🚀 OhMyPCAP 3.0 is here! The ultimate FOSS web app for PCAP analysis just leveled up big time. New in v3.0: • Suricata automatically extracts files from traffic • Runs YARA on every extracted file - new FILE ALERTS tab • Drag & drop any file for instant YARA scanning Runs in a single Docker/Podman container - perfect for quick testing or air-gapped environments. All your favorite features are still there: rich alerts, Sankey diagrams, transcripts, stream carving, and more! Perfect for malware analysis, incident response, threat hunting and teaching network forensics. Who’s spinning this up? Drop a ❤️ and reply with your main use case (malware? CTFs? real incidents?) cc @lennyzeltser @it_audit @Suricata_IDS @chrissanders88 @sansforensics

Together with @bzvr_, @2igosha and Anton Kargin, we identified that the DAEMON Tools software has been compromised in a complex supply chain attack since April 8. We see thousands of infections across 100 countries. If you use DAEMON Tools, run a malware scan immediately! [1/7]

Better understand agentic AI systems and mitigate the cybersecurity risks using a new guide we authored with @ASDGovAu and others. View the joint report. #Cybersecurity #AgenticAI media.defense.gov/2026/Apr/3…

Wow! This post blew up! Thanks for all the interest in OhMyPCAP!

Warning: The current HWmonitor download and possibly other PC monitoring applications, may be infected with viruses. More info: reddit.com/r/pcmasterrace/co…

ok i read the cyber part of the mythos model card. some thoughts. 250 "trials" across 50 crash categories but almost every full exploit is a permutation of the same 2 bugs, rediscovered from different starting points not 250 independent attempts. when you get rid of those 2 bugs out (fig B) and mythos's full-exploit rate drops to 4.4%. so actually across both setups mythos leverages 4 distinct bugs total not 50 as fig A might suggest. 1/n

The FLARE team now freely distributes its quality reverse engineering and malware analysis educational content at github.com/mandiant/flare-le…. Launched with: - Malware Analysis Crash Course - Go Reversing Reference - Intro to TTD

⚠️ Our team at Google is releasing more details on the recent NPM #axios supply chain attack. Notably, we now attribute this activity to #UNC1069, a financially motivated North Korean 🇰🇵 nexus threat actor active since at least 2018.

This is going to be a big one.

New blog post: Building a Pipeline for Agentic Malware Analysis Agentic RE malware analysis with custom skills, MCP tooling, and persistent case state to automate intial triage Link: synthesis.to/2026/03/18/agen… Github: github.com/mrphrazer/agentic…

🧵 I just reverse-engineered the binaries inside Claude Code's Firecracker MicroVM and found something wild: Anthropic is building their own PaaS platform called "Antspace" (Ants Space). It's a full deployment pipeline — hidden in plain sight inside the environment-runner binary. Here's what I found 👇

Anthropic just announced Claude Certified Architect exam. Aren't you glad I started my Claude certification course last week? I just knew it my bones, that I had to make one, and now I can just align mine to this.

Iran-linked Handala Hack (aka Void Manticore, COBALT MYSTIQUE) is a reported vector for an increase in wiper attacks. This Insights blog details proactive recommendations for security teams, from identity management to enhancing security controls. bit.ly/4rrBVlu

Has anyone seen any work with APK analysis using AI? Seen a lot of focus on PEs and other binaries - did I miss something someone is working on? If not, I might have to dive into this space whole heartedly #infosec #android

Today I’m launching Threat Hunting Labs. Over the years I’ve analyzed many real-world intrusions. One thing became obvious: most training platforms don’t resemble how investigations actually happen. So I built something different. Threat Hunting Labs focuses on investigation-driven learning using real telemetry and structured investigative paths. If you want to get better at investigating breaches, you should practice investigating breaches. More details here: threathuntinglabs.com/blog/i…

Introducing the new /crawl endpoint - one API call and an entire site crawled. No scripts. No browser management. Just the content in HTML, Markdown, or JSON.

Why do we need tools like ATT&CK explorer and stuff anymore? I mean honestly #infosec

🧵 We recently had an incident that involved a MuddyWater hands-on attacker who couldn't spell "administrators" Full timeline breakdown below. 1/

we hijacked perplexity comet by sending a weaponized calendar invite then used it to takeover victim's 1p account and exfil their local files call it pleasefix. like clickfix, but instead of social eng'ing a human you just ask their ai real nicely incredible work by @StAJect0r