@MDSecLabs will be running our Red Team Capability Training out in #BlackHatUSA26 again this year. This year the course features a big refresh, with a bunch of new additions on the latest evolving techniques! Early bird discounts end this month! @BlackHatEvents blackhat.com/us-26/training/…

We're bringing the latest and greatest red team TTPs to @BlackHatEvents this year in our Adversary Simulation and Capability Development training. Learn from seasoned red teamers @domchell and @_batsec_, with fresh content updated for 2026! 🔥 blackhat.com/us-26/training/…

Read this open statement by Signal and your jaw will hit the floor. Govts always use “protecting children” as their guise for more control and censorship. I interviewed a prev Govt minister, who wrote the Online Safety Bill, and asked if they could tell me how a VPN worked. They couldn’t. These are the people writing these laws. This new tool is another dangerous form of silent oppression that once again uses children’s safety as a guise to control the masses. We can protect children online, but that starts at home, with parents, not in the Home Office, GCHQ, Apple, Google, Microsoft or Samsung.

I recently sat the Advanced Threat Hunting and Detection Engineering course by @Cyb3rMonk. Really interesting to see things from the other side and get a glimpse of what things might be detecting you!

We are releasing Tracebit @x33fcon - a POC sensor aiming to fingerprint implants in memory using only lowlevel runtime telemetry. No signatures, no scanning. Only pagefaults. github.com/threathunters-io/…

Approved by top red teamers😎🔥

I couldn't make @x33fcon this year due to some family commitments, but hope everyone has a blast - brilliant conference with a great crowd!

Final comment on the ServiceNow incident. I've had the opportunity to review the code that was live during the incident. There are appropriate guardrails in place to prevent arbitrary table write (e.g user creation, script execution).

This week we launched our Offensive Security Accelerator - a fast track training programme for those looking to start their cyber security careers... if you're in the UK and a graduate or looking to pivot in to offensive security, here's how... pwn.careers/

We’ve been running ServiceNow compromised supply chain scenarios for customers during RedTeams for 18 months and have built a wealth of tradecraft and tooling around the space. On occasion some pushed back and said SNOW compromise was unrealistic…. 🤐

‼️🚨 He's back: Nightmare Eclipse just dropped RoguePlanet, a new Windows Defender local privilege escalation 0day PoC. The RCE paths broke after Microsoft's Defender patch. NE suspects the BitLocker bypass may still work but isn't certain. He has a new GitHub btw, let's see how long the account will last: github.com/MSNightmare/Rogue…

ServiceNow customers are being notified after unauthorized access hit multiple tenants. The messy part? A Scripted REST endpoint reportedly shipped with authentication disabled. No token. No valid session. No real user account. Just requests landing as “Guest” in logs. The IOC: 51.159.98.241 Security teams should be checking /api/now/related_list_edit transaction logs immediately.

A potential security incident is developing at ServiceNow. Customers received notifications about a suspicious IP accessing multiple customer tenants. The root cause appears to be a Scripted REST API endpoint that required no authentication by logging activity under the "Guest" user with no actual account. The resource had been in this state since at least 2018, and was only patched last Friday when ServiceNow set the requires_authentication flag to true. One affected organization works for critical infrastructure. Their internal security team is now conducting a full investigation. The issue was linked to the Australia platform release. ServiceNow has not issued a public statement and reports are ongoing. Thread: reddit.com/r/servicenow/comm…

🤡The models whose marketing is it can hack, won’t hack.. instead you get Opus 4.8, the model that refuses to hack even with CVP🤡

I’ve been exploring different WinGet threat scenarios to identify practical detection strategies, especially since several BOFs and public PoCs are now available. If you’re a Red/Purple Team operator, SOC analyst, or threat hunter, focus on: ⤵️ 𝐃𝐞𝐭𝐞𝐜𝐭𝐢𝐨𝐧 𝐒𝐭𝐫𝐚𝐭𝐞𝐠𝐲 - 𝐄𝐯𝐞𝐧𝐭 𝐈𝐃𝐬 ✅️1, 3 & 7 - Sysmon Event IDs ✅️4688 - ConfigurationRemotingServer.exe & WindowsPackageManagerServer.exe ✅️Microsoft.Management.Configuration.dll Read the full article and grab the Sysmon config in the reply.⤵️

Sample is now on VT! 🚩Hash: ad21af758af28b7675c55e64bf5a9b3318f286e4963ff72470a311c2e18f42ff 🎯Actor name: BlueNoroff 🔹Comment: Feeling Blue(Noroff): Inside a Sophisticated DPRK Web3 Intrusion.... 🌐URL: huntress.com/blog/inside-blu… 🔎OnVT: virustotal.com/gui/file/ad21…

As someone who reported CVE-2026-27914 I can tell you its not related to MMC console at all. Maybe its new Microsoft tactic to confuse LLM's with incorrect advisories?🤔 😂😂

idanmalihi.com/tracking-nort… Cipher Security Labs researcher @Idan_Malihi published an excellent analysis of Kimsuky APT infrastructure.

@msftsecresponse Why is teams now blocking links to articles on the hacker news? This is beyond reprehensible. thehackernews.com/2026/06/un…

OAIC's CFP is now open! The first conference dedicated to the cutting edge of the offensive use of AI is returning for its second year. Speakers will enjoy three nights at a four-star beachfront resort, which includes all meals and drinks, three exclusive parties, and a Michelin-star welcome dinner. Please see sessionize.com/offensive-ai-… for accepted topics.