Foresiet identified and analyzed Lucid Stealer, a Node.js SEA wrapper delivering a credential stealer and remote-access Trojan with persistence, wallet theft, keylogging, HVNC, and DDoS capabilities. foresiet.com/blog/lucid-stea…

lucid-stealer-malware-analysis-report

Foresiet Threat Intel analyzes the Lucid Stealer: a commercial Node.js info-stealer and RAT. Learn the infection chain, IOCs, and how to detect this threat.

foresiet.com

1,757

Laurent Cheylus

Jan retweeted

Laurent Cheylus @lcheylus

May 27

Benchmarking LLMs for Malware Triage and static Unpacking with Malcat (binary analysis software) #Infosec #Malware #LLM malcat.fr/blog/benchmarking-…

Benchmarking LLMs for malware triage and static unpacking with Malcat

Ever wondered which LLM model is the best to analyse malware? Well, we did, and put them to the test. By strapping 9 state-of-the-art large language models to Malcat's powerful MCP server, we made...

malcat.fr

146

Alex Matrosov

Jan retweeted

Alex Matrosov

@matrosov

May 27

Follow every Mythos discovery through our coordinated vulnerability disclosure dashboard. red.anthropic.com/2026/cvd/

140

643

60,909

Jan

Jan @_zero_q

May 19

hmm what to do when machine thinks it knows better than me:

Jan

Jan @_zero_q

May 14

Just waiting for AI to include hidden advertisement in their responses, e.g. when asking for summary of incident response actions depending on LLM it will point out that it is best to use tool or service of a certain company 🤣

Jan

Jan @_zero_q

May 12

Fortinet warns of critical RCE flaws in FortiSandbox and FortiAuthenticator bleepingcomputer.com/news/se…

Fortinet warns of critical RCE flaws in FortiSandbox and FortiAuthenticator

Fortinet has released security patches for two critical vulnerabilities in FortiSandbox and FortiAuthenticator that could enable attackers to run commands or arbitrary code.

bleepingcomputer.com

Jan

Jan @_zero_q

May 12

Can someone run Mythos against Forti and Ivanti, so that we get that chapter closed once and for all

Jan

Jan @_zero_q

May 1

Running @opencode together with Selenium and Safari remote control to have the AI fix my JavaScript errors, so I can enjoy the sun 🤣

Jan

Jan @_zero_q

Apr 14

AI does not mean attackers generate better exploits. It means they generate better reasons to panic. Speed of patching replaces verification as the dominant safety signal.

Jan

Jan @_zero_q

Apr 6

I just wanted to update one library ... now I am running OCLP on my late 2013 mac with a clean install of Sonoma 🤣

Jan

Jan @_zero_q

Apr 3

Added capability overview based on imported API function:

Jan

Jan @_zero_q

Mar 31

Slowly getting to where I want it to be. If you have labelled samples for me to play with, let me know.

Mehmet Ergene

Jan retweeted

Mehmet Ergene

@Cyb3rMonk

Mar 28

github.com/Vigil-SOC/vigil

GitHub - Vigil-SOC/vigil: Vigil - an ever improving 100% OpenSource AI system for security

Vigil - an ever improving 100% OpenSource AI system for security - Vigil-SOC/vigil

github.com

6,951

Jan

Jan @_zero_q

Mar 21

Continued to play further with malware similarity: --- Top 1 Family Ranking for 1b357f661479 --- RANK 1: [ACCEPTED] Zeus | Weight: 144.5 REJECTED (Low Weight): PlugX | Weight: 19.7 REJECTED (Low Weight): PoisonIvy | Weight: 1.41 not perfect yet but we are getting there.

284

Jan

Jan @_zero_q

Mar 25

Btw. If you happen to have some labelled sample sets your willing to share please reach out.

Censys

Jan retweeted

Censys

@censysio

22 Dec 2025

🚨 A critical RCE vulnerability in certain versions of n8n allows an authenticated attacker to execute arbitrary code with the privileges of the n8n process. Exploitation could lead to full compromise of the affected instance. 🔴 CVSS 9.9 🛠️ Patch available — upgrade immediately. 👉 See full advisory for more details: hubs.ly/Q03YVn9L0 #cve202568613

208

22,046