#ReverseShell Explained: #Setup, #AttackChain, and #Detection latesthackingnews.com/2026/0…

Final call for today’s FREE @CQUREAcademy Webinar! 🔔 In just a few hours, @Amr_Thabet and Artur Kalinowski will take you through real-world attack chains and detection techniques. If you're a SOC analyst, threat hunter, security admin, or anyone tired of fragmented training that doesn't connect offense with defense - this is for you. We're kicking off our free 3-part webinar series TODAY at 7 PM CET / 1 PM ET / 10 AM PT with "Inside the Attack Chain: YARA Detection & Domain-Admin Exploitation Techniques." Join us live 👉 cqureacademy.com/cmap-webina… P.S. Two more sessions follow on December 17 and January 15. And the best part? You can sign up for all of them at once. #Cybersecurity #ThreatDetection #InfoSec #SOC #YARA #AttackChain

🔥 DragonForce Unveiled — The 7 Brilliant Steps of Their Attack Chain DragonForce isn’t improvising. They’re executing one of the most structured and strategic attack chains we’ve seen this year — and every step is designed to bypass defenses that most companies think are “good enough.” From recon to exfiltration, every phase is sharp, calculated, and optimized for maximum impact. If you think your perimeter is ready… think again. 👇 Full breakdown of the 7-step attack chain: ctrlaltnod.com/en/news/cyber… #CyberSecurity #ThreatIntel #DragonForce #CyberAttack #AttackChain #Infosec #Malware #Hacking #CyberThreats #BlueTeam #RedTeam #SecurityOps #ZeroTrust #CtrlAltNoD #TechNews

Yes, they are all open source models. All of the python code can be viewed raw: huggingface.co/deepseek-ai/D… ML and LLMs is by no means my speciality. I'm a network admin and Windows enterprise sysadmin. I'd say the analogy I made earlier of a word processor or IDE opening up a txt file is still apt, granted someone else made a great point. There HAVE been actual PoC powershell payloads crafted by security researchers exploiting Pytorch and other libraries (namely pickle sterilization) to backdoor. So it's entirely possible ofc, it's just not likely at all with this one. It's like saying you can get backdoored via iMessage. Technically true with highly sophisticated tools like Pegasus or the Kaspersky attackchain but generally speaking, no. iMessage is not a common attack vector. And neither are LLMs. Anything and everything *can* be an attack vector

No, you're absolutely correct and I stand corrected in that regard as it did allow RCE iirc. But yeah obv that python library vuln wasn't exclusive to LLMs and that particular model was obscure (I believe it was from a security researcher who had a reverse shell payload to pop calc). HF has had very few legitimate bad actors and when they do, they don't get away with it for long I'm not saying it's impossible that deserialization vulns or other exploits in Pytorch can't be abused for backdoors packaged in LLMs. But 1) HF has insanely robust security measures for its repos including malware scanning that borders on paranoid and 2) once these library vulns are discovered, they are patched swiftly and any impacted highly used LLMs follow All of this is to say: you wanna know what else got a critical RCE? The xz compression library in Debian! That was all on GitHub too. And ofc my favorite: the Kaspersky iOS attackchain which literally exploited the TrueType font parsing for privilege escalation. They crafted an iMessage payload to trigger an absolutely genius string of vulns. Anyways, point is, sure. Everything CAN be backdoored technically and I didn't mean to imply otherwise. Any and everything can be hacked. Duh. Going back to my example, you very well could *technically* be compromised by opening a jpeg (maybe there's some decoder library zeroday for example and an APT sends you a payload) It's just....not very likely. At all. In the case of DeepSeek R1, there is currently zero evidence to point to any malicious payloads or exploitable functions. Especially none that would allow for "unlimited access to monitor everything you do". But even still, I do retract my OP and I'm glad you brought this up because the xz scare really did teach us that open source isn't infallible. People can be exploited too. Social engineering is a thing. Nothing is truly safe

🚨 According to #CyberVolkRansomware Technical & Malware Analysis Report, the attack chain begins with a phishing campaign that tricks users into executing a malicious file, leading to the deployment of the ransomware. Once activated, CyberVolk encrypts files using .CyberVolk extension operates offline, making it difficult to detect and intercept. It demands a $1,000 Bitcoin decryption payment, a ransom note, and a countdown timer. The ransomware employs anti-detection measures, such as blocking Task Manager and modifying SafeBoot settings, to prevent its termination. Despite its sophistication, vulnerabilities exist, such as the failure to block PowerShell, which can be exploited to interrupt the encryption process. After completing its task, the ransomware self-terminates without maintaining persistence on the system. 🔗 Download the #report to learn more: threatmon.io/cybervolk-ranso… #Ransomware #AttackChain #Malware #CyberAttacks #CyberSecurity #ThreatIntelligence #ThreatMon

🔎 According to our #AzzaSecRansomware Technical Analysis Report, the AzzaSec Hacktivist Group developed AzzaSec Ransomware, a RaaS (Ransomware as a Service) that can be used to attack targeted systems. Two different infection scenarios have been identified in the ransomware infection process. One involves infecting remote Windows servers taken over by the AzzaSec group, and the other involves infection via phishing attacks. It has been found that they use a PDF dropper in the infection process, which downloads and executes AzzaSec Ransomware on the system, avoiding detection by many security software products. 🚨 🔗 Download the report to learn more: threatmon.io/azzasec-ransomw… #Ransomware #AttackChain #Malware #CyberAttacks #CyberSecurity #ThreatIntelligence #ThreatMon

🔎 According to our Kematian Stealer Technical Analysis Report, attackers use #KematianStealer to detect phishing methods to distribute malware. When Kematian infects your device, File data, System and IP information, Browser data, Application data, Clipboard data, and the camera can easily leak screenshots from your device. 🚨 🔗 Download the report to learn more: threatmon.io/kematian-steale… #Stealer #AttackChain #Malware #CyberAttacks #CyberSecurity #ThreatIntelligence #ThreatMon

⚠️🕷️ Trustwave #SpiderLabs has detected a sophisticated #malware campaign that leverages the Windows search functionality embedded in #HTML code to deploy #malware. Get a break down of the #attackchain, mitigation, and #IOCs: hubs.ly/Q02BqbJG0

As well as providing the best defence against the #AttackChain @proofpoint also provide the best and most secure refreshments at #InfosecurityEurope

シミュレーションを速くするテク ・AttackChainと卵取得・クリスタル取得はそれぞれダイクストラ法で書ける ・アリが目的地に向かって移動する方向は「セル[i]からセル[j]への最短経路の最初の１歩目リスト」を全部１ターン目に作っておいたら一瞬で求まる

えぇAttackChainってベース本体には効かないと思ってた（というか自分が試したら効かなかったように見えたのなんだったんだろう…）

おもしろ！これする意味がなくなるくらいattackchainの対策ができてる上位陣強すぎだな

codingame.com/replay/7179780… これはコンテスト中盤くらいに「この戦略は終了ギリギリまで隠し持ってた方が良い」と思ってたけど最終的にはちょっとattackchain対策してれば防げるので結局採用されなかった戦略

AttackChainって敵拠点に対しては効かないのか…ずっと効くものと勘違いしてた

doBuild()でアリの数が更新された後に resetAttackCache()が呼ばれているので doScore()のときには更新後のアリの数でAttackChain再計算されてそう

AttackChain、やべールールやん

“Moving forward, I would like to see if I can automate this successful #attackchain for quick use or delivery in a #phishing #payload. I am particularly curious to see if there is a way to find the randomly named cache directory without alerting #EDR.” bfx.social/3naFn8u

@jc4466 with the chaos. #attackchain in full swing on two threads. Credit to @taodejing2 for minting TWO new tokens in 2 hours on #stackchain. #Taockjoin and #attackchain! LFG !!

#attackchain #stackjoin I'm Bob?