This blog was a lot of fun to work on. 😁

A *spooky* Only Malware in the Building episode is here, featuring @threatinsight's Selena Larson. 👻 Listen for “ghost stories” from the cyber underworld and explore the impacts these legendary incidents and operations have left on the digital landscape.

Researchers at @Proofpoint have uncovered a recent brute force campaign, tracked as UNK_CustomCloak, targeting the first-party app, Windows Live Custom Domains. Activity was observed from September 20th-30th, affecting nearly half a million users in over 4,000 tenants.

October is the month of pumpkin spice & #cybersecurityawareness. 🎃 On a new Discarded #podcast, the @threatinsight team recognizes the critical role humans play in the attack chain. Deep dive into why #socialengineering is at the 💙 of so many attacks. https://t.co/RQOcZeIt0Z

The Discord breach is another example of the risk of collecting IDs for age verification. If you’re going to collect sensitive data, you have to protect it. We’re not seeing it protected well so far.

#OperationEndgame was a collaborative effort between global law enforcement and private sector partners, including Proofpoint @threatinsight. At #ProofpointProtect 2025, attendees got an exclusive play-by-play of exactly how the operation disrupted global ransomware networks.

Dawg, this Discord Zendesk compromise is crazy. The Threat Actor has so much fucking leverage Depending on what's in the data they could extort celebrities, crypto influencers, politicians, scammers and/or other Threat Actors, government officials The possibilities are endless

This speech should terrify anyone who cares about our country. Declaring war on our nation’s cities and using our troops as political pawns is what dictators do. This man cares about nothing but his own ego and power.

The @Proofpoint threat research team published new research identifying a new cyber-espionage campaign by #TA415 (#APT41), a China-aligned threat actor, exploiting growing uncertainty in U.S.-China economic relations. ⤵️

The Attorney Generals in DC and Iowa have filed lawsuits against Bitcoin ATM providers, Athena, CoinFlip, and Bitcoin Depot for knowingly facilitating fraud as they allow hundreds of elderly folks to stuff money into their machines to be sent to scammers around the world while

There really should be a standard for rejecting non-essential cookies instead of going through this sort of time wasting. What makes your 'Legitimate interest' mine? No 'Reject all' option of course. Cookie control RFC anyone?

Hot sauce and hot takes: For the first time, the Only Malware in the Building team is together in-studio—and they’re turning up the heat. 🔥 Think you’ve seen them tackle malware mysteries before? Wait until you see them sweat. Stream now on YouTube!

Something #spicy is coming to the next Only Malware in the Building #podcast—dropping September 2nd. 🌶️ Bookmark the show page and reserve your seat 🪑 at the table alongside Selena Larson, Dave Bittner, and Keith Mularski. 🔥 You won't want to miss it! https://t.co/wDKwnjN5lT

You asked, we answered. AI tools are significantly lowering the barrier to entry for cybercriminals. We have observed threat actor campaigns leveraging the AI-generated website builder Lovable to create and host cred phishing, malware, and fraud websites. https://t.co/J1VjyEmGXO

Scammer Boss Takes the L

THATS 👏WHY 👏WE👏SUPPORT👏THE👏EFF👏 FUCK👏THE👏GOVERNMENT👏SPYING👏 FUCK👏THE👏GOVERNMENT👏 SUPPORT👏INTERNET👏ANONYMITY👏

Threat researchers from @Proofpoint have found a way to sidestep FIDO-based #authentication, a discovery that could expose targets to credential phishing attacks, account takeover (#ATO), and adversary-in-the-middle (AiTM) threats. #FIDO #MFA

Platforms where this kind of thing happens need to start stepping up.

New video is now live! https://t.co/HYcIkPQdTs The Job Scam....

New video on Sunday at 7pm BST (Patrons can already see it though!). Ever wonder about those "Review for $5" messages on WhatsApp or Telegram? I dig deep into a very fast-growing scam.

The Governor of Texas is threatening to remove democratically elected officials from office because they have refused to rig an election for Donald Trump. United States of America, 2025.