🎵🎶All I want for Christmas is… electrons 🎶🎵

Yara-x 1.10.0 released today! It can now automatically fix some warnings, and some improvements in code generation. This is another great step forward for the project. github.com/VirusTotal/y...

Really digging this year’s CYBERWARCON logo

#PIVOTcon26 registration is now OPEN 🤟📷 #ThreatResearch #ThreatIntel 📷https://pivotcon.org Please read carefully the whole 🧵 for the rules about invite -> registration (1/6)🌐

Enhance your CyberChef experience with GeoCities mode!

This post from the President of Windows basically reads like someone trained an AI on those SF billboards that just say incomprehensible nonsense.

Remember NFTs? 😂😂😂😂😂😂😂

This is so good. bahahaha: www.youtube.com/watch?v=dr9M...

At @ncsc.gov.uk we have just launched the CyberUK tech talks call for papers across three topics - Cyber applications of AI - What works: approaches that reduce cyber harm - The evolving threat www.cyberuk.uk/2026/call-fo...

my response to this is the loudest OK BRO you've ever heard in your life

New Iran drop from me tracking an attribution nightmare - UNK_SmudgedSerpent! A little Charming, a little Muddy, and a lot C5. Targeting policy experts with benign conversation starters, health-themed infra, OnlyOffice spoofs, and RMMs. Check out the full story www.proofpoint.com/us/blog/thre...

Meet our speaker Patrick Whitsell! Patrick has expertise in monitoring and defending against cyber espionage threat actors. His talk, "Cyber(trade)war: Paradigm Shift in Economic Espionage", will cover the shift in PRC state-sponsored cyber espionage. Learn more! www.cyberwarcon.com

i heard my kids singing about "APT"s and i was sorely disappointed www.youtube.com/watch?v=ekr2...

Thanks to @xorhex for an interesting discussion that is worth sharing here. I knew I read this somewhere but here's a fun thing you can do in YARA-X: 2 of ($a*, $b*, 3 of ($c*)) This is documented but not widely known: virustotal.github.io/yara-x/docs/...

We’re just normal men

This was an interesting one to work on! tldr: Chinese aligned actor uses LLM to empower their malware development, target gathering, and phishing operation. Goes wrong and starts randomly including pornographic material and other random files/info. www.volexity.com/blog/2025/10...

APT meets GPT: @volexity.com #threatintel is tracking #threatactor UTA0388's spear phishing campaigns against targets in North America, Europe & Asia, appearing to use LLMs to assist their ops. Letting #AI run your espionage operations? What could go wrong?

We would like to thank @volexity.com for sponsoring the #FTSCon 2025 Evening Reception, which will be at VUE Rooftop DC this year! If you haven’t registered for FTSCon yet, there’s still time! Registration closes Sunday Oct 12; learn more + register here: volatilityfoundation.org/from-the-sou...

⏰ The inaugural SOS conference is 30 days away! Have you gotten your ticket yet?!? Listen to expert discussions on state-sponsored operations covering espionage, sabotage, and attribution of Russia, China, Iran, and more. Registration is still open! stateofstatecraft.com/agenda

www.zscaler.com/blogs/securi... - Nice writeup by zscaler on some COLDRIVER malware. I'm talking about this stuff at #FTSCon in a few weeks and will have lots more details there.

First public report at Recorded Future by yours truly is out! RedNovember (formerly TAG-100, a.k.a. Storm-2077) is a Chinese state-sponsored threat group focused on intelligence collection, especially on flashpoint issues of strategic interest to China. www.recordedfuture.com/research/red...

Couple of openings here in our threat research org! Staff Security Research Engineer: proofpoint.wd5.myworkdayjobs.com/en-US/Proofp... Senior Threat Researcher (ecrime team): proofpoint.wd5.myworkdayjobs.com/ProofpointCa...

In Swedish, a word for what you eat to bridge the gap between meals (or while waiting for the main course to cook) is stödmacka. It means "support sandwich." A similar word in Norwegian is ventepølse, or "waiting sausage."

#FTSCon Speaker Spotlight: Wesley Shields (@wxs.bsky.social) is presenting “COLDRIVER: NOROBOT/YESROBOT/MAYBEROBOT” in the HUNTER track. See the full list of speakers + event info, including how to register, here: volatilityfoundation.org/from-the-sou...

I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog: dirkjanm.io/obtaining-gl...

I’ll be giving a talk at FTS this year. Not going to lie, I’m doing it just so I can heckle Sir Tom of The House of Lancaster (@tlansec.bsky.social) in person. volatilityfoundation.org/from-the-sou...

ME, IN TEARS: you can't just say every single part of a computer system is a file UNIX, POINTING AT THE MOUSE: file

The next in-person offering of our Malware and Memory Forensics Training will be held in Arlington, VA from Oct 21st-24th. This course has converted to Volatility 3, and all the material and labs are updated to cover the latest threats & analysis techniques memoryanalysis.net/courses-malw...

Now up to 22 different Cinnamon Toast Crunch related products. The quest continues.

TL;DR I am launching my #startup and we are going to change how to evaluate,cluster and reason about #malware, delivering accurate,contextual intelligence on samples. Say Hi to RationalEdge @rationaledge.bsky.social rationaledge.io #threatintel #threathunting #cti #reverseengineering #detection 1/9

And that’s a wrap for our 2025 #summerinternship program! This was a great summer of challenging impactful projects & fun team-building excursions. We wish our students all the best as they settle back into their Dept of Computer Science programs at University of Notre Dame & University of Maryland!

I don't think children should have phones. They should have huge beige desktop computer with "Windows 9x Operating System", "Dedicated 3D accelerator", and "SoundBlaster compatible sound card"

Coming this October: #FTSCon 2025, hosted by @volatilityfoundation.org! And this year there are TWO in-person training opportunities!👇 #dfir #memoryforensics #volatility3 #hardwarehackingbasics #grandideastudio

We are thrilled to announce that @joegrand.bsky.social is this year’s #FTSCon Keynote speaker! Joe will be sharing stories & technical details about his wallet hacking adventures to kickoff our full-day event on Monday, Oct 20, 2025. You don’t want to miss this!

@volexity.com has released updates to its #opensource GoResolver project and more! This work was part of a project for one of our #summerinternship students. Read more details about Volexity’s updated GoResolver projects + other #golang tools in our special blog post!

#ESETresearch has discovered a zero-day vulnerability in WinRAR, exploited in the wild by Russia-aligned #RomCom @dmnsch @cherepanov74 www.welivesecurity.com/en/eset-rese... 1/7

YARA-X 1.5.0 is out. Nice new features (including a crx module) and bug fixes. Congratulations to Victor and all the contributors! github.com/VirusTotal/y...

Incredible writeup from Eye Security on their adventures logging into internal-only MS services: research.eye.security/consent-and-...

A radiologist called me yesterday. I was prepared for the worst

I think about this quote alot: youtu.be/8J8A9ZiIeUQ?...

Jen Easterly was a supremely effective leader of CISA and you would be very hard pressed to find anyone who's a more qualified and quietly competent professional than her. This administration and its gormless hacks continue to cut off our collective noses to spite our face.

Microsoft found Turla, Russia's elite FSB cyberespionage group, hacking foreign embassies' staff in Moscow by directly meddling with ISP traffic to infect targets with spyware that silently stripped away encryption on their communications and credentials. www.wired.com/story/russia...

First cell-phone network cyberattack on Tibetan leader detected @tibcert.bsky.social www.phayul.com/2025/07/29/5...

~Paloalto~ Nation-state actor Liminal Panda uses custom malware like GTPDoor to infiltrate telecom networks for persistent access and potential location tracking. - IOCs: GTPDoor, ChronosRAT, NoDepDNS - #GTPDoor #LiminalPanda #ThreatIntel

When your CTI blog uses AI art, it immediately loses 10 respect points. Discuss.

@volexity.com is looking to grow our Threat Intelligence team. New job posting for Senior Analyst role is up here: www.volexity.com/company/care... If you have any questions, don't hesitate to ask.

First question: Will I be fired for only referring to you as Sir Tom of The House of Lancaster? Seriously though, if you’re looking this is one of the teams I would consider.