@mesiagh.bsky.social
Reposted
Microsoft security researchers have discovered a new backdoor malware named SesameOp that uses the OpenAI Assistants API as a covert command-and-control channel.
Microsoft: SesameOp malware abuses OpenAI Assistants API in attacks
Microsoft security researchers have discovered a new backdoor malware named SesameOp that uses the OpenAI Assistants API as a covert command-and-control channel.
www.bleepingcomputer.com
November 3, 2025 at 6:35 PM
Microsoft security researchers have discovered a new backdoor malware named SesameOp that uses the OpenAI Assistants API as a covert command-and-control channel.
Reposted
SnortML, Cisco’s machine learning-powered detection engine, identifies patterns of exploit attempts — even those it hasn't seen before — without relying on static rules. Stop by the Cisco booth at Black Hat to learn more: www.youtube.com/watch?v=jkxn...
How SnortML Uses Machine Learning to Stop Zero-Day Attacks
YouTube video by Cisco Talos Intelligence Group
www.youtube.com
July 24, 2025 at 2:34 PM
SnortML, Cisco’s machine learning-powered detection engine, identifies patterns of exploit attempts — even those it hasn't seen before — without relying on static rules. Stop by the Cisco booth at Black Hat to learn more: www.youtube.com/watch?v=jkxn...
Reposted
Don’t miss Part 2 of last week's TTP! Talos' Jaeson Schultz breaks down how attackers are using large language models (LLMs) to usher in the next phase of cyber threats by manipulating the data these models rely on: http://cs.co/633204Cuoo
July 16, 2025 at 6:09 PM
Don’t miss Part 2 of last week's TTP! Talos' Jaeson Schultz breaks down how attackers are using large language models (LLMs) to usher in the next phase of cyber threats by manipulating the data these models rely on: http://cs.co/633204Cuoo
Reposted
Don't miss the newest TTP! Jaeson Schultz joins Hazel to explore the wild world of cybercriminals scamming each other with fake AI tools, inventing new ways to jailbreak large language models, and so much more: http://cs.co/633204IoEG
July 11, 2025 at 3:15 PM
Don't miss the newest TTP! Jaeson Schultz joins Hazel to explore the wild world of cybercriminals scamming each other with fake AI tools, inventing new ways to jailbreak large language models, and so much more: http://cs.co/633204IoEG
Reposted
UNC6040 used voice-phishing to steal data from companies' Salesforce systems
cloud.google.com/blog/topics/...
cloud.google.com/blog/topics/...
June 4, 2025 at 5:51 PM
UNC6040 used voice-phishing to steal data from companies' Salesforce systems
cloud.google.com/blog/topics/...
cloud.google.com/blog/topics/...
Reposted
While important to have, MFA isn’t an invincible shield. Ready to see how cybercriminals are bypassing MFA — and what it means for your security? Read our newest blog: blog.talosintelligence.com/state-of-the...
May 1, 2025 at 1:30 PM
While important to have, MFA isn’t an invincible shield. Ready to see how cybercriminals are bypassing MFA — and what it means for your security? Read our newest blog: blog.talosintelligence.com/state-of-the...
Reposted
In 2024, the education sector faced the brunt of ransomware attacks. 📚 Explore our latest summary for more insights, including the methods ransomware actors are using to slip past defenses with minimal noise: blog.talosintelligence.com/year-in-revi...
April 15, 2025 at 5:49 PM
In 2024, the education sector faced the brunt of ransomware attacks. 📚 Explore our latest summary for more insights, including the methods ransomware actors are using to slip past defenses with minimal noise: blog.talosintelligence.com/year-in-revi...
Reposted
In this week's Threat Source newsletter, Martin shares strategies to strengthen defenses against evolving email lures and frequently targeted vulnerabilities, even when budgets are tight. Read it here: http://cs.co/63325FLEAf
April 10, 2025 at 6:05 PM
In this week's Threat Source newsletter, Martin shares strategies to strengthen defenses against evolving email lures and frequently targeted vulnerabilities, even when budgets are tight. Read it here: http://cs.co/63325FLEAf
Reposted
Part 2 of the latest Talos Threat Perspective is out now! This year's report authors dive into most prolific ransomware groups and what is contributing to their success. Watch the full video here: youtu.be/YFwMSxYd-Kk?...
April 4, 2025 at 2:26 PM
Part 2 of the latest Talos Threat Perspective is out now! This year's report authors dive into most prolific ransomware groups and what is contributing to their success. Watch the full video here: youtu.be/YFwMSxYd-Kk?...
Reposted
Cisco Talos’ 2024 Year in Review is available now! With visibility into more than 886 billion security events per day, the report features our key insights. Read the full report here: http://cs.co/63320FzuMG
March 31, 2025 at 12:05 PM
Cisco Talos’ 2024 Year in Review is available now! With visibility into more than 886 billion security events per day, the report features our key insights. Read the full report here: http://cs.co/63320FzuMG
Reposted
March 12, 2025 at 5:30 PM
Reposted
2025-02-25 (Tuesday): #VenomRAT from #malspam uses zip attachment containing a VHD file containing a VBS file. Calls Pastebin link for C2 server information. Details at github.com/malware-traf...
February 25, 2025 at 8:22 PM
2025-02-25 (Tuesday): #VenomRAT from #malspam uses zip attachment containing a VHD file containing a VBS file. Calls Pastebin link for C2 server information. Details at github.com/malware-traf...
Reposted
Nothing to see here. Just casually dropping a comprehensive list of banned books
docs.house.gov/meetings/GO/...
docs.house.gov/meetings/GO/...
docs.house.gov
February 24, 2025 at 2:04 PM
Nothing to see here. Just casually dropping a comprehensive list of banned books
docs.house.gov/meetings/GO/...
docs.house.gov/meetings/GO/...
Reposted
This week's newsletter is fresh in your inbox. William dives into security and efficiency, and the latest Talos research: http://cs.co/63329IhpJ3
February 20, 2025 at 7:18 PM
This week's newsletter is fresh in your inbox. William dives into security and efficiency, and the latest Talos research: http://cs.co/63329IhpJ3
Reposted
2025-02-05 (Wednesday): #ClearFake / #ClickFix style fake CAPTCHA leads to possible #Vidar.
Vidar C2 using eteherealpath[.]top behind Cloudflare.
Details at github.com/malware-traf...
Vidar C2 using eteherealpath[.]top behind Cloudflare.
Details at github.com/malware-traf...
February 6, 2025 at 1:03 AM
2025-02-05 (Wednesday): #ClearFake / #ClickFix style fake CAPTCHA leads to possible #Vidar.
Vidar C2 using eteherealpath[.]top behind Cloudflare.
Details at github.com/malware-traf...
Vidar C2 using eteherealpath[.]top behind Cloudflare.
Details at github.com/malware-traf...
Reposted
2025-01-30 (Thursday): #XLoader infection. Unlike my previous XLoader infections, this one didn't run in my VM, so I used a physical host. A #pcap of the infection traffic, the associated malware samples, and more info is available at malware-traffic-analysis.net/2025/01/30/i...
January 30, 2025 at 6:32 PM
2025-01-30 (Thursday): #XLoader infection. Unlike my previous XLoader infections, this one didn't run in my VM, so I used a physical host. A #pcap of the infection traffic, the associated malware samples, and more info is available at malware-traffic-analysis.net/2025/01/30/i...
Reposted
2025-01-28 (Tues): A case of web injects--malicious script injected in pages of legit websites. In this example, a site has two instances of injected script, #KongTuke and #SocGholish. A #pcap of the resulting infection, malware samples & more info at www.malware-traffic-analysis.net/2025/01/28/i...
January 29, 2025 at 5:40 AM
2025-01-28 (Tues): A case of web injects--malicious script injected in pages of legit websites. In this example, a site has two instances of injected script, #KongTuke and #SocGholish. A #pcap of the resulting infection, malware samples & more info at www.malware-traffic-analysis.net/2025/01/28/i...
We've discovered an ongoing malicious campaign operated by a financially motivated threat actor targeting users, predominantly in Poland and Germany. Read the blog on the new TorNet backdoor here:
blog.talosintelligence.com/new-tornet-b...
blog.talosintelligence.com/new-tornet-b...
New TorNet backdoor seen in widespread campaign
Cisco Talos discovered an ongoing malicious campaign operated by a financially motivated threat actor targeting users, predominantly in Poland and Germany.
blog.talosintelligence.com
January 28, 2025 at 7:47 PM
We've discovered an ongoing malicious campaign operated by a financially motivated threat actor targeting users, predominantly in Poland and Germany. Read the blog on the new TorNet backdoor here:
blog.talosintelligence.com/new-tornet-b...
blog.talosintelligence.com/new-tornet-b...
Recent changes in #LummaStealer - using ChaCha20 for C2 encryption, the new config extractor in C/C++. Courtesy of @russianpanda.bsky.social
github.com/RussianPanda...
github.com/RussianPanda...
Configuration_extractors/LummaC2 at main · RussianPanda95/Configuration_extractors
Configuration Extractors for Malware. Contribute to RussianPanda95/Configuration_extractors development by creating an account on GitHub.
github.com
January 27, 2025 at 7:38 PM
Recent changes in #LummaStealer - using ChaCha20 for C2 encryption, the new config extractor in C/C++. Courtesy of @russianpanda.bsky.social
github.com/RussianPanda...
github.com/RussianPanda...
We observed an increase in the number of email threats leveraging hidden text salting, also known as "poisoning", in the second half of 2024. Read our latest blog to learn more: blog.talosintelligence.com/seasoning-em...
Seasoning email threats with hidden text salting
Hidden text salting is a simple yet effective technique for bypassing email parsers, confusing spam filters, and evading detection engines that rely on keywords. Cisco Talos has observed an increase i...
blog.talosintelligence.com
January 24, 2025 at 3:43 PM
We observed an increase in the number of email threats leveraging hidden text salting, also known as "poisoning", in the second half of 2024. Read our latest blog to learn more: blog.talosintelligence.com/seasoning-em...
Reposted
I'm teaching Machine Learning Security as an online class, free for anyone to attend (as all my classes are):
https://samsclass.info/ML/ML_S25.shtml
https://samsclass.info/ML/ML_S25.shtml
Machine Learning Security -- Sam Bowne
samsclass.info
January 20, 2025 at 8:45 PM
I'm teaching Machine Learning Security as an online class, free for anyone to attend (as all my classes are):
https://samsclass.info/ML/ML_S25.shtml
https://samsclass.info/ML/ML_S25.shtml
The Microsoft AI Red Team recently released both a blog and an in-depth whitepaper after red teaming 100+ different GenAI products.
Read the blog here - microsoft.com/en-us/securi...
And download the whitepaper here - airedteamwhitepapers.blob.core.windows.net/lessonswhite...
Read the blog here - microsoft.com/en-us/securi...
And download the whitepaper here - airedteamwhitepapers.blob.core.windows.net/lessonswhite...
3 takeaways from red teaming 100 generative AI products | Microsoft Security Blog
The growing sophistication of AI systems and Microsoft’s increasing investment in AI have made red teaming more important than ever. Learn more.
microsoft.com
January 14, 2025 at 7:35 PM
The Microsoft AI Red Team recently released both a blog and an in-depth whitepaper after red teaming 100+ different GenAI products.
Read the blog here - microsoft.com/en-us/securi...
And download the whitepaper here - airedteamwhitepapers.blob.core.windows.net/lessonswhite...
Read the blog here - microsoft.com/en-us/securi...
And download the whitepaper here - airedteamwhitepapers.blob.core.windows.net/lessonswhite...
Reposted
New: YouTube is running hundreds of ads featuring deepfaked celebrities like Arnold Schwarzenegger, Sylvester Stallone, and Mike Tyson promising to get customers 'rock hard' (they're selling sketchy erectile dysfunction treatments)
www.404media.co/deepfake-you...
www.404media.co/deepfake-you...
Deepfake YouTube Ads of Celebrities Promise to Get You ‘Rock Hard’
Deepfakes of Arnold Schwarzenegger, Sylvester Stallone, Mike Tyson, and Terry Crews are selling erectile dysfunction supplements on YouTube.
www.404media.co
December 4, 2024 at 2:17 PM
New: YouTube is running hundreds of ads featuring deepfaked celebrities like Arnold Schwarzenegger, Sylvester Stallone, and Mike Tyson promising to get customers 'rock hard' (they're selling sketchy erectile dysfunction treatments)
www.404media.co/deepfake-you...
www.404media.co/deepfake-you...
Reposted
Cyber Blackfriday tips is already ongoing on GitHub (via Thomas Roccia, fr0gger_)
github.com/0x90n/InfoSe...
github.com/0x90n/InfoSe...
GitHub - 0x90n/InfoSec-Black-Friday: All the deals for InfoSec related software/tools this Black Friday
All the deals for InfoSec related software/tools this Black Friday - 0x90n/InfoSec-Black-Friday
github.com
November 20, 2024 at 8:32 AM
Cyber Blackfriday tips is already ongoing on GitHub (via Thomas Roccia, fr0gger_)
github.com/0x90n/InfoSe...
github.com/0x90n/InfoSe...
QR codes are disproportionately effective at bypassing most anti-spam filters. We discovered two effective methods for defanging malicious QR codes, a necessary step to make them safe for consumption. Find out how prevalent this attack is in our blog #QR #phishing cs.co/6012sxBa4
Malicious QR Codes: How big of a problem is it, really?
QR codes are disproportionately effective at bypassing most anti-spam filters. Talos discovered two effective methods for defanging malicious QR codes, a necessary step to make them safe for consumpti...
cs.co
November 20, 2024 at 7:56 PM
QR codes are disproportionately effective at bypassing most anti-spam filters. We discovered two effective methods for defanging malicious QR codes, a necessary step to make them safe for consumption. Find out how prevalent this attack is in our blog #QR #phishing cs.co/6012sxBa4