Nat Eliason shared a t.co link on X without commentary; the linked content is not present in the provided source, so no IoCs or details are available. #nateliason #x #link https://bit.ly/46pV5QR
February 1, 2026 at 7:40 AM
Nat Eliason shared a t.co link on X without commentary; the linked content is not present in the provided source, so no IoCs or details are available. #nateliason #x #link https://bit.ly/46pV5QR
Agent Mode in Excel reaches desktop GA: model switcher (GPT‑5.2, Claude Opus 4.5), web‑grounded search with citations, and improved workbook creation, formula repair, and PivotTable/chart generation. #Copilot #Excel #AI https://bit.ly/4t7MgFh
January 30, 2026 at 6:20 PM
Agent Mode in Excel reaches desktop GA: model switcher (GPT‑5.2, Claude Opus 4.5), web‑grounded search with citations, and improved workbook creation, formula repair, and PivotTable/chart generation. #Copilot #Excel #AI https://bit.ly/4t7MgFh
PurpleBravo uses fake recruiter interviews and malicious GitHub lures to target developers; toolset includes BeaverTail and GolangGhost. Recorded Future observed 3,136 likely-target IPs and 20 victim orgs. #PurpleBravo #BeaverTail #GolangGhost https://bit.ly/4k5zXVM
January 30, 2026 at 5:52 PM
PurpleBravo uses fake recruiter interviews and malicious GitHub lures to target developers; toolset includes BeaverTail and GolangGhost. Recorded Future observed 3,136 likely-target IPs and 20 victim orgs. #PurpleBravo #BeaverTail #GolangGhost https://bit.ly/4k5zXVM
BlackIce packages 14 OSS AI-security tools into a version-pinned container image and maps capabilities to MITRE ATLAS (AML.T0051, AML.T0062) and Databricks DASF; covers prompt injection, data leakage, hallucination detection. #tool #AIsecurity https://bit.ly/3ZHdDZa
January 30, 2026 at 5:04 PM
BlackIce packages 14 OSS AI-security tools into a version-pinned container image and maps capabilities to MITRE ATLAS (AML.T0051, AML.T0062) and Databricks DASF; covers prompt injection, data leakage, hallucination detection. #tool #AIsecurity https://bit.ly/3ZHdDZa
HoneyMyte updated CoolClient to sideload via Sang.exe using libngs.dll to decrypt loader.dat and main.dat; supports keylogging, TCP tunneling, plugin staging, and newer variants drop a rootkit (observed in Pakistan/Myanmar). #CoolClient #HoneyMyte #malware https://bit.ly/4t2kYAd
January 29, 2026 at 11:36 AM
HoneyMyte updated CoolClient to sideload via Sang.exe using libngs.dll to decrypt loader.dat and main.dat; supports keylogging, TCP tunneling, plugin staging, and newer variants drop a rootkit (observed in Pakistan/Myanmar). #CoolClient #HoneyMyte #malware https://bit.ly/4t2kYAd
Windows campaign uses LNK→PowerShell loader (kira.ps1) and ExecutionPolicy bypass, abuses Defendnot to disable Microsoft Defender, then deploys Amnesia RAT and ransomware; scripts on GitHub, binaries on Dropbox. #ransomware #Defendnot #AmnesiaRAT https://bit.ly/4qOFt1N
January 29, 2026 at 11:33 AM
Windows campaign uses LNK→PowerShell loader (kira.ps1) and ExecutionPolicy bypass, abuses Defendnot to disable Microsoft Defender, then deploys Amnesia RAT and ransomware; scripts on GitHub, binaries on Dropbox. #ransomware #Defendnot #AmnesiaRAT https://bit.ly/4qOFt1N
28 MCP servers exposing 163+ security tools (nmap, nuclei, sqlmap, radare2) for LLM-driven assessments; production-hardened Docker images, Trivy scans, and GitHub Actions CI. #MCP #tool #Docker https://bit.ly/4k1JpcK
January 28, 2026 at 3:48 PM
28 MCP servers exposing 163+ security tools (nmap, nuclei, sqlmap, radare2) for LLM-driven assessments; production-hardened Docker images, Trivy scans, and GitHub Actions CI. #MCP #tool #Docker https://bit.ly/4k1JpcK
Centralized media manager for music, movies, games, books and comics with integrations for TorBox and Real-Debrid. Includes documentation, a wiki and additional utilities to configure debrid services. #debrid #streaming #bookmark https://bit.ly/4t4aiRm
January 27, 2026 at 7:43 PM
Centralized media manager for music, movies, games, books and comics with integrations for TorBox and Real-Debrid. Includes documentation, a wiki and additional utilities to configure debrid services. #debrid #streaming #bookmark https://bit.ly/4t4aiRm
Benign pages can call trusted LLM APIs to return malicious JS snippets that are assembled and executed in-browser, creating polymorphic phishing pages and evading network analysis. Examples: DeepSeek, Google Gemini. #LLM #phishing #javascript https://bit.ly/3NQhX5D
January 27, 2026 at 6:31 AM
Benign pages can call trusted LLM APIs to return malicious JS snippets that are assembled and executed in-browser, creating polymorphic phishing pages and evading network analysis. Examples: DeepSeek, Google Gemini. #LLM #phishing #javascript https://bit.ly/3NQhX5D
Deep Hat v2 uses MoE routing for long-context analysis inside Kindo; trained on operator tasks and dark-web signals to enable adversary emulation and autonomous red-team workflows. #DeepHat #MoE #tool https://bit.ly/45uBsqD
January 26, 2026 at 7:52 AM
Deep Hat v2 uses MoE routing for long-context analysis inside Kindo; trained on operator tasks and dark-web signals to enable adversary emulation and autonomous red-team workflows. #DeepHat #MoE #tool https://bit.ly/45uBsqD
Production-ready Claude Code repo: Node.js cross-platform rewrite, token optimization, automatic memory-persistence hooks, evals and subagent orchestration. Package-manager detection prioritized. #tool #claudecode #MCP https://bit.ly/4reVTQF
January 25, 2026 at 7:30 AM
Production-ready Claude Code repo: Node.js cross-platform rewrite, token optimization, automatic memory-persistence hooks, evals and subagent orchestration. Package-manager detection prioritized. #tool #claudecode #MCP https://bit.ly/4reVTQF
Scattered Spider leverages helpdesk social engineering, SIM swapping and SSO-themed SMS phishing to gain RMM access and target VMware ESXi and cloud VMs before deploying ALPHV/BlackCat or DragonForce. #ScatteredSpider #Ransomware #SSO https://bit.ly/49EKu6X
January 24, 2026 at 2:43 PM
Scattered Spider leverages helpdesk social engineering, SIM swapping and SSO-themed SMS phishing to gain RMM access and target VMware ESXi and cloud VMs before deploying ALPHV/BlackCat or DragonForce. #ScatteredSpider #Ransomware #SSO https://bit.ly/49EKu6X
Local-first SOC toolkit: 20+ intel sources, PE/ELF/Mach-O parsing, YARA/Sigma/KQL rule generation, and Ollama offline LLM integration for on-prem AI-assisted analysis. #tool #yara #ollama https://bit.ly/4bfGaMt
January 23, 2026 at 6:10 PM
Local-first SOC toolkit: 20+ intel sources, PE/ELF/Mach-O parsing, YARA/Sigma/KQL rule generation, and Ollama offline LLM integration for on-prem AI-assisted analysis. #tool #yara #ollama https://bit.ly/4bfGaMt
Telegram scam bot demo: attacker-side bot simulates support calls, prompts for keypresses/codes, and streams entered keystrokes to an attacker dashboard in real time. #phishing #telegram #scam https://bit.ly/49UFqdu
January 22, 2026 at 6:38 PM
Telegram scam bot demo: attacker-side bot simulates support calls, prompts for keypresses/codes, and streams entered keystrokes to an attacker dashboard in real time. #phishing #telegram #scam https://bit.ly/49UFqdu
DPRK-linked campaign abuses Visual Studio Code tasks.json to run obfuscated JavaScript via Node.js; payloads hosted on vercel.app; operators now deploy a backdoor implant enabling remote code execution. #VisualStudioCode #RCE #DPRK https://bit.ly/4sSDYkt
January 22, 2026 at 6:26 PM
DPRK-linked campaign abuses Visual Studio Code tasks.json to run obfuscated JavaScript via Node.js; payloads hosted on vercel.app; operators now deploy a backdoor implant enabling remote code execution. #VisualStudioCode #RCE #DPRK https://bit.ly/4sSDYkt
VoidLink: Check Point finds first advanced AI-generated malware using Spec Driven Development; includes eBPF, LKM rootkits and cloud/container modules. Dev artifacts and OPSEC leaks show AI-driven build to first implant in <1 week. #VoidLink #AI #eBPF https://bit.ly/4qH4ax4
January 22, 2026 at 6:24 PM
VoidLink: Check Point finds first advanced AI-generated malware using Spec Driven Development; includes eBPF, LKM rootkits and cloud/container modules. Dev artifacts and OPSEC leaks show AI-driven build to first implant in <1 week. #VoidLink #AI #eBPF https://bit.ly/4qH4ax4
Natural-language payload hidden in a Google Calendar invite caused Gemini to summarize private meetings and create an event containing exfiltrated data. Attack leverages Calendar.create tool permissions. #promptinjection #GoogleGemini #AIsecurity https://bit.ly/4qzEXnY
January 22, 2026 at 6:19 PM
Natural-language payload hidden in a Google Calendar invite caused Gemini to summarize private meetings and create an event containing exfiltrated data. Attack leverages Calendar.create tool permissions. #promptinjection #GoogleGemini #AIsecurity https://bit.ly/4qzEXnY
Force specificity: define context, output, length, format and style. Use persona, Master Prompt and expertise import; favor larger models for bigger context windows. #PromptEngineering #LLM #MasterPrompt https://bit.ly/3LLZKFF
January 21, 2026 at 2:12 PM
Force specificity: define context, output, length, format and style. Use persona, Master Prompt and expertise import; favor larger models for bigger context windows. #PromptEngineering #LLM #MasterPrompt https://bit.ly/3LLZKFF
XSS in the leaked StealC MaaS panel exposed operator session cookies and system fingerprints; panel showed build IDs like YouTube and 5,000+ stolen logs. #stealc #xss #infostealer https://bit.ly/4jMxfnT
January 20, 2026 at 3:38 PM
XSS in the leaked StealC MaaS panel exposed operator session cookies and system fingerprints; panel showed build IDs like YouTube and 5,000+ stolen logs. #stealc #xss #infostealer https://bit.ly/4jMxfnT
Attackers can forge Kerberos TGTs after extracting the krbtgt NTLM hash (example: d3c15f2d585d8e25ccd1834a037065cc) to create 10-year Golden Tickets; Velociraptor detection focuses on anomalous long-lived TGTs and PAC signatures. #kerberos #goldenticket #velociraptor https://bit.ly/3Nm6dYD
January 20, 2026 at 3:20 PM
Attackers can forge Kerberos TGTs after extracting the krbtgt NTLM hash (example: d3c15f2d585d8e25ccd1834a037065cc) to create 10-year Golden Tickets; Velociraptor detection focuses on anomalous long-lived TGTs and PAC signatures. #kerberos #goldenticket #velociraptor https://bit.ly/3Nm6dYD
Ralph implements autonomous Claude Code loops with a dual-condition EXIT_SIGNAL gate and default rate limiting of 100 calls/hour. JSON output support and tmux monitoring included. #tool #autonomy #ClaudeCode https://bit.ly/3NzNdFW
January 19, 2026 at 5:21 PM
Ralph implements autonomous Claude Code loops with a dual-condition EXIT_SIGNAL gate and default rate limiting of 100 calls/hour. JSON output support and tmux monitoring included. #tool #autonomy #ClaudeCode https://bit.ly/3NzNdFW
Claude Cowork can be abused for file exfiltration via indirect prompt injection exploiting the Anthropic API allowlist; attackers can coerce the agent to upload local files to attacker-controlled Anthropic accounts. #AIsecurity #promptinjection https://bit.ly/4jXuJLJ
January 19, 2026 at 2:21 PM
Claude Cowork can be abused for file exfiltration via indirect prompt injection exploiting the Anthropic API allowlist; attackers can coerce the agent to upload local files to attacker-controlled Anthropic accounts. #AIsecurity #promptinjection https://bit.ly/4jXuJLJ
100 n8n workflows: subdomain recon with Subfinder/Amass, attack-surface diffs via Nmap/Masscan, GoPhish phishing automation and S3 bucket discovery — templates for Red/Blue/AppSec ops. #n8n #automation #bookmark https://bit.ly/41ZT77S
January 19, 2026 at 10:30 AM
100 n8n workflows: subdomain recon with Subfinder/Amass, attack-surface diffs via Nmap/Masscan, GoPhish phishing automation and S3 bucket discovery — templates for Red/Blue/AppSec ops. #n8n #automation #bookmark https://bit.ly/41ZT77S
Anonymous web viewer for public Instagram content; Imginn provides HD downloads for photos, videos, Reels and Stories and a quick username search — no login required. #imginn #instagram #tool https://bit.ly/49D2xKN
January 19, 2026 at 9:36 AM
Anonymous web viewer for public Instagram content; Imginn provides HD downloads for photos, videos, Reels and Stories and a quick username search — no login required. #imginn #instagram #tool https://bit.ly/49D2xKN
Mandiant published Net-NTLMv1 rainbow tables; DES known-plaintext (1122334455667788) attacks can recover keys under 12 hours on consumer hardware, stressing the need to disable Net-NTLMv1. #NetNTLMv1 #rainbowtables https://bit.ly/49H2oEH
January 19, 2026 at 6:19 AM
Mandiant published Net-NTLMv1 rainbow tables; DES known-plaintext (1122334455667788) attacks can recover keys under 12 hours on consumer hardware, stressing the need to disable Net-NTLMv1. #NetNTLMv1 #rainbowtables https://bit.ly/49H2oEH