Cyber Security, jazz lover.
Joined January 2012
- Tweets 2,203
- Following 1,679
- Followers 528
- Likes 2,659
116 Photos and videos
Antonio Formato retweeted
📊 By the numbers:
61 reports · 17 CVEs · 9 exploited in the wild
809 IOCs · Avg CVSS 7.67 (down from 9.71 last week — but no quieter)
Phishing: 22 incidents — series high
Check Point joins perimeter pattern (7th vendor) · ShinyHunters hits Oracle PeopleSoft
1
30
Antonio Formato retweeted
🟡 ServiceNow disclosed a SaaS API exposure (June 5) — unauthenticated access to /api/now/related_list_edit/create.
Customer tickets, employee records, configs — often containing credentials and tokens.
IOC 51[.]159[.]98[.]241 ties directly into this week's shared infrastructure.
1
1
27
Antonio Formato retweeted
🟠 Phishing hits #1 TTP — 22 incidents, highest ever in this series.
Why: the 2026 World Cup. 10,000 themed domains registered since January, AI-generated at scale. AiTM kits capturing MFA in real time. Fake ticket apps, fake FIFA jobs targeting Google Workspace,
1
1
32
Antonio Formato retweeted
🔴 After ~20 issues, TeamPCP is officially UNC6780 "and copycats."
Miasma escalates again: Red Hat npm (last week) → Microsoft's own GitHub repos (this week).
CanisterWorm → Shai-Hulud → Vect ransomware → durabletask SDK → now Microsoft's repos.
1
1
19
Antonio Formato retweeted
🔴 RoguePlanet: Microsoft Defender LPE. SYSTEM access on fully patched Windows 10/11.
No OS patch helps — the vulnerability is in Defender's own remediation privilege. NTFS reparse points race conditions scheduled task hijack.
Actor: Nightmare Eclipse. No patch yet.
1
1
22
Antonio Formato retweeted
🧵 Weekly Threat Brief — Issue #21 is live.
A zero-day in Defender itself grants SYSTEM on patched Windows. TeamPCP finally has a name. And the World Cup is now a live AiTM range.
Here's what you need to know. 🔽
medium.com/ti-mindmap-hub-re…
1
1
1
17
Antonio Formato retweeted
The Road to #RomHackCamp 2026 now points straight to Flaminio Village this October. See you at the main event! ⛺🚀
🔗 romhack.io
#RomHackCamp #CyberSaiyan #RoadToRomHack #RomHack2026
1
1
252
Antonio Formato retweeted
That’s a wrap on #RomHackBẏtes! 🎬
Thank you to Salerno for an amazing final session, and a huge shoutout to everyone who joined us—both in person & online—throughout this entire multi-city journey! 🦾
1/2
1
1
3
307
Antonio Formato retweeted
See latest platform stats...
ti-mindmap-hub.com/
If you are running AI Agents, remote MCP server is available to get all latest cyber threats info: ti-mindmap-hub.com/mcp-integ…
#cti #osint #research #mcp #ai #genai #agents
1
1
32
Antonio Formato retweeted
Salerno, see you this Friday! 🛰️
The Road to #RomHackCamp2026 lands at Università di Salerno for 4 technical talks covering OSINT, Hardware Hacking, Quantum Tech, and LLM Threat Intel! 🦾
🗓️ Friday, June 5 @ 15:15 CEST
📍 Università di Salerno, Edificio F4
1/2
2
2
4
432
Antonio Formato retweeted
🔮 Watch for:
→ Shai-Hulud variants targeting RubyGems and Go modules → NGINX Rift exploitation at scale — Issue #18 → AI agent prompt injection as standard attack vector
Full briefing: medium.com/ti-mindmap-hub-re…
1
1
61
Antonio Formato retweeted
📊 By the numbers:
46 reports · 42 CVEs · 39 exploited in the wild · 29 with public PoC 490 IOCs · 20 shared infrastructure indicators Supply chain #1 TTP for 13 consecutive weeks
Session protocol joins ICP blockchain as C2 infrastructure.
1
1
1
53
Antonio Formato retweeted
🟡 AI attacks: industrialized, named, documented.
PROMPTSPY · PROMPTFLUX · HONESTCUE · CANFAIL · LONGSTREAM
Five named toolchains. Five actor groups: PRC, DPRK, Russia, Iran, TeamPCP/UNC6780.
AI is no longer an enhancement to attacks. It is the attack infrastructure.
1
1
1
51
Antonio Formato retweeted
🟠 NGINX Rift — CVE-2026-42945.
Critical heap buffer overflow. RCE. NGINX serves a significant fraction of global web traffic — cloud load balancers, API gateways, containerized microservices.
A critical RCE at this layer scales with NGINX's deployment footprint. Patch now.
1
1
1
111
Antonio Formato retweeted
🔴 Shai-Hulud is now a template, not a campaign.
TeamPCP's supply chain worm source code is public. Mini Shai-Hulud already confirmed hitting TanStack and UiPath npm packages in the same week.
git-tanstack[.]com across 4 reports. 83.142.209.194 across 4 reports.
1
1
1
101
Antonio Formato retweeted
🧵 Weekly Threat Brief — Issue #17 is live.
Shai-Hulud source code goes public. NGINX cracks. AI attacks reach industrial scale with named toolchains.
Here's what you need to know. 🔽
medium.com/ti-mindmap-hub-re…
1
1
1
43
🔐 At #BSidesLuxembourg today!
Decades of great sessions and serious community energy. If you're around, ping me — let's say hi 👋
#Cybersecurity #BSides
23
Antonio Formato retweeted
What makes it dangerous isn't just the exploit. It's the lineage.
Dirty Cow (2016) → Dirty Pipe (2022) → Copy Fail (2026)
Each generation: more reliable, more portable, harder to detect. In-memory only — FIM tools like AIDE and Tripwire see nothing.
1
1
58
Antonio Formato retweeted
🔴 New Agentic Report live on TI Mindmap HUB: Copy Fail — CVE-2026-31431
732 bytes of Python. Root on every major Linux distro
Active exploitation confirmed by Microsoft Defender telemetry. 10 sources correlated.
🔗ti-mindmap-hub.com/analytics…
#copyfail #linux #cyber #cti
1
2
1
220
Antonio Formato retweeted
The Road to RomHack Camp 2026 heads to Abruzzo!
For RomHack Bẏtes // 0x03, we’ll be joined by @MetroOlografix
We’ll dive into mesh networks, #LoRa, and how to communicate "without permission" even when traditional infrastructure is down.
⏬
1
2
2
234