AlphaHunt Converge
@alphahunt.io
Your CTI Flight Crew — Anticipate, Don’t Chase.
alphahunt.io
by csirtgadgets.com
#AskYourTIP #AlphaHunt #ThreatIntel
@csirtgadgets.bsky.social
linkedin.com/company/csirtg
https://www.linkedin.com/in/wesyoung/
x.com/alphahunt_io
x.com/csirtgadgets
alphahunt.io
by csirtgadgets.com
#AskYourTIP #AlphaHunt #ThreatIntel
@csirtgadgets.bsky.social
linkedin.com/company/csirtg
https://www.linkedin.com/in/wesyoung/
x.com/alphahunt_io
x.com/csirtgadgets
Pinned
AlphaHunt Converge
@alphahunt.io
· Oct 13
Trad-threat-intel is still writing yesterday’s report — we're already placed bets on tomorrow’s breach.
Check out the future of cyber- blog.alphahunt.io/tag/forecasts/
#AlphaHunt #ThreatIntelligence #CyberSecurity #Forecasting
Check out the future of cyber- blog.alphahunt.io/tag/forecasts/
#AlphaHunt #ThreatIntelligence #CyberSecurity #Forecasting
This Christmas, the scariest “I Agree” isn’t at the dinner table. One click and your cloud becomes quiet, durable breach‑as‑a‑service. 🌀🎄
Unwrap the full AlphaHunt breakdown (and maybe your last safe login of 2025) 👉 blog.alphahunt.io/typhoon-by-c...
#AlphaHunt #CyberSecurity #OAuth #CloudSecurity
Unwrap the full AlphaHunt breakdown (and maybe your last safe login of 2025) 👉 blog.alphahunt.io/typhoon-by-c...
#AlphaHunt #CyberSecurity #OAuth #CloudSecurity
Typhoon by Consent: Quiet, Durable, Everywhere
One “Allow” → tenant-wide weather event. 🌀 AI agent phish wraps the consent flow, device-code keeps churning, and Typhoon rides “good” U.S. infra. Kill list: user consent, device-code, or EWS app…
blog.alphahunt.io
December 26, 2025 at 10:25 PM
This Christmas, the scariest “I Agree” isn’t at the dinner table. One click and your cloud becomes quiet, durable breach‑as‑a‑service. 🌀🎄
Unwrap the full AlphaHunt breakdown (and maybe your last safe login of 2025) 👉 blog.alphahunt.io/typhoon-by-c...
#AlphaHunt #CyberSecurity #OAuth #CloudSecurity
Unwrap the full AlphaHunt breakdown (and maybe your last safe login of 2025) 👉 blog.alphahunt.io/typhoon-by-c...
#AlphaHunt #CyberSecurity #OAuth #CloudSecurity
Santa: cookies & milk. UNC5221: edge devices & unpatched VPNs 🎄🔓 We’ve got the odds of a fresh zero-day before Dec 31 down to 32%—and why that should still ruin your on-call rota. ☠️
#AlphaHunt #CyberSecurity #ZeroDay #InfoSec
#AlphaHunt #CyberSecurity #ZeroDay #InfoSec
December 26, 2025 at 2:06 PM
Santa: cookies & milk. UNC5221: edge devices & unpatched VPNs 🎄🔓 We’ve got the odds of a fresh zero-day before Dec 31 down to 32%—and why that should still ruin your on-call rota. ☠️
#AlphaHunt #CyberSecurity #ZeroDay #InfoSec
#AlphaHunt #CyberSecurity #ZeroDay #InfoSec
Cl0p is the Grinch of Christmas: steals your data, then maybe torches the leak site to cover its tracks. We ran the odds on when their circus leaves town. 🎄💀🛡️
Read + subscribe before Cl0p goes ghost: blog.alphahunt.io/cl0ps-leak-s...
#AlphaHunt #CyberSecurity #Ransomware #DataBreach
Read + subscribe before Cl0p goes ghost: blog.alphahunt.io/cl0ps-leak-s...
#AlphaHunt #CyberSecurity #Ransomware #DataBreach
Cl0p’s Leak Sites: 20% Chance They Go Dark by Apr 22, 2026
Forecast: 20% chance Cl0p’s leak sites go dark by Apr 22, 2026. Needs a seizure banner or ≥14 days down w/ LE attribution. Cronos showed it’s doable; mirrors make it brutal.
blog.alphahunt.io
December 25, 2025 at 10:03 PM
Cl0p is the Grinch of Christmas: steals your data, then maybe torches the leak site to cover its tracks. We ran the odds on when their circus leaves town. 🎄💀🛡️
Read + subscribe before Cl0p goes ghost: blog.alphahunt.io/cl0ps-leak-s...
#AlphaHunt #CyberSecurity #Ransomware #DataBreach
Read + subscribe before Cl0p goes ghost: blog.alphahunt.io/cl0ps-leak-s...
#AlphaHunt #CyberSecurity #Ransomware #DataBreach
Alerts can wait.
Dashboards can blink.
The pager can scream into the void.
Christmas wasn’t born in a SOC,
or a boardroom,
or a Q4 roadmap...
Dashboards can blink.
The pager can scream into the void.
Christmas wasn’t born in a SOC,
or a boardroom,
or a Q4 roadmap...
December 25, 2025 at 4:21 PM
Alerts can wait.
Dashboards can blink.
The pager can scream into the void.
Christmas wasn’t born in a SOC,
or a boardroom,
or a Q4 roadmap...
Dashboards can blink.
The pager can scream into the void.
Christmas wasn’t born in a SOC,
or a boardroom,
or a Q4 roadmap...
Christmas week SOC truth: EDR “leader” in 2026 = who contains fastest and survives the intern shipping updates to prod. 🎄🧑💻🔥
Our model: CrowdStrike 50% (±8), Defender 35% (±7), SentinelOne 15% (±5).
blog.alphahunt.io/crowdstrike-...
#AlphaHunt #XDR #EDR #MITREATTACK
Our model: CrowdStrike 50% (±8), Defender 35% (±7), SentinelOne 15% (±5).
blog.alphahunt.io/crowdstrike-...
#AlphaHunt #XDR #EDR #MITREATTACK
December 25, 2025 at 2:09 PM
Christmas week SOC truth: EDR “leader” in 2026 = who contains fastest and survives the intern shipping updates to prod. 🎄🧑💻🔥
Our model: CrowdStrike 50% (±8), Defender 35% (±7), SentinelOne 15% (±5).
blog.alphahunt.io/crowdstrike-...
#AlphaHunt #XDR #EDR #MITREATTACK
Our model: CrowdStrike 50% (±8), Defender 35% (±7), SentinelOne 15% (±5).
blog.alphahunt.io/crowdstrike-...
#AlphaHunt #XDR #EDR #MITREATTACK
COLDRIVER went from “just a ClickFix” to hijacking WhatsApp/Signal linked devices—and we’re putting 75% odds they unwrap a new toy by next Christmas. 🎄🧊💻
#AlphaHunt #CyberSecurity #ThreatIntel #APT
#AlphaHunt #CyberSecurity #ThreatIntel #APT
December 24, 2025 at 10:16 PM
COLDRIVER went from “just a ClickFix” to hijacking WhatsApp/Signal linked devices—and we’re putting 75% odds they unwrap a new toy by next Christmas. 🎄🧊💻
#AlphaHunt #CyberSecurity #ThreatIntel #APT
#AlphaHunt #CyberSecurity #ThreatIntel #APT
Christmas eve patch window.
The vuln is critical. CAB wants a meeting. App owner is “traveling.”
Bad guys love your fear of breaking prod.
blog.alphahunt.io/tag/weekly/
The vuln is critical. CAB wants a meeting. App owner is “traveling.”
Bad guys love your fear of breaking prod.
blog.alphahunt.io/tag/weekly/
December 24, 2025 at 8:30 PM
Christmas eve patch window.
The vuln is critical. CAB wants a meeting. App owner is “traveling.”
Bad guys love your fear of breaking prod.
blog.alphahunt.io/tag/weekly/
The vuln is critical. CAB wants a meeting. App owner is “traveling.”
Bad guys love your fear of breaking prod.
blog.alphahunt.io/tag/weekly/
Santa’s SOC.
Carols = PagerDuty.
Elves = on-call engineers.
Bad guys don’t take PTO.
Get signals, not breach documentaries blog.alphahunt.io/tag/weekly/
Carols = PagerDuty.
Elves = on-call engineers.
Bad guys don’t take PTO.
Get signals, not breach documentaries blog.alphahunt.io/tag/weekly/
December 24, 2025 at 6:30 PM
Santa’s SOC.
Carols = PagerDuty.
Elves = on-call engineers.
Bad guys don’t take PTO.
Get signals, not breach documentaries blog.alphahunt.io/tag/weekly/
Carols = PagerDuty.
Elves = on-call engineers.
Bad guys don’t take PTO.
Get signals, not breach documentaries blog.alphahunt.io/tag/weekly/
SIGNALS WEEKLY:
🎄 Zero-day season: #Cisco AsyncOS exploited + KEV edge scramble. 🧯 VNC-to-HMI + cloud #C2 (Drive/Telegram) keep paying rent.
Read: blog.alphahunt.io/signals-week...
#AlphaHunt #ZeroDay #IRAN
🎄 Zero-day season: #Cisco AsyncOS exploited + KEV edge scramble. 🧯 VNC-to-HMI + cloud #C2 (Drive/Telegram) keep paying rent.
Read: blog.alphahunt.io/signals-week...
#AlphaHunt #ZeroDay #IRAN
December 24, 2025 at 3:45 PM
SIGNALS WEEKLY:
🎄 Zero-day season: #Cisco AsyncOS exploited + KEV edge scramble. 🧯 VNC-to-HMI + cloud #C2 (Drive/Telegram) keep paying rent.
Read: blog.alphahunt.io/signals-week...
#AlphaHunt #ZeroDay #IRAN
🎄 Zero-day season: #Cisco AsyncOS exploited + KEV edge scramble. 🧯 VNC-to-HMI + cloud #C2 (Drive/Telegram) keep paying rent.
Read: blog.alphahunt.io/signals-week...
#AlphaHunt #ZeroDay #IRAN
CL0P just turned Oracle EBS into a Christmas ornament: looks fine on the outside, full of stolen data on the inside. 🎄💾 Pay later, panic now. 😈
Unwrap the full breach playbook (and subscribe while you’re there): blog.alphahunt.io/cl0p-fin11-g...
#AlphaHunt #CyberSecurity #Ransomware #OracleEBS
Unwrap the full breach playbook (and subscribe while you’re there): blog.alphahunt.io/cl0p-fin11-g...
#AlphaHunt #CyberSecurity #Ransomware #OracleEBS
CL0P/FIN11 Go In-Memory on Oracle EBS — The Extortion Comes Later
Oracle EBS got in-memory Java loaders, not lockerware. Patch CVE-2025-61882, lock egress, hunt TemplatePreviewPG with TMP|DEF + XSL-TEXT|XML. Extortion rides in via “pubstorm.”
blog.alphahunt.io
December 24, 2025 at 2:57 PM
CL0P just turned Oracle EBS into a Christmas ornament: looks fine on the outside, full of stolen data on the inside. 🎄💾 Pay later, panic now. 😈
Unwrap the full breach playbook (and subscribe while you’re there): blog.alphahunt.io/cl0p-fin11-g...
#AlphaHunt #CyberSecurity #Ransomware #OracleEBS
Unwrap the full breach playbook (and subscribe while you’re there): blog.alphahunt.io/cl0p-fin11-g...
#AlphaHunt #CyberSecurity #Ransomware #OracleEBS
🚀 Plug in your Flight Crew 🚀
Our proprietary Converge Engine was built for CTI—not for spreadsheets. Get answers that sound human and land like a pro. Fast.
Take your test flight today: alphahunt.io
#AlphaHunt #ThreatIntel #CTI
Our proprietary Converge Engine was built for CTI—not for spreadsheets. Get answers that sound human and land like a pro. Fast.
Take your test flight today: alphahunt.io
#AlphaHunt #ThreatIntel #CTI
December 23, 2025 at 10:06 PM
🚀 Plug in your Flight Crew 🚀
Our proprietary Converge Engine was built for CTI—not for spreadsheets. Get answers that sound human and land like a pro. Fast.
Take your test flight today: alphahunt.io
#AlphaHunt #ThreatIntel #CTI
Our proprietary Converge Engine was built for CTI—not for spreadsheets. Get answers that sound human and land like a pro. Fast.
Take your test flight today: alphahunt.io
#AlphaHunt #ThreatIntel #CTI
Elf on the Shelf, but it’s your EDR agent.
“Observing everything”… except the compromise.
If you’re tired of alert confetti, read / subscribe blog.alphahunt.io/tag/weekly/
“Observing everything”… except the compromise.
If you’re tired of alert confetti, read / subscribe blog.alphahunt.io/tag/weekly/
December 23, 2025 at 6:30 PM
Elf on the Shelf, but it’s your EDR agent.
“Observing everything”… except the compromise.
If you’re tired of alert confetti, read / subscribe blog.alphahunt.io/tag/weekly/
“Observing everything”… except the compromise.
If you’re tired of alert confetti, read / subscribe blog.alphahunt.io/tag/weekly/
Free Holiday Scam Survival Kit (2025) -- share with your friends and family this season!
#AlphaHunt #Smishing #ScamAlert
#AlphaHunt #Smishing #ScamAlert
December 23, 2025 at 2:17 PM
Free Holiday Scam Survival Kit (2025) -- share with your friends and family this season!
#AlphaHunt #Smishing #ScamAlert
#AlphaHunt #Smishing #ScamAlert
UNC5221 treats year-end change freezes like open bar: Ivanti zero-days, China-nexus vibes, same playbook. Will they drop another before Dec 31? ⏳🧨
Forecast inside—subscribe to stay ahead.
blog.alphahunt.io/will-unc5221...
#AlphaHunt #CyberSecurity #ZeroDay #Ivanti
Forecast inside—subscribe to stay ahead.
blog.alphahunt.io/will-unc5221...
#AlphaHunt #CyberSecurity #ZeroDay #Ivanti
Will UNC5221 pop a fresh zero-day before Dec 31? Final Forecast!
BRICKSTORM intel just landed: PRC actors camping in vCenter/ESXi + Windows. 🧱🕵️♂️ F5 source-code drama raises the long-run 0-day odds, but the calendar + attribution lag are savage. Our final…
blog.alphahunt.io
December 22, 2025 at 10:45 PM
UNC5221 treats year-end change freezes like open bar: Ivanti zero-days, China-nexus vibes, same playbook. Will they drop another before Dec 31? ⏳🧨
Forecast inside—subscribe to stay ahead.
blog.alphahunt.io/will-unc5221...
#AlphaHunt #CyberSecurity #ZeroDay #Ivanti
Forecast inside—subscribe to stay ahead.
blog.alphahunt.io/will-unc5221...
#AlphaHunt #CyberSecurity #ZeroDay #Ivanti
T-4: Naughty List (IOC edition)
Vendors: “AI stops threats.”
Bad guys: “Here’s 400 fresh AI generated domains.”
If your SIEM feels like a landfill, you’re not alone. Read / subscribe: blog.alphahunt.io/tag/weekly/
Vendors: “AI stops threats.”
Bad guys: “Here’s 400 fresh AI generated domains.”
If your SIEM feels like a landfill, you’re not alone. Read / subscribe: blog.alphahunt.io/tag/weekly/
December 22, 2025 at 8:06 PM
T-4: Naughty List (IOC edition)
Vendors: “AI stops threats.”
Bad guys: “Here’s 400 fresh AI generated domains.”
If your SIEM feels like a landfill, you’re not alone. Read / subscribe: blog.alphahunt.io/tag/weekly/
Vendors: “AI stops threats.”
Bad guys: “Here’s 400 fresh AI generated domains.”
If your SIEM feels like a landfill, you’re not alone. Read / subscribe: blog.alphahunt.io/tag/weekly/
2026 breaches won’t start with passwords—they’ll ride your OAuth/refresh tokens and sketchy extensions. Salesloft/Drift was the trailer; your browser is the perimeter. 🔑🕵️
Skim the playbook and sub to stay ahead. -> blog.alphahunt.io/the-quiet-to...
#AlphaHunt #CyberSecurity #OAuth #Salesforce
Skim the playbook and sub to stay ahead. -> blog.alphahunt.io/the-quiet-to...
#AlphaHunt #CyberSecurity #OAuth #Salesforce
The Quiet Token Heist: Why 2026’s Biggest SaaS Breaches Won’t Start With Passwords
2026’s nastiest SaaS breaches will ride valid tokens + “trusted” apps. We already got the trailer with the Salesloft/Drift OAuth blast radius. And the browser? Yeah, it’s part of the perimeter now.…
blog.alphahunt.io
December 22, 2025 at 2:03 PM
2026 breaches won’t start with passwords—they’ll ride your OAuth/refresh tokens and sketchy extensions. Salesloft/Drift was the trailer; your browser is the perimeter. 🔑🕵️
Skim the playbook and sub to stay ahead. -> blog.alphahunt.io/the-quiet-to...
#AlphaHunt #CyberSecurity #OAuth #Salesforce
Skim the playbook and sub to stay ahead. -> blog.alphahunt.io/the-quiet-to...
#AlphaHunt #CyberSecurity #OAuth #Salesforce
Water-hack headlines aside: odds of a 500k+ city on 48+hr boil/dry by 2026? 10%. Manual fallbacks vs ransomware roulette. 💧🎲
Get the forecast—and the edge. Subscribe.
blog.alphahunt.io/how-close-ar...
#AlphaHunt #CyberSecurity #Ransomware #CriticalInfrastructure
Get the forecast—and the edge. Subscribe.
blog.alphahunt.io/how-close-ar...
#AlphaHunt #CyberSecurity #Ransomware #CriticalInfrastructure
How Close Are We to a Cyber-Driven Citywide Water Outage?
Will hackers actually turn off a city’s water, or is that just conference-slide horror fiction? 💧🤔 We put a number on it...
blog.alphahunt.io
December 21, 2025 at 8:46 PM
Water-hack headlines aside: odds of a 500k+ city on 48+hr boil/dry by 2026? 10%. Manual fallbacks vs ransomware roulette. 💧🎲
Get the forecast—and the edge. Subscribe.
blog.alphahunt.io/how-close-ar...
#AlphaHunt #CyberSecurity #Ransomware #CriticalInfrastructure
Get the forecast—and the edge. Subscribe.
blog.alphahunt.io/how-close-ar...
#AlphaHunt #CyberSecurity #Ransomware #CriticalInfrastructure
Your “safe” AI traffic? That’s C2 in a lab coat. 🤖📡 Dark LLMs auto-write per-host pwsh one-liners and hide exfil in approved model APIs. Police egress, rotate keys, or get farmed.
Stay sharp—subscribe for the full playbook.
blog.alphahunt.io/dark-llms-wh...
#AlphaHunt #CyberSecurity #AI
Stay sharp—subscribe for the full playbook.
blog.alphahunt.io/dark-llms-wh...
#AlphaHunt #CyberSecurity #AI
Dark LLMs: When Your AI Traffic Is C2
Your “normal” AI traffic can be stealth C2 now. Dark LLMs are writing per-host pwsh one-liners, self-rewriting droppers, and hiding in model APIs you approved. If you’re not policing AI egress,…
blog.alphahunt.io
December 21, 2025 at 4:28 PM
Your “safe” AI traffic? That’s C2 in a lab coat. 🤖📡 Dark LLMs auto-write per-host pwsh one-liners and hide exfil in approved model APIs. Police egress, rotate keys, or get farmed.
Stay sharp—subscribe for the full playbook.
blog.alphahunt.io/dark-llms-wh...
#AlphaHunt #CyberSecurity #AI
Stay sharp—subscribe for the full playbook.
blog.alphahunt.io/dark-llms-wh...
#AlphaHunt #CyberSecurity #AI
Cl0p DLS: 20% odds they’re dark by Apr 22 2026. Needs a seizure banner or 14 days down. LE tempo’s up; mirrors = Hydra. 🔒
Want sharper odds and fewer vibes? Subscribe for the next move.
blog.alphahunt.io/cl0ps-leak-s...
#AlphaHunt #CyberSecurity #Ransomware
Want sharper odds and fewer vibes? Subscribe for the next move.
blog.alphahunt.io/cl0ps-leak-s...
#AlphaHunt #CyberSecurity #Ransomware
Cl0p’s Leak Sites: 20% Chance They Go Dark by Apr 22, 2026
Forecast: 20% chance Cl0p’s leak sites go dark by Apr 22, 2026. Needs a seizure banner or ≥14 days down w/ LE attribution. Cronos showed it’s doable; mirrors make it brutal.
blog.alphahunt.io
December 20, 2025 at 8:51 PM
Cl0p DLS: 20% odds they’re dark by Apr 22 2026. Needs a seizure banner or 14 days down. LE tempo’s up; mirrors = Hydra. 🔒
Want sharper odds and fewer vibes? Subscribe for the next move.
blog.alphahunt.io/cl0ps-leak-s...
#AlphaHunt #CyberSecurity #Ransomware
Want sharper odds and fewer vibes? Subscribe for the next move.
blog.alphahunt.io/cl0ps-leak-s...
#AlphaHunt #CyberSecurity #Ransomware
“Just a little ClickFix,” said COLDRIVER—right before the ROBOT chain rolled your WhatsApp/Signal linked devices. We’re at 75% odds of a new family or access vector within 12 months. 🤖🧊
#AlphaHunt #CyberSecurity #APT #ThreatIntel
#AlphaHunt #CyberSecurity #APT #ThreatIntel
December 20, 2025 at 4:17 PM
“Just a little ClickFix,” said COLDRIVER—right before the ROBOT chain rolled your WhatsApp/Signal linked devices. We’re at 75% odds of a new family or access vector within 12 months. 🤖🧊
#AlphaHunt #CyberSecurity #APT #ThreatIntel
#AlphaHunt #CyberSecurity #APT #ThreatIntel
CL0P went fileless on Oracle EBS, then bills you later. 🧠🧾 In-memory loaders via TemplatePreviewPG; extortion lands weeks after. Patch CVE-2025-61882 and choke egress.
#AlphaHunt #CyberSecurity #Ransomware #OracleEBS
#AlphaHunt #CyberSecurity #Ransomware #OracleEBS
December 19, 2025 at 10:25 PM
CL0P went fileless on Oracle EBS, then bills you later. 🧠🧾 In-memory loaders via TemplatePreviewPG; extortion lands weeks after. Patch CVE-2025-61882 and choke egress.
#AlphaHunt #CyberSecurity #Ransomware #OracleEBS
#AlphaHunt #CyberSecurity #Ransomware #OracleEBS
UNC5221 doesn’t knock—it moves in. We’re at 55% odds of a new non‑Ivanti edge 0‑day by Dec 31; BRICKSTORM’s nesting ~393 days and pivoting to vCenter while EDR naps. 🥷🔥
#AlphaHunt #CyberSecurity #ZeroDay
#AlphaHunt #CyberSecurity #ZeroDay
December 19, 2025 at 2:06 PM
UNC5221 doesn’t knock—it moves in. We’re at 55% odds of a new non‑Ivanti edge 0‑day by Dec 31; BRICKSTORM’s nesting ~393 days and pivoting to vCenter while EDR naps. 🥷🔥
#AlphaHunt #CyberSecurity #ZeroDay
#AlphaHunt #CyberSecurity #ZeroDay
🚀 Plug in your Flight Crew 🚀
Our proprietary Converge Engine was built for CTI—not for spreadsheets. Get answers that sound human and land like a pro. Fast.
Take a test flight: alphahunt.io
#AlphaHunt #ThreatIntel #CTI
Our proprietary Converge Engine was built for CTI—not for spreadsheets. Get answers that sound human and land like a pro. Fast.
Take a test flight: alphahunt.io
#AlphaHunt #ThreatIntel #CTI
December 18, 2025 at 10:03 PM
🚀 Plug in your Flight Crew 🚀
Our proprietary Converge Engine was built for CTI—not for spreadsheets. Get answers that sound human and land like a pro. Fast.
Take a test flight: alphahunt.io
#AlphaHunt #ThreatIntel #CTI
Our proprietary Converge Engine was built for CTI—not for spreadsheets. Get answers that sound human and land like a pro. Fast.
Take a test flight: alphahunt.io
#AlphaHunt #ThreatIntel #CTI
Part 2: OAuth consent scams went from “one guy” to a token factory 🎅🏭🔑
Salesloft/Drift showed how stolen OAuth tokens → Salesforce tenant exfil at scale.
Deep dive + defenses (verified publisher, least scope, fast revoke MTTR):
blog.alphahunt.io/deep-researc...
#AlphaHunt #OAuth #IdentitySecurity
Salesloft/Drift showed how stolen OAuth tokens → Salesforce tenant exfil at scale.
Deep dive + defenses (verified publisher, least scope, fast revoke MTTR):
blog.alphahunt.io/deep-researc...
#AlphaHunt #OAuth #IdentitySecurity
December 18, 2025 at 2:09 PM
Part 2: OAuth consent scams went from “one guy” to a token factory 🎅🏭🔑
Salesloft/Drift showed how stolen OAuth tokens → Salesforce tenant exfil at scale.
Deep dive + defenses (verified publisher, least scope, fast revoke MTTR):
blog.alphahunt.io/deep-researc...
#AlphaHunt #OAuth #IdentitySecurity
Salesloft/Drift showed how stolen OAuth tokens → Salesforce tenant exfil at scale.
Deep dive + defenses (verified publisher, least scope, fast revoke MTTR):
blog.alphahunt.io/deep-researc...
#AlphaHunt #OAuth #IdentitySecurity
Threat ops glow-up: Cobalt Strike’s the flip phone; Sliver/Havoc/Mythic/Brute Ratel ride Graph/SharePoint and ghost your SOC. ValleyRAT waves. 🔥☕️ Read why your 2026 IR playbook needs a rewrite.
#AlphaHunt #CyberSecurity #Infosec #APT
#AlphaHunt #CyberSecurity #Infosec #APT
December 17, 2025 at 10:16 PM
Threat ops glow-up: Cobalt Strike’s the flip phone; Sliver/Havoc/Mythic/Brute Ratel ride Graph/SharePoint and ghost your SOC. ValleyRAT waves. 🔥☕️ Read why your 2026 IR playbook needs a rewrite.
#AlphaHunt #CyberSecurity #Infosec #APT
#AlphaHunt #CyberSecurity #Infosec #APT