We don't usually see hands-on-keyboard intrusions from #ClickFix @HuntressLabs BUT... when we do... oh boiii.... it's clickfix -> matanbuchus -> AstarionRAT and a lateral movement for extra flavor Yes, the name is a BG3 reference 🧛 Link: huntress.com/blog/clickfix-m…

Goodbye Maltego. It's been nice knowing you

Operation Winter SHIELD (Securing Homeland Infrastructure by Enhancing Layered Defense) distills the FBI’s 10 most impactful actions organizations can take to improve resilience against cyber intrusions. These recommendations were developed with domestic and international partners and draw on recent investigations to reflect adversary behavior and defensive gaps. fbi.gov/investigate/cyber/wi…

I've just ran @OpenClaw (formerly Clawdbot) through ZeroLeaks. It scored 2/100. 84% extraction rate. 91% of injection attacks succeeded. System prompt got leaked on turn 1. This means if you're using Clawdbot, anyone interacting with your agent can access and manipulate your full system prompt, internal tool configurations, memory files... everything you put in SOUL.md, AGENTS.md, your skills, all of it is accessible and at risk of prompt injection. For agents handling sensitive workflows or private data, this is a real problem. cc @steipete Full analysis: zeroleaks.ai/reports/opencla…

MongoBleed (CVE-2025-14847) is basically Heartbleed for MongoDB - unauthenticated memory disclosure - public POC, trivial to exploit - leaks creds, tokens, cloud keys straight from RAM - huge exposed surface on the internet Good writeups and technical details here: doublepulsar.com/merry-chris… ox.security/blog/attackers-c… blog.ecapuano.com/p/hunting-… Patch fast, rotate secrets, and assume exposed instances were scanned(!)

It will be even worse compared to Log4J. Additionally, remember all the underlying frameworks that rely on vulnerable components (react-server package). x.com/matrosov/status/199746…

OhMyDebn 2.1.0 now available with many improvements! - You can now launch @iamdothash's amazing Aether theme builder by pressing Ctrl-Shift-A - When you apply the theme, you will get a new starship prompt config that leverages the terminal's dynamic colors (thanks @saeed_vz for the idea!)

"Prosecutors allege incident response pros used ALPHV/BlackCat to commit string of ransomware attacks" The trio are accused of carrying out the conspiracy from May 2023 through April 2025 cyberscoop.com/incident-resp…

The Smishing Triad's extensive, global phishing campaign exploits SMS messages to impersonate critical sectors - Campaign targets U.S. residents, expanding globally since April 2024. - Over 194,000 malicious domains identified, using decentralized infrastructure. - Aims to collect sensitive information such as National Identification Numbers (such as Social Security numbers), home addresses, payment details and login credentials. unit42.paloaltonetworks.com/…

Official Xubuntu website compromised to serve malware helpnetsecurity.com/2025/10/…

A quarterly reminder that ransomware threat landscape is still growing and the 🇺🇸USA is the primary target of such attacks. 🧵1/4

Today, the @SecretService announced the dismantling of a network of electronic devices—located within 35 miles of the United Nations General Assembly—used to carry out a wide range of telecommunications attacks. The potential for disruption to our country’s telecommunications posed by this network of devices cannot be overstated. The U.S. Secret Service’s protective mission is all about prevention, and this investigation makes it clear to potential bad actors that imminent threats to our protectees will be immediately investigated, tracked down and dismantled.

The Secret Service dismantled a network of more than 300 SIM servers and 100,000 SIM cards in the New York-area that were capable of crippling telecom systems and carrying out anonymous telephonic attacks, disrupting the threat before world leaders arrived for the UN General Assembly. 📰 Read more about this at secretservice.gov/newsroom/r…

As we do every year, it is with a heavy heart that we pause to honor the lives lost and the families forever changed September 11, 2001. However, we are always grateful for the courage of first responders and the unity of our Nation in the face of unthinkable tragedy. #NeverForget

People on here act like someone decides not to patch. Like there’s a guy who knows the service is vulnerable, knows it runs in prod, and just shrugs. That’s maybe 1% of the cases. The rest is messier: - No idea the service exists (no inventory) - No idea it’s vulnerable (no vuln reporting) - Afraid to break stuff (downtime, legacy crap) - No one owns it (silos, shadow IT) - No time (small team, constant firefighting) - Bad processes (manual patching, approvals, etc) - Patching tools suck (yep, that too) It’s rarely negligence. It’s usually chaos.

A few days back at #DEFCON, I released the Garuda Threat Hunting Framework — crafted for manual threat hunting & detection. Here is the link: github.com/monnappa22/Garuda… When integrated with LLMs, it enables AI-powered autonomous threat hunting. youtu.be/Sk_c5w1CEiY

"Clorox lawsuit says help-desk contractors handed over passwords in 2023 cyberattack" therecord.media/clorox-cyber…

Write-up on our perspective at #Censys on ToolShell / CVE-2025-53770 exploit in SharePoint: censys.com/advisory/cve-2025…

Alert: SharePoint CVE-2025-53770 incidents! In collaboration with @eyesecurity & @watchtowrcyber we are notifying compromised parties. Read: research.eye.security/sharep… ~9300 Sharepoint IPs seen exposed daily (just population, no vulnerability assessment): dashboard.shadowserver.org/s…

"How China’s Patriotic ‘Honkers’ Became the Nation’s Elite Cyberspies" A new report traces the history of the early wave of Chinese hackers who became the backbone of the state's espionage apparatus. wired.com/story/china-honker…