Things must be going really well for Cobalt Strike if they’re advertising on …checks notes… Reddit.

I look forward to hiring a Chief AI Officer whose job will be to just tell anyone who suggests using AI for anything to shut the fuck up.

Anthropic's AI cyberespionage report feels as odd as the last one. Just 13 pages, it has none of the traditional components of a usual threat intel report (IoCs, payload hashes, etc.) and it seems to bury the lead re: technical sophistication. I wonder if a target will come forward. #infosec

This is spot on. Quantum’s gonna be the next cyber grift (again), after the bottom falls out of GenAI. www.linkedin.com/posts/nathan...

Short Answer: Fuck no. Long Answer: If a company tries AI phrenology in their hiring process, they're guaranteed to do worse things once you work there. Don't.

I'm glad that, until next year, I don't have to be aware of cybersecurity anymore.

LUCASARTS PRESENTS Columbo in: SCUMM of the Earth #pixelart

Saw some cool glowing rocks last week. My brain: These must be delicious.

Omg, the solution to CIA's Kryptos being discovered by someone becoming a subject matter expert, going on location, and finding the plaintext sitting in a vault several miles away is the absolute *perfect* ending to Kryptos. You couldn't write it. Just absolutely A+ www.nytimes.com/2025/10/16/s...

I know this stuff isn't surprising anymore but I really can't stress enough how much everybody involved with CISA and cyber tried to keep the field nonpolitical and nonpartisan before this administration.

Hot Water Balloon xkcd.com/3153/

Telegram founder and general a-hole Pavel Durov, who's IM network hosts hundreds of groups where info-ops coordinate their activity and pay for content, is annoyed that democracies are fighting back against the damage he, personally, has helped usher in in many autocratic regimes

The Oracle zero-day... kek labs.watchtowr.com/well-well-we...

Our researchers have noticed today that NASA FIRMS, one of the main free and available open source sites for monitoring fires around the world has a new notice on it stating that NASA is no longer updating the site due to a lack in federal funding. firms.modaps.eosdis.nasa.gov/map/

PR: October is cybersecurity awareness month! Let's start... Me: No, nope, don't care, la la la can't hear you *𝘧𝘪𝘯𝘨𝘦𝘳𝘴 𝘪𝘯 𝘮𝘺 𝘦𝘢𝘳𝘴*

I haven't found exploitation of Fortra's GoAnywhere MFT CVE-2025-10035 in EDR telemetry yet. Which means it is probably still rare and folks have some time to patch. Wonder how long it will stay that way. The previously exploited vulns appeared fairly quickly.

Cisco patched 3 zero-days today... CVE-2025-20352: sec.cloudapps.cisco.com/security/cen... And these two used together: -CVE-2025-20333: sec.cloudapps.cisco.com/security/cen... -CVE-2025-20362: sec.cloudapps.cisco.com/security/cen...

Why TF are @npr.org @pbsnews.org and @wgcunews.bsky.social letting an AI cybersecurity *write an article* about a breach and make shit up?

#ESETresearch has discovered the first known cases of collaboration between Gamaredon and Turla, in Ukraine. Both groups are affiliated with the FSB, Russia’s main domestic intelligence and security agency. www.welivesecurity.com/en/eset-rese... 1/3

Three major EDR vendors have pulled out of evaluations for the MITRE ATT&CK framework Microsoft: techcommunity.microsoft.com/blog/microso... SentinelOne: www.sentinelone.com/blog/sentine... Palo Alto Networks: www.paloaltonetworks.com/blog/securit...

🆕 𝐄𝐃𝐑-𝐭𝐞𝐥𝐞𝐦𝐞𝐭𝐫𝐲 𝐏𝐫𝐨𝐣𝐞𝐜𝐭 𝐔𝐩𝐝𝐚𝐭𝐞 - 𝐖𝐢𝐧𝐝𝐨𝐰𝐬 The Windows table just got an update with 3 new sub-categories: ➡️ VSS Deletion ➡️ Win32 API Telemetry ➡️ JA3/JA3s Coverage isn’t uniform, and some are pending response from the vendors. That’s fine. I’d rather show the uncertainty than pretend otherwise.

HybridPetya installs a malicious EFI application to the EFI System Partition, which then encrypts the Master File Table file, an essential metadata file with information about all files on the NTFS-formatted partition. 2/8

Funnily Google reminded me that I was at the JLR plant in Nitra today 6 years ago. They were just revealing a new model.

This one EDR killer crashes the whole host when EDR is present. Task failed successfully I guess?

Looks like everybody finally figured out the same thing I posted about almost two weeks ago.

-NoisyBear APT turns out to be a phishing test -Qantas cuts executive pay by 15% after breach -First AI-driven ransomware was just an academic project -Nepal blocks 26 social media sites -New GhostAction supply chain attack Newsletter: news.risky.biz/risky-bullet... Podcast: risky.biz/RBNEWS475/

Looks like my RuneScape account still exists after *checks notes* 12 years.

Oof, the sycophancy problem in LLM's + triggering on any irrelevant details you feed them, recently led a P2 problem call down the wrong pathing for hours. The chatbot is never going to TELL you to step back and ask if this entire inquiry is irrelevant to larger goal. This is your moat. It's mine.

It turns out if you social engineer someone to install a malicious browser extension, your browser can do Bad Things. The Passkey & FIDO specs explicitly say browser/endpoint compromise is not in their threat model.

Ruin the industry? As Jeremy Clarkson once said: "Oh no... anyway." If LLMs cannot be monetized without massive sweeping intellectual property theft, then maybe they shouldn't be monetized at all. And maybe the CEOs pushing it on us aren't half the tech visionaries they think they are.

Didn’t expect to ever see a remaster of Outlaws. It's a pretty obscure shooter. I had the demo as a kid that I've played too many times. Map of Sanctuary town together with the soundtrack is permanently burned into my brain. www.youtube.com/watch?v=qx4O...

Congratulations to my colleagues on this milestone. Before the headlines kick in, let's consider what this actually is, at best a new sub-technique for T1027 (Obfuscated Files or Information). Not that different from T1027.004 (Compile After Delivery) just an interesting twist on the steps.

#ESETResearch has discovered the first known AI-powered ransomware, which we named #PromptLock. The PromptLock malware uses the gpt-oss:20b model from OpenAI locally via the Ollama API to generate malicious Lua scripts on the fly, which it then executes 1/7

𝗘𝗗𝗥 𝗧𝗲𝗹𝗲𝗺𝗲𝘁𝗿𝘆 𝗶𝘀 𝗴𝗿𝗼𝘄𝗶𝗻𝗴 𝗮𝗴𝗮𝗶𝗻 🚀 We’ve been holding back on telemetry additions as we didn’t want early adopters to get an unfair scoring boost.To solve that, instead of delaying additions, new fields will now show up as “𝙣𝙚𝙬” and won’t affect scores until at least 75% 𝗼𝗳 𝘃𝗲𝗻𝗱𝗼𝗿𝘀 𝘀𝘂𝗽𝗽𝗼𝗿𝘁 𝘁𝗵𝗲𝗺. 1/x

I think the thing that kills me about the current conversation around AI is that no one seems to be having a genuine, realistic conversation about what is currently possible and what will be possible in the near term. These takes are… bad sci fi.

#ESETresearch has discovered a zero-day vulnerability in WinRAR, exploited in the wild by Russia-aligned #RomCom @dmnsch @cherepanov74 www.welivesecurity.com/en/eset-rese... 1/7

Two years ago after researchers found backdoor in an encryption algo used to secure radio comms for police/military/intel agencies around world, the org behind the algo advised users to deploy an end-to-end encryption solution on top of the algo. Now researchers also found security issue with that

During my #BHUSA talk I've released many ETW research tools, of which the most notable is BamboozlEDR. This tool allows you to inject events into ETW, allowing you to generate fake alerts and blind EDRs. github.com/olafhartong/... Slides available here: github.com/olafhartong/...

Every Reason Why I Hate AI and You Should Too malwaretech.com/2025/08/ever...

You can have the best product on the market, but if the most important thing you can think of to convey is that "it's AI powered" I have ZERO confidence in your product road map.

Platypus diplomacy. What a wonderfully bizarre story. Like something I'd expect to find in a @jonronson.bsky.social book. www.bbc.com/news/article...

If you're hunting for #CVE-2025-53770 then I'd recommend also looking for connections to *.ngrok-free.app as it's used to distribute PowerShell reverse shell. ESET Inspect rule Potential SharePoint Post-Exploitation (Cmd/PowerShell) [E0474] is triggered on all exploitation attempts seen so far.

Hydroelectric power plant on the Swiss-Italian border used to electrify the nearby railway.

I've experienced this multiple times over the past year. The weirdness of it still surprises me. You say things expecting that you'll have to make a compelling argument and explain your reasoning. Instead, people just go along with it. After all, you're the expert.