SafeBreach: Prince of Persia APT ran multiple Foudre/Tonnerre variants and DGAs in parallel; Tonnerre v50 (Sep 2025) redirects victims to Telegram group 'سرافراز' and user @ehsan8999100. #PrinceOfPersia #Foudre #Telegram https://t.co/9NGBd90q2e

React2Shell (CVE-2025-55182) enabled unauthenticated RCE in React Server Components, triggering rapid scanning and exploitation across many internet-facing apps. #React2Shell #CVE202555182 #SAPNetWeaver https://t.co/Q1q6HnURUJ

ConsentFix is a new phishing campaign using click‑fix style UX tricks to steal auth tokens, reported via Microsoft Threat Hunting targeting Entra identities. #ConsentFix #phishing #authtokens https://t.co/6PBQE8UR24

CWE published the 2025 Top 25 Most Dangerous Software Weaknesses: CWE-79 (XSS) remains #1; CWE-78 (OS command injection) and CWE-416 (Use After Free) show high KEV CVE counts. 2025 list updated Dec 15. #CWE #Top25 #bookmark https://t.co/TdgbsHFnK6

OSINTCon Day1 https://t.co/4HNUDN4TRO

Urban VPN Chrome extension (6M+ installs) injected per-platform scripts into ChatGPT, Claude, Gemini, etc., overrode fetch/XMLHttpRequest to capture prompts/responses and exfiltrated data to https://t.co/nT0u7ZqkdY. #privacy #ai #databreach https://t.co/sZXbH73HnN

To get started add our marketplace in Claude Code: /plugin marketplace add anthropics/claude-code and then install the plugin: /plugin install frontend-design@claude-code-plugins

Shannon is an autonomous AI pentester that finds and executes real exploits (XSS, injection, auth bypass) and delivers reproducible PoCs. Shannon Lite scored 96.15% on XBOW. #tool #AIsec #OWASP https://t.co/u7JMaocsSY

Evolution of Composite Cyber Threats: 2025 Analysis and 2026 Key Response Strategies https://t.co/g1USBW64fM

Survival v2.1 simulates server resilience: route STATIC/UPLOAD→Storage, READ/WRITE/SEARCH→DB, block MALICIOUS with Firewall. Budget $500, queue buffers 200 reqs, cache hit rates 35–90%, auto-repair heals 10%/min. #simulation #tool https://t.co/3HWd8rRmhU

ATHF provides a markdown-based, persistent repository for threat hunts using the LOCK pattern, enabling AI assistants to recall prior investigations and integrate with SIEM/EDR. Defines five maturity levels (0–4). #ATHF #LOCK #tool https://t.co/WnkCTu5A2i

Comprehensive AI/LLM red team handbook (46 chapters) covering RAG, prompt injection, data leakage, model theft and adversarial ML frameworks. #tool #LLMsecurity https://t.co/UpICftmnEb

10-step BEC investigation guide for Office 365: outlines identification, collection and analysis of mailbox activity, audit logs, mail-flow rules and eDiscovery artifacts for IR teams. nl_incidentresponse@pwc.com #BEC #Office365 https://t.co/13Zn2XslkX

Attackers poisoned Google results to surface ChatGPT/Grok conversations with Terminal commands that delivered an AMOS macOS stealer—no phishing or malicious installer used. #AIpoisoning #AMOS #macOS https://t.co/Xzcg7coAfQ

Google launches fully-managed remote MCP servers for Google Cloud: unified MCP endpoints enable Gemini/agents to access Maps Grounding Lite, BigQuery schema-aware queries, GCE provisioning, and GKE APIs with Apigee governance. #MCP #Gemini3 #Apigee https://t.co/uVOogNjxby

Detect Mythic P2P over SMB by spotting SMB WriteRequest (Command=9) with BlobOffset/BlobLen=0 and Base64 payload that decodes to a UUID; note SMBv3 encryption breaks signature detection. #Mythic #NDR #SMB https://t.co/AmaCzelrWn

Morphisec: PyStoreRAT uses AI-generated GitHub projects to seed a JavaScript/HTA loader that fingerprints hosts, drops Rhadamanthys, spreads via removable drives and uses rotating C2 nodes. #PyStoreRAT #Rhadamanthys #GitHub https://t.co/lKTI4zzN2u

The picture below depicts a (malicious) Inbox Rule. I slightly modified this Inbox Rule to protect our customer, but the gist is that it filters incoming mail from a specific bank employee, moves it to the RSS Folder, and marks it as read. The owner of the mailbox will never see

GrayBravo operates four distinct CastleLoader clusters (TAG-160, TAG-161), using ClickFix phishing to impersonate logistics firms and https://t.co/gE808jprHJ and to deliver CastleLoader and Matanbuchus. #GrayBravo #CastleLoader #ClickFix https://t.co/u1dFADN8vH

KustoHawk is a PowerShell triage tool for Microsoft Defender XDR and Sentinel. It runs Graph API runHuntingQuery KQL checks, aggregates device/identity hits and exports HTML/CSV for investigations. Requires https://t.co/rrikjVhRDL.All. #tool #DefenderXDR https://t.co/szipzVtobi