This was an interesting one to work on! tldr: Chinese aligned actor uses LLM to empower their malware development, target gathering, and phishing operation. Goes wrong and starts randomly including pornographic material and other random files/info. www.volexity.com/blog/2025/10...

APT meets GPT: @volexity.com #threatintel is tracking #threatactor UTA0388's spear phishing campaigns against targets in North America, Europe & Asia, appearing to use LLMs to assist their ops. Letting #AI run your espionage operations? What could go wrong?

We would like to thank @volexity.com for sponsoring the #FTSCon 2025 Evening Reception, which will be at VUE Rooftop DC this year! If you haven’t registered for FTSCon yet, there’s still time! Registration closes Sunday Oct 12; learn more + register here: volatilityfoundation.org/from-the-sou...

⏰ The inaugural SOS conference is 30 days away! Have you gotten your ticket yet?!? Listen to expert discussions on state-sponsored operations covering espionage, sabotage, and attribution of Russia, China, Iran, and more. Registration is still open! stateofstatecraft.com/agenda

www.zscaler.com/blogs/securi... - Nice writeup by zscaler on some COLDRIVER malware. I'm talking about this stuff at #FTSCon in a few weeks and will have lots more details there.

First public report at Recorded Future by yours truly is out! RedNovember (formerly TAG-100, a.k.a. Storm-2077) is a Chinese state-sponsored threat group focused on intelligence collection, especially on flashpoint issues of strategic interest to China. www.recordedfuture.com/research/red...

Couple of openings here in our threat research org! Staff Security Research Engineer: proofpoint.wd5.myworkdayjobs.com/en-US/Proofp... Senior Threat Researcher (ecrime team): proofpoint.wd5.myworkdayjobs.com/ProofpointCa...

In Swedish, a word for what you eat to bridge the gap between meals (or while waiting for the main course to cook) is stödmacka. It means "support sandwich." A similar word in Norwegian is ventepølse, or "waiting sausage."

#FTSCon Speaker Spotlight: Wesley Shields (@wxs.bsky.social) is presenting “COLDRIVER: NOROBOT/YESROBOT/MAYBEROBOT” in the HUNTER track. See the full list of speakers + event info, including how to register, here: volatilityfoundation.org/from-the-sou...

I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog: dirkjanm.io/obtaining-gl...

I’ll be giving a talk at FTS this year. Not going to lie, I’m doing it just so I can heckle Sir Tom of The House of Lancaster (@tlansec.bsky.social) in person. volatilityfoundation.org/from-the-sou...

ME, IN TEARS: you can't just say every single part of a computer system is a file UNIX, POINTING AT THE MOUSE: file

The next in-person offering of our Malware and Memory Forensics Training will be held in Arlington, VA from Oct 21st-24th. This course has converted to Volatility 3, and all the material and labs are updated to cover the latest threats & analysis techniques memoryanalysis.net/courses-malw...

Now up to 22 different Cinnamon Toast Crunch related products. The quest continues.

TL;DR I am launching my #startup and we are going to change how to evaluate,cluster and reason about #malware, delivering accurate,contextual intelligence on samples. Say Hi to RationalEdge @rationaledge.bsky.social rationaledge.io #threatintel #threathunting #cti #reverseengineering #detection 1/9

And that’s a wrap for our 2025 #summerinternship program! This was a great summer of challenging impactful projects & fun team-building excursions. We wish our students all the best as they settle back into their Dept of Computer Science programs at University of Notre Dame & University of Maryland!

I don't think children should have phones. They should have huge beige desktop computer with "Windows 9x Operating System", "Dedicated 3D accelerator", and "SoundBlaster compatible sound card"

Coming this October: #FTSCon 2025, hosted by @volatilityfoundation.org! And this year there are TWO in-person training opportunities!👇 #dfir #memoryforensics #volatility3 #hardwarehackingbasics #grandideastudio

We are thrilled to announce that @joegrand.bsky.social is this year’s #FTSCon Keynote speaker! Joe will be sharing stories & technical details about his wallet hacking adventures to kickoff our full-day event on Monday, Oct 20, 2025. You don’t want to miss this!

@volexity.com has released updates to its #opensource GoResolver project and more! This work was part of a project for one of our #summerinternship students. Read more details about Volexity’s updated GoResolver projects + other #golang tools in our special blog post!

#ESETresearch has discovered a zero-day vulnerability in WinRAR, exploited in the wild by Russia-aligned #RomCom @dmnsch @cherepanov74 www.welivesecurity.com/en/eset-rese... 1/7

YARA-X 1.5.0 is out. Nice new features (including a crx module) and bug fixes. Congratulations to Victor and all the contributors! github.com/VirusTotal/y...

Incredible writeup from Eye Security on their adventures logging into internal-only MS services: research.eye.security/consent-and-...

A radiologist called me yesterday. I was prepared for the worst

I think about this quote alot: youtu.be/8J8A9ZiIeUQ?...

Jen Easterly was a supremely effective leader of CISA and you would be very hard pressed to find anyone who's a more qualified and quietly competent professional than her. This administration and its gormless hacks continue to cut off our collective noses to spite our face.

Microsoft found Turla, Russia's elite FSB cyberespionage group, hacking foreign embassies' staff in Moscow by directly meddling with ISP traffic to infect targets with spyware that silently stripped away encryption on their communications and credentials. www.wired.com/story/russia...

First cell-phone network cyberattack on Tibetan leader detected @tibcert.bsky.social www.phayul.com/2025/07/29/5...

~Paloalto~ Nation-state actor Liminal Panda uses custom malware like GTPDoor to infiltrate telecom networks for persistent access and potential location tracking. - IOCs: GTPDoor, ChronosRAT, NoDepDNS - #GTPDoor #LiminalPanda #ThreatIntel

When your CTI blog uses AI art, it immediately loses 10 respect points. Discuss.

@volexity.com is looking to grow our Threat Intelligence team. New job posting for Senior Analyst role is up here: www.volexity.com/company/care... If you have any questions, don't hesitate to ask.

First question: Will I be fired for only referring to you as Sir Tom of The House of Lancaster? Seriously though, if you’re looking this is one of the teams I would consider.

@volexity.com is looking to grow our Threat Intelligence team. New job posting for Senior Analyst role is up here: www.volexity.com/company/care... If you have any questions, don't hesitate to ask.

New from the one and only pun-king @mkyo.bsky.social on the increased and ongoing Chinese targeting of semiconductor-related organisations in Taiwan. Edge device exploitation may be the TTP of the moment, but Chinese groups still go phishing when the chips are down www.proofpoint.com/us/blog/thre...

This training course will be led by Andrew Case @attrc.bsky.social, Michael Ligh & Dave Lassalle. This is a great opportunity to gain valuable knowledge about #Volatility3 + learn all about #memoryforensics from Volatility core developers! Seats are filling up quickly so don't wait!

🚨 We’re hiring at Recorded Future’s Insikt Group Two senior analyst roles are open right now. Both focus on tracking nation-state threats. 🧵

People who don’t like AI aren’t in denial about how useful it is. People who like AI are in denial about how useful it is

The CFP for our 2nd annual From the Source event is now open! The event includes two tracks, the first for Makers of open source DFIR tools and the second for Hunters who have performed the most interesting investigations of the last year. volatilityfoundation.org/announcing-f...

#ESETresearch analyzed a campaign deployed by BladedFeline, an Iran-aligned threat actor with likely ties to #OilRig. We discovered the campaign, which targeted Kurdish and Iraqi government officials, in 2024. www.welivesecurity.com/en/eset-rese... 1/6

Upcoming birthday of a partner? Anniversary? Babyshower? Look no further than this for the perfect gift for any occasion: www.crowdstrikeswag.com/Scattered-Sp...

New YARA-X release! In fact, Victor released 1.0.0. Lots of hard work by Victor and others to make this happen, congratulations to everyone involved! github.com/VirusTotal/y...

cut my heap into pieces, this is my crash report: allocation, no alignment don't give a fuck if it faults on assignment this is fatal abort()

the modern information environment

We are excited to announce FTSCon 2025 on October 20, 2025, in Arlington VA! Registration is now OPEN + we have a Call for Speakers. Following FTSCon will be a 4-day Malware & Memory Forensics Training course with Volatility 3. See the full details here: volatilityfoundation.org/announcing-f...

EU Council 🇪🇺 has issued sanctions against Stark Industries, a hosting company registered in the UK 🇬🇧, as "they have been acting as enablers of various Russian state-sponsored and affiliated actors to conduct destabilising [...] the Union and third countries" www.consilium.europa.eu/en/press/pre...

If you’ve been laid off from a cyber intel position, please reach out if you’d like to come to @sleuthcon.bsky.social.

Not me losing my mind tracking ORBs lalalala I can't hear you over the sound of how many darned ORB networks there are 🫠