Autonomous AI pentester Shannon executes live exploits (XSS, SQL injection, auth bypass) and validates findings on running apps; Shannon Lite achieved 96.15% on the XBOW benchmark. #tool #AIsec #OWASP https://bit.ly/4oYTgRj
December 15, 2025 at 3:49 PM
Autonomous AI pentester Shannon executes live exploits (XSS, SQL injection, auth bypass) and validates findings on running apps; Shannon Lite achieved 96.15% on the XBOW benchmark. #tool #AIsec #OWASP https://bit.ly/4oYTgRj
Evolution of Composite Cyber Threats: 2025 Analysis and 2026 Key Response Strategies https://bit.ly/4oTXwli
December 15, 2025 at 12:03 PM
Evolution of Composite Cyber Threats: 2025 Analysis and 2026 Key Response Strategies https://bit.ly/4oTXwli
Survival v2.1 models traffic routing and resilience: queue buffers 200 requests, cache hit rates 35–90%, auto-repair heals 10% of service cost/min. Core objective: survive endless traffic with limited $500 budget. #simulation #tool https://bit.ly/4q3TYxK
December 15, 2025 at 11:58 AM
Survival v2.1 models traffic routing and resilience: queue buffers 200 requests, cache hit rates 35–90%, auto-repair heals 10% of service cost/min. Core objective: survive endless traffic with limited $500 budget. #simulation #tool https://bit.ly/4q3TYxK
Persistent markdown-based hunt repository using the LOCK pattern; enables AI assistants to recall past investigations and integrate with SIEM/EDR. Defines five maturity levels (0–4). #ATHF #LOCK #tool https://bit.ly/4pIe7tu
December 14, 2025 at 7:51 PM
Persistent markdown-based hunt repository using the LOCK pattern; enables AI assistants to recall past investigations and integrate with SIEM/EDR. Defines five maturity levels (0–4). #ATHF #LOCK #tool https://bit.ly/4pIe7tu
Comprehensive 46-chapter AI/LLM red team field manual covering RAG pipelines, prompt injection, data extraction, model theft and poisoning techniques. #tool #LLMsecurity #adversarial_ml https://bit.ly/48CooBr
December 14, 2025 at 7:10 PM
Comprehensive 46-chapter AI/LLM red team field manual covering RAG pipelines, prompt injection, data extraction, model theft and poisoning techniques. #tool #LLMsecurity #adversarial_ml https://bit.ly/48CooBr
BEC investigation guide: 10-step Office 365 workflow focused on mailbox activity, audit logs, mail-flow rules and eDiscovery artifacts for incident response teams. #BEC #Office365 https://bit.ly/4iSziGC
December 14, 2025 at 1:12 PM
BEC investigation guide: 10-step Office 365 workflow focused on mailbox activity, audit logs, mail-flow rules and eDiscovery artifacts for incident response teams. #BEC #Office365 https://bit.ly/4iSziGC
Search-result poisoning surfaced ChatGPT/Grok conversations giving Terminal commands that installed an AMOS macOS stealer (password theft, root escalation, persistence). #AIpoisoning #AMOS #macOS https://bit.ly/48XrDCs
December 14, 2025 at 11:06 AM
Search-result poisoning surfaced ChatGPT/Grok conversations giving Terminal commands that installed an AMOS macOS stealer (password theft, root escalation, persistence). #AIpoisoning #AMOS #macOS https://bit.ly/48XrDCs
Google rolls out fully-managed MCP servers: Maps Grounding Lite for fresh geodata, BigQuery schema-aware querying, and GCE/GKE discoverable tooling, all exposed via Apigee governance. #MCP #Gemini3 #Apigee https://bit.ly/4oXi3pd
December 14, 2025 at 10:08 AM
Google rolls out fully-managed MCP servers: Maps Grounding Lite for fresh geodata, BigQuery schema-aware querying, and GCE/GKE discoverable tooling, all exposed via Apigee governance. #MCP #Gemini3 #Apigee https://bit.ly/4oXi3pd
Mythic over SMB: detect WriteRequest (Command=9) where BlobOffset/BlobLen=0 and Base64 payload decodes to a UUID; signatures fail if SMBv3 encryption is used. #Mythic #NDR #SMB https://bit.ly/3L00DKs
December 14, 2025 at 9:40 AM
Mythic over SMB: detect WriteRequest (Command=9) where BlobOffset/BlobLen=0 and Base64 payload decodes to a UUID; signatures fail if SMBv3 encryption is used. #Mythic #NDR #SMB https://bit.ly/3L00DKs
PyStoreRAT leverages AI-generated GitHub repos to deliver a JavaScript/HTA loader that fingerprints systems, fetches Rhadamanthys, spreads via removable drives and uses rotating C2 nodes (node{i}-py-store). #PyStoreRAT #Rhadamanthys #GitHub https://bit.ly/4aVabAS
December 14, 2025 at 9:13 AM
PyStoreRAT leverages AI-generated GitHub repos to deliver a JavaScript/HTA loader that fingerprints systems, fetches Rhadamanthys, spreads via removable drives and uses rotating C2 nodes (node{i}-py-store). #PyStoreRAT #Rhadamanthys #GitHub https://bit.ly/4aVabAS
OWASP GenAI Security Project released the "Top 10 for Agentic Applications (2026)", a Q2–Q3’25 Solutions Reference Guide, and a CheatSheet v1.0 for securely using third‑party MCP servers — focused on agentic risks and MCP guidance. #OWASP #GenAI #bookmark https://bit.ly/4q6559n
December 14, 2025 at 9:05 AM
OWASP GenAI Security Project released the "Top 10 for Agentic Applications (2026)", a Q2–Q3’25 Solutions Reference Guide, and a CheatSheet v1.0 for securely using third‑party MCP servers — focused on agentic risks and MCP guidance. #OWASP #GenAI #bookmark https://bit.ly/4q6559n
GrayBravo's CastleLoader ecosystem includes four clusters; TAG-160 impersonates logistics and abuses freight-matching platforms with ClickFix, TAG-161 impersonates Booking.com delivering CastleLoader and Matanbuchus. #GrayBravo #CastleLoader #ClickFix https://bit.ly/4p49yc0
December 13, 2025 at 7:19 PM
GrayBravo's CastleLoader ecosystem includes four clusters; TAG-160 impersonates logistics and abuses freight-matching platforms with ClickFix, TAG-161 impersonates Booking.com delivering CastleLoader and Matanbuchus. #GrayBravo #CastleLoader #ClickFix https://bit.ly/4p49yc0
KustoHawk is a PowerShell triage tool for Defender XDR/Sentinel that runs Graph API runHuntingQuery KQL across environments, aggregates device and identity hits, and exports HTML/CSV for investigations. #tool #KQL #DefenderXDR https://bit.ly/48C7mmV
December 13, 2025 at 7:17 PM
KustoHawk is a PowerShell triage tool for Defender XDR/Sentinel that runs Graph API runHuntingQuery KQL across environments, aggregates device and identity hits, and exports HTML/CSV for investigations. #tool #KQL #DefenderXDR https://bit.ly/48C7mmV
MCP sampling lets servers request LLM completions; Unit 42 PoCs show resource theft, conversation hijacking, and covert tool invocation in a copilot. #MCP #PromptInjection #Unit42 https://bit.ly/48OWalY
December 8, 2025 at 7:53 PM
MCP sampling lets servers request LLM completions; Unit 42 PoCs show resource theft, conversation hijacking, and covert tool invocation in a copilot. #MCP #PromptInjection #Unit42 https://bit.ly/48OWalY
Huntress: Velociraptor abused as C2 after ToolShell SharePoint exploit (CVE-2025-49706). MSI payloads hosted on a workers.dev domain and a repeated Cloudflare tunnel account tag observed. #velociraptor #toolshell #CVE2025-49706 https://bit.ly/4pMW4C6
December 7, 2025 at 8:30 PM
Huntress: Velociraptor abused as C2 after ToolShell SharePoint exploit (CVE-2025-49706). MSI payloads hosted on a workers.dev domain and a repeated Cloudflare tunnel account tag observed. #velociraptor #toolshell #CVE2025-49706 https://bit.ly/4pMW4C6
Most public “AI malware” maps to AIM3 Levels 1–3 (experimenting through optimizing). Recorded Future finds AI as a force multiplier, not a new autonomous TTP; no confirmed BYOAI local-model malware. #AIM3 #LLM #GenAI https://bit.ly/4pzTiQI
December 7, 2025 at 7:13 PM
Most public “AI malware” maps to AIM3 Levels 1–3 (experimenting through optimizing). Recorded Future finds AI as a force multiplier, not a new autonomous TTP; no confirmed BYOAI local-model malware. #AIM3 #LLM #GenAI https://bit.ly/4pzTiQI
Sysmon config tailored to LOLRMM focuses on process creation, registry persistence, and outbound connection telemetry to detect C2 activity and anomalous process behavior. #Sysmon #LOLRMM #Detection https://bit.ly/44UJQz7
December 7, 2025 at 7:12 PM
Sysmon config tailored to LOLRMM focuses on process creation, registry persistence, and outbound connection telemetry to detect C2 activity and anomalous process behavior. #Sysmon #LOLRMM #Detection https://bit.ly/44UJQz7
CLRaptor: Velociraptor collections to hunt reflected .NET assemblies in memory; article details VQL-based detections for reflection-based assembly loading and in-memory artifacts. #tool #velociraptor #dotnet https://bit.ly/4rG41e5
December 6, 2025 at 4:43 PM
CLRaptor: Velociraptor collections to hunt reflected .NET assemblies in memory; article details VQL-based detections for reflection-based assembly loading and in-memory artifacts. #tool #velociraptor #dotnet https://bit.ly/4rG41e5
GitHub Actions injection in Nx allowed attackers to steal an NPM publishing token and publish backdoored Nx packages. Shai‑Hulud uses preinstall loaders, trufflehog for secrets, and GitHub Discussions as a C2 channel. #shaihulud #npm #supplychain https://bit.ly/3MkWmlc
December 6, 2025 at 4:39 PM
GitHub Actions injection in Nx allowed attackers to steal an NPM publishing token and publish backdoored Nx packages. Shai‑Hulud uses preinstall loaders, trufflehog for secrets, and GitHub Discussions as a C2 channel. #shaihulud #npm #supplychain https://bit.ly/3MkWmlc
Found multiple Cobalt Strike C2s by searching identical issuer_dn/subject_dn values (e.g., forged Gmail DN) in Censys; Malleable C2 profiles set CN/O/ST fields that map to those certs. #CobaltStrike #Censys #OSINT https://bit.ly/48UsVPA
December 6, 2025 at 4:24 PM
Found multiple Cobalt Strike C2s by searching identical issuer_dn/subject_dn values (e.g., forged Gmail DN) in Censys; Malleable C2 profiles set CN/O/ST fields that map to those certs. #CobaltStrike #Censys #OSINT https://bit.ly/48UsVPA
Autonomous security research framework RAPTOR combines Claude Code agents with Semgrep, CodeQL, AFL, radare2 and rr for scanning, fuzzing, crash analysis, PoC generation and patch proposals. #tool #fuzzing #staticanalysis https://bit.ly/48C2Val
December 6, 2025 at 4:21 PM
Autonomous security research framework RAPTOR combines Claude Code agents with Semgrep, CodeQL, AFL, radare2 and rr for scanning, fuzzing, crash analysis, PoC generation and patch proposals. #tool #fuzzing #staticanalysis https://bit.ly/48C2Val
Protecting LLM chats from the eavesdropping Whisper Leak attack https://bit.ly/48s2dMM
December 5, 2025 at 5:04 PM
Protecting LLM chats from the eavesdropping Whisper Leak attack https://bit.ly/48s2dMM
Google expands an Android pilot for in-call scam protection for financial apps, aiming to detect fraudulent call activity during app interactions; announcement dated Dec 3, 2025. #Android #AppSecurity https://bit.ly/4rD1YY8
December 5, 2025 at 5:00 PM
Google expands an Android pilot for in-call scam protection for financial apps, aiming to detect fraudulent call activity during app interactions; announcement dated Dec 3, 2025. #Android #AppSecurity https://bit.ly/4rD1YY8
ESET reports MuddyWater targeting Israel (one in Egypt) using a Fooder loader disguised as Snake to deploy MuddyViper backdoor; exfiltrates Windows creds and browser data. Observed CE‑Notes, LP‑Notes, go‑socks5. #MuddyWater #MuddyViper #ThreatIntel https://bit.ly/4pvEqTB
December 5, 2025 at 4:53 PM
ESET reports MuddyWater targeting Israel (one in Egypt) using a Fooder loader disguised as Snake to deploy MuddyViper backdoor; exfiltrates Windows creds and browser data. Observed CE‑Notes, LP‑Notes, go‑socks5. #MuddyWater #MuddyViper #ThreatIntel https://bit.ly/4pvEqTB
Famous Chollima operatives posed as remote IT staff to target US finance and crypto; techniques included GitHub spam, Telegram outreach, AnyDesk/Google Remote Desktop and OTP-extension social engineering. #Lazarus #FamousChollima #infosec https://bit.ly/3KzInY4
December 5, 2025 at 4:26 PM
Famous Chollima operatives posed as remote IT staff to target US finance and crypto; techniques included GitHub spam, Telegram outreach, AnyDesk/Google Remote Desktop and OTP-extension social engineering. #Lazarus #FamousChollima #infosec https://bit.ly/3KzInY4