🚨 𝗪𝗲'𝘃𝗲 𝘂𝗻𝗰𝗼𝘃𝗲𝗿𝗲𝗱 𝘁𝗵𝗲 𝗳𝗶𝗿𝘀𝘁 𝗺𝗮𝗹𝗶𝗰𝗶𝗼𝘂𝘀 𝗠𝗖𝗣 𝘀𝗲𝗿𝘃𝗲𝗿 𝗶𝗻 𝘁𝗵𝗲 𝘄𝗶𝗹𝗱.
It was only a matter of time. The postmark-mcp npm package (1,500+ weekly downloads) has been backdoored since v1.0.16 - silently BCCing every email to the attacker's…
@ttakvam@roo7cause@cyb3rops@MicrosoftTeams Hello!
This is, unfortunately, not a new campaign. But one that doesn't get enough attention.
We track the first stage as "Oyster", it is also known as "BroomStick/CleanupLoader" rapid7.com/blog/post/2024…
We've been tracking it due to the code-signing certificates
1/2
Join me at 2:30PM PT for an @offby1security stream on introductory Windows stack overflow exploitation. If you're new to Windows exploit dev this is good foundational information before moving to more advanced bug classes like we often cover on stream.
youtube.com/watch?v=_I9bSS…
I love this wise mental frame about bugbounty/pentesting from @MrJoeyMelo:
"I like to think 'the hacking part is for fun, I get paid to write reports'."
Cisco ASA/FP - Be on the lookout for calls to these URLs 👇
GET /+CSCOU+/MacTunnelStart.jar
GET /+CSCOL+/csvrloader64.cab
GET /+CSCOL+/csvrloader.jar
- Contain the Cisco SSL VPN Relay Loader
- Likely used for version fingerprinting
(CVE-2025-20333 / CVE-2025-20362)
Curious how to safely simulate a Shai-Hulud-style NPM attack and validate detection coverage? 🐛🔍
I just released NPM Threat Emulation - lightweight, safe scenarios to exercise NPM supply-chain TTPs and confirm your detections actually fire. 🚨✅
📺 Showcasing live on…
How safe is your browser?
Our ninja, Riadh Bouchahoua, uncovers how attackers can exploit Chromium extension loading to steal data, maintain persistent access, and breach confidentiality on Chromium-based browsers.
Read more here ⬇️ synacktiv.com/en/publication…
Cisco just confirmed that multiple zero-days against ASA/FTD VPN web services were exploited in the wild. CISA followed up with an Emergency Directive ordering federal agencies to inventory, patch, or disconnect affected devices.
The last 3 Cisco advisories are directly tied to…
Rootkitting appliances, you say?
There's a common refrain that attack is always evolving, but I was compromising Linux-based appliances in network penetration tests in the 2000's. Middleboxes with late 90's vulns that have privileged positions and access are the anti-pattern.
Rootkitting appliances, you say?
There's a common refrain that attack is always evolving, but I was compromising Linux-based appliances in network penetration tests in the 2000's. Middleboxes with late 90's vulns that have privileged positions and access are the anti-pattern.
This may save someone else a few minutes. I've compiled a few random vibecoded tools for generating/analyzing SVGs commonly found in many phishing emails that exploit Microsoft Direct Send.
github.com/HackingLZ/svg_…
Devious new attack class defined by @wunderwuzzi23: "Cross-Agent Privilege Escalation"
If someone has both Claude Code and GitHub Copilot on their machine you can prompt inject one and have it edit the config for the other in order to further escalate your attack's privileges!
Time's running out to get our bundle: Pay what you want for up to 21 electronics books worth $500+. Expert guides that teach you to build LEDs, bots, and Raspberry Pi projects that actually work + defend digital rights by supporting @EFF. bit.ly/4gILb0O
Hey all, here's my latest blog post: g3tsyst3m.com/fileless%20tec…
We'll get to have some fun coding a custom PE loader that downloads and executes our PE in-memory. We'll also take a stab at sneaking past Defender XDR and Sophos XDR. 😸
New blog post: Laptop froze on hibernate, because an Intel driver bailed during power transition and left a power IRP hanging. This can be an interesting one for those that are interested in how I maneuver through a crash dump and how I think, etc. medium.com/@Debugger/hibe…
🚨 A self-replicating worm known as Shai-Hulud has compromised over 500 packages in the world’s largest JavaScript registry npm—causing widespread supply chain issues. Review detection and remediation recommendations in our alert 👉 go.dhs.gov/iAY
64K Followers 8K FollowingHacker, Researcher, Podcast Producer (Tribe of Hackers, Darknet Diaries). Proud dad of the fastest climber in the world. Ever. “Ut scandis, alios subleva”
143K Followers 133K FollowingNow additionally following Ohio State Football! OH... *We do not own photos. Contact: [email protected] 🇺🇸 #DawgCheck #GoGuards #ComeOnCavs #HolyBuckeye
25K Followers 26K FollowingA Hacker who is A Lover of People, and Life @RetroTwinz @Secbsd, @GrumpyHackers, @NovaHackers, @deadpixelsec @hacknotcrime Advocate @PositivelyBlue_ OSCP, OSWP
4K Followers 598 FollowingElastic Security Labs is democratizing security by sharing knowledge and capabilities necessary to prepare for threats. Spiritually serving humanity since 2019.
149 Followers 4 FollowingReal-time intel on malicious extensions & packages across dev marketplaces. Governance + risk scoring for binary/non-binary software. By Koi.
4K Followers 549 Following• Irish/Japanese web hacker living in Scotland.
• Researcher for @ctbbpodcast Lab.
I run https://t.co/Ja1P3vco1X | Newsletter weekly at https://t.co/KA5b2kY8ih
556 Followers 28 FollowingIn the wild of cyberspace, 'Atomics on a Friday' is the El Camino of security testing. Guiding defenders with vital content to safeguard their organizations.
13K Followers 849 FollowingPeter Kruse is a cybersecurity researcher. Co-founder of CSIS Security Group, Kruse Industries, SIE-Europe & Heimdal. CARO member. CISO at Clever.
4K Followers 920 Followinghttps://t.co/9I6nRUiFjm is a service that provides threat intelligence data about observed network scanning and cyber attacks.
4K Followers 0 FollowingVideos/historical research on espionage, intelligence, counter-intelligence, and secure communications. Always seeking more spy gadgets and stories! Contact us!
19K Followers 297 Following#OSINT treasure hunter, investigator, #CyberThreatIntel analyst. Opinions are my own. Follow me on Telegram https://t.co/i6VBbeUXgd for cyber news.
651 Followers 313 FollowingMalware researcher exploring malware, APT groups, and their campaigns across the wild. | Threat Researcher @dexpose_io | Blog Author @anyrun_app & @cyber5w
845 Followers 52 FollowingSr PM Google Cloud Security, co-host @cloudsecpodcast. Reducing info risk, increasing physical risk w/ motorcycles and skis. It should just work. (he/him)🏳️🌈
41K Followers 9K FollowingInformation security - #SIEM, #DFIR, #EDR formerly at Gartner! Now @GoogleCloud Office of the #CISO; host of @CloudSecPodcast https://t.co/VpKtfz8nXG
17K Followers 1K FollowingLoves Jesus, loves others | Husband, father of 4, security solutions architect, love to learn and teach | Microsoft MVP | @TribeOfHackers | 🦋@nathanmcnulty.com
7K Followers 77 FollowingProfessional redteamer and malware development enthusiast ! I will share some tips and experiences. Look at my work here : https://t.co/cxLBvW7pcI
367 Followers 372 FollowingCo-founder & CEO @preambleAI. Securing increasingly capable AI. Owner @omniainnov. US Air Force Veteran. DSc AI security. @penn_state alum & hockey.
24K Followers 0 FollowingA global organization advocating the decriminalization of hacking through policy reform. Privacy and security hacktivism. Hack, ergo sum.
#HackingIsNotACrime
3K Followers 472 FollowingDefend Tomorrow, Secure Today!
Official Computer Emergency Response Team (CERT) for the Democratic People's Republic of Korea
#NorthSide #NorthKoreaBestKorea
9K Followers 2K FollowingWisconsin’s Largest Technology Conference - April 1-2, 2026 - 2500+ attendees meet downtown #Milwaukee at the Baird Center - #hackers #cybersecurity #InfoSec
No recent Favorites. New Favorites will appear here.