LUCR-3 (Scattered Spider) is back — and more dangerous than ever. Join @permiso_io’s P0 Labs researchers @andi_ahmeti & @abianmorina at #BSidesMunich + #DeepSec as they expose LUCR-3’s latest TTPs across cloud & SaaS environments. #CyberSecurity #ThreatIntel #CloudSecurity

AI security makes more sense when you see it through identity. Ian Ahl explains why most “AI incidents” come down to stolen creds, OAuth abuse, and over-privileged accounts and how to fix it with Discover. Protect. Defend. Stream now:

Cloud logs all speak a different language. AWS ≠ GCP ≠ SaaS ≠ IdP. P0LR Espresso is an open source tool that normalizes logs across environments so defenders get fast, strong shots of context during live response. Read more:

⚡️AI adoption is outpacing security. Permiso delivers **complete visibility** into AI users, builders & agents with runtime intelligence that stops hidden threats. Blog post here: https://t.co/sygmClA5kt

Great write up from the @The_Cyber_News on our latest open-source tool, #Inboxfuscation, in their newsletter today. "A new open-source tool named Inboxfuscation can create malicious inbox rules in Microsoft Exchange that are difficult for security tools to detect. Developed by

💡This tool on GitHub is only 2 weeks old, first seen on September 10th, 2025. Inboxfuscation: An advanced offensive & defensive framework for mailbox rule obfuscation & detection in Exchange environments. GitHub: https://t.co/CNvKRGrvZW Release Blog: https://t.co/PFcKpvvMfR

🚨 Inboxfuscation Tool That Bypasses Microsoft Exchange Inbox Rules and Evades Detection Read more: https://t.co/pygskQGxHc Attackers increasingly exploit Microsoft Exchange inbox rules to maintain persistence and exfiltrate data within enterprise environments. Inboxfuscation

Love seeing our work at @PermisoSecurity being shared with the community! I had the chance to develop Inboxfuscation an open-source tool to detect malicious inbox rules. Excited to see it getting out there!

Two Permiso speakers on the international stage tomorrow: Andi Ahmeti will be presenting "Inbox Under Siege: Real-World BEC Attacks, Tactics & Lessons Learend" at @BSidesTirana tomorrow at 3:40 local time. @danielhbohannon will be presenting "SkyScalpel: Making & Breaking

Malicious Microsoft Exchange inbox rules could be hidden using a technique dubbed “Inboxfuscation,”@permisosecurity researchers reported. #cybersecurity #infosec #ITsecurity

Big thanks to @LauraMFrench and @SCMagazine for covering #Inboxfuscation!

Thanks to @duncanriley and @SiliconANGLE for covering our latest open-source tool, #Inboxfuscation https://t.co/Dh38sStSRQ

Big thanks to @campuscodi at @riskydotbiz for including #Inboxfuscation in the recent Risky Biz newsletter https://t.co/paxIjHhIuk

Attackers are finding new ways to hide in plain sight. That’s why Permiso built Inboxfuscation - a free, open-source obfuscation and detection framework to help security teams detect and stop Unicode-obfuscated Microsoft Exchange inbox rules. It includes modules for both

The full write-up is now live, blog post is attached below if you’d like the deep dive. Blog: https://t.co/zzFYZIIAmE Github: https://t.co/Drhq49pFWh #Permiso #M365 #InboxRules #Obfuscation #Unicode #Evade #Persistence #Detection #Inboxfuscation #BlueTeamCon

The end result is rules that hide in plain sight, quietly deleting or forwarding mail while defenders think nothing’s wrong. Big thanks to the P0 labs at @permisosecurity Security for supporting this research and giving me the space to dig into the weird corners of M365

Null characters that make rules look “invalid” in Outlook but still run in the background •  Zero-width and invisible characters that slip past keyword detections •  Homoglyphs and directional overrides that make rules appear completely different in logs vs. UI

This past Sunday at Blue Team Con, I shared my latest research and released a new open-source framework called Inboxfuscation. The research looks at how attackers can abuse Microsoft 365 inbox rules using Unicode tricks like:

We’re excited to have @SecEagleAnd1, Threat Researcher at Permiso Security speaking at #BSidesTirana2025 on the 19th of September! #BSidesTirana #BSides #speakers

Check out Permiso P0 Labs’ latest research about AWS Managed Active Directory compliments of Bleon Proko! Turns out AD default settings inherited from on-prem AD can lead to a Resource-Based Constrained Delegation (RBCD) attack in its Cloud counterpart. https://t.co/UFttDz8LKl