Artsiom Holub
@Mesiagh
Followers
3K
Following
6K
Media
35
Statuses
2K
Security Research Analyst. Cyber Security Geek. Bookworm.
USA
Joined October 2015
Think urlscan is only useful for phishing? Think again. We break down how urlscan Pro can be leveraged to identify exposed malware C2 admin panels and support infrastructure hunting. New intel report published on urlscan Pro now.
0
39
197
To help celebrate @arcanuminfosec Information Security's two-year anniversary, @Jhaddix gave me 5 codes good for any Arcanum course to give away! Winners will be announced on 1/22. π 1 Like = 1 Entry! β»οΈ 1 Share = 2 Entries!
60
415
671
In other news, we just dropped a new blog on threat actors leveraging AI to write their half-ass working scripts and payloads. At this point I'm not even mad, just disappointed. π https://t.co/PrlOT6SfQs
12
21
129
NEW BLOG: The Great VM Escape π We caught threat actors deploying a VMware ESXi exploit toolkit in the wild - potentially was a zero-day developed over a year before VMware's disclosure π If anyone has thoughts on it let me know, but I needed almost a full case of beer to
huntress.com
Huntress outlines a complex, multi-step attack designed to break out of guest VMs and target the ESXi hypervisor, using potential zero-day vulnerabilities and sneaky VSOCK communication.
22
186
761
New video dropped! π€ Vibe hunting through @ValidinLLC with no preparation at all, just pivoting on whatever looks interesting and seeing where it takes us ππ³οΈ We stumbled across SmartApe, SmokedHam, Mintsloader ... Also caught up with Kenneth, the mind behind Validin! π§
2
20
81
βΌοΈπ°π΅ Meet North Korean recruiter 'Aaron,' who infiltrates Western companies by using AI and posing as a remote IT worker using stolen or rented identities. He was lured into a sandbox by researchers, who observed the wild APT in a controlled setting to see what he would do.
32
471
3K
Introducing RAPTOR, an Autonomous Offensive/Defensive Research Framework based on Anthropic's Claude Code, written by @dcuthbert, @halvarflake, @mbrg0, and myself. Let's rock. Get it from GitHub, here:
github.com
Raptor turns Claude Code into a general-purpose AI offensive/defensive security agent. By using Claude.md and creating rules, sub-agents, and skills, and orchestrating security tool usage, we confi...
13
120
585
π A malicious MCP server spotted in the wild! The Postmark MCP server (used to send and track emails through Postmark API) introduced a suspicious behavior in version 1.0.16. The attacker cloned the legitimate Postmark MCP code and added a malicious BCC line, then published it
0
0
2
πNew report out today!π From a Single Click: How Lunar Spider Enabled a Near Two-Month Intrusion Analysis/reporting completed by @RussianPanda, Christos Fotopoulos, Salem Salem, reviewed by @svch0st. Audio: Available on Spotify, Apple, YouTube and more! Report:β¬οΈ
5
53
154
π New Microsoft threat report shows how attackers are using AI for evasion and obfuscation in a phishing campaign! One part is very interesting, the team spotted 5 AI fingerprints in the code. But instead of hiding the attack (the initial goal), these fingerprints actually
7
49
196
I foresee 2026 as a year of FIDO authentication downgrade attacks. πͺπ I discovered a universal method for downgrading secure MFA methods (passkeys, security keys) to less secure alternatives during phishing attacks. Enjoy the quick demo! π¬
14
93
413
And here is the complete video of the talk π€ https://t.co/CR2gNSc8sb
π€ I just published my @AusCERT talk titled βGenerative AI Breaches: Threats, Investigations, and Response.β In this presentation, I explain how to protect and investigate AI breaches. Small thread π§΅π
0
22
87
The latest threat in the wild: A stealthy malvertising campaign spreading a powerful multi-stage malware Talos calls "PS1Bot." Find out what makes this campaign so dangerous and how itβs evolving: https://t.co/qbcAi505Or
0
11
26
Join Cisco Talos Incident Response for an off-the-record briefing on how we tackle threats on the frontlines. Real stories, real lessons. Register now: https://t.co/pcWCf1w2Z1
0
8
8
Ransomware actors are using decades-old PowerShell 1.0 to outsmart modern defenses β a surprising twist revealed in Cisco Talos IRβs latest quarterly trends report. Get the latest on this tactic and recent threats: https://t.co/SJYAWAP5HM
0
10
8
Attackers are more frequently using Windows shortcut (LNK) files to distribute malware. We cover four main categories of LNK malware: exploit execution, malicious file execution, in-argument script execution and overlay execution. https://t.co/rrlupQXSNh
1
61
116
Smishing is phishing, but through text messages. Instead of a scam email landing in your inbox, it arrives as an SMS, iMessage, or other text-based notification on your phone. Learn more about smishing, and how to spot a smishing text:
staysafeonline.org
Smishing is like phishing, except itβs sent to your phone. Learn what smishing is and how to avoid scams!
1
22
26
π¨ BREAKING: Google just released a set of free AI courses. Zero fees. No prior knowledge needed. Here are 11 courses you definitely donβt want to miss:
14
362
2K
#SocGholish , #UNC4108 folks have been making some updates to their #JuniperStealer π I covered the stealer in this article earlier in February: https://t.co/WoEN7M8vMP
0
14
87
Attackers are increasingly using your own legitimate IT tools to hide in plain sight. Learn how to spot them before they cause damage in our latest blog: https://t.co/cBfsyuasx9
0
3
4