In the DC-area? You'd be hard-pressed to find a better use of your time than to attend #FTSCon on 🗓️ October 21 in Arlington VA. It's packed with info on the latest security tools 🔧 and 🎯 insights from incident response #threatintel #memoryforensics

🚨 New threat intelligence engineering role in our org Do you wanna help build tools to find, block, and disrupt ecrime, fraud, and espionage activity? This role may be for you! https://t.co/mV1PBPYKSq

I've waited nearly ten years to tell this story: In 2016, I developed a source in Iranian intelligence named Mohammad Hossein Tajik. He told me he came from a politically connected family. That he had led Iran's cyber army. And that he had secretly worked for the CIA. 🧵

#OceanLotus Group Targeting The indigenized Xinchuang system (a Chinese framework for building secure, self-reliant IT ecosystems using domestic hardware and software). 1. Spear-Phishing Lures Desktop Lures Desktop files on ICT innovation platforms, similar to LNK files on

Explanation and full RCE PoC for CVE-2025-55182 https://t.co/J4raVgQAeg

On the plus side, everytime there's a Cloudflare outage 1000s of threat actors around the world have their malware C2 go down for a few hours.

.@Volexity #threatintel tracks a wide variety of threat actors abusing Device Code & OAuth authentication workflows to phish credentials. And these techniques continue to see success due to creative social engineering. [1/2]

⚠️ Thai Human Rights Commission condemns Thailand’s deportation of 40 Uyghurs to China in Feb 2025 Deportations were “unlawful, undermined international confidence in the country and affected its global economic & trade relations.” https://t.co/1BPpFepU9M

🚨 PRC state-sponsored APT actors are using BRICKSTORM malware, a sophisticated backdoor, to target govt & #CriticalInfrastructure. Our 🆕 Malware Analysis Report, derived from an #IncidentResponse engagement, details IOCs & mitigation steps. Act now! https://t.co/SksUqLbhp0

New blog post is up exploring a vuln I found in Claude Code (CVE-2025-64755) allowing arbitrary file write without a consent prompt. New tech is always fun to explore, hopefully this post gives you some hints as to future research :)

Now I am become Death, the destroyer of worlds.

One last thing: Google boasted to the media about its AI detected vulnerabilities before FFmpeg volunteers were able to send fixes. A dozen AI vulnerability reports were dumped on FFmpeg volunteers at the same time Google was boasting to @TechCrunch Is Google Security really

Enhance your CyberChef experience with GeoCities mode!

#PIVOTcon26 registration is now OPEN 🤟📷 #ThreatResearch #ThreatIntel 📷 https://t.co/O5LJfr5JlT Please read carefully the whole 🧵 for the rules about invite -> registration (1/6)🌐

The replies and quote tweets to this...🥵 If I were an executive in Redmond, reading them would put an uneasy feeling in the pit of my stomach. I'd start trying to figure out whether overall Windows customer sentiment may actually be taking an alarmingly sharp downward turn.

Honestly, here's what I'd like to see with the future of enterprise security in general. At least for organizations who genuinely want to try to make it a priority🧵: 1. Finally accepting detection + response importantly backstops solid prevention but cannot substitute for it.

Our NVISO #IncidentResponse Team has been tracking #VShell campaigns worldwide! More than 1,500 active VShell servers were uncovered, each capable of giving attackers remote control over compromised networks. Read the report here 👇 https://t.co/XjAIIe99UH

@stevenadair is back again at CYBERWARCON! He is the Founder + President of Volexity, and leads a team of experts that deal with advanced and complex cyber intrusions from nation-state level intruders. His talk will cover a Chinese APT actor that Volexity currently tracks as

Reposting but this time Bart speaks French.

If you like: - writing sigs in yara/clamav - File formats - browser or windows internals - Finding clever ways to fingerprint malware - stopping the hottest email initial access methods Then this detection engineering role might be for you! https://t.co/kAGcZMqaWp

We had a great day yesterday at #FTSCon 2025! FTSCon Week continues with @joegrand’s Hardware Hacking Basics + @volatility Malware & Memory Forensics training with @attrc, @iMHLv2 & @superponible.