1shed.bsky.social
b4n1shed @b4n1shed.bsky.social · Aug 12
Excited to announce that we just published our research into "PS1Bot" a multi-stage PowerShell-based modular malware framework being delivered via malvertising campaigns that we've been tracking throughout 2025. Check it out!

blog.talosintelligence.com/ps1bot-malve...

#malware #stealer
Malvertising campaign leads to PS1Bot, a multi-stage malware framework
Cisco Talos has observed an ongoing malware campaign that seeks to infect victims with a multi-stage malware framework, implemented in PowerShell and C#, which we are referring to as “PS1Bot.”
blog.talosintelligence.com
1 2
Reposted by b4n1shed
hackread.bsky.social
Hackread.com @hackread.bsky.social · Aug 14
🚨 Watch out as the new #PS1Bot malware steals crypto wallets, passwords, and sensitive data, spreading through #malvertising while evading detection.

Read: hackread.com/malvertising...

#CyberSecurity #Malware #Crypto #Keylogger
New Malvertising Attack Spreads Crypto Stealing PS1Bot Malware
Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread
hackread.com
2 4
b4n1shed.bsky.social
b4n1shed @b4n1shed.bsky.social · Aug 13
New PS1Bot Malware Campaign Uses Malvertising to Deploy Multi-Stage In-Memory Attacks thehackernews.com/2025/08/new-... via @thehackernews.bsky.social
New PS1Bot Malware Campaign Uses Malvertising to Deploy Multi-Stage In-Memory Attacks
PS1Bot malvertising campaign uses in-memory PowerShell attacks since early 2025, enabling stealth data theft.
thehackernews.com
1 1
b4n1shed.bsky.social
b4n1shed @b4n1shed.bsky.social · Aug 12
Excited to announce that we just published our research into "PS1Bot" a multi-stage PowerShell-based modular malware framework being delivered via malvertising campaigns that we've been tracking throughout 2025. Check it out!

blog.talosintelligence.com/ps1bot-malve...

#malware #stealer
Malvertising campaign leads to PS1Bot, a multi-stage malware framework
Cisco Talos has observed an ongoing malware campaign that seeks to infect victims with a multi-stage malware framework, implemented in PowerShell and C#, which we are referring to as “PS1Bot.”
blog.talosintelligence.com
1 2
Reposted by b4n1shed
hackadayofficial.bsky.social
Hackaday @hackadayofficial.bsky.social · May 30
You Wouldn’t Download A Skateboard?
You Wouldn’t Download A Skateboard?
Hackaday Article
hackaday.com
1 4
b4n1shed.bsky.social
b4n1shed @b4n1shed.bsky.social · May 16
Attacker Specialization Puts Threat Modeling on Defensive

www.darkreading.com/threat-intel...
Attacker Specialization Puts Threat Modeling on Defensive
Specialization among threat groups poses challenges for defenders, who now must distinguish between different actors responsible for different facets of an attack.
www.darkreading.com
1 2
b4n1shed.bsky.social
b4n1shed @b4n1shed.bsky.social · May 14
Researchers Unveil New Mechanism to Track Compartmentalized Cyber Threats gbhackers.com/new-mechanis...
Researchers Unveil New Mechanism to Track Compartmentalized Cyber Threats
Cisco Talos, in collaboration with The Vertex Project, has introduced an innovative approach to tackle the rising complexity.
gbhackers.com
1
Reposted by b4n1shed
talosintelligence.com
Cisco Talos Intelligence Group @talosintelligence.com · May 13
Attack kill chains are evolving, and defenders must, too. In this two-part blog, Talos examines how threat actors are working together like never before, and proposes an extension to the Diamond Model: http://cs.co/63324NVHbE
An unnlocked padlock being exchanged in front of a desktop computer screen.
1 2
Reposted by b4n1shed
ashl3y-shen.bsky.social
Chi En (Ashley) Shen @ashl3y-shen.bsky.social · May 13
Huge thanks to @vertexproject.bsky.social for updating Synapse to support the new "relationship" context.
We’re excited to see this research foster collaboration and push real change across the threat intelligence community. (3/3)
1 3 3
Reposted by b4n1shed
ashl3y-shen.bsky.social
Chi En (Ashley) Shen @ashl3y-shen.bsky.social · May 13
In blog 2, we dive into the challenges of investigating compartmentalized campaigns. We share our approach to identifying them and propose an extended Diamond Model with a new "relationship" layer to close the analytical gaps. (2/3)
blog.talosintelligence.com/compartmenta...
Defining a new methodology for modeling and tracking compartmentalized threats
How do you profile actors and defend your systems when multiple threat actors are working together? In Part 2, Cisco Talos proposes an extended Diamond Model to analyze complex relationships between a...
blog.talosintelligence.com
1 2 4
Reposted by b4n1shed
ashl3y-shen.bsky.social
Chi En (Ashley) Shen @ashl3y-shen.bsky.social · May 13
📡 New blogs out: Compartmentalized attacks are no longer limited to financially motivated actors, state-sponsored groups are adopting them too. We propose a new taxonomy for initial access groups to reflect broader motivations and affiliations. (1/3)
1 3 6
b4n1shed.bsky.social
b4n1shed @b4n1shed.bsky.social · May 13
In addition, we have also published a blog proposing an extension to the Diamond Model to support more accurate and comprehensive threat modeling support for compartmentalized intrusion sets. Check it out too!

blog.talosintelligence.com/compartmenta...
1 1
b4n1shed.bsky.social
b4n1shed @b4n1shed.bsky.social · May 13
Excited to announce that Asheer Malhotra, @ashl3y-shen.bsky.social, @vventura.bsky.social and I just published a new blog on how initial access groups are changing and propose a new taxonomy to support the latest threats that we are seeing. Check it out!

blog.talosintelligence.com/redefining-i...
Redefining IABs: Impacts of compartmentalization on threat tracking and modeling
Threat actors are teaming up, splitting attacks into stages and making defense harder than ever. In Part 1, Cisco Talos examines their tactics and defines their motivations.
blog.talosintelligence.com
1 2
b4n1shed.bsky.social
b4n1shed @b4n1shed.bsky.social · May 11
Come catch @infosec-nick.bsky.social and I in DC this coming week to talk compartmentalized intrusions!
talosintelligence.com Cisco Talos Intelligence Group @talosintelligence.com · May 7
Are you attending CTA TIPS next week? Edmund Brumaghin and Nick Biasini will dive into how multiple actors collaborate during cyber intrusions and how organizations can adapt to this evolving threat landscape. Register now: www.cyberthreatalliance.org/tips-confere...
2
b4n1shed.bsky.social
b4n1shed @b4n1shed.bsky.social · May 11
Spam campaign targeting Brazil abuses Remote Monitoring and Management tools blog.talosintelligence.com/spam-campaig...
Spam campaign targeting Brazil abuses Remote Monitoring and Management tools
A new spam campaign is targeting Brazilian users with a clever twist — abusing the free trial period of trusted remote monitoring tools and the country’s electronic invoice system to spread malicious ...
blog.talosintelligence.com
1
b4n1shed.bsky.social
b4n1shed @b4n1shed.bsky.social · Apr 15
Excited to announce that @infosec-nick.bsky.social and I will be presenting on compartmentalization in cyber threats at the CTA TIPS conference next month! Come check it out!
2
Reposted by b4n1shed
ashl3y-shen.bsky.social
Chi En (Ashley) Shen @ashl3y-shen.bsky.social · Mar 24
Come join us at the Ask A Security Expert session at Black Hat Asia on April 4th! I'll be there with Orange Tsai, Ryan Flores, and Dr. Marina Krotofil answering your cybersecurity questions. Submit your topics in advance using the form on the event page. Looking forward to seeing you there!
1 2 4
b4n1shed.bsky.social
b4n1shed @b4n1shed.bsky.social · Mar 26
Physical Key Copying Starts With A Flipper Zero hackaday.com/2025/03/25/p...
Physical Key Copying Starts With A Flipper Zero
A moment’s inattention is all it takes to gather the information needed to make a physical copy of a key. It’s not necessarily an easy process, though, so if pen testing is your game, s…
hackaday.com
3
b4n1shed.bsky.social
b4n1shed @b4n1shed.bsky.social · Mar 17
Introducing: abuse.ch Hunting Platform abuse.ch/blog/introdu...
abuse.ch - Figthing malware and botnets
abuse.ch is providing community driven threat intelligence on cyber threats
abuse.ch
2 4
Reposted by b4n1shed
2600.com
2600 - The Hacker Quarterly @2600.com · Mar 12
We are now hosting the DOGE contact list locally. www.2600.com/content/2600...
2600 TWITTER ACCOUNT FROZEN OVER DOGE CONTACT LIST | 2600
www.2600.com
3 29 68
Reposted by b4n1shed
vventura.bsky.social
Vitor Ventura @vventura.bsky.social · Mar 8
I am really proud and humbled for being accepted at Pivot on. This was a team effort with @ashl3y-shen.bsky.social , @b4n1shed.bsky.social and Asheer Malhotra
pivotcon.bsky.social PIVOTcon @pivotcon.bsky.social · Mar 7
"Redefining IABs: Impacts of Compartmentalization on Threat Tracking & Modeling"

Ashley, Shen, Security Researcher, Cisco Talos (@ashl3y_shen , @ashl3y-shen.bsky.social )
Vitor Ventura, Lead Security Researcher, Cisco Talos (@vv_ventura )
13/18
1 5
b4n1shed.bsky.social
b4n1shed @b4n1shed.bsky.social · Mar 7
a man in a red jacket is dancing in a living room with the words `` happy dance '' .
ALT: a man in a red jacket is dancing in a living room with the words `` happy dance '' .
media.tenor.com
Reposted by b4n1shed
ashl3y-shen.bsky.social
Chi En (Ashley) Shen @ashl3y-shen.bsky.social · Mar 7
Honored and excited to be speaking at @pivotcon.bsky.social again this year! 🎉 Huge shoutout to the co-authors @_vventura, @b4n1shed.bsky.social and @asheermalhotra —couldn’t have done this research without you! Looking forward to seeing everyone in Málaga.

This year I must join the Karaoke!😆
pivotcon.bsky.social PIVOTcon @pivotcon.bsky.social · Mar 7
"Redefining IABs: Impacts of Compartmentalization on Threat Tracking & Modeling"

Ashley, Shen, Security Researcher, Cisco Talos (@ashl3y_shen , @ashl3y-shen.bsky.social )
Vitor Ventura, Lead Security Researcher, Cisco Talos (@vv_ventura )
13/18
1 2 6
b4n1shed.bsky.social
b4n1shed @b4n1shed.bsky.social · Feb 25
5 Things You Must Check Before Selling On eBay, Facebook Or Etsy

www.forbes.com/sites/zakdof...
5 Things You Must Check Before Selling On eBay, Facebook Or Etsy
Do this now before using any online marketplace.
www.forbes.com
b4n1shed.bsky.social
b4n1shed @b4n1shed.bsky.social · Feb 25
Just published a new blog on many of the threats and scams targeting sellers on online marketplaces like Ebay, Reverb, etc. along with recommendations for people using these platforms. Check it out! #phishing #infosec
Your item has sold! Avoiding scams targeting online sellers
There are many risks associated with selling items on online marketplaces that individuals and organizations should be aware of when conducting business on these platforms.
blog.talosintelligence.com
1
Reposted by b4n1shed
paul.bsky.social
🎸Paul🎹 @paul.bsky.social · Feb 14
They posted SECRET//NOFORN documents on their site related to IC headcount.

Those of you reading this who have held a clearance know what a colossal no-no this is.
Elon Musk’s DOGE Posts Classified Data On Its New Website
“People are scrambling” to see if their sensitive information has been accessed by Musk’s programmers, said one federal intelligence employee.
www.huffpost.com
1 7 13