the vercel breach started with a stolen oauth token from a vendor's laptop. the attacker never phished anyone. your environment has the same pattern. @thorcollective.bsky.social wrote four hunts to find it 👇 dispatch.thorcollective.com/p/hunting-th... #thorcollective #threathunting #cybersecurity

Threat hunting falls apart when your “docs” live in Slack threads. Part 2 of the @thorcollective.bsky.social Dispatch Agentic Threat Hunting series covers the first step to scaling: put your hunts in a GitHub repo and give your AI bestie memory. dispatch.thorcollective.com/p/agentic-th...

We at @thorcollective.bsky.social are waking you up before September ends, because a new Ask-a-Thrunt3r episode just dropped with: 2K subscriber milestone 🎉 15 baseline examples The great data vs. data debate Plus: Is Git the future of hunting collab? 🎧: dispatch.thorcollective.com/p/ask-a-thru...

You can’t find weird if you don’t know normal. @thorcollective.bsky.social just dropped 10 baseline hunts you can shine in the dark parts of your env and magnify the adversaries from the noise. Join us for all the thrunting 👉: open.substack.com/pub/thorcoll... #threathunting #infosec

Cybersecurity needs more than hackers in hoodies. In this week’s @thorcollective.bsky.social Dispatch, Courtney Shar shares how project management skills like risk alignment, process design, and team coordination directly strengthen security programs. 👉 dispatch.thorcollective.com/p/beyond-hac...

🚨 Think your browser extensions are harmless? Join @johntuckner.me for @thorcollective.bsky.social and learn how to hunt the dangerous ones before they hunt you: thorcollective.substack.com/p/even-if-ma... #cybersecurity #infosec #threathunting #thrunting

Not subscribed to the THOR Collective Dispatch yet? You might've missed my guest piece on hunting for bad browser extensions. Check if the extension your CFO installed to change text to Comic Sans is also taking screenshots of his Salesforce reports. dispatch.thorcollective.com/p/even-if-ma...

📻 Ask a Thrunt3r August is here! DEF CON wisdom unlocked: 🔓 Why your SecOps model isn't working anymore 🎯 Supply chain attacks via AI coding tools 🛠️ One tool @THOR_Collective wishes you knew about (hint: it's Sliver) dispatch.thorcollective.com/p/ask-a-thru... #threathunting #cybersecurity

Six malicious extensions listed in Cursor and hosted on Open VSX. All are squatting on other packages and are showing above the safe versions they target.

If you are around DEF CON today, join me at 5pm for “Sh*t Show Triage: An Honest Panel on Incident Response” btv-dc33.sessionize.com/session/966539

Shoutout to our fam Elipscion, who's spinning live at DEF CON 33 this Friday at 8pm on the DEF CON stage. 🎧 Listen here: open.spotify.com/artist/2tgPZ... 🔥 Join our @thorcollective.bsky.social meetup during his set. Say hi, talk hunts, and grab some free swag. See you there!

Oh hey! Did I mention I’m speaking on Saturday? I’ll be in track 1 at 2:30! defcon.org/html/defcon-...

🌵 Calm before the Hacker Summer Camp storm. July’s Dispatch Debrief is light on posts, heavy on hot takes — from agentic AI to making pentest findings sting. Catch up before Vegas 👉 dispatch.thorcollective.com/p/dispatch-d...

Threat hunting is broken. We can’t out-query adversaries who automate everything. Enter the agentic threat hunter. An AI that thinks, hypothesizes, investigates, and scales. In the latest @thorcollective.bsky.social Dispatch, we explore this shift: 📌 dispatch.thorcollective.com/p/the-agenti...

msrc.microsoft.com/blog/2025/07... Microsoft is aware of active attacks targeting on-premises SharePoint Server customers. The attacks are exploiting a variant of CVE-2025-49706. This vulnerability has been assigned CVE-2025-53770. SharePoint Online in Microsoft 365 is not impacted

THRUNTING isn’t just a buzzword. It’s a mindset. 🐑 Inspired by Tim Peters’ 19 aphorisms for Python, @thorcollective.bsky.social Dispatch introduces "The Zen of Thrunting." dispatch.thorcollective.com/p/the-zen-of... Stay curious. Happy thrunting.

🔌 That browser extension? That IDE plugin? Might not be doing what you think. New on @thorcollective.bsky.social Dispatch: five hunt ideas + a PEAK deep dive into sneaky plugin abuse. Start with visibility. Hunt what blends in. 📖 dispatch.thorcollective.com/p/your-plugi...

New guest post on thorcollective.bsky.social Dispatch from infosecsherpa.bsky.social: Don’t Let Mis(s) Information Take the Crown 👑 This post shows how to apply the Intelligence Cycle to news and help you filter bias. Read it here: dispatch.thorcollective.com/p/dont-let-m...

⚡ New @thorcollective.bsky.social Dispatch drop No hallucinations here. Just TTPs that quietly defined Q1 2025. 🔐 OAuth abuse 📦 Malicious packages 🖥️ SimpleHelp RMM exploits Stay ahead with what to hunt & where to look. 👉 dispatch.thorcollective.com/p/from-the-f... #THORCollective #threathunting

✨ New THOR Collective post ✨ Introducing Threat Hunting Relevancy Factors (THRF!) These factors can help you create relevant hunts and tangible impact for your organization. Show your business that you mean bzns. 📈 Join us at 👉: dispatch.thorcollective.com/p/threat-hun... #threathunting

🐏 Ask a Thrunter AMA + Giveaway! Join @thorcollective.bsky.social live next THORsday, May 29th @ 7pm PT in Discord. We’ve got a special announcement + we’ll reveal the monthly giveaway winner (all paid Dispatch subscribers automatically entered!). Submit your questions early👇

Introverts rewrite detection rules repeatedly, while extroverts demo them mid-draft. In cybersecurity, you need both. Today's @thorcollective.bsky.social Dispatch features Alex Hurtado, highlighting how embracing differences strengthens SOC teams. 👉 : dispatch.thorcollective.com/p/quiet-loud...

Sierra Ferrell, yeehaw! 🤠

🚨 New guest drop on @THOR_Collective Dispatch! 🚨 "Exploring Cybersecurity Career Paths and How They Work Together" by Audra Streetman Whether you're into offense, intel, or cyber defense, there's a path for you! Read it here: dispatch.thorcollective.com/p/exploring-...

💡 New guest drop on @thorcollective.bsky.social Dispatch: "Detection-in-Depth" by Day Johnson. Day covers how to build resilient detection systems that handle real-world challenges, from fine-tuning rules to threat emulation and kill chain coverage. dispatch.thorcollective.com/p/detection-...

🔥 Dispatch Debrief: April 2025 is live 🔥 Explore star sign-inspired hunting techniques, organizing your hunt squad, and the value of finding "nothing." Discover this month's insights from @thorcollective.bsky.social Dispatch - dispatch.thorcollective.com/p/april-debr...

Ask-a-Thrunter is live this THORsday, May 1 @ 7pm PDT — paid subscribers only. Join us in the @thorcollective.bsky.social Discord for solid answers, spicy takes, and the April giveaway winner reveal. Drop your questions below. Not subscribed? Replay drops next week. Come thrunt with us 🐏

TL;DR - Attackers still use these old ass vulns because they're STILL WORKING www.greynoise.io/blog/greynoi...

When incidents hit, how you communicate shapes the outcome. This week’s @thorcollective.bsky.social Dispatch features @audrastreetman.bsky.social, former journalist turned cyber intel analyst. dispatch.thorcollective.com/p/how-commun...

This is my final campaign gift to my party and I highly recommend Hieu!

Group artwork for a DnD party. Tyranny of Dragons 🐉👿🧙 #illustration #drawing

Simulate. Detect. Tune. Repeat dispatch.thorcollective.com/p/simulate-d...

@thorcollective.bsky.social Dispatch time! Part 2 is live of @cyb3rhawk.bsky.social's post on the LAYER approach! This discusses using real BlackBasta leak data to guide smarter, more targeted hunts. dispatch.thorcollective.com/p/the-power-...

✨Did you feel something shift in the universe? It’s a new THOR post.✨ Twelve signs. Twelve threat patterns. One cosmic thrunt shift. Join us for an evidence based article on the zodiac signs as threat hunts. dispatch.thorcollective.com/p/the-threat... #threathunting #thrunting #THORCollective

Getting the urge to try a new hobby again. Maybe it’s time for… golf?

🚨 New Dispatch Drop 🚨 Attackers will get in—just give them time. In this week's @thorcollective.bsky.social Dispatch, we talk why security teams must test their defenses: dispatch.thorcollective.com/p/why-cybers... #threathunting #thrunting #cybersecurity #infosec #purpleteam #THORcollective

🚨 New THOR Collective Dispatch post 🚨 In Part 5 of @jotunvillur.bsky.social and my DEATHCon Thrunting Workshop series, we use advanced data analysis to find threats in HTTP datasets. Full post here: dispatch.thorcollective.com/p/a-deathcon... #infosec #threathunting #thrunting #THORCollective

Tired of getting ghosted by endless events? The five-number summary is your threat-hunting sidekick. Check out our latest @thorcollective.bsky.social Dispatch. Join us👉: dispatch.thorcollective.com/p/stop-chasi... #threathunting #thrunting #cybersecurity #mathiscool #THORCollective

🚀 THOR Collective Drop! 🚀 We’re back with pt 4 of the thrunting workshop series @letswastetime.bsky.social and I led at DEATHCon! We’re diving into baseline hunting & the fun you’ll find when you shine a light in places you haven’t before. 🔦 Join us at: dispatch.thorcollective.com/p/a-deathcon...

🐘 Let’s address the elephant in the room — #thrunting is a thing now, and it stuck. Why? Because thrunting has that perfect blend of #hacker culture & "I dare you to question this term" energy. 🔥 Keep thrunting. 👉 dispatch.thorcollective.com/p/the-case-f... #threathunting #cybersecurity #infosec

@thorcollective.bsky.social dropped part two of @jotunvillur.bsky.social and my @deathcon.io workshop blog series on #threathunting with the #PEAK framework. 🎯 Check it out at: dispatch.thorcollective.com/p/a-deathcon... #cybersecurity #thrunting #THORCollective

🚀 Attention Thrunters!🚀 Part 3 of the DEATHCon thrunting workshop is live! @jotunvillur.bsky.social and I break down a hypothesis-driven scenario step by step. Grab your hammer and sharpen your skills! 🛠️ Read now: dispatch.thorcollective.com/p/a-deathcon... #threathunting #thrunting #cybersecurity

@thorcollective.bsky.social dropped a new blog "Helloooooooo, Thrunters!" 😤 It kicks off a series from a workshop @letswastetime.bsky.social and I gave at #DEATHCon on #threathunting with the PEAK framework. Read at: thorcollective.com/helloooooooo... #cybersecurity #thrunting #THORCollective

@thorcollective.bsky.social dropped a new blog "Helloooooooo, Thrunters!" 😤 It kicks off a series from a workshop @jotunvillur.bsky.social and I gave at #DEATHCon on #threathunting with the PEAK framework. Start reading: thorcollective.com/helloooooooo... #cybersecurity #thrunting #THORCollective

This was such an amazing event. Definitely will be back!

Thank you to the dozens of volunteers and ambassadors who helped plan, set up, and run Hackers on the Hill this year, as well as the ~150 hackers who attended and the 20+ staffers who were gracious enough to host us (many on a day their office was officially closed). ❤️ A few special thank yous

Up to 13 confirmed extensions with the same behaviors as Cyberhaven. Right now over 670,000 users with these related extensions installed. Some have been patched, some removed from the web store. Including dates so folks can understand timelines.

Tracking an additional 8 confirmed extensions with similar attack code to the Cyberhaven incident dating back to July 17th so this is not a single occurrence. Continuing to update here: secureannex.com/blog/cyberha...

Don’t forget to leave a pcap and memory dump out for the SOC Analysts tonight.

Powerlifting training has begun. Let’s get strong.