.@Volexity Volcano Server & Volcano One v25.09.21 adds memory analysis support for ARM64 Linux, macOS 26 (Tahoe) & Windows 25H2, as well as 75 new YARA rules, 10 new IOCs, analysis of udev rules, and rolling upgrades for managed endpoints. [1/2]

Heading to Denver for #FIRSTCON26 next week? Stop by the @Volexity booth to see a demo of Volcano! We’ll show you how memory analysis with Volcano uncovers advanced threat actors and helps rapidly resolve your investigations. Come find us at Booth 7 to talk threat hunting and triage workflows with our team, including @stevenadair & @attrc! @FIRSTdotOrg #DFIR #FIRSTCON

.@Volexity has published details from an incident response engagement in September 2025 involving multiple #BRICKSTORM variants deployed by a threat actor that Volexity tracks as VerdantBamboo. This case involved the breach of the victim organization’s MSP and multiple malware implants found on firewalls, cloud storage sync devices & NAS appliances. VerdantBamboo used a #0day privilege escalation exploit in the process and was also observed using administrative access to the victim organization's firewall to enable a custom VPN. For more details on how the incident unfolded, the malware used by the threat actor, and the end goal of the intrusion, check out the full blog post: volexity.com/blog/2026/06/04… #dfir

.@Volexity has published details from an incident response engagement in September 2025 involving multiple #BRICKSTORM variants deployed by a threat actor that Volexity tracks as VerdantBamboo. This case involved the breach of the victim organization’s MSP and multiple malware implants found on firewalls, cloud storage sync devices & NAS appliances. VerdantBamboo used a #0day privilege escalation exploit in the process and was also observed using administrative access to the victim organization's firewall to enable a custom VPN. For more details on how the incident unfolded, the malware used by the threat actor, and the end goal of the intrusion, check out the full blog post: volexity.com/blog/2026/06/04… #dfir

Good lord 🤮

This gets even dumber. Microsoft built a VBS enclave into msedge! It protects data even from kernel drivers! That would've been the perfect place to store passwords! And they are using it to store... a bit of static configuration data.

new walk of shame: agent still working, but the cafe closed

ok, so this talk from @aaronportnoy from @ekoparty is absolutely phenomenal... my neck hurts from nodding my tldr takeaway: defenders need to start listening *really carefully* to actual, economically rational attackers the cadence of the OODA loop that we've grown used to over the years is now *way* too tight cdn.prod.website-files.com/6…

will be speaking at the real world ai security conference at stanford, you can sign up here: seclab.stanford.edu/RealWorl…

congrats to the owners of a brand new $6k paperweight

Ep 174 "Pacific Rim" is now live! 🔊 Sophos got attacked by a nation state actor. How they handled it is controversial. Curious what you would have done. darknetdiaries.com/episode/1…

For the past 2 months, XBOW has been testing Mythos Preview under embargo as part of a select early-access group. Today, we can finally share what we found. The headline: Mythos Preview is a major advance. It is substantially better than prior models at finding vulnerability candidates, especially when source code is available. But it’s not perfect. We surfaced issues with exploit validation, judgment, and efficiency. Our full write-up covers where Mythos Preview shines, where it still needs support, and what we think this means for the future of offensive security: bit.ly/42zQl98