We found a phishing attack where the obfuscation was far more interesting than the social engineering. The payload was hidden in an SVG using "business term steganography" – financial jargon as a cipher. To a scanner, metadata. To the attacker, one piece of a multi-layer obfuscation chain. Breakdown: sublime.security/blog/kratos… #cybersecurity #emailsecurity #phishing

NEW: malware developers added nuclear & biological weapons text to to their spyware. Goal? To trigger LLM safety refusals... so that their spyware wouldn't be analyzed by an AI security scanner. Cleanest practical example I can think of for why over-indexing on first order safety alignment is risky. When closed (and open) models ship with aggressive refusals, they will be sprinkled with second-order blindspots that attackers will discover...and exploit. We are only in the earliest days of attackers leveraging these features, and it wouldn't surprise me if users systems that need to handle complex cybersecurity issues demand that models be less safety-blunted. In the weeds: @SocketSecurity's post also shows why intention matters in how you design a malware analysis pipeline to avoid prompt manipulation. H/T to colleagues that shared this with me socket.dev/blog/mini-shai-hu…

Thank you to our exhibiting sponsors for SLEUTHCON 2026! We wouldn't be a success without the support of our sponsors! We hope to see you tomorrow in Arlington, VA. There are still a few tickets left for our stragglers, and you can always join us virtually, too!

MCP is slow for RE-heavy projects and, in some cases, is unstable. ghidra-rpc is way faster than MCP and scales more efficiently in a multi-agent setup, since it outputs structured JSON.

Thank you @BSidesVancouver for an awesome event. Happy to present on a modern, unique targeted phishing account, and then win the event @corelight_inc CTF. Credit to the CoreLight platform. I've never used it before but picked it up quickly to finish first.

Spent the last 2 weeks working on a devirtualizer for VMProtect 3.5 and learning Remill. Idk yet if I will blog about it, but I at least wanted to publish the code: github.com/eversinc33/MogVMP The approach is different from my last blog, as it lifts the whole x86 code of the VM

At a Free Palestine protest in a city when a car passenger throws a water bottle at a protestor... And then just sits there because they're stuck in traffic Cops just walks over and yanks him out of car. If you're going to commit a crime at least think through your escape 😂

I'm optimistic we can create _some_ type of knowledge-based security-related community activity but traditional online jeopardy-style CTF as a competitive format is on its deathbed and this video hurts. Big love to the community that has meant the world to me the past 11 years!

My current experience with coding models.

Might be a dumb question, but how are devs on personal machines supposed to catch this? Or do a lot of them just stay pwned and never know it?

hilarious phishing email I just got. 10/10 execution

We keep talking about the housing crisis. We never discuss how our kids will never afford services we were grandfathered into

still not quite over the fact that i watched 15 year olds get sued for millions of dollars for downloading twelve songs and now we all have to accept AI slop because every tech company in the known universe decided that IP laws don't exist now that they're inconvenient for them

Shark Tank Billionaire Kevin O'leary says 2 people fighting data centers in Utah are Chinese agents. Turns out its just 2 local girls in Utah, they make a hilarious video calling him the fuck out

Q: Did you talk to Xi about the cyber attacks that he's done in the United States? TRUMP: I did. And he talked about attacks we did in China. You know, what they do, we do too. We spy like hell on them too. I told him, 'we do a lot of stuff to you that that you don't know about.'

TIL, if you forget $60 cash back at a Walmart self checkout, it will just patiently keep it there for anyone to take. It won't retract it. Kudos to the two people after me at that station who ignored it, but not to the third that took it.

I don't know how anything works anymore