🚀 New SANS Blog! - Undercover Operations: Scraping the Cybercrime Underground It was an absolute pleasure to collaborate with @vHUMINT and @sansforensics for a blog on Undercover Scraping Operations. Read the full blog here: https://t.co/juZTR0K0kF #cti #sans #scraping

Introducing IndQA — a new benchmark that evaluates how well AI systems understand Indian languages and everyday cultural context. https://t.co/MWbRDFQQup

Awesome new threat report from Google Threat Intel Group documenting how threat actors are leveraging Gemini. A lot of information and actionable avalable in the report! Great work 👌 https://t.co/0ktEQbUhmq

Two bombshell stories all cybersecurity professionals must read: 1. Ex-ASD boss of US Exploiter Developer sold exploits to the Russians https://t.co/IMuP0wfRUQ 2. Employees of a US ransomware negotiation firm ran attacks with BlackCat ransomware https://t.co/3yJ9Dlasir

What happens when you put 30,000 hackers in one place? Welcome to DEF CON, the world's largest hacking convention. From picking locks, to hacking cars, to meeting LEGENDS like Kitboga and the creator of Wireshark; this wasn't just a conference... it was hacker Disneyland. I

👀 OpenSource Malware an open database for tracking malicious open-source packages from npm, PyPI, GitHub repos! Great source of intel feed for supply-chain attacks! 👇 https://t.co/y6ELpxxX1S

New Blog 👀 This blog discusses the topic of cybercrime counterintelligence to highlight the growing threat toward the cyber threat intelligence (CTI) and law enforcement (LE) communities ⚠️ 🔗 https://t.co/e7XVviZHMm

It's arrived - AI Hacking 101, which you can now find in the TCM Security Academy. This course will teach you the following about hacking #AI & LLMs: 🤖 Prompt injection & jailbreaking 🤖 Sensitive information disclosure / data exfiltration (e.g., via RAG) 🤖 Improper output

Here is an good introduction to AI Red Team published by Pillar Security. It gives you a broader understanding and methodology to start evaluate your AI systems, from AI Kill Chain, CFS, to practical example. https://t.co/sR02M2RPrt

🤔 Seeing some confusion about Anthropic's skills release, so let me break down why this is actually a huge deal 🧵 Even though all the pieces existed before (custom markdown commands, agents, context engineering), this is different... https://t.co/7E08MV94Ix 1/6

⚠️ Breach Notification from F5 Networks: “In August 2025, we learned a highly sophisticated nation-state threat actor maintained long-term, persistent access to, and downloaded files from, certain F5 systems.” https://t.co/gIEez4Z2sz

🤓 I created a new community project dedicated to Adversarial Prompts called PromptIntel. PromptIntel is a public and free database that helps you: ・ Explore and classify adversarial prompts taxonomy ・ Contribute new prompts from your research ・ Access a live feed with

New Blog! 👀 In this research, I take a look at the Qilin RaaS in-depth, which has emerged as one of the leading and most innovative ransomware gangs following the takedown of LockBit, the exit scam by ALPHV/BlackCat, and the shutdown of RansomHub. 🔗 https://t.co/4flDbtZttY

We’re at an inflection point in AI’s impact on cybersecurity. Claude now outperforms human teams in some cybersecurity competitions, and helps teams discover and fix code vulnerabilities. At the same time, attackers are using AI to expand their operations.

New Blog! 👀 After the last few large breaches, I discuss several cases in which the customers of major SaaS providers, such as Salesloft, Salesforce, and Snowflake have been extorted by adversaries from the English-speaking #cybercrime communities. 🔗 https://t.co/kTHeYQK6Uq

Regrettably I need to take a break from streaming Siege for a while. My plan is to take at least month off of playing the game whilst streaming other IRL and gaming content (and maybe some R6/VAL watchparties!). This is extra hard because I get paid to stream and my favorite part

Tachanka vs Smoke on Bank basement has been a real discussion point for Dez and I recently so today I took a deeper look, here's what I found, a 🧵 (Thread TLDR; Tachanka is more deadly and a much better time waster in perfect conditions. Smoke is more likely to consistently

Huntress tracked a threat actor who installed their Managed EDR product, sparking debate online over triage limitations and user privacy. I sat down with @_JohnHammond to separate fact from misunderstanding. Watch the full video at the link below!

🆕 I have now created a new Community Report system ( https://t.co/hOxt0H7Z7p) If anyone wants to share what tools they have observed, fill one of these out and add to the folder when you next come across tools used in a ransomware attack. ( https://t.co/PWjd3c3qEm) Thank you 🙇‍♂️

ICYMI! Tickets for CYBERWARCON 2025 are available, and we're looking for talk submissions! Don't wait to secure your spot. Grab a ticket or submit a proposal today. https://t.co/n9FPeIr93U

Apple Intelligence has earned its place in Tech Fails history 🙃 New video live on YouTube!