Lightnews — Scholar-powered news

SentinelOne @sentinelone.com · 14d

🚫 You won’t remember the breach—because it never happened.

In the AI era, SentinelOne is setting a new standard for cybersecurity with AI-powered protection that predicts, prevents, and stops threats before they ever start.

🔎 Take a Tour: https://bit.ly/3wd3Ij4
👉 Learn more: https://bit.ly/42LgMce

1

SentinelOne @sentinelone.com · 19d

Bottom line: LLM-enabled malware is still experimental, but it’s a glimpse of what’s ahead. Defenders have a unique window to learn from early tradecraft.

🔎 Read the full report: s1.ai/llm-mw

Prompts as Code & Embedded Keys | The Hunt for LLM-Enabled Malware

LLM-enabled malware poses new challenges for detection. SentinelLABS presents groundbreaking research on how to hunt for this new class of threats.

s1.ai

SentinelOne @sentinelone.com · 19d

Hunting techniques we developed:
• Wide API key detection (YARA rules for OpenAI, Anthropic, etc.)
• Prompt hunting — searching binaries for hardcoded instructions

1

SentinelOne @sentinelone.com · 19d

By tracking prompts and API key structures, SentinelLABS uncovered previously unknown samples and demonstrated how defenders can adapt to this next evolution of malware.

1

SentinelOne @sentinelone.com · 19d

(2/2) Key findings:
• "PromptLock,” an AI-powered ransomware from university students. This proof-of-concept is meant to reduce fear, uncertainty, and doubt, and illuminate the lack of real risk.
• New hunting strategies using embedded API keys and prompts as detection artifacts

1

SentinelOne @sentinelone.com · 19d

(1/2) Key findings:
• What may be the earliest known LLM-enabled malware sample, MalTerminal
• APT28’s LameHug/PromptSteal, embedding hundreds of stolen API keys

1

SentinelOne @sentinelone.com · 19d

Why it matters:
🔹 Code is generated at runtime, making static signatures unreliable
🔹 Malware may evolve with every execution–which complicates the likelihood of consistent execution
🔹 But defenders can still hunt — by looking for prompts & embedded API keys

1

SentinelOne @sentinelone.com · 19d

🔎 Attackers are embedding LLMs directly into malware, creating code that can generate malicious logic at runtime rather than embedded in code.

🔥New @sentinellabs.bsky.social research by @alex.leetnoob.com, @vkamluk.bsky.social, and Gabriel Bernadett-Shapiro at #LABScon 2025. 🔥 s1.ai/llm-mw

2 1 4

SentinelOne @sentinelone.com · 22d

That’s just a glimpse of #LABScon 2025. An exclusive conference where the best research is shared in real time.

Stay tuned as @LabsSentinel releases replay videos in the weeks and months following #LABScon.

🔗 labscon.io

LABScon - Security Research in Real Time

Join us September 17-20th for LABScon, an intimate, invite-only event for the top cybersecurity minds to gather, share cutting-edge research.

labscon.io

SentinelOne @sentinelone.com · 22d

🐼 CamoFei Meets the Taliban: @sentinellabs.bsky.social's @milenkowski.bsky.social and @julianferdinand.bsky.social spotlight CamoFei, a China-linked APT blending espionage with destabilization ops.

🔗 labscon.io/speakers/aleksandar-milenkoski

1 1 1

SentinelOne @sentinelone.com · 22d

🎮 @meidanowski.bsky.social (@nattothoughts.bsky.social) and @euben.bsky.social map China’s cyber ranges—“attack-defense live-fire” ecosystems that train talent for state operations.

🔗 labscon.io/speakers/mei-danowski
🔗 www.labscon.io/speakers/eug...

1 2

SentinelOne @sentinelone.com · 22d

⚔️ Hacktivism and War: @sentinellabs.bsky.social's Jim Walter dissects how nation-states weaponize hacktivism—blending DDoS, ransomware, leaks and psyops under activist façades.

A clarifying look at a murky, attribution-challenged landscape.

🔗 labscon.io/speakers/jim-walter

LABScon Speaker 2025: Jim Walter

labscon.io

1

SentinelOne @sentinelone.com · 22d

Through their LLM agent system analyzing Russian data leaks, they explore transparency, accountability, and the limits of AI in threat research.

1

SentinelOne @sentinelone.com · 22d

🧠 @machinavelli.com and Brad Palm (@dreadnode.bsky.social) ask: can we trust AI-assisted CTI?

🔗 labscon.io/speakers/martin-wendiggensen
🔗 www.labscon.io/speakers/bra...

1 1 1

SentinelOne @sentinelone.com · 22d

🐘 PwC’s Jono Davis introduces Orange Indra, a South Asia–based threat actor conducting widespread credential phishing across APAC.

A reminder: not all espionage-oriented intrusions come from the “Big 4.”

🔗 labscon.io/speakers/jono-davis

LABScon Speaker 2025: Jono Davis

labscon.io

SentinelOne @sentinelone.com · 22d

LLMs now generate payloads, bypass code-signing, and triage victims—reshaping the defender’s problem space.

1

SentinelOne @sentinelone.com · 22d

🤖 LLM Malware in the Wild: Gabriel Bernadett-Shapiro and @sentinellabs.bsky.social 's @alex.leetnoob.com uncovered malware embedding real API keys to outsource attacks to OpenAI & Anthropic.

🔗 labscon.io/speakers/gabriel-bernadett-shapiro
🔗 www.labscon.io/speakers/ale...

1

SentinelOne @sentinelone.com · 22d

💰Crypto thefts hit $9.3B last year. North Korea pulled a single $1.5B heist. @andrewmohawk.bsky.social argues crypto security is 90% the same Web2 skills—phishing, API abuse—just with irreversible consequences.

🔗 labscon.io/speakers/andrew-macpherson

LABScon Speaker 2025: Andrew MacPherson

labscon.io

1

SentinelOne @sentinelone.com · 22d

🔧 How to Bug Hotel Rooms: @viss.hax.lol unveils DIY travel security systems using Home Assistant, Z-Wave devices, and mmWave radar. From motion detection to seeing through walls, this toolkit reframes what “physical security” means on the road.

🔗 labscon.io/speakers/dan-tentler

LABScon Speaker 2025: Dan Tentler

labscon.io

1

SentinelOne @sentinelone.com · 22d

🕵️ Kristin Del Rosso (@devsec.com) shows how insider threats emerge from social dynamics, policy gaps and organizational dysfunction. Case studies serve as a field guide, revealing how malicious actors exploit “organizational arbitrage."

🔗 labscon.io/speakers/kristin-del-rosso

LABScon Speaker 2025: Kristin Del Rosso

labscon.io

1

SentinelOne @sentinelone.com · 22d

From AI nudify apps to insider-sourced PII, these economies turn harassment into profit.

1

SentinelOne @sentinelone.com · 22d

🔎 @spycloudlabs.bsky.social's Trevor Hilligoss and Aurora Johnson expose toxic “internet toilets” where doxers, stalkers, & harassers trade data, tools, and services.

🔗 labscon.io/speakers/trevor-hilligoss
🔗 www.labscon.io/speakers/aurora-johnson/

1

SentinelOne @sentinelone.com · 22d

🔥 The Hottest Security Research in Real Time 🔥 #LABScon 2025 starts this Wednesday, bringing together the world’s leading researchers to share insights on malware, espionage, cybercrime economies, and the future of AI in security. s1.ai/LABScn-Bl

Here’s a preview 🧵👇

LABScon 2025 | From LLM Malware to Hotel Room Bugs: A Look at This Year’s Talks

Discover the groundbreaking threat intelligence debuting at LABScon 2025! From AI-driven malware and cryptocrime to surveillance tech and cyber espionage.

s1.ai

1

SentinelOne @sentinelone.com · 22d

🎬 It's live on Reddit! Ask @DakotaInDC anything! Join here: www.reddit.com/r/geopolitic...

1

SentinelOne @sentinelone.com · 25d

Ask about patents tied to U.S. indictments, smart-home spying, and encrypted data collection—plus Hafnium/Silk Typhoon. Join: www.reddit.com/r/geopolitic...

From the geopolitics community on Reddit

Explore this post and more from the geopolitics community

www.reddit.com

1