github.com/VirusTotal/y... - 1.11.0 is out! Lots of new features, modules and bug fixes. Read the release notes and congrats to Victor and the contributors!

Microsoft is so fucking stupid. Microsoft renamed Microsoft Office to Microsoft 365 Copilot App I'm not joking

Volexity Volcano Server & Volcano One v25.12.18 adds 300+ YARA rules, full parsing of Windows prefetch and Linux cron jobs, inline syscall hooking detection, and 5-level page table support. [1/3]

Narrator Voice: And so thousands of infosec people looking for relevance and attention logged into VirusTotal looking for samples uploaded from Venezuela in the last year.

finally, we're living through precedented times

Some phishers have taken inspiration from Russian cyber-espionage group UTA0355 and are using a technique that tricks users into sharing their OAuth material in a web page (UAT0355 did it via email replies) pushsecurity.com/blog/consent...

A study in the evolution of SVR cyberespionage tradecraft

@volexity.com tracks a variety of threat actors abusing Device Code & OAuth authentication workflows to phish credentials, which continue to see success due to creative social engineering. Our latest blog post details Russian threat actor UTA0355’s campaigns impersonating European security events.

On the plus side, everytime there's a Cloudflare outage 1000s of threat actors around the world have their malware C2 go down for a few hours.

Weekly summary is out.. ctoatncsc.substack.com/p/cto-at-ncs...

🎵🎶All I want for Christmas is… electrons 🎶🎵

Yara-x 1.10.0 released today! It can now automatically fix some warnings, and some improvements in code generation. This is another great step forward for the project. github.com/VirusTotal/y...

Really digging this year’s CYBERWARCON logo

#PIVOTcon26 registration is now OPEN 🤟📷 #ThreatResearch #ThreatIntel 📷https://pivotcon.org Please read carefully the whole 🧵 for the rules about invite -> registration (1/6)🌐

Enhance your CyberChef experience with GeoCities mode!

Remember NFTs? 😂😂😂😂😂😂😂

This is so good. bahahaha: www.youtube.com/watch?v=dr9M...

At @ncsc.gov.uk we have just launched the CyberUK tech talks call for papers across three topics - Cyber applications of AI - What works: approaches that reduce cyber harm - The evolving threat www.cyberuk.uk/2026/call-fo...

my response to this is the loudest OK BRO you've ever heard in your life

New Iran drop from me tracking an attribution nightmare - UNK_SmudgedSerpent! A little Charming, a little Muddy, and a lot C5. Targeting policy experts with benign conversation starters, health-themed infra, OnlyOffice spoofs, and RMMs. Check out the full story www.proofpoint.com/us/blog/thre...

Meet our speaker Patrick Whitsell! Patrick has expertise in monitoring and defending against cyber espionage threat actors. His talk, "Cyber(trade)war: Paradigm Shift in Economic Espionage", will cover the shift in PRC state-sponsored cyber espionage. Learn more! www.cyberwarcon.com

i heard my kids singing about "APT"s and i was sorely disappointed www.youtube.com/watch?v=ekr2...

Thanks to @xorhex for an interesting discussion that is worth sharing here. I knew I read this somewhere but here's a fun thing you can do in YARA-X: 2 of ($a*, $b*, 3 of ($c*)) This is documented but not widely known: virustotal.github.io/yara-x/docs/...

We’re just normal men

This was an interesting one to work on! tldr: Chinese aligned actor uses LLM to empower their malware development, target gathering, and phishing operation. Goes wrong and starts randomly including pornographic material and other random files/info. www.volexity.com/blog/2025/10...

APT meets GPT: @volexity.com #threatintel is tracking #threatactor UTA0388's spear phishing campaigns against targets in North America, Europe & Asia, appearing to use LLMs to assist their ops. Letting #AI run your espionage operations? What could go wrong?

We would like to thank @volexity.com for sponsoring the #FTSCon 2025 Evening Reception, which will be at VUE Rooftop DC this year! If you haven’t registered for FTSCon yet, there’s still time! Registration closes Sunday Oct 12; learn more + register here: volatilityfoundation.org/from-the-sou...

⏰ The inaugural SOS conference is 30 days away! Have you gotten your ticket yet?!? Listen to expert discussions on state-sponsored operations covering espionage, sabotage, and attribution of Russia, China, Iran, and more. Registration is still open! stateofstatecraft.com/agenda

www.zscaler.com/blogs/securi... - Nice writeup by zscaler on some COLDRIVER malware. I'm talking about this stuff at #FTSCon in a few weeks and will have lots more details there.

First public report at Recorded Future by yours truly is out! RedNovember (formerly TAG-100, a.k.a. Storm-2077) is a Chinese state-sponsored threat group focused on intelligence collection, especially on flashpoint issues of strategic interest to China. www.recordedfuture.com/research/red...

Couple of openings here in our threat research org! Staff Security Research Engineer: proofpoint.wd5.myworkdayjobs.com/en-US/Proofp... Senior Threat Researcher (ecrime team): proofpoint.wd5.myworkdayjobs.com/ProofpointCa...

In Swedish, a word for what you eat to bridge the gap between meals (or while waiting for the main course to cook) is stödmacka. It means "support sandwich." A similar word in Norwegian is ventepølse, or "waiting sausage."

#FTSCon Speaker Spotlight: Wesley Shields (@wxs.bsky.social) is presenting “COLDRIVER: NOROBOT/YESROBOT/MAYBEROBOT” in the HUNTER track. See the full list of speakers + event info, including how to register, here: volatilityfoundation.org/from-the-sou...

I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog: dirkjanm.io/obtaining-gl...

I’ll be giving a talk at FTS this year. Not going to lie, I’m doing it just so I can heckle Sir Tom of The House of Lancaster (@tlansec.bsky.social) in person. volatilityfoundation.org/from-the-sou...

ME, IN TEARS: you can't just say every single part of a computer system is a file UNIX, POINTING AT THE MOUSE: file

The next in-person offering of our Malware and Memory Forensics Training will be held in Arlington, VA from Oct 21st-24th. This course has converted to Volatility 3, and all the material and labs are updated to cover the latest threats & analysis techniques memoryanalysis.net/courses-malw...

Now up to 22 different Cinnamon Toast Crunch related products. The quest continues.

TL;DR I am launching my #startup and we are going to change how to evaluate,cluster and reason about #malware, delivering accurate,contextual intelligence on samples. Say Hi to RationalEdge @rationaledge.bsky.social rationaledge.io #threatintel #threathunting #cti #reverseengineering #detection 1/9

And that’s a wrap for our 2025 #summerinternship program! This was a great summer of challenging impactful projects & fun team-building excursions. We wish our students all the best as they settle back into their Dept of Computer Science programs at University of Notre Dame & University of Maryland!

I don't think children should have phones. They should have huge beige desktop computer with "Windows 9x Operating System", "Dedicated 3D accelerator", and "SoundBlaster compatible sound card"

Coming this October: #FTSCon 2025, hosted by @volatilityfoundation.org! And this year there are TWO in-person training opportunities!👇 #dfir #memoryforensics #volatility3 #hardwarehackingbasics #grandideastudio

We are thrilled to announce that @joegrand.bsky.social is this year’s #FTSCon Keynote speaker! Joe will be sharing stories & technical details about his wallet hacking adventures to kickoff our full-day event on Monday, Oct 20, 2025. You don’t want to miss this!

@volexity.com has released updates to its #opensource GoResolver project and more! This work was part of a project for one of our #summerinternship students. Read more details about Volexity’s updated GoResolver projects + other #golang tools in our special blog post!

#ESETresearch has discovered a zero-day vulnerability in WinRAR, exploited in the wild by Russia-aligned #RomCom @dmnsch @cherepanov74 www.welivesecurity.com/en/eset-rese... 1/7

YARA-X 1.5.0 is out. Nice new features (including a crx module) and bug fixes. Congratulations to Victor and all the contributors! github.com/VirusTotal/y...

Incredible writeup from Eye Security on their adventures logging into internal-only MS services: research.eye.security/consent-and-...