@ThreatSynop ThreatSynop
ThreatSynop posts on X about ai, $googl, command, microsoft the most. They currently have [---] followers and [---] posts still getting attention that total [-----] engagements in the last [--] hours.
Engagements: [-----] #
- [--] Week [------] -3%
- [--] Month [------] +27%
- [--] Months [------] +31,042%
Mentions: [--] #
- [--] Week [---] -5.70%
- [--] Month [-----] +62%
- [--] Months [-----] +34,450%
Followers: [---] #
- [--] Week [---] +13%
- [--] Month [---] +163%
- [--] Months [---] +5,167%
CreatorRank: [---------] #
Social Influence
Social category influence technology brands 30.12% stocks 23.1% finance 12.87% countries 8.77% social networks 6.43% cryptocurrencies 2.05% travel destinations 1.46% automotive brands 0.58% exchanges 0.58% financial services 0.58%
Social topic influence ai 15.5%, $googl 6.73%, command #1218, microsoft #3039, crypto 5.26%, agentic #1558, telegram 3.8%, data 3.51%, reduce 2.92%, cloud 2.63%
Top accounts mentioned or mentioned by @transilienceai @vuln_tracker @cyderes @clmasters @alphashark @chain_alphax @drorivry @vibecoderofek
Top assets mentioned Alphabet Inc Class A (GOOGL) Microsoft Corp. (MSFT) Crowdstrike Holdings Inc (CRWD) Zscaler Inc (ZS) IBM (IBM) Cloudflare, Inc. (NET)
Top Social Posts
Top posts by engagements in the last [--] hours
"🚨 CES 2026: Klipsch Unveils New Atlas Hi-Fi Headphones and Next-Gen Powered Speakers Klipschs CES [----] lineup spotlights its return to premium over-ear headphones (Atlas HP series incl. wireless ANC) alongside upgraded powered speakers (Fives/Sevens/Nines II) that add modern connectivity and immersive audio features like Dolby Atmos and room correctionsignaling a continued push toward always-connected home audio ecosystems (and the associated need for strong firmware/update hygiene). 🎯 Target: Global/Consumer Electronics # Category: #CES2026 #Klipsch #Headphones #Speakers #DolbyAtmos"
X Link 2026-01-12T19:36Z [---] followers, [--] engagements
"🚨 Zebra Technologies Hit by Alleged Source Code Leak Exposing IaC Tokens and Client Configs A threat actor claims to have stolen Zebra Technologies internal repositories including source code tied to core products and acquisitions (Profitect Antuit) plus Terraform/IaC environment configs SQL artifacts and even API tokens/hardcoded credentialscreating high risk for supply-chain abuse and follow-on intrusion. The leak also reportedly references client-specific infrastructure directories (e.g. IKEA Walgreens) raising downstream exposure if credentials or deployment patterns are reusable. 🎯"
X Link 2026-01-27T11:52Z [---] followers, [--] engagements
"🚨 Fortinet upgrades FortiCNAPP with network-aware risk scoring built-in DSPM and runtime validation to cut cloud alert noise Fortinets latest FortiCNAPP enhancements correlate posture + identity exposure + vulnerabilities with (1) FortiGate path-aware network enforcement context (2) native in-place Data Security Posture Management (DSPM) to elevate risks touching sensitive data and (3) runtime-informed validation to prioritize truly exploitable issues. The goal is faster higher-confidence remediation by turning fragmented tool sprawl signals into one prioritized workflow. 🎯 Target:"
X Link 2026-01-28T09:38Z [---] followers, [--] engagements
"🚨 Poland Energy Sector Sabotage: FSB-Linked Static Tundra Uses DynoWiper to Break OT Communications Poland reported coordinated cyberattacks on 30+ wind/solar sites and a major CHP plant where attackers abused exposed FortiGate remote access (often no MFA) and then ran destructive OT/IT actions (firmware tampering device wiping and wipers) to cut monitoring/remote control linkswhile generation/heat supply continued. Investigators tied infrastructure to the Russia-linked Static Tundra cluster (FSB Center 16) and identified DynoWiper + LazyWiper as the destructive payloads highlighting"
X Link 2026-01-31T12:06Z [---] followers, [--] engagements
"🚨 Everest Ransomware Lists New Victims Claims Multi-TB Data Theft Across [--] Organizations Everest ransomware has posted seven new alleged victims on its leak siteclaiming theft of terabytes of sensitive data including 1.4TB from Iron Mountain and 253GB of EMRs/billing records from Acu Trans alongside data from Polycom Hosokawa Micron Shinwa SIGMA Processing Group and Stellium. 🕷 Malware: Everest ransomware 🎯 Target: Global (US/Japan/Panama) # Category: #DataBreach #CyberCrime #TargetedAttacks 🔗 URL:"
X Link 2026-02-02T18:30Z [---] followers, [--] engagements
"🚨 Hikvision WAPs Hit by High-Severity Authenticated Command Execution Flaw (CVE-2026-0709) Hikvision disclosed CVE-2026-0709 (CVSS 7.2) where authenticated attackers can send crafted packets to multiple Wireless Access Point models to execute arbitrary commands due to insufficient input validation enabling full device compromise if credentials are stolen/abused. Patch immediately by upgrading to firmware V1.1.6601 build [------] (affected versions include V1.1.6303 build250812 and earlier) and rotate device credentials while restricting management access. 🎯 Target: Global/Enterprise Wi-Fi"
X Link 2026-02-03T07:50Z [---] followers, [--] engagements
"🚨 APT28 Exploits Office Zero-Day CVE-2026-21509 in Operation Neusploit to Drop MiniDoor and Covenant Zscaler reports APT28 using weaponized RTFs to exploit CVE-2026-21509 then selectively serving region-gated DLL droppers that either install MiniDoor (Outlook VBA email theft via VbaProject.OTM + macro policy registry changes) or run a PixyNetLoader chain (COM hijack + OneDriveHealth task + LSB-stego shellcode) to load a Covenant Grunt via Filen-based C2. Attacks targeted Central/Eastern Europe (Ukraine/Slovakia/Romania) and continued even after Microsofts Jan [--] out-of-band patch. 🕷"
X Link 2026-02-03T07:58Z [---] followers, [--] engagements
"🚨 Everest Ransomware Claims 90GB Polycom Data Theft From HP Inc. (Poly) Systems Everest alleges it stole 90GB of internal Polycom/Poly data (databases + internal documentation) and posted screenshots of engineering builds source code trees logs and internal directories threatening release after a 9-day countdown if demands arent met. HP has not confirmed the breach but the leak evidence suggests a product/infrastructure-focused extortion attempt rather than clear customer-PII exposure. 🎯 Target: Global/Enterprise Communications (HP Poly / Polycom) # Category: #CyberCrime #TargetedAttacks 🔗"
X Link 2026-02-03T11:48Z [---] followers, [--] engagements
"🚨 APT28 (Fancy Bear) weaponizes freshly patched Office flaw CVE-2026-21509 in live phishing Zscaler reports APT28 is exploiting CVE-2026-21509 to bypass OLE mitigations using weaponized RTF files that drop a malicious DLL then deploy either the MiniDoor Outlook VBA backdoor for email theft or a multi-stage chain starting with PixyNetLoader and ending in a Covenant Grunt implant. Campaigns targeted Central/Eastern Europeespecially Ukrainebanking on slow patching after Microsofts out-of-band fix. 🕷 Malware: MiniDoor / PixyNetLoader / Covenant Grunt 🎯 Target: Central & Eastern"
X Link 2026-02-03T16:10Z [---] followers, [---] engagements
"🚨 Operation Neusploit: APT28 weaponizes Office OLE flaw (CVE-2026-21509) to steal mail & remote-control EU targets Zscaler says Russia-linked APT28 is exploiting CVE-2026-21509 via weaponized RTFs to silently drop MiniDoor (Outlook-focused email theft) or PixyNetLoader (steganography + anti-analysis) that ultimately deploys a Covenant Grunt implant using Filen for C2 to blend into normal traffic. Targets observed include Ukraine Slovakia and Romaniamaking immediate patching and attachment-hardening critical. 🕷 Malware: MiniDoor / PixyNetLoader / Covenant Grunt 🎯 Target: Ukraine Slovakia &"
X Link 2026-02-03T18:58Z [---] followers, [--] engagements
"🚨 Incognito Market operator gets [--] years: $105M darknet drug empire brought down U.S. prosecutors say Rui-Siang Lin (Pharaoh) ran the Incognito Market darknet marketplace (2020Mar 2024) facilitating $105M in narcotics sales via crypto escrow and was sentenced to [--] years for narcotics conspiracy money laundering and misbranded drug sales. Authorities say he also exit-scammed users for $1M+ and attempted extortion by threatening to leak buyer/vendor histories showing how marketplace-as-a-service crime scalesand how OPSEC mistakes still enable attribution. 🎯 Target: USA/Deep Web Cybercrime #"
X Link 2026-02-04T20:29Z [---] followers, [--] engagements
"🚨 Incognito Market admin sentenced to [--] years as U.S. dismantles $105M darknet narcotics marketplace A Taiwanese national (Rui-Siang Lin Pharaoh) was sentenced to [--] years and ordered to forfeit $105M after admitting to running Incognito Market (Jan 2022Mar 2024) which facilitated large-scale drug sales and used crypto infrastructure for anonymous transactions. The case highlights ongoing law-enforcement capability to attribute and prosecute darknet operators despite Tor/crypto obfuscation and the continued convergence of cybercrime platforms with financial crime operations. 🎯 Target:"
X Link 2026-02-04T21:27Z [---] followers, [--] engagements
"🚨 Iron Mountain faces Everest ransomware leak claims company says impact was limited to one exposed file-share folder Everest ransomware actors alleged exfiltration of 1.4TB of internal and client data but Iron Mountain says the incident stemmed from a single compromised credential that accessed one folder on a public-facing third-party file-sharing site containing mostly marketing materialsno core systems breached and no confirmed sensitive customer data exposure. The risk remains targeted phishing/fraud if any vendor materials or contacts were accessed while claims are validated. 🕷"
X Link 2026-02-05T04:33Z [---] followers, [--] engagements
"🚨 Incognito Market Admin Sentenced to [--] Years for Running a $105M Dark Web Drug Empire U.S. courts sentenced Rui-Siang Lin (Pharaoh) to [--] years for operating Incognito Market (20202024) a darknet marketplace that processed over $105M in drug sales to [------] customers and took a commission on crypto transactions. Prosecutors also allege he exit scammed users by stealing at least $1M in deposits and attempting to extort vendors/buyers by threatening to leak transaction histories. 🎯 Target: Global/Dark Web Drug Trade # Category: #CyberCrime #CyberLaw 🔗 URL:"
X Link 2026-02-05T20:59Z [---] followers, [--] engagements
"🚨 Zscaler Acquires SquareX to Bring Browser Detection & Response Into Any Enterprise Browser Zscaler acquired SquareX to embed lightweight extensions into standard browsers (instead of forcing dedicated enterprise browsers) aiming to detect and block browser-borne threats like malicious extensions phishing and data leakage while extending Zero Trust controls to BYOD and unmanaged devices. 🎯 Target: Global/Enterprise (Browser & SaaS Access) # Category: #BlueTeam 🔗 URL: https://www.securityweek.com/zscaler-acquires-browser-security-firm-squarex/"
X Link 2026-02-06T03:02Z [---] followers, [--] engagements
"🚨 Study: 5M Public Web Servers Expose .git Metadata 250K+ Leak Deployment Credentials A Mysterium VPN research scan found 4.96M internet-facing servers with publicly accessible .git/ directories and [------] cases where .git/config exposes active deployment credentialsenabling source-code reconstruction secret harvesting and rapid server/cloud takeovers. 🎯 Target: Global/Web Hosting & DevOps # Category: #Vulnerability #BlueTeam #CyberIntel 🔗 URL:"
X Link 2026-02-06T11:11Z [---] followers, [--] engagements
"🚨 Exposed FortiGate VPNs Let Russia-Linked Group Breach Polands Energy Control Systems Deploy Wipers CERT Polska says a single Russia-linked actor exploited internet-exposed FortiGate VPN concentrators lacking MFA to access wind/solar substations and other industrial targets then carried out destructive actions (corrupted firmware wiped files factory resets) that cut monitoring/remote control while generation continued. Separate intrusions attempted wiper deployment at a CHP plant (blocked by EDR) and a manufacturing firm showing how unpatched/perimeter VPN exposure can translate directly"
X Link 2026-02-06T23:04Z [---] followers, [--] engagements
"🚨 Shai-hulud Exposed the Real Supply-Chain Cost: The Verification Tax After the Worm Is Gone Self-propagating npm supply-chain worms like Shai-hulud (and credential-stealers like GlassWorm) may not always cause obvious mass compromise but they force expensive emergency IR: pipeline/endpoint hunting rebuild validation and rapid credential rotation across dev + CI/CD where secrets and signing keys live. The long-tail risk is leaked tokens being reused or sold laterturning a short incident into weeks of disruption and delayed releases. 🕷 Malware: Shai-hulud (also referenced: GlassWorm) 🎯"
X Link 2026-02-06T23:20Z [---] followers, [--] engagements
"🚨 Proton: SMBs Took the Biggest Hit in [----] [---] Major Breaches Exposed 306M+ Records Protons Data Breach Observatory logged [---] major breaches in [----] exposing 306M+ records with 71% impacting small and medium businessesdriven heavily by compromised passwords (49%) and weaker security maturity. The takeaway: credential hygiene (MFA + strong password management) least-privilege access to sensitive data and encrypt-by-default controls are now baseline requirements for SMB survival. 🎯 Target: Global/SMBs # Category: #CyberIntel #DataBreach 🔗 URL:"
X Link 2026-02-06T23:34Z [---] followers, [--] engagements
"🚨 Zscaler Buys SquareX to Add Real-Time Browser Detection & Response Zscaler acquired SquareX to integrate Browser Detection and Response capabilities (monitoring browser behavior to spot phishing session hijacking malicious scripts and account takeover) into its Zero Trust Exchange. SquareXs lightweight extension and isolated/disposable browsing sessions aim to reduce browser-native attack blind spots without forcing enterprises onto a separate managed browser. 🎯 Target: Global/Enterprise # Category: #BlueTeam 🔗 URL:"
X Link 2026-02-06T23:40Z [---] followers, [--] engagements
"🚨 Shadow Campaigns: Asia-Based State Actor Hit 70+ Gov/Critical Infra Orgs Across [--] Countries Palo Alto Networks Unit 42-linked reporting says state-sponsored TGR-STA-1030/UNC6619 ran Shadow Campaigns reconning government infrastructure tied to [---] countries and successfully compromising at least [--] government/critical-infrastructure orgs across [--] countries using tailored phishing (Mega.nz-hosted archives) and exploitation of [--] known vulnerabilities. The intrusion chain used the Diaoyu loader (with file/process-based evasion) to fetch Cobalt Strike/VShell plus multiple webshells/tunneling"
X Link 2026-02-07T15:37Z [---] followers, [--] engagements
"🚨 Microsoft West US Datacenter Power Outage Breaks Windows Update & Microsoft Store for Thousands A utility power interruption at a Microsoft West US datacenter cascaded into Azure storage/CDN issues causing Microsoft Store installs/updates and Windows Update downloads to fail or time out; recovery required storage cold start and re-synchronization so impact persisted even after backup power stabilized the facility. For defenders and IT teams its a resilience/observability lesson: outages can also delay logs/telemetry complicating incident detection and response during critical patching"
X Link 2026-02-08T02:46Z [---] followers, [---] engagements
"🚨 Flashpoint Warns Milano-Cortina [----] Faces Multi-Vector Cyber + Physical Disruption Risk Flashpoint assesses the [----] Winter Olympics as a high-risk target due to massive digital complexity and a dispersed footprint across northern Italy with likely cyber threats including phishing spoofed sites BEC DDoS ransomware and scams amplified by supplier/vendor dependencies. It also flags physical/kinetic disruption driversprotests transport strikes and extended transit corridorsand recommends basic hardening for attendees (official apps avoid public Wi-Fi VPN + MFA strike planning). 🎯 Target:"
X Link 2026-02-08T13:55Z [---] followers, [--] engagements
"🚨 React2Shell Exploitation Consolidates as Two IPs Drive Most Attacks Against Dev Servers GreyNoise observed a major shift over the past [--] days: over half of React2Shell (CVE-2025-55182) exploitation now comes from just two IPs with 1.4M exploit attempts detectedone source staging cryptomining binaries and the other opening reverse shells heavily targeting developer-server ports. 🎯 Target: Global/Developer Infrastructure # Category: #Vulnerability #CyberIntel 🔗 URL: https://www.cybersecuritydive.com/news/react2shell-exploitation-threat-activity/811359/"
X Link 2026-02-08T13:57Z [---] followers, [--] engagements
"🚨 Tirith: New Open-Source Shield Against Lookalike Terminal Command Traps Tirith is a cross-platform shell hook (bash/zsh/fish/PowerShell) that inspects pasted commands for risky URL tricksUnicode homograph/homoglyph domains hidden/invisible characters ANSI/bidi injectionand blocks execution when it detects patterns like curlbash typosquatted repos or insecure transport. This matters because terminals still render deceptive Unicode/escape sequences that can turn safe-looking commands into silent compromise paths in developer and admin workflows. 🕷 Malware: Tirith (defensive tool) 🎯 Target:"
X Link 2026-02-08T15:56Z [---] followers, [--] engagements
"🚨 Cloud Security Alliance: Why Autonomous AI Agents Need Human-Grade Identity Controls A new CSA report warns that autonomous AI agents are scaling faster than governance with organizations relying on static credentials (API keys/shared accounts) fragmented access controls and weak traceabilitymaking it hard to prove which agent did what when and on whose behalf. This matters because these gaps raise the risk of credential misuse unintended high-impact actions and audit/compliance failures as agents operate continuously across environments. 🎯 Target: Global/Enterprise (IAM DevOps AI"
X Link 2026-02-09T06:17Z [---] followers, [--] engagements
"🚨 United Airlines CISO: Building Aviation Cyber Resilience When Disruption Is Inevitable United Airlines CISO Deneen DeFiore outlines an aviation-first security strategy that wraps safety-critical legacy systems with modern controls (strong identity segmentation monitoring compensating controls) instead of forcing rapid change into certified environments. The key point: airline cyber risk must be managed as operational continuity and public-trust risk across a highly interconnected ecosystem (airports vendors infrastructure) not just data protection. 🎯 Target: Global/Aviation & Critical"
X Link 2026-02-09T07:19Z [---] followers, [--] engagements
"🚨 OpenClaw Plugin Marketplace Poisoned: Malicious Skills Push Atomic macOS Stealer via curlbash Researchers report a supply-chain campaign seeding OpenClaws ClawHub with hundreds of trojanized skills whose prerequisites execute Base64-obfuscated curl bash chains to fetch payloads including Atomic macOS Stealer (AMOS) for credential and file theft. This matters because a permissive marketplace + executable documentation turns routine agent-skill installs into high-scale infostealer delivery for developers and automation operators. 🕷 Malware: Atomic Stealer (AMOS) 🎯 Target: Global/Developers"
X Link 2026-02-09T07:24Z [---] followers, [--] engagements
"🚨 Black Basta Levels Up: BYOVD Driver Embedded Directly Inside Ransomware Payload A new Black Basta campaign embeds a Bring Your Own Vulnerable Driver (BYOVD) component directly into the ransomware dropping the signed NsecSoft NSecKrnl driver and abusing CVE-2025-68947 to kill EDR/AV processes (e.g. Sophos MsMpEng) before encryption. This matters because bundling kernel-level defense impairment into the payload shortens the attack chain and makes pre-encryption detection/containment significantly harder. 🕷 Malware: Black Basta (BYOVD using NsecSoft NSecKrnl / CVE-2025-68947) 🎯 Target:"
X Link 2026-02-09T07:56Z [---] followers, [---] engagements
"🚨 BeyondTrust Patches Critical Pre-Auth RCE in Remote Support & PRA (CVE-2026-1731) BeyondTrust fixed a critical pre-auth OS command injection (CVE-2026-1731 CVSS 9.9) in Remote Support and certain Privileged Remote Access versions that could let unauthenticated attackers execute OS commands as the site user. This matters because exposed internet-facing instances (reported in the thousands) could be leveraged for rapid initial access data exfiltration and service disruption if patches arent applied. 🎯 Target: Global/Enterprise (PAM & Remote Access) # Category: #Vulnerability #BlueTeam 🔗"
X Link 2026-02-09T09:01Z [---] followers, [--] engagements
"🚨 Researchers Flag 40000+ Exposed OpenClaw Deployments as High-Risk Agent Gateways SecurityScorecard identified 40000+ OpenClaw instances exposed to the internet where weak configurations could allow attackers to reach agent gateways and potentially access connected data and actions (files messages integrations). This matters because exposed autonomous-agent control planes can turn a single misconfiguration into broad automated compromise at scale. 🎯 Target: Global/AI Agent Infrastructure (Enterprises & Developers) # Category: #AI_Threats #CyberIntel 🔗 URL:"
X Link 2026-02-09T10:06Z [---] followers, [--] engagements
"🚨 TeamPCP Worm Hijacks Cloud Misconfigs + React2Shell to Build Proxy & Extortion Infrastructure A worm-driven TeamPCP campaign abuses exposed Docker/Kubernetes/Ray/Redis services and the React2Shell flaw (CVE-2025-55182) to auto-provision distributed proxy/scanning nodes then pivot into data theft crypto-mining and extortion/ransomware follow-ons. This matters because it industrializes cloud takeovers at scale using common misconfigurations and known exploitsturning your cloud estate into attacker infrastructure fast. 🕷 Malware: TeamPCP worm (PCPcat / 🎯 Target: Global/Cloud-native"
X Link 2026-02-09T10:15Z [---] followers, [--] engagements
"🚨 BeyondTrust 0-Day (CVE-2026-1731) Enables Pre-Auth RCE in Remote Support & PRA BeyondTrust disclosed a critical pre-auth OS command injection (CVE-2026-1731 CVSS 9.9) impacting self-hosted Remote Support and Privileged Remote Access that lets unauthenticated attackers run arbitrary OS commands with site user privileges. This matters because exposed remote-access appliances are prime initial-access targetsrapid patching plus hunting for suspicious inbound requests/command execution is essential. 🎯 Target: Global/Enterprise (Remote Access & PAM) # Category: #Vulnerability #BlueTeam 🔗 URL:"
X Link 2026-02-09T10:22Z [---] followers, [--] engagements
"🚨 Bloody Wolf Spear-Phishes Uzbekistan & Russia to Deploy NetSupport RAT Bloody Wolf (aka Kasperskys Stan Ghouls) is running spear-phishing with malicious PDF lures that lead to a loader fake error decoys and capped re-install attempts before dropping the legitimate NetSupport RAT and establishing persistence via Startup folder Run key and scheduled tasks. This matters because the campaign hit [--] victims in Uzbekistan and additional devices in Russia showing high-volume targeted tradecraft that can enable data theft and follow-on intrusion. 🕷 Malware: NetSupport RAT 🎯 Target: Uzbekistan &"
X Link 2026-02-09T11:57Z [---] followers, [--] engagements
"🚨 BridgePay Confirms Ransomware Behind U.S. Payment Gateway Outage Claims No Card Data Hit BridgePay says a ransomware attack caused a widespread outage across its payment gateway services and it has engaged the FBI/USSS plus external incident response teams; early forensics indicate no payment card data compromise and no evidence of usable data exposure (files accessed were encrypted). This matters because payment-gateway downtime cascades into nationwide merchant disruption even without confirmed data theft making resilience and third-party risk controls critical. 🕷 Malware: Ransomware"
X Link 2026-02-09T12:09Z [---] followers, [--] engagements
"🚨 BeyondTrust Patches Critical Pre-Auth RCE in Remote Support & PRA (CVE-2026-1731) BeyondTrust fixed a critical pre-auth OS command injection (CVE-2026-1731 CVSS 9.9) allowing unauthenticated attackers to execute OS commands as the site user via crafted client requests impacting Remote Support 25.3.1 and Privileged Remote Access 24.3.4. This matters because exposed self-hosted remote-access/PAM instances are prime initial-access targets and easy-to-exploit flaws can be rapidly weaponized after patch diffing. 🎯 Target: Global/Enterprise (Remote Access & PAM) # Category: #Vulnerability"
X Link 2026-02-09T12:13Z [---] followers, [--] engagements
"🚨 AI Securitys Great Wall Problem: Your Real Attack Surface Isnt the Cloud CyberScoop argues AI security fails when teams only harden cloud infrastructure; the real risk is the broader systemdata supply chains plug-ins/agent frameworks non-human identities and the humans who can change tool bindings and permissionswhere permissioned misuse can look legitimate. It calls for end-to-end AI threat modeling plus audit-grade change control and traceability from input tool calls outcomes to detect manipulation not just compromise. 🎯 Target: Global/Enterprise AI (Agents IAM DevOps) # Category:"
X Link 2026-02-09T12:21Z [---] followers, [--] engagements
"🚨 LTX Stealer: Node.js-Packed Infostealer Uses Supabase + Cloudflare to Exfiltrate Browser Secrets A new Node.js-based infostealer LTX Stealer drops a 271MB Inno Setup installer that bundles a full Node.js runtime then steals Chromium passwords/cookies (via Local State key extraction) crypto wallet data and screenshots before exfiltrating via Supabase-authenticated infrastructure fronted by Cloudflare. This matters because the oversized bytecode-obfuscated Node payload is designed to evade analysis and some AV scanning accelerating credential theft at scale. 🕷 Malware: LTX Stealer 🎯"
X Link 2026-02-09T12:29Z [---] followers, [--] engagements
"🚨 FortiClient EMS Critical SQLi (CVE-2026-21643) Enables Unauth RCE Against Admin Interface Fortinet patched CVE-2026-21643 (CVSS 9.1) an unauthenticated SQL injection in FortiClient EMS 7.4.4s admin interface that can be exploited remotely via crafted HTTP requests to achieve code execution and full server compromise. This matters because EMS sits at endpoint control-plane scopecompromise can enable lateral movement data theft and malware deployment across managed fleets. 🎯 Target: Global/Enterprise (Endpoint Management) # Category: #Vulnerability #BlueTeam 🔗 URL:"
X Link 2026-02-09T12:35Z [---] followers, [--] engagements
"🚨 Farcaster Wallet Database Leak: 1.3GB JSON Dump Exposes Web3 Profiles + Crypto Addresses An alleged 1.3GB Farcaster dataset (Farcaster Wallet) is circulating containing user profile data and linked crypto wallet details (ETH/Solana addresses custody labels locations bios connected X handles and media URLs) reportedly dumped to a file-sharing service in late [----]. This matters because wallet/profile linkage enables precise deanonymization targeted phishing/social engineering and wallet-targeted fraud at scale. 🎯 Target: USA/Web3 (Decentralized Social Network Users) # Category: #DataBreach"
X Link 2026-02-09T12:39Z [---] followers, [--] engagements
"🚨 Anubis Ransomware Claims Breach of U.S. Real Estate Investor Rutherford Threatens Financial Data Leak The Anubis ransomware group claims it breached Rutherford Investment Company and is extorting the firm with an alleged cache of sensitive financial and client documents (property income details earnings/income verification invoices internal forms). This matters because stolen transaction/verification data enables high-confidence fraud and follow-on intrusions even if core systems are later restored. 🕷 Malware: Anubis ransomware 🎯 Target: USA/Real Estate (Investment & Property Management)"
X Link 2026-02-09T12:41Z [---] followers, [--] engagements
"🚨 SolarWinds Web Help Desk RCE Exploited to Drop Zoho Assist Velociraptor and Cloudflared Tunnels Attackers are actively exploiting SolarWinds Web Help Desk deserialization flaws (notably CVE-2025-40551 / CVE-2025-26399 plus related CVE-2025-40536) to gain unauthenticated RCE then deploy Zoho ManageEngine RMM (ToolsIQ.exe) Velociraptor and Cloudflared tunnels for persistent remote access and AD discovery. This matters because compromising a help-desk platform creates a high-trust pivot point for rapid lateral movement and stealthy legit-tool persistence inside enterprise networks. 🕷"
X Link 2026-02-09T13:26Z [---] followers, [--] engagements
"🚨 Cybersecurity M&A Pulse: [--] Deals Landed in January [----] (CrowdStrike LevelBlue OneSpan Radware More) SecurityWeeks roundup tracks [--] cybersecurity M&A deals announced in January [----] highlighting consolidation across identity/PAM (e.g. CrowdStrikeSGNL DelineaStrongDM) managed detection services (LevelBlueAlert Logics managed services) and mobile/API/app protection (OneSpanBuild38 RadwarePynt). This matters because the deal flow signals where buyers expect demand to spike nextidentity control planes managed security at scale and app/API hardening. 🎯 Target: Global/Cybersecurity Industry #"
X Link 2026-02-09T13:58Z [---] followers, [--] engagements
"🚨 BeyondTrust Urges Immediate Patch for Critical Pre-Auth RCE in Remote Support & PRA (CVE-2026-1731) BeyondTrust disclosed a critical pre-auth OS command injection (CVE-2026-1731) in Remote Support 25.3.1 and Privileged Remote Access 24.3.4 that lets unauthenticated attackers execute OS commands as the site user via crafted client requests. This matters because thousands of internet-exposed instances remain at high risk of full system compromise until upgraded (RS 25.3.2+ / PRA 25.1.1+). 🎯 Target: Global/Enterprise (Remote Access & PAM) # Category: #Vulnerability #BlueTeam 🔗 URL:"
X Link 2026-02-09T14:00Z [---] followers, [---] engagements
"🚨 EU & Dutch Agencies Confirm Breaches Linked to Ivanti EPMM Zero-Days (CVE-2026-1281 / CVE-2026-1340) EU bodies and Dutch institutions confirmed compromises tied to two critical Ivanti Endpoint Manager Mobile code-injection flaws that enable unauthenticated takeover of exposed EPMM systems with Ivanti warning a limited number of customers were hit pre-patch. This matters because EPMM is a mobile control-planeonce breached attackers can pivot into device fleets and harvest sensitive organizational and user data. 🎯 Target: EU & Netherlands/Government # Category: #Vulnerability"
X Link 2026-02-09T14:10Z [---] followers, [--] engagements
"🚨 CrowdStrike Wins [----] Gartner Voice of the Customer for EASM (Customers Choice) CrowdStrike says it was named the only Customers Choice in Gartner Peer Insights [----] Voice of the Customer for External Attack Surface Management citing high user ratings and willingness-to-recommend scores. This matters because it signals market validation and can influence EASM procurement decisions for exposure management programs. 🎯 Target: Global/Exposure Management (EASM market) # Category: #CyberIntel 🔗 URL:"
X Link 2026-02-09T14:26Z [---] followers, [--] engagements
"🚨 Criminal IP Brings Real-Time Exposure Intel Into IBM QRadar SIEM + SOAR Workflows Criminal IP now integrates with IBM QRadar SIEM/SOAR to enrich firewall and log-derived IP/URL artifacts with external risk context (High/Medium/Low) enabling in-console investigation and automated SOAR playbooks for faster triage and response. This matters because it reduces manual lookups and improves detection prioritization by adding exposure-driven intelligence directly into the SOC toolchain. 🎯 Target: Global/SOC & SIEM/SOAR Users # Category: #BlueTeam #CyberIntel 🔗 URL:"
X Link 2026-02-09T15:04Z [---] followers, [--] engagements
"🚨 Outtake Raises $40M to Counter AI-Driven Impersonation and Digital Trust Attacks Outtake raised $40M (Series B) to scale a unified digital trust platform that uses agentic AI + OSINT collection to detect and disrupt impersonation across domains social platforms apps and ads plus integrations for SOC workflows. This matters because AI is massively lowering the cost of deepfake/phishing-style deception forcing security teams to defend trust across many channelsnot just endpoints and networks. 🎯 Target: Global/Enterprises (Brand Identity and Fraud Surfaces) # Category: #CyberIntel"
X Link 2026-02-09T15:06Z [---] followers, [--] engagements
"🚨 Ransomware Gangs May Shift Back to Encryption as Data-Theft-Only Extortion Stops Paying Coveware reports that pure data-exfiltration extortion is delivering poor ROI as victims increasingly refuse to pay after breaches (e.g. 2.5% payment rate in MOVEit and near-zero in later campaigns) pushing crews back toward encryption for stronger leverage and higher settlement odds. This matters because defenders should expect more disruptive recovery-driven ransomware while attackers also monetize access via secondary channels and leaner ops. 🎯 Target: Global/All Sectors (SMBEnterprise) # Category:"
X Link 2026-02-09T15:12Z [---] followers, [--] engagements
"🚨 Roundcube Bug Lets Attackers Track Email Opens Even When Remote Images Are Blocked (CVE-2026-25916) A flaw in Roundcubes HTML/SVG sanitization lets attackers embed an invisible SVG that bypasses Block remote images causing the client to fetch a remote resource and leak open confirmation plus IP/browser details. This matters because it enables stealthy tracking and profiling of victims (and potential targeting) simply by viewing an email on vulnerable Roundcube versions (1.5.13 / 1.6.13). 🎯 Target: Global/Webmail (Roundcube users) # Category: #Vulnerability 🔗 URL:"
X Link 2026-02-09T15:20Z [---] followers, [--] engagements
"🚨 Void 🔗 : AI-Built Linux Malware Framework Goes Multi-Cloud (AWS/Azure/GCP) With Rootkit-Grade Stealth VoidLink is a modular Linux malware frameworkreportedly largely AI-generatedthat can mint custom implants for credential theft data exfiltration and stealthy persistence across cloud/container environments (AWS Azure GCP Kubernetes) using loaders + rootkit-like components to stay hidden. This matters because cloud control-plane compromise scales fast: one foothold can pivot across tenants clusters and identities with minimal on-disk artifacts. 🕷 Malware: VoidLink 🎯 Target: Global/Cloud"
X Link 2026-02-09T16:00Z [---] followers, [--] engagements
"🚨 Warlock Ransomware Breaches SmarterTools via Unpatched SmarterMail VM (Likely CVE-2026-24423) SmarterTools says Warlock ransomware operators compromised an unknown unpatched SmarterMail VM on January [--] [----] then pivoted into the office network and a connected datacenter lab environment impacting [--] Windows servers while Linux systems and customer account/business apps were unaffected. This matters because the group reportedly pre-positions access for [--] days then targets Active Directory and deploys legit tools (e.g. Velociraptor/SimpleHelp/WinRAR) to spread and encryptso patching alone"
X Link 2026-02-09T16:10Z [---] followers, [--] engagements
"🚨 Criminal IP IBM QRadar Risk Scoring SIEM SOAR Criminal IP IBM QRadar SIEM/SOAR artifacts (IP/URL) High/Medium/Low / Playbooks SOAR manual lookups . triage Threat Intel QRadar. 🎯 Target: Global/SOC (QRadar SIEM & SOAR users) # Category: #BlueTeam #CyberIntel 🔗 URL: https://cybersecuritynews.com/criminal-ip-integrates-with-ibm-qradar-to-deliver-real-time-threat-intelligence-across-siem-and-soar/ https://cybersecuritynews.com/criminal-ip-integrates-with-ibm-qradar-to-deliver-real-time-threat-intelligence-across-siem-and-soar/"
X Link 2026-02-09T16:12Z [---] followers, [--] engagements
"Threat research worth bookmarking (Howler Cell): RenEngine loader via cracked RenPy game launchers - HijackLoader stage - ACR Stealer. Great detail on anti-analysis & multi-factor anti-VM scoring. @Cyderes https://www.cyderes.com/howler-cell/renengine-loader-hijackloader-attack-chain @ThreatSynop Thank you for mentioning our latest findings. Read the full analysis from our Howler Cell team here: https://t.co/C9mPNombCb https://www.cyderes.com/howler-cell/renengine-loader-hijackloader-attack-chain @ThreatSynop Thank you for mentioning our latest findings. Read the full analysis from our Howler"
X Link 2026-02-09T16:35Z [---] followers, [--] engagements
"🚨 Ivanti EPMM Under Active Exploitation to Plant Dormant Java Backdoors (CVE-2026-1281 / CVE-2026-1340) Hackers are exploiting Ivanti Endpoint Manager Mobile flaws to drop a stealthy /mifs/403.jsp artifact that delivers a Base64 Java class acting as an in-memory loaderimplant now operate laterwaiting for a later activation parameter to run a second-stage payload. This matters because it can bypass classic webshell hunting (minimal post-exploitation noise) while preserving reliable access for follow-on espionage or monetization. 🕷 Malware: Dormant Java in-memory loader / /mifs/403.jsp) 🎯"
X Link 2026-02-09T17:08Z [---] followers, [---] engagements
"🚨 Lema AI Exits Stealth With $24M to Reinvent Third-Party Risk With Agentic Analysis Lema AI emerged from stealth with $24M across seed + Series A to replace spreadsheet-based vendor questionnaires with continuous AI-driven analysis of third-party behavior and exposure. This matters because third-party access is now a dominant breach path and point-in-time assessments miss the live drift that attackers exploit. 🎯 Target: Global/Enterprise (Third-Party & Supply Chain Risk) # Category: #BlueTeam #CyberIntel 🔗 URL:"
X Link 2026-02-09T18:03Z [---] followers, [--] engagements
"🚨 Warlock Ransomware Breaches SmarterTools via SmarterMail Auth Bypass (CVE-2026-23760) SmarterTools says Warlock ransomware operators gained access on Jan [--] via an unpatched shadow SmarterMail VM exploiting CVE-2026-23760 (admin auth bypass/password reset) and then moving laterally through Active Directory to compromise [--] Windows servers across the office network and a secondary lab/hosting data center. This matters because the attackers used legitimate/admin tooling (Velociraptor SimpleHelp WinRAR) and staged for [--] week before attempting encryptionshowing how a single missed VM update"
X Link 2026-02-09T20:01Z [---] followers, [--] engagements
"🚨 Augustus: Open-Source LLM Vulnerability Scanner With 210+ Adversarial Tests Across [--] Providers Augustus is a Go-based open-source scanner that stress-tests LLMs for prompt-injection jailbreaks data extraction encoding tricks and other adversarial behaviors producing structured findings teams can use to harden guardrails and evaluate model risk before deployment. This matters because it operationalizes repeatable LLM red-teaming across multiple providers helping organizations baseline exposure and track regressions over time. 🕷 Malware: Augustus (LLM vulnerability scanner) 🎯 Target:"
X Link 2026-02-10T06:17Z [---] followers, [--] engagements
"🚨 Bloody Wolf Targets Russia & Uzbekistan Using Spear-Phishing PDFs to Deploy NetSupport RAT Bloody Wolf (aka Stan Ghouls) is hitting organizations in Russia and Uzbekistan with localized spear-phishing emails posing as government/legal notices using malicious PDFs that link to a custom Java loader which fetches and installs the legitimate NetSupport Manager RAT. This matters because the loader shows fake error decoys rotates C2 domains per campaign and establishes persistence via Startup folder + Run key + scheduled taskmaking the intrusion blend into normal admin activity and harder to"
X Link 2026-02-10T07:14Z [---] followers, [--] engagements
"🚨 RSAC Open-Sources Quantickle to Visualize Threat Intel as Interactive Graphs RSAC released Quantickle a browser-based graph visualization tool for manually mapping relationships between IPs domains files and threat groups with CSV import/REST integrations and export to PNG/PDF/HTML. This matters because it accelerates human-led threat analysis and publishingbut RSAC recommends running it locally since it hasnt been security-reviewed for remote hosting. 🎯 Target: Global/Threat Intelligence & Security Analysts # Category: #CyberIntel #BlueTeam 🔗 URL:"
X Link 2026-02-10T08:12Z [---] followers, [--] engagements
"🚨 Discord Adds Face Scan + ID Age Verification Enforcing Teen-by-Default Safety Settings Starting early March [----] Discord will apply teen-by-default protections globally and gate age-restricted servers/channels sensitive media visibility and Stage speaking behind age assurance (facial age estimation or ID via vendor partners) with a background age-inference system reducing prompts for some adults. This matters because it materially changes access controls and privacy tradeoffs for millions of users while aiming to reduce teen exposure to adult content and risky DMs. 🎯 Target: Global/Social"
X Link 2026-02-10T08:14Z [---] followers, [--] engagements
"🚨 Transparent Tribe (APT36) Expands Espionage to Indias Cybersecurity Startups Using ISO+LNK Crimson RAT Lures Pakistan-linked APT36 is spear-phishing Indias startup ecosystem (notably cybersecurity/OSINT firms) with ISO containers containing disguised LNK Excel shortcuts that launch batch + PowerShell to strip Mark-of-the-Web drop a padded .NET Crimson RAT payload and beacon to hardcoded C2 (e.g. 93.127.133.9:443). This matters because startups with government/security ties are high-intel targets and the ISO/LNK tradecraft blends user deception with SmartScreen evasion for reliable initial"
X Link 2026-02-10T08:26Z [---] followers, [--] engagements
"🚨 China-Linked APT UNC3886 Hit Singapores Major Telcos Using Zero-Day Firewall Bypass and Rootkits Singapores CSA says China-linked APT UNC3886 ran a deliberate campaign against all four major telcos (Singtel StarHub M1 SIMBA) using a zero-day to bypass a perimeter firewall and deploying rootkits for stealthy persistence while exfiltrating a small amount of network-related technical data. This matters because telecom networks are high-leverage national infrastructure and the tradecraft signals long-term espionage intent even without customer-data theft or service disruption. 🕷 Malware:"
X Link 2026-02-10T09:20Z [---] followers, [--] engagements
"🚨 INC Ransomware Claims Breach of Core Supply Leaks Blueprints Invoices and Client Contacts INC Ransomware says it breached U.S. construction supplier Core Supply and posted internal proof files including detailed construction blueprints/schematics quotes/invoices and forms containing client contact details. This matters because exposed project documentation + PII can enable follow-on extortion fraud and targeted phishing across Core Supplys customer and partner network. 🕷 Malware: INC Ransomware 🎯 Target: USA/Construction # Category: #CyberCrime #DataBreach #TargetedAttacks 🔗 URL:"
X Link 2026-02-10T09:39Z [---] followers, [--] engagements
"🚨 China-Linked UNC3886 Hit Singapore Telcos With Firewall Zero-Day + Rootkits Singapore says China-nexus APT UNC3886 targeted all four major telecoms using a firewall zero-day plus rootkits for stealth/persistence and exfiltrated a small amount of technical (network-related) data without disrupting services or accessing customer records. This matters because telco infrastructure is strategiccompromise can enable long-term espionage interception and follow-on intrusions across downstream organizations. 🎯 Target: Singapore/Telecom # Category: #APT #Vulnerability #TargetedAttacks 🔗 URL:"
X Link 2026-02-10T10:17Z [---] followers, [--] engagements
"🚨 DPRK Fake Candidate Ops Hijack LinkedIn to Infiltrate Remote Jobs North Korean IT operatives are impersonating real professionals on LinkedIn (often using stolen profiles/credentials) to land remote roles then abusing internal access to map networks and exfiltrate data or fundssometimes using deepfake/AI voice tools to pass interviews. This matters because it turns hiring into an initial-access vector bypassing perimeter defenses and creating an insider-grade foothold in high-trust environments. 🕷 Malware: Cobalt Strike (tool) 🎯 Target: Global/Tech & Remote-First Orgs # Category: #APT"
X Link 2026-02-10T10:29Z [---] followers, [--] engagements
"🚨 Securing GenAI Agents: Strong Auth + Granular Authorization for MCPs This segment argues the real GenAI/agent risk isnt add auth but designing where authentication/authorization lives (agent MCP server or upstream API) and how to scope permissions with least-privilege delegation and API-style controls. It matters because MCP-style agents often become high-trust API brokersweak authz turns them into privilege-escalation and data-exfiltration pathways. 🎯 Target: Global/GenAI & AppSec # Category: #BlueTeam #SecurityTips #AI_Threats 🔗 URL:"
X Link 2026-02-10T11:15Z [---] followers, [--] engagements
"🚨 Singapore Disrupts China-Linked UNC3886 After Telco Espionage Campaign Singapore authorities attributed a targeted campaign against all four major telecom operators to China-nexus group UNC3886 and moved to disrupt the activity after intrusions led to limited theft of technical (network-related) data with no customer data exposure reported. This matters because telco footholds enable long-term strategic espionage and downstream targeting across connected government and enterprise ecosystems. 🎯 Target: Singapore/Telecom # Category: #APT #TargetedAttacks 🔗 URL:"
X Link 2026-02-10T13:21Z [---] followers, [--] engagements
"🚨 ZeroDayRAT Spyware Sold on Telegram Promises Full Android & iOS Takeover A cross-platform spyware kit dubbed ZeroDayRAT is being marketed on Telegram with a full control panel for surveillance and theftGPS tracking app notification interception (WhatsApp/Telegram/Instagram) mic/camera/screen monitoring keylogging SMS/OTP abuse plus banking overlays and crypto clipboard hijacking. This matters because it commoditizes near-APT mobile surveillance for low-skill buyers turning a single infected phone into a high-impact fraud and enterprise access risk. 🕷 Malware: ZeroDayRAT 🎯 Target:"
X Link 2026-02-10T13:49Z [---] followers, [--] engagements
"🚨 ZeroDayRAT Spyware Kit Promises Full Android & iOS Takeover ZeroDayRAT is a commercial mobile spyware kit sold via Telegram that offers operators a full control panel for remote surveillance (camera/mic/screen) keylogging SMS/OTP interception location tracking and theft from banking/crypto appsenabling hands-on device compromise at cybercrime scale. The risk is high because one infected phone can bypass MFA via OTP theft and become an enterprise pivot point through synced accounts and SSO tokens. 🕷 Malware: ZeroDayRAT 🎯 Target: Global/Mobile Users (Android & iOS) # Category: #Malware"
X Link 2026-02-10T14:15Z [---] followers, [--] engagements
"🚨 Man Phished [---] Snapchat Security Codes to Hijack Womens Accounts and Steal Private Photos A US man admitted to socially engineering [---] victims into handing over Snapchat one-time security codes by impersonating support enabling unauthorized access to dozens of accounts and My Eyes Only content without exploiting Snapchat itself. This matters because OTP/MFA code phishing remains a high-success account-takeover tacticbest mitigated with phishing-resistant methods like passkeys. 🎯 Target: USA/Consumers (Snapchat Users) # Category: #CyberCrime #SecurityTips 🔗 URL:"
X Link 2026-02-10T14:23Z [---] followers, [--] engagements
"🚨 Backslash Raises $19M to Secure Vibe Coding and AI-Native Development Backslash Security raised $19M Series A to expand its platform that governs and monitors AI-driven development across agents/IDEs MCP servers prompt rules and related workflowsadding guardrails granular event monitoring and malicious-behavior detection/response. This matters because AI coding stacks introduce new high-trust control points (agents/MCPs/prompts) that can become direct paths to code poisoning data exfiltration and supply-chain risk if not governed end-to-end. 🎯 Target: Global/AppSec & AI Development #"
X Link 2026-02-10T14:35Z [---] followers, [--] engagements
"🚨 Backslash Security Raises $19M to Secure Vibe Coding and AI Agent Workflows Backslash Security raised a $19M Series A led by KOMPAS VC to expand guardrails and real-time monitoring across AI-native dev stacks (IDEs AI agents MCP servers prompting workflows and generated code) as autonomous coding increases the attack surface. Funds will scale R&D and go-to-market in the US/EU and CyberArk ex-CRO Ron Zoran joins the board. 🎯 Target: Global/AppSec & AI Development # Category: #BlueTeam #AI_Threats 🔗 URL:"
X Link 2026-02-10T14:39Z [---] followers, [--] engagements
"🚨 Malicious Bing Ads Funnel U.S. Orgs to Azure-Hosted Tech Support Scam Pages Threat actors abused Bing sponsored search ads (e.g. for amazon) to redirect victims through a newly registered domain and into Azure Blob Storagehosted fake Microsoft security alerts that push users to call scam numbers and grant remote access or pay fees. The campaign hit users across [--] U.S. organizations in healthcare manufacturing and techshowing how trusted ad + cloud infrastructure can scale fraud fast. 🎯 Target: USA/Multiple Sectors # Category: #CyberCrime #TargetedAttacks 🔗 URL:"
X Link 2026-02-10T14:45Z [---] followers, [--] engagements
"🚨 UNC1069 Goes Full-Spectrum: Deepfake CEO Calls + ClickFix to Drain Crypto Wallets North Korea-linked UNC1069 is targeting crypto/finance orgs (developers + VC) using AI deepfake CEO video calls and a ClickFix social-engineering flow that tricks victims into running commands that drop first-stage loaders/backdoors. The chain deploys multiple malware families (e.g. WAVESHAPER/SUGARLOADER CHROMEPUSH/DEEPBREATH) to steal credentials session tokens and browser data for financial theft. 🕷 Malware: WAVESHAPER SUGARLOADER CHROMEPUSH DEEPBREATH 🎯 Target: Global/Crypto & Finance # Category: #APT"
X Link 2026-02-10T14:47Z [---] followers, [--] engagements
"🚨 AI-Generated Malware Now Exploiting React2Shell (CVE-2025-55182) at Scale Darktrace honeypots observed active exploitation of the React2Shell RCE (CVE-2025-55182) using fully AI-generated tooling to automate payload creation and attack workflows against vulnerable React Server Components. This matters because LLM-assisted ops reduce attacker skill requirements and accelerate scan exploit deploy loops against internet-facing web apps. 🕷 Malware: AI-generated malware (LLM-crafted) 🎯 Target: Global/Web Applications (React Server Components) # Category: #Vulnerability #AI_Threats #Malware 🔗"
X Link 2026-02-10T14:49Z [---] followers, [--] engagements
"🚨 Void 🔗 : LLM-Generated Linux C2 Built for Multi-Cloud Stealth and Kernel Hiding VoidLink is a modular Linux C2 framework (Zig ELF64) that profiles hosts across AWS/Azure/GCP and container stacks harvests credentials from env/config/metadata APIs and uses adaptive kernel-level rootkit techniques to stay hidden while communicating over AES-256-GCM HTTPS. This matters because it shows AI-assisted development can now produce cloud-aware hard-to-detect implants that shorten attacker build time and raise baseline sophistication. 🕷 Malware: VoidLink 🎯 Target: Global/Linux Cloud & Containers #"
X Link 2026-02-10T14:53Z [---] followers, [--] engagements
"🚨 SAP February Patch Day Fixes Critical CRM/S/4HANA SQL Injection and NetWeaver Auth Bug SAP released [--] February [----] security notes including two critical fixes: CVE-2026-0488 (CVSS 9.9) code injection in CRM/S/4HANA Scripting Editor enabling authenticated SQL execution and CVE-2026-0509 (CVSS 9.6) NetWeaver missing authorization allowing low-priv users to perform background RFC calls. This matters because both issues can enable database compromise or unauthorized backend actions in high-trust SAP environmentspatch urgently even though SAP didnt note active exploitation. 🎯 Target:"
X Link 2026-02-10T15:20Z [---] followers, [--] engagements
"🚨 North Korean UNC1069 Lures Crypto Exec Into Fake Zoom Deepfake Drops Multi-Tool Malware Stack Mandiant says UNC1069 used a compromised Telegram account + Calendly to lure a crypto-company official into a fake Zoom call featuring a reported CEO deepfake then abused a ClickFix audio troubleshooting flow to trick the victim into running commands that infected a macOS host. The chain deployed backdoors (WAVESHAPER HYPERCALL) and data-miners (DEEPBREATH CHROMEPUSH) to steal credentials cookies Telegram/Notes datasupporting crypto theft and future identity-driven social engineering. 🕷 Malware:"
X Link 2026-02-10T15:32Z [---] followers, [--] engagements
"🚨 TeamPCP Turns Cloud Misconfigurations Into a Worm-Driven Cybercrime Factory TeamPCP (aka PCPcat/ShellForce/DeadCatx3) is mass-scanning for exposed Docker APIs Kubernetes clusters Ray dashboards Redis servers and React2Shell to drop malicious containers/jobs and run tooling that converts each victim into a self-propagating proxy + scanner node for follow-on extortion/ransomware and cryptomining. The key risk is scale: automation weaponizes open doors across cloud fleets (Azure-heavy) into persistent criminal infrastructure. 🕷 Malware: TeamPCP (worm-driven container campaign) 🎯 Target:"
X Link 2026-02-10T15:46Z [---] followers, [--] engagements
"🚨 Critical Gogs RCE Bug Lets Attackers Rewrite .git/config via API (CVE-2025-64111) A critical OS command injection in Gogs (0.13.3) abuses a symlink + repository contents API to overwrite .git/config and inject malicious Git config (e.g. sshCommand) enabling remote code execution during Git operations. Upgrade to 0.13.4 (or 0.14.0+dev) immediately because this turns a source-control server into a direct foothold for supply-chain compromise and lateral movement. 🎯 Target: Global/DevOps (Self-hosted Git) # Category: #Vulnerability #BlueTeam 🔗 URL: https://cyberpress.org/gogs-vulnerability/"
X Link 2026-02-10T15:50Z [---] followers, [--] engagements
"🚨 Critical FortiClient EMS SQLi (CVE-2026-21643) Enables Pre-Auth Remote Compromise Fortinet disclosed CVE-2026-21643 (CVSS 9.8) a pre-auth SQL injection in FortiClientEMS 7.4.4 that allows remote attackers to trigger unauthorized actions via crafted HTTP requestsmaking any exposed EMS web interface a high-value initial-access target. Upgrade to FortiClientEMS 7.4.5+ and restrict admin interface exposure to trusted networks to reduce immediate exploitation risk. 🎯 Target: Global/Enterprise (Endpoint Management) # Category: #Vulnerability #BlueTeam 🔗 URL:"
X Link 2026-02-10T16:20Z [---] followers, [--] engagements
"🚨 0APT Cybercrime Crew Accused of Faking Breaches to Extort Brands Researchers say the 0APT group has been publishing questionable breach claims and using pressure tactics to extract payoutsoften without verifiable proof of compromiseblurring the line between data-extortion and pure fraud. This matters because fake-leak ops can still damage reputations and trigger costly incident response so orgs need proof-driven validation before engaging. 🎯 Target: Global/Multiple Sectors # Category: #CyberCrime #CyberIntel 🔗 URL: https://hackread.com/cybercrime-group-0apt-faking-breach-claims/"
X Link 2026-02-10T16:22Z [---] followers, [--] engagements
"🚨 Reynolds Ransomware Packs BYOVD Driver to Kill EDR Before Encryption A new ransomware strain dubbed Reynolds bundles a vulnerable signed driver (NsecSoft NSecKrnl CVE-2025-68947) inside the payload to terminate EDR/AV processes (e.g. CrowdStrike Cortex XDR Sophos Symantec) before encrypting files reducing the defenders chance to stop execution. This matters because all-in-one BYOVD + ransomware lowers attacker friction and makes prevention heavily dependent on driver-blocking and strict exposure controls. 🕷 Malware: Reynolds Ransomware (BYOVD: NsecSoft NSecKrnl) 🎯 Target:"
X Link 2026-02-10T16:30Z [---] followers, [--] engagements
"🚨 OT Attacks Are Moving From Spillover to Living-off-the-Plant Sabotage Dark Reading warns OT attackers are starting to gain real process comprehension enabling living-off-the-plant tradecraft that abuses legitimate industrial protocols/features (e.g. Siemens S7comm config fields) for stealthy manipulation rather than blunt IT-to-OT ransomware spillover. This matters because once adversaries understand specific physical processes they can blend into operations and drive real-world disruption with far less detectable tooling. 🎯 Target: Global/ICS & OT # Category: #CyberIntel #BlueTeam 🔗"
X Link 2026-02-10T16:34Z [---] followers, [--] engagements
"🚨 SAP February Patch Day Fixes Critical Code Injection in CRM/S/4HANA and NetWeaver Auth Flaw SAPs February [--] [----] patch day shipped [--] new notes + [--] update led by CVE-2026-0488 (CVSS 9.9) code injection in SAP CRM/S/4HANA Scripting Editor and CVE-2026-0509 (CVSS 9.6) missing authorization in NetWeaver AS ABAP/ABAP Platformboth enabling low-priv authenticated users to escalate into high-impact compromise. Additional fixes include XML Signature Wrapping and multiple DoS/redirect issues across SAP components so SAP landscapes should prioritize patching and reduce exposure of user-facing"
X Link 2026-02-10T16:57Z [---] followers, [--] engagements
"🚨 ILOVEPOOP Toolkit Mass-Exploits React2Shell (CVE-2025-55182) to Drop Payloads WhoisXMLAPI-linked telemetry ties large-scale React2Shell exploitation to the ILOVEPOOP toolkit which scans exposed Next.js/React Server Components routes (e.g. /_next/server /_next/flight) and uses distinctive headers (e.g. X-Nextjs-Request-Id: poop1234) from Netherlands-hosted infrastructure to compromise targets fast. This matters because it turns a critical unauth RCE into industrialized repeatable initial access across SaaS retail and governmentmaking rapid patching and WAF/header blocking urgent. 🕷"
X Link 2026-02-10T16:59Z [---] followers, [--] engagements
"🚨 Volvo Group North America Says Conduent Hack Exposed Customer and Staff PII Volvo Group North America disclosed a third-party breach after Conduent systems were compromised exposing [-----] customers/staff details including SSNs DOB health insurance info and medical data. This matters because the dataset is high-fidelity for identity fraud and targeted social engineering and victims may not realize a vendor can be the weakest link. 🎯 Target: North America/Volvo Customers & Staff # Category: #DataBreach #TargetedAttacks 🔗 URL:"
X Link 2026-02-10T17:25Z [---] followers, [--] engagements
"🚨 Microsoft Pushes New Secure Boot Certificates Ahead of June [----] Expiry Microsoft is rolling out refreshed Secure Boot certificates via monthly Windows updates to replace 2011-era certs starting to expire in late June [----] aiming to preserve UEFI boot trust and prevent pre-boot malware from loading. This matters because devices that miss the refresh may fall into a degraded Secure Boot state and could face boot/security-update compatibility issues unless OEM firmware and Windows updates are applied. 🎯 Target: Global/Windows Devices # Category: #BlueTeam #SecurityTips 🔗 URL:"
X Link 2026-02-10T17:27Z [---] followers, [--] engagements
"🚨 Reco Raises $30M to Lock Down AI-Driven SaaS Sprawl Reco raised $30M Series B (total $85M) to scale its AI SaaS security platform using its own AI agents to continuously discover apps identities access paths and AI-driven activity across SaaS environments. This matters because AI agents behave like new privileged userswithout continuous visibility and governance they become fast paths to data exposure and account abuse. 🎯 Target: Global/Enterprise SaaS # Category: #BlueTeam #AI_Threats 🔗 URL: https://www.securityweek.com/reco-raises-30-million-to-enhance-ai-saas-security/"
X Link 2026-02-10T17:29Z [---] followers, [--] engagements
"🚨 Vega Secures $120M Series B to Scale Next-Gen Security Analytics Israeli security analytics startup Vega raised $120M in Series B led by Accel (with Cyberstarts Redpoint and CRV) to accelerate growth and expand its security analytics platform after emerging from stealth in Sept [----]. This matters because well-funded analytics platforms can materially improve detection/investigation speedespecially as orgs drown in alert volume and fragmented telemetry. 🎯 Target: Global/Enterprise Security # Category: #BlueTeam #CyberIntel 🔗 URL:"
X Link 2026-02-10T17:31Z [---] followers, [--] engagements
"🚨 FortiSandbox GUI XSS Bug Enables Unauth Command Execution (CVE-2025-52436) Fortinet disclosed a high-severity reflected XSS in FortiSandboxs GUI (CVE-2025-52436 CVSS 7.9) where crafted requests can inject script that once an admin views the page can lead to arbitrary command execution. Patch affected FortiSandbox PaaS builds (5.0.05.0.1 4.4.04.4.7) and restrict/segment GUI access until upgraded. 🎯 Target: Global/Enterprises using FortiSandbox # Category: #Vulnerability #BlueTeam 🔗 URL: https://cybersecuritynews.com/fortisandbox-xss-vulnerability/"
X Link 2026-02-10T17:35Z [---] followers, [--] engagements
"🚨 Threat Hunting Isnt Mature Until Its Repeatable: Why Many SOC Hunts Miss Real Attacks The piece argues many threat-hunting programs fail because they rely on fragmented static intel (isolated IOCs/MITRE mappings) instead of fresh execution telemetry (process trees registry network flows) causing low-confidence hunts and long dwell times. It highlights sandbox-derived threat intel (e.g. behavior-focused TI lookups YARA pre-validation industry/geo filtering) as the path to scalable measurable hunting ROI. 🎯 Target: Global/Enterprise SOC # Category: #BlueTeam #SecurityTips #CyberIntel 🔗"
X Link 2026-02-10T17:37Z [---] followers, [--] engagements
"🚨 FortiOS LDAP Auth Bypass Flaw Lets Attackers Slip Past Agentless VPN/FSSO (CVE-2026-22153) Fortinet disclosed CVE-2026-22153 (FG-IR-25-1052) a high-severity auth bypass in FortiOS 7.6.07.6.4 where certain LDAP configurations that allow unauthenticated binds can let attackers sidestep LDAP authentication for Agentless VPN or FSSO policies. Upgrade to FortiOS 7.6.5+ and disable anonymous/unauthenticated LDAP binds to prevent unauthorized network access via SSL-VPN policy controls. 🎯 Target: Global/Enterprise (FortiOS SSL-VPN Agentless VPN FSSO) # Category: #Vulnerability #BlueTeam 🔗 URL:"
X Link 2026-02-10T17:39Z [---] followers, [--] engagements
"🚨 DPRK IT Workers Hijack Real LinkedIn Accounts to Infiltrate Companies North Korean operatives are escalating the IT worker scheme by applying for remote roles using real peoples LinkedIn accounts (often with verified emails/badges) increasing credibility while aiming to generate revenue and steal sensitive corporate data. The same ecosystem overlaps with fake recruiting flows (Contagious Interview) that trick targets into running malicious code leading to malware deployment and persistent access. 🕷 Malware: BeaverTail InvisibleFerret Koalemos RAT 🎯 Target: Global/Enterprise # Category:"
X Link 2026-02-10T18:19Z [---] followers, [--] engagements
"🚨 Adobe February Patch Tuesday Fixes [--] Flaws Across Creative Cloud Apps Adobe released fixes for [--] vulnerabilities across multiple Creative Cloud products (including After Effects InDesign Audition Lightroom Classic Bridge and Substance 3D tools) with several rated critical and potentially enabling arbitrary code execution. This matters because creative suites are common phishing/malvertising targetsunpatched media parsers and project files can be reliable initial-access vectors in enterprise desktops. 🎯 Target: Global/Creative & Enterprise Workstations # Category: #Vulnerability"
X Link 2026-02-10T18:21Z [---] followers, [--] engagements
"🚨 EU Unconditionally Clears Googles $32B Wiz Acquisition EU antitrust regulators approved Googles all-cash $32B purchase of cloud security firm Wiz without conditions saying the deal wont materially reduce competition and customers will still have credible cloud/cybersecurity alternatives. This matters because it accelerates consolidation in cloud security and could shift enterprise buying toward tighter Google Cloud + Wiz integration. 🎯 Target: EU/Cloud & Cybersecurity Market # Category: #CyberLaw #CyberIntel 🔗 URL:"
X Link 2026-02-10T18:28Z [---] followers, [--] engagements
"🚨 Illinois Man Pleads Guilty After Phishing Snapchat 2FA Codes to Steal Nude Photos Kyle Svara pleaded guilty to phishing Snapchat security codes from hundreds of women by impersonating Snapchat support then using the codes to access dozens of accounts and steal nude/semi-nude images for keeping selling or trading. This matters because its a textbook MFA/OTP social-engineering takeover that bypasses account protections without hacking the platform itself. 🎯 Target: USA/Consumers (Snapchat Users) # Category: #CyberCrime #CyberLaw 🔗 URL:"
X Link 2026-02-10T18:30Z [---] followers, [---] engagements
"🚨 Microsoft February Patch Tuesday Fixes [--] Bugs Including [--] Zero-Days Across Windows Office Azure Microsofts Feb [--] [----] Patch Tuesday addresses [--] vulnerabilities including six zero-days (publicly disclosed and/or exploited) spanning Windows Office/Word MSHTML Desktop Window Manager Remote Desktop Services and more. This matters because attackers can chain these classes (bypass EoP RCE) for rapid compromise so orgs should prioritize zero-days and high-impact surfaces like RDS Office and Azure workloads. 🎯 Target: Global/Windows & Enterprise IT # Category: #Vulnerability #BlueTeam 🔗 URL:"
X Link 2026-02-10T18:32Z [---] followers, [--] engagements
"🚨 Top [--] DDoS Protection Solutions in 2026: Choosing the Right Shield for Volumetric + L7 Attacks CyberPress reviews leading DDoS protection options (e.g. Cloudflare Akamai Prolexic AWS Shield Advanced Google Cloud Armor Azure DDoS) and compares key capabilities like managed SOC coverage on-prem options and mitigation guarantees. The takeaway: selection should be driven by your attack profile (L3/4 vs L7) where your workloads run (cloud vs hybrid) and how much 24/7 managed response you need. 🎯 Target: Global/Enterprise # Category: #BlueTeam #SecurityTips 🔗 URL:"
X Link 2026-02-10T18:36Z [---] followers, [--] engagements
"🚨 Claude Desktop Zero-Click RCE: One Google Calendar Event Can Pop Your System Researchers found a zero-click remote code execution flaw in Claude Desktop Extensions where a single malicious Google Calendar event can trigger Claude into executing arbitrary local code enabling silent compromise without the victim clicking anything. This matters because DXT extensions run unsandboxed with broad system accessturning low-risk connectors into high-risk code execution paths. 🎯 Target: Global/Claude Desktop Users # Category: #Vulnerability #AI_Threats #BlueTeam 🔗 URL:"
X Link 2026-02-10T19:24Z [---] followers, [--] engagements
"🚨 Bipartisan U.S. Bill Would Put Treasury in Charge of National Digital Identity Defense A new bipartisan House bill would center the U.S. Treasury Department in a nationwide effort to harden digital identity infrastructure and reduce identity theft/fraud including support for state modernization and more secure identity verification. This matters because a unified federal push could standardize stronger identity controls across agencies and the private sectorshrinking the attack surface for synthetic ID and credential-based abuse. 🎯 Target: USA/Government & Financial Ecosystem # Category:"
X Link 2026-02-10T19:36Z [---] followers, [--] engagements
"🚨 Microsoft Patches [--] Actively Exploited Zero-Days in February [----] Patch Tuesday Microsofts Feb [--] [----] Patch Tuesday fixes [--] bugs including six actively exploited zero-days spanning SmartScreen/Windows Shell prompt bypass (CVE-2026-21510) Office OLE mitigation bypass (CVE-2026-21514) IE security feature bypass (CVE-2026-21513) DWM local EoP (CVE-2026-21519) RDS EoP to SYSTEM (CVE-2026-21533) and a Remote Access Connection Manager local DoS (CVE-2026-21525). The key risk is exploit chaining (bypass EoP) for rapid enterprise compromise so prioritize patching these six first. 🎯 Target:"
X Link 2026-02-10T20:21Z [---] followers, [---] engagements
"🚨 OpenClaw Partners with VirusTotal to Block Malicious Skills on ClawHub OpenClaw and Googles VirusTotal added automatic scanning (TI database + Code Insight) for every ClawHub skill using SHA-256 fingerprinting and full-bundle analysis blocking confirmed-malicious uploads and warning on suspicious ones. This matters because agent skills run with real system access turning the marketplace into a high-impact supply-chain and prompt-injection attack surface. 🎯 Target: Global/AI Agent Marketplace # Category: #AI_Threats #BlueTeam #CyberIntel 🔗 URL:"
X Link 2026-02-10T20:27Z [---] followers, [--] engagements
"🚨 Real-Time Vishing Hijacks Apple Pay Fraud Alerts to Steal Apple IDs and 2FA Codes Attackers send convincing Apple Pay fraud alert emails that push victims to call a fake Apple Billing & Fraud Prevention agent who then social-engineers Apple ID login details and verification codes to bypass 2FA and harvest bank/Apple Pay card data. This matters because its a high-trust real-time phone takeover flow that converts fear + urgency into instant account compromise. 🎯 Target: Global/Apple Pay Users # Category: #CyberCrime #SecurityTips 🔗 URL:"
X Link 2026-02-10T20:33Z [---] followers, [--] engagements
"🚨 RenEngine Loader Hits 400K+ PCs via Pirated Games Drops HijackLoader and ACR Stealer A global campaign hid malicious Python logic inside RenPy launchers of pirated AAA games triggering RenEngine Loader sandbox checks and a HijackLoader variant that uses process doppelgnging before deploying ACR Stealer. The stealer exfiltrates browser creds/cookies system details clipboard data and crypto wallet infoshowing how cracked-game supply chains can scale credential theft fast. 🕷 Malware: RenEngine Loader HijackLoader ACR Stealer 🎯 Target: Global (India USA Brazil) # Category: #Malware"
X Link 2026-02-10T20:35Z [---] followers, [--] engagements
"🚨 Odyssey Stealer Surge Hits macOS Worldwide via Fake Updates and Cracked Apps Odyssey Stealer infections are spiking globally (notably U.S. France Spain) spreading through legit-looking software updates cracked tools and fraudulent apps to steal browser-stored data and macOS Keychain secrets while generating unique fingerprints/hashes per victim to evade AV. This matters because its automated variant churn and constant code reshaping make blocklists ineffective and increase long-term credential-theft risk. 🕷 Malware: Odyssey Stealer 🎯 Target: Global/macOS Users (U.S. France Spain most"
X Link 2026-02-10T20:37Z [---] followers, [--] engagements
"🚨 Report: China Dominates Global Hacking Groups Driving State-on-State Pre-Positioning SC Media cites Vedere Labs analysis showing China led worldwide threat operations in [----] (210 groups2 Russia [--] Iran) with government financial services and telecom most targeted and pre-positioning activity rising against South Korea and Taiwan. The takeaway: geopolitically driven access staging is accelerating making identity hardening and critical-network segmentation non-negotiable for these sectors. 🎯 Target: Global/Government Finance Telecom # Category: #CyberIntel 🔗 URL:"
X Link 2026-02-10T20:41Z [---] followers, [--] engagements
"🚨 DHS Inspector General Opens Audit Into Biometric & Facial Recognition Privacy Practices DHS Office of Inspector General has launched an audit into how DHS collects manages shares and secures biometric data and PII used for immigration enforcement initially focusing on ICE and the Office of Biometric Identity Management. The probe follows allegations of broad facial recognition and license-plate data collection and will assess compliance with law regulation and DHS policy. 🎯 Target: USA/Government (DHS/ICE) # Category: #CyberLaw #BlueTeam 🔗 URL:"
X Link 2026-02-10T20:43Z [---] followers, [--] engagements
"🚨 New Anti-Fraud Tools Aim to Stop GenAI-Powered Synthetic Identity Attacks A wave of new fraud-prevention releases (Equifax Synthetic Identity Risk ComplyCubes no-code KYC builder iDenfy for Adobe Commerce Seon+Domaine for Shopify and LexisNexis IDVerse for Insurance) targets synthetic ID fraud amplified by generative AI. The shift is toward proactive risk-adaptive verification and orchestration at onboarding and throughout account lifecycle. 🎯 Target: Global/Finance & Digital Identity # Category: #AI_Threats #BlueTeam 🔗 URL:"
X Link 2026-02-10T20:49Z [---] followers, [--] engagements
"🚨 Best Test Data Management Tools for 2026: Faster QA Without Leaking Real PII HackRead reviews top Test Data Management (TDM) platforms for [----] (e.g. Delphix Informatica TDM Broadcom IBM Optim DATPROF GenRocket) focused on masking/anonymization synthetic data generation subsetting and CI/CD automation to speed testing while meeting privacy requirements. The takeaway: TDM is a security control as much as a QA enablerusing production data without strong masking is a recurring breach pattern. 🎯 Target: Global/Software QA & Data Teams # Category: #SecurityTips #BlueTeam 🔗 URL:"
X Link 2026-02-10T21:25Z [---] followers, [--] engagements
"🚨 CyberScoop: Microsoft Feb [----] Patch Tuesday Matches Last Years High With [--] Exploited Zero-Days Microsofts Feb [--] [----] Patch Tuesday fixes [--] vulnerabilities including six zero-days already exploited in the wildtwo top-rated (CVSS 8.8) hit Windows Shell and Internet Explorer with others impacting Word DWM and Remote Desktop. This matters because multiple bugs are security-feature bypasses that reduce user-protection prompts making phishing-to-compromise chains more reliable. 🎯 Target: Global/Windows & Enterprise IT # Category: #Vulnerability #BlueTeam #CyberIntel 🔗 URL:"
X Link 2026-02-10T21:27Z [---] followers, [--] engagements
"🚨 Critical BeyondTrust Pre-Auth RCE Bug (CVE-2026-1731) Demands Immediate Patching BeyondTrust warned a critical pre-auth OS command injection flaw (CVE-2026-1731 CVSS 9.9) in Remote Support and certain Privileged Remote Access versions could let unauthenticated attackers execute arbitrary commands remotely. Patch immediately (RS 25.3.2+ / PRA 25.1.1+ or vendor patch BT26-02) because these tools are often internet-facing and a compromise can become instant enterprise foothold. 🎯 Target: Global/Enterprises using BeyondTrust RS/PRA # Category: #Vulnerability #BlueTeam 🔗 URL:"
X Link 2026-02-10T21:34Z [---] followers, [---] engagements
"🚨 Bloody Wolf (Stan Ghouls) Spear-Phishes Uzbekistan & Russia to Deploy NetSupport RAT Bloody Wolf is running localized phishing lures (legal/court-themed decoys) to drop a Java-based loader and deploy NetSupport RAT with multi-layer persistence enabling full remote control data theft and follow-on tooling against victims in Uzbekistan and Russia. This matters because NetSupport is legit remote admin software that blends in with normal IT activity making detection harder without behavior-based controls. 🕷 Malware: NetSupport RAT 🎯 Target: Uzbekistan & Russia/Multiple Sectors # Category:"
X Link 2026-02-10T21:36Z [---] followers, [--] engagements
"🚨 CrowdStrike: The Human-AI Feedback Loop Powering Agentic SOC Accuracy CrowdStrike explains how its agentic defense models are trained on expert-annotated real-world intrusion decisions (MDR + threat hunting) not just raw detections to teach AI why it matters and reduce false positives at SOC scale. The key takeaway is governance-by-design: continuous human validation creates a living training corpus that keeps pace with novel adversary tradecraft. 🎯 Target: Global/SOC & Enterprise Security Teams # Category: #BlueTeam #AI_Threats #CyberIntel 🔗 URL:"
X Link 2026-02-10T21:50Z [---] followers, [--] engagements
"🚨 Krebs: Microsoft Fixes [--] Exploited Zero-Days in Feb [----] Patch Tuesday (50+ Bugs Total) Microsofts Feb [--] [----] Patch Tuesday fixes 50+ flaws including six zero-days already exploited in the wildcovering Windows Shell/MSHTML/Word security-feature bypasses plus local EoP in Remote Desktop Services and DWM. It also patches prompt-injectiontriggered command injection RCEs affecting GitHub Copilot and popular IDEs (VS Code/Visual Studio/JetBrains) raising the urgency for dev workstations and RDS hosts. 🎯 Target: Global/Windows & Enterprise IT # Category: #Vulnerability #BlueTeam #CyberIntel 🔗"
X Link 2026-02-10T22:24Z [---] followers, [--] engagements
"🚨 Senate Intel Committee Advances Trumps Cyber Command/NSA Nominee Joshua Rudd The Senate Intelligence Committee voted [---] on Feb [--] [----] to advance Army Lt. Gen. Joshua Rudd to the full Senate to lead U.S. Cyber Command and the NSA after Armed Services also cleared him due to the dual-hat structure. This matters because the agencies have lacked a permanent leader for [--] months and any Senate hold could still delay confirmation. 🎯 Target: USA/Government # Category: #CyberLaw 🔗 URL: https://therecord.media/cyber-command-nsa-nominee-rudd-advances-to-senate"
X Link 2026-02-10T22:26Z [---] followers, [--] engagements
"🚨 Microsoft Patches [--] Actively Exploited Zero-Days in February [----] Patch Tuesday Dark Reading reports Microsofts Feb [----] updates fix [--] vulnerabilities including six in-the-wild zero-daysthree are security feature bypasses (Windows Shell IE/MSHTML and Word/OLE) that make phishing-to-execution chains more reliable plus local privilege escalation bugs in DWM and Remote Desktop Services. The urgency is exploit-chaining: bypassing protections + escalating privileges can turn a single user click into full enterprise compromise. 🎯 Target: Global/Windows & Enterprise IT # Category:"
X Link 2026-02-10T22:32Z [---] followers, [--] engagements
"🚨 North Korean Hackers Deploy New macOS Malware to Steal Crypto in Targeted Campaign Researchers say DPRK-linked UNC1069 is using a bespoke macOS malware bundle in attacks on crypto/VC targets combining custom loaders with credential/keychain theft and backdoors to exfiltrate sensitive wallet and session data. This matters because bespoke macOS tooling signals long-term strategic focus on high-value financial targets beyond common commodity crimeware. 🕷 Malware: macOS-specific loader & credential theft tools 🎯 Target: Global/Crypto & Finance # Category: #APT #Malware #TargetedAttacks 🔗"
X Link 2026-02-10T22:38Z [---] followers, [--] engagements
"🚨 PhotoID Apps Leak Sensitive Data of [------] Users via Cloud Misconfigurations Multiple mobile photoID/identityverification apps exposed user PII (names DOBs encoded images) and usersubmitted identity documents because of publicly accessible AWS S3 buckets/Elasticsearch instances with weak/no auth. This matters because identity proofing data is highvalue for fraud synthetic identity and targeted phishing and unprotected cloud storage remains a recurring breach vector. 🎯 Target: Global/Consumers (PhotoID App Users) # Category: #DataBreach #BlueTeam 🔗 URL:"
X Link 2026-02-10T22:51Z [---] followers, [--] engagements
"🚨 One Prompt Can Unalign LLM Safety Microsoft Study Warns Microsoft researchers found that a single malicious fine-tuning prompt can broadly degrade safety alignment across multiple LLMs increasing harmful-output compliance beyond the original prompts domain. This matters because downstream customization (fine-tuning/RL-style updates) can become an attacker-controlled path to safety rollback in deployed AI systems. 🎯 Target: Global/AI (LLM deployments & fine-tuned models) # Category: #AI_Threats #CyberIntel #BlueTeam 🔗 URL:"
X Link 2026-02-10T23:25Z [---] followers, [--] engagements
"🚨 SolarWinds Web Help Desk Flaws Actively Exploited to Deploy C2 Tunnels and SSH Backdoors Attackers are exploiting SolarWinds Web Help Desk vulnerabilities (CVE-2025-40551 CVE-2026-26399) for initial access then installing a maliciously configured Zoho ManageEngine Assist agent for AD recon and abusing an older Velociraptor build as a C2 frameworkplus Cloudflared tunneling and a QEMU-launched SSH backdoor for persistence. At least three orgs have been hit signaling real-world weaponization and a fast patch/IR priority for exposed WHD instances. (abused tools: Zoho ManageEngine Assist"
X Link 2026-02-11T00:42Z [---] followers, [---] engagements
"🚨 Cohesity Integrates Google Threat Intelligence to Scan Backups for Hidden Malware Cohesity is embedding Google Cloud Threat Intelligence and Private Scanning directly into the Cohesity Data Cloud UI to identify malware and suspicious files/URLs inside backups before recovery reducing reinfection risk. The integration provides privacy-preserving analysis and centralized context for security/IT teams and is now generally available. 🎯 Target: Global/Enterprise (Backup & Cloud data platforms) # Category: #BlueTeam #CyberIntel 🔗 URL:"
X Link 2026-02-11T00:46Z [---] followers, [--] engagements
"🚨 Sysdig: AI-Assisted AWS Breach Hit Admin in Under [--] Minutes Sysdig details a November [----] AWS intrusion where exposed S3-stored credentials enabled rapid escalation via Lambda code injection with strong indicators attackers used LLMs for recon code generation and real-time decisionscompleting the chain in [--] minutes. Post-compromise activity included lateral movement across multiple identities data theft from AWS services and abuse of Amazon Bedrock and EC2 GPU resources turning cloud misconfigurations into high-speed high-cost incidents. 🎯 Target: Global/Cloud (AWS) # Category:"
X Link 2026-02-11T00:48Z [---] followers, [--] engagements
"🚨 Microsoft Refreshes Secure Boot Certificates Ahead of June [----] Expiry Microsoft is updating expiring Secure Boot certificates on Windows devices (first issued in 2011) and rolling out new [----] certificates warning some organizations may need firmware readiness checks and staged validation to avoid boot issues. The risk is operational and security-critical: devices that dont transition can lose future boot-chain protections and revocation updates weakening defenses against boot-level threats. 🎯 Target: Global/Enterprise (Windows endpoints & servers) # Category: #BlueTeam #SecurityTips 🔗"
X Link 2026-02-11T00:52Z [---] followers, [--] engagements
"🚨 Security Teams Absorb the Hidden Risk of AI-Driven IT Spend Sprawl A Tangoe report highlights how AI-driven cost sprawl across mobile SaaS cloud and telecom translates into security risk: mobile becomes a GenAI phishing/deepfake entry point UEM fragmentation weakens posture enforcement and SaaS/license sprawl fuels identity/API-token exposure and shadow IT. The core message is that spend governance (inventory lifecycle management tagging/ownership) is now a security controland AI usage metrics can even become anomaly signals for abuse. 🎯 Target: Global/Enterprise # Category: #BlueTeam"
X Link 2026-02-11T05:32Z [---] followers, [--] engagements
"🚨 VoidLink AI-Written Linux C2 Highlights LLM-Generated Malware Maturing Fast Researchers detail VoidLink a Zig-based Linux C2/implant framework for cloud and enterprise intrusion with indicators it was largely produced by an LLM coding agent (AI artifacts + minimal human refinement). The risk is scaling: AI-assisted development can let smaller actors build advanced modular implants fastercompressing attacker innovation cycles for cloud-native Linux targets. 🕷 Malware: VoidLink 🎯 Target: Global/Cloud & Enterprise Linux # Category: #Malware #AI_Threats #CyberIntel 🔗 URL:"
X Link 2026-02-11T06:35Z [---] followers, [--] engagements
"🚨 CrowdStrike Feb [----] Patch Tuesday: [--] In-The-Wild Zero-Days RDS PrivEsc Actively Abused CrowdStrikes analysis of Microsofts February [----] release (59 CVEs) highlights six actively exploited zero-days including CVE-2026-21533 (Windows Remote Desktop Services EoP) where exploit code modifies a service configuration key to enable privilege escalation (observed targeting US/Canada entities since at least Dec [--] 2025). Key takeaway: prioritize rapid patching and retrospective hunting for RDS/priv-esc activity because public disclosure is likely to accelerate weaponization. 🎯 Target: USA &"
X Link 2026-02-11T06:37Z [---] followers, [---] engagements
"🚨 UNC1069 (DPRK) Uses AI Deepfake Zoom Lures to Hit Crypto Orgs With New Malware Tooling Google Mandiant says North Korealinked UNC1069 is targeting crypto firms via compromised Telegram accounts Calendly-scheduled fake Zoom calls ClickFix-style execution and AI-generated/deepfake video lures to trick victims into installing stealers/backdoors on Windows and macOS. The campaign deploys multiple new families (e.g. BIGMACHO DEEPBREATH CHROMEPUSH) alongside SUGARLOADER to harvest credentials browser/session tokens and keychain data for direct financial theft. 🕷 Malware: BIGMACHO DEEPBREATH"
X Link 2026-02-11T07:30Z [---] followers, [--] engagements
"🚨 Groupe Rocher CISO: Where Retail Security Strategy Breaksand How to Fix It In an interview Groupe Rocher CISO Jrme Etienne explains why retail security often fails at execution (POS/in-store tech treated as secondary weak third-party controls and misaligned priorities vs. real risk) and argues for embedding cyber into business strategy with threat-intel continuous audits and stronger vendor governance. Key takeaway: retails blended digital + physical footprint makes supply chain and in-store systems first-class security concerns not afterthoughts. 🎯 Target: Global/Retail (Beauty) #"
X Link 2026-02-11T07:34Z [---] followers, [--] engagements
"🚨 Windows Shell Zero-Day CVE-2026-21510 Actively Exploited to Bypass SmartScreen/MOTW Microsoft patched CVE-2026-21510 an in-the-wild Windows Shell security feature bypass that lets specially crafted files (e.g. malicious shortcuts/links) evade Mark-of-the-Web/SmartScreen prompts so code can run without user warning/consent. Patch immediately (Feb [--] [----] updates) and treat untrusted .LNK/link files as high-risk until fleets are fully updated. 🎯 Target: Global/Windows (Enterprise & End-users) # Category: #Vulnerability #BlueTeam 🔗 URL:"
X Link 2026-02-11T07:36Z [---] followers, [--] engagements
"🚨 Microsoft Feb [----] Patch Tuesday: [--] Fixes [--] Zero-Days Exploited In-The-Wild Microsofts February [----] Patch Tuesday fixes [--] vulnerabilities across Windows Office Exchange and Azure including six zero-days already being exploited (notably MoTW/SmartScreen bypasses and multiple privilege escalations like DWM and RDS EoP). Priority is immediate patchingespecially for internet-facing services and RDS-enabled systemsbecause active exploitation raises ransomware and takeover risk. 🎯 Target: Global/Enterprise (Windows + Microsoft stack) # Category: #Vulnerability #BlueTeam 🔗 URL:"
X Link 2026-02-11T07:38Z [---] followers, [--] engagements
"🚨 UNC1069 (DPRK) Targets Finance/Crypto with AI Deepfake Lures and Multi-Malware Toolset Google Mandiant links UNC1069 to a FinTech intrusion using compromised Telegram accounts fake Zoom meetings (incl. reported AI/deepfake video) and ClickFix-style execution to drop multiple new malware families in one compromise. The operation is optimized for credential/session-token theft and rapid monetization against cryptocurrency/DeFi ecosystems. 🕷 Malware: SILENCELIFT DEEPBREATH CHROMEPUSH SUGARLOADER (plus additional families reported) 🎯 Target: Global/Finance (Crypto & DeFi) # Category: #APT"
X Link 2026-02-11T07:42Z [---] followers, [--] engagements
"🚨 ICS Patch Tuesday: Siemens Schneider Aveva Phoenix Contact Push High-Impact OT Fixes Patch Tuesday advisories from Siemens Schneider Electric Aveva and Phoenix Contact address high-severity ICS/OT flaws enabling unauthorized access XSS DoS code execution and privilege escalation across products like Desigo CC Sinec NMS EcoStruxure Building Operation SCADAPack RTUs and Aveva PI components. OT defenders should treat this as an urgent patch-and-mitigate cycle especially for internet-exposed management interfaces and environments relying on vulnerable third-party components (e.g. OpenSSL). 🎯"
X Link 2026-02-11T08:31Z [---] followers, [--] engagements
"🚨 TeamPCP Automates Cloud Takeovers by Abusing Exposed Control Planes at Scale TeamPCP (aka PCPcat/ShellForce/DeadCatx3) is running a worm-like campaign that compromises exposed Docker APIs Kubernetes clusters Ray dashboards and Redis servicesplus exploits React2Shell (CVE-2025-29927)to rapidly convert misconfigured cloud infrastructure into a self-propagating criminal platform. The operation prioritizes scalable access via weak configs/public management interfaces making cloud posture hygiene (authn network exposure hardening) the primary control. (TeamPCP campaign/tooling) 🎯 Target:"
X Link 2026-02-11T08:39Z [---] followers, [--] engagements
"🚨 Yubico Previews Passkey-Enabled Digital Signatures in Upcoming YubiKey [---] Firmware Yubico says upcoming YubiKey [---] will add FIDO CTAP [---] support and preview WebAuthn signing extensions to enable privacy-capable hardware-backed digital signatures tied to passkeys. The security impact is stronger phishing-resistant authentication plus higher-assurance transaction signing for enterprise IdPs and digital wallet/payment flows. 🎯 Target: Global/Identity & Authentication (Enterprise + consumer wallets) # Category: #BlueTeam #SecurityTips 🔗 URL:"
X Link 2026-02-11T09:34Z [---] followers, [--] engagements
"🚨 Coinbase Cartel Scales Leak-Only Extortion Across High-Value Industries Coinbase Cartel is running data-theft-first extortion (no encryption) using social engineering/initial-access brokers and stolen credentials to exfiltrate sensitive data suppress logs and pressure victims via timed leak-site deadlines and auctions. The group disproportionately targets healthcare tech and transportationwith a notable concentration in UAE healthcareindicating a high-risk blend of financial extortion and potential strategic targeting. 🎯 Target: Global/Healthcare Technology Transportation (notably"
X Link 2026-02-11T09:36Z [---] followers, [--] engagements
"🚨 Wedding Vendors Targeted via Fake Teams Meetings to Drop Info-Stealer Malware Attackers impersonate legal professionals using compromised legitimate email accounts then pivot victims to a fake Microsoft Teams meeting link that redirects to a spoofed Teams download page hosting Windows executables with stealer behavior (credential/session token theft). This collaboration-tool abuse bypasses email-only defenses and puts wedding planners/vendors at risk of account takeover payment fraud and downstream client data exposure. 🕷 Malware: Info-stealer (name not specified) 🎯 Target: USA/Wedding"
X Link 2026-02-11T09:40Z [---] followers, [--] engagements
"🚨 Chipmaker Patch Tuesday: Intel + AMD Ship Fixes for 80+ Hardware/Driver CVEs Intel and AMD published February [----] advisories covering 80+ vulnerabilities including high-severity issues spanning Intel TDX (incl. a Google-collaboration finding with potential full compromise impact) CSME DoS/info disclosure QAT and firmware privilege escalation plus AMD CPU/GPU driver and EPYC flaws enabling unauthorized access code execution DoS info disclosure and privilege escalation. The takeaway: treat this as an urgent firmware/driver hygiene cycle for enterprise fleets and cloud hosts because several"
X Link 2026-02-11T11:34Z [---] followers, [--] engagements
"🚨 Telemon ISP Breach Allegedly Leaks 42K Customer Records Including Debt Data Dominican Republic ISP Telemon SRL was allegedly scraped with an actor releasing a leak_telemon.7z database affecting 42000+ users and containing PII plus financial fields (IDs addresses emails geo-coordinates contract status and debt amounts). This is high-risk for identity fraud targeted phishing and customer extortion given the mix of national IDs location data and payment/debt details. 🎯 Target: Dominican Republic/Telecommunications (ISP) # Category: #DataBreach #CyberCrime #TargetedAttacks 🔗 URL:"
X Link 2026-02-11T11:56Z [---] followers, [--] engagements
"🚨 GDQuest Leak Exposes [-----] Learner Records Including Stripe IDs and Course Activity A leaked database tied to allegedly exposes data on 37000+ users including emails nicknames user IDs Stripe customer IDs purchase history and course access/progress logs. The mix of identity + billing-linked identifiers raises risk of targeted phishing account takeover attempts and payment-fraud profiling against the platforms student base. 🎯 Target: France/Education (Online learning) # Category: #DataBreach #CyberCrime #TargetedAttacks 🔗 URL:"
X Link 2026-02-11T12:00Z [---] followers, [--] engagements
"🚨 U.S. Court Hands Pig-Butchering Crypto Scammer [--] Years in $73M Fraud Case A U.S. federal court sentenced Daren Li to the statutory maximum [--] years (in absentia after he fled) for laundering $73M+ from a global pig-butchering crypto investment scam run from Cambodia-based scam centers. The case underscores escalating law-enforcement pressure on transnational crypto-fraud networks and the real-world risk of romance/investment lures converting directly into large-scale financial losses. 🎯 Target: USA/Finance (Global crypto-investment fraud victims) # Category: #CyberCrime #CyberLaw 🔗 URL:"
X Link 2026-02-11T12:39Z [---] followers, [--] engagements
"🚨 Prompt Injection Goes Physical: Road Signs Can Hijack Embodied AI Commands Research discussed by Schneier describes CHAI where attackers embed natural-language instructions into real-world visual inputs (e.g. road signs) to hijack large vision-language models controlling vehicles/drones using automated prompt search to generate effective visual attack prompts. This matters because it turns the physical environment into a command channel enabling unsafe navigation/actions even when the AI is otherwise aligned. 🎯 Target: Global/Autonomous systems (self-driving drones embodied AI) #"
X Link 2026-02-11T12:41Z [---] followers, [--] engagements
"🚨 MCP Security: The New Toolchain Attack Surface for Agentic AI SOC Prime warns MCP turns LLM apps into action-taking control planes where prompt/indirect injection tool poisoning/shadowing token passthrough session hijacking and overbroad scopes can trigger unauthorized actions or data exposure across connected SaaS/APIs. Mitigations focus on least-privilege scopes explicit user-consent enforcement strong authn/z + token validation sandboxed/local-server hardening supply-chain controls (pin/scan/review) and comprehensive audit/monitoring of tool calls. 🎯 Target: Global/Enterprise (Agentic"
X Link 2026-02-11T12:45Z [---] followers, [--] engagements
"🚨 FIRST Warns [----] Could Shatter CVE Volume Records Past [-----] FIRSTs [----] vulnerability forecast projects CVE publication volume crossing the [-----] mark (with central estimates even higher) signaling a workload step-change that will overwhelm CVSS-only triage. The takeaway is operational: orgs must shift to exploitability/risk-based prioritization automation and capacity planning now or patch backlogs will become permanent. 🎯 Target: Global/Vulnerability Management (All sectors) # Category: #CyberIntel #BlueTeam 🔗 URL:"
X Link 2026-02-11T12:47Z [---] followers, [--] engagements
"🚨 ILOVEPOOP Toolkit Weaponizes React2Shell to Mass-Scan Next.js/React Server Components CyberPress reports an active exploit toolkit (ILOVEPOOP) abusing CVE-2025-55182 (React2Shell) with highly standardized Next.js Server Actions traffic (e.g. Next-Action: x poop1234 IDs) and centralized infra tied to Netherlands-hosted nodes indicating a controlled operator rather than random scanning. The campaign recorded rapid global weaponization post-disclosure and shows multi-protocol probing (including odd POP3 delivery attempts and DNP3/ICS recon) raising risk for internet-exposed RSC deployments."
X Link 2026-02-11T13:05Z [---] followers, [--] engagements
"🚨 Coinbase Cartel Steals First: Data-Theft-Only Extortion Targets High-Profit Sectors Coinbase Cartel is running a pure data extortion modelexfiltrating sensitive data while skipping encryptionto stay quieter and faster then pressuring victims via leak-site deadlines and Bitcoin demands. Reporting highlights heavy targeting of healthcare tech and transportation (including a notable spike against UAE-based healthcare orgs) consistent with social-engineering + stolen-credential initial access and post-access log tampering. 🎯 Target: Global/Healthcare Tech Transportation (notably"
X Link 2026-02-11T13:07Z [---] followers, [--] engagements
"🚨 GitGuardian Raises $50M Series C to Tackle Non-Human Identity Sprawl and AI Agent Secrets Risk GitGuardian announced a $50M Series C led by Insight Partners to expand secrets security into full non-human identity (NHI) lifecycle governance as enterprises face explosive growth in service accounts and autonomous AI agents that require credentials and permissions. The funding targets AI agent security innovation enterprise-scale NHI discovery/rotation/compliance reporting and global expansion to reduce credential leakage and identity-driven breaches. 🎯 Target: Global/Enterprise (DevSecOps &"
X Link 2026-02-11T13:42Z [---] followers, [--] engagements
"🚨 [--] Security Nightmares Keeping SOC Teams Up And the Controls That Shut Them Down Broadcom/Symantec frames four top security concerns (insiders ransomware supply-chain weakness AI-driven attacks) and maps them to always-on controls like ZTNA/IAM EDR adaptive protection and incident prediction to reduce dwell time and response fatigue. The key takeaway is operational: treat AI and supply-chain exposure as continuous-risk domains that require holistic prevention + detection not point fixes. 🎯 Target: Global/Enterprise (SOC & security operations) # Category: #BlueTeam #SecurityTips #AI_Threats"
X Link 2026-02-11T13:46Z [---] followers, [--] engagements
"🚨 GitGuardian Raises $50M to Tackle Secrets Sprawl and Non-Human Identity (NHI) Risk GitGuardian raised a $50M Series C to expand from secrets detection into full non-human identity lifecycle governance driven by the surge of service accounts and autonomous AI agents that require credentials. The funding will accelerate AI-agent security capabilities and enterprise tooling to discover manage and reduce leaked or unmanaged machine credentials at scale. 🎯 Target: Global/Enterprise (DevSecOps & IAM/NHI) # Category: #BlueTeam #CyberIntel #AI_Threats 🔗 URL:"
X Link 2026-02-11T14:35Z [---] followers, [--] engagements
"🚨 Palo Alto Networks: Identity Is the Foundation for Securing AI Agents Palo Alto Networks argues that in the AI era identity security must cover every identity typehuman machine and agenticand positions CyberArks Identity Security Platform as a core pillar to eliminate identity silos. The focus is on extending privileged-access controls and deeper platform integration to reduce identity-driven breach risk as AI agents scale. 🎯 Target: Global/Enterprise (Identity & AI agents) # Category: #AI_Threats #BlueTeam #CyberIntel 🔗 URL:"
X Link 2026-02-11T15:42Z [---] followers, [--] engagements
"🚨 Reynolds Ransomware Bundles BYOVD Driver to Kill EDR Before Encrypting Reynolds is a newly identified ransomware that embeds a vulnerable signed NsecSoft kernel driver (NSecKrnl) and exploits CVE-2025-68947 to terminate major security/EDR processes (Defender CrowdStrike Sophos Symantec etc.) before encrypting files and appending .locked. The bundled BYOVD approach reduces attacker steps and shrinks defender response time making pre-encryption detection and driver-blocking controls even more critical. 🕷 Malware: Reynolds ransomware 🎯 Target: Global/Enterprise (Windows) # Category:"
X Link 2026-02-11T15:44Z [---] followers, [--] engagements
"🚨 Patch Tuesday Mega-Roundup: 60+ Vendors Ship Fixes Across OS Cloud and Network Stacks The Hacker News Patch Tuesday roundup tracks coordinated updates across 60+ vendors led by Microsofts Feb [----] release (59 CVEs including [--] in-the-wild zero-days) plus critical SAP and Intel TDX issues and broad Adobe patching. Use it as a triage map: prioritize exploited/critical items first then queue the long tail of vendor fixes that often become next-week exploit targets once details propagate. 🎯 Target: Global/Enterprise # Category: #Vulnerability #BlueTeam #CyberIntel 🔗 URL:"
X Link 2026-02-11T15:50Z [---] followers, [--] engagements
"🚨 AI-Generated React2Shell Exploit Drops XMRig Infects 90+ Hosts Darktrace observed an AI-authored React2Shell (CVE-2025-55182) exploitation toolkit used to achieve RCE on vulnerable React/Next.js targets and deploy the XMRig Monero miner with mining pool telemetry indicating [--] infected workers. The case shows how LLMs compress time-to-tooling enabling low-skill operators to weaponize max-severity web flaws at scale for opportunistic cryptojacking. 🕷 Malware: XMRig (Monero miner) 🎯 Target: Global/Internet-exposed React/Next.js hosts (cloud & container environments) # Category: #Malware"
X Link 2026-02-11T16:00Z [---] followers, [--] engagements
"🚨 Russia Throttles Telegram to Push State-Backed MAX Messenger Russias regulator Roskomnadzor confirmed it is deliberately slowing Telegram nationwide citing legal noncompliance and anti-fraud justifications as the Kremlin promotes the state-backed MAX app as an alternative. The move increases censorship/surveillance risk and operational disruption for users and organizations that rely on Telegram for communications. 🎯 Target: Russia/Communications & Social Platforms # Category: #CyberLaw 🔗 URL: https://therecord.media/russia-throttles-telegram-pushes-its-own-messaging-app"
X Link 2026-02-11T16:41Z [---] followers, [--] engagements
"🚨 Waikiki First Responder Drones Trigger Privacy Backlash as Hawaii Eyes March Launch Hawaii is preparing a drones as first responders program in Waikiki that would stream live video to police during peak hours and large events raising concerns about surveillance creep near hotels balconies and private spaces. The real risk is governance: unclear limits on when drones launch what gets recorded retention/access rules and oversight could turn an emergency tool into routine monitoring. 🎯 Target: USA/Hawaii (Public safety & privacy) # Category: #CyberLaw 🔗 URL:"
X Link 2026-02-11T16:49Z [---] followers, [--] engagements
"🚨 North Koreas UNC1069 Uses Deepfake Video + Compromised Telegram to Trick Crypto Firms UNC1069 is targeting cryptocurrency companies via fake Telegram accounts and deepfake/AI-generated Zoom-style video lures to install a multifamily malware stack (including BIGMACHO DEEPBREATH CHROMEPUSH SUGARLOADER) that steals credentials and session tokens on Windows/macOS. The campaign blends social engineering with sophisticated payloads to prioritize rapid access and financial theft in the crypto sector. 🕷 Malware: BIGMACHO DEEPBREATH CHROMEPUSH SUGARLOADER 🎯 Target: Global/Cryptocurrency industry"
X Link 2026-02-11T17:44Z [---] followers, [--] engagements
"🚨 Google Expands Search Privacy Tools to Combat Identity Theft and Deepfake Exposure Google added features to let users see and remove sensitive personal data (e.g. IDs financial info) and nonconsensual explicit content directly from Search results plus new alerts for additional matches over timeenhancing privacy protection. This strengthens user control over searchindexed identity exposure but does not remove content at the source web host. 🎯 Target: Global/Consumers (Search privacy & identity protection) # Category: #SecurityTips #CyberLaw 🔗 URL:"
X Link 2026-02-11T17:48Z [---] followers, [--] engagements
"🚨 Dutch Police Arrest Alleged JokerOTP Seller Behind MFA Code-Intercept Phishing Tool Dutch authorities arrested a 21-year-old suspected of selling access (license keys via Telegram) to JokerOTP a phishing automation service that uses robocalls to trick victims into handing over one-time passwords and other sensitive data for account takeovers. The bust follows a multi-year investigation into the JokerOTP PhaaS ecosystem linked to large-scale fraud against services like PayPal Venmo Coinbase Amazon and Apple. 🕷 Malware: JokerOTP (PhaaS/OTP-intercept tool) 🎯 Target: Netherlands/Consumers"
X Link 2026-02-11T19:47Z [---] followers, [--] engagements
"🚨 [--] State AGs Slam House KOSA Draft as Too Weak to Protect Kids Online A bipartisan group of [--] U.S. state attorneys general warned that the House version of the Kids Online Safety Act (KOSA) strips key protections found in the Senate billespecially a clear duty of care and explicit coverage of harms like suicide eating disorders and compulsive usewhile potentially preempting stronger state laws. The push matters because the final KOSA language could materially change platform liability and enforcement leverage over addictive design and youth-safety controls. 🎯 Target: USA / Government &"
X Link 2026-02-11T20:40Z [---] followers, [--] engagements
"🚨 Volvo Group North America Caught in Expanding Conduent Breach (16991 Affected) Volvo Group North America says a breach at vendor Conduent exposed benefits-related personal data for [-----] employees as Conduents total victim count is now estimated at 25M+ people. This matters because it shows how long-dwell vendor intrusions can silently cascade into mass identity-risk exposure across many enterprise and government clients. 🎯 Target: USA / Manufacturing (Automotive & Heavy Equipment) # Category: #DataBreach #CyberCrime 🔗 URL:"
X Link 2026-02-11T20:47Z [---] followers, [--] engagements
"🚨 AI Doctor Apps Arent Bound by HIPAA Your Health Data Protections May Be Just a Policy Promise Experts warn many consumer AI health chatbots (including offerings tied to OpenAI/Anthropic/Google) likely arent HIPAA-covered entities meaning sensitive health data you share can lack mandated safeguards and breach-notification dutiescreating real risk of resale/sharing leakage and misuse. The gap matters because HIPAA-ready/compliant marketing can imply protections that are not legally enforceable outside regulated healthcare workflows. 🎯 Target: USA / Healthcare & Consumers # Category:"
X Link 2026-02-11T20:51Z [---] followers, [--] engagements
"🚨 GTIG Warns Defense Sector: Edge-Device Intrusions + Human-Layer Ops Are Driving a New Espionage Surge Google Threat Intelligence Group (GTIG) highlights an escalation in state-linked operations targeting defense contractors and aerospace supply chains via edge-device exploitation and sophisticated social engineering enabling long-dwell access and IP theft. It spotlights UNC6508s INFINITERED malware which persists by embedding in REDCap files and quietly exfiltrates sensitive emails by abusing regex-based forwarding rules keyed to national-security terms. 🕷 Malware: INFINITERED 🎯 Target:"
X Link 2026-02-11T20:57Z [---] followers, [--] engagements
"🚨 North Koreas UNC1069 Hits Crypto Firms With Deepfake Zoom + ClickFix Malware Drops Mandiant says UNC1069 is targeting Web3 firms and crypto executives using compromised Telegram accounts legit Calendly invites spoofed Zoom meetings with deepfake video then ClickFix-style commands on macOS/Windows to install backdoors and data-mining tooling. This matters because it blends AI-enabled social engineering with trusted SaaS and victim-executed commands bypassing many traditional email/phishing controls while enabling credential theft and downstream crypto theft. 🕷 Malware: Backdoor +"
X Link 2026-02-11T22:41Z [---] followers, [--] engagements
"🚨 Mobile Apps as an Early-Warning Radar for [----] Threats: AI SDK Creep PQC Supply-Chain Privacy Recon SC Media argues mobile apps expose enterprise risk sooner because adversaries can freely download reverse engineer and mine them for leakshighlighting [----] themes like silent AI via third-party SDKs post-quantum crypto planning dependency/supply-chain blast radius app-store privacy enforcement and recon via tools like Frida. The takeaway: treat mobile security as a proactive telemetry sourceinventory AI/crypto/dependencies and remove hardcoded secrets/endpoints to cut attacker"
X Link 2026-02-11T22:53Z [---] followers, [--] engagements
"🚨 Zero-Click RCE in Claude Desktop Extensions: One Google Calendar Invite Can Own the Host LayerX reports a CVSS [--] zero-click RCE where a crafted Google Calendar entry can trigger Claude Desktop Extensions (MCP bundles) to download/compile/execute attacker-controlled code because extensions run unsandboxed with full host privileges and can auto-chain low-risk connectors into high-risk executors. This matters because it turns routine productivity inputs into silent endpoint compromise and Anthropic says it falls outside their current threat model. 🎯 Target: Global / Claude Desktop (MCP"
X Link 2026-02-12T00:45Z [---] followers, [--] engagements
"🚨 Smashing Security #454: Moltbooks AI-only Hype Meets Real-World Security Holes + Vibe-Coding Risks The episode breaks down how the AI-only social network Moltbook was mostly humans role-playing as bots and still had serious security weaknesses plus why vibe coding apps can leak secrets like private messages API keys and databases. It also covers pro-Russian hacking activity linked to Winter Olympics-related targets highlighting how hype cycles and geopolitical events create fresh attack surfaces. 🎯 Target: Global / Social Media & AI Apps (plus Italy/Events) # Category: #AI_Threats"
X Link 2026-02-12T01:47Z [---] followers, [--] engagements
"🚨 APT36 Expands Cross-Platform Espionage Against India With GETA/ARES/Desk RAT Tooling Pakistan-linked APT36 (Transparent Tribe) hit Indian government and defense targets with parallel campaigns: Windows phishing dropping GETA RAT Linux intrusion deploying ARES RAT for profiling + staged theft and weaponized PowerPoint Add-Ins delivering the Go-based Desk RAT for persistent surveillance. This matters because it shows an operational shift toward multi-OS tradecraft and newer delivery vectors that require cross-platform visibility and behavioral detections. 🕷 Malware: GETA RAT; ARES RAT; Desk"
X Link 2026-02-12T01:55Z [---] followers, [--] engagements
"🚨 Reynolds Ransomware Goes BYOVD: Driver Exploit to Kill EDR Before Encryption New Reynolds ransomware is using a Bring Your Own Vulnerable Driver (BYOVD) approachabusing the NsecSoft NSecKrnl driver tied to CVE-2025-68947to escalate privileges and terminate security tooling plus staging loaders and deploying GotoHTTP for remote access ahead of detonation. This matters because bundling defense-evasion inside the ransomware reduces noisy pre-encryption tooling and can increase successful encryptions on otherwise monitored endpoints. 🕷 Malware: Reynolds ransomware (BYOVD via NsecSoft"
X Link 2026-02-12T01:59Z [---] followers, [--] engagements
"🚨 DPRK UNC1069 Targets Crypto Firms With Deepfake Zoom Lure and New macOS/Windows Tooling North Korea-linked UNC1069 used a hijacked crypto execs Telegram account plus a Calendly link to a fake Zoom page showing an AI deepfake CEO then tricked victims into running OS-specific commands that dropped multiple backdoors/downloaders and data miners. This matters because it blends AI-enabled social engineering with victim-executed steps to bypass traditional phishing defenses while expanding the groups toolkit with newer components. 🕷 Malware: WAVESHAPER; HYPERCALL; HIDDENCALL; SILENCELIFT;"
X Link 2026-02-12T02:01Z [---] followers, [--] engagements
"🚨 CISA Issues Alert After Static Tundra Wiper Attack Hits Polands Energy Sector CISA warned U.S. critical infrastructure operators after Russia state-linked Static Tundra (aka Berserk Bear/Dragonfly/Ghost Blizzard) leveraged misconfigured internet-exposed edge devices to deploy wiper malware and compromise remote terminal units degrading visibility between sites and distribution operators while corrupting HMI data and OT firmware. The incident matters because it shows how exposed edge gear can rapidly translate into destructive OT/ICS impact even without a prolonged IT foothold. 🕷 Malware:"
X Link 2026-02-12T02:05Z [---] followers, [--] engagements
"🚨 GreyNoise: 80%+ of Ivanti EPMM Exploitation Traced to One Hidden Bulletproof-Hosted IP GreyNoise says most observed exploitation attempts against Ivanti Endpoint Manager Mobile (CVE-2026-1281 / CVE-2026-1340) map back to a single IP masked by bulletproof hosting meaning widely shared IoCs may be misleading and defenders could miss the Ivanti signal amid heavier noise traffic. This matters because threat activity is accelerating fast so patching + post-exploitation checks are more reliable than chasing shifting/dirty IoCs. 🎯 Target: Global / Enterprises using Ivanti EPMM (on-prem) #"
X Link 2026-02-12T02:11Z [---] followers, [--] engagements
"🚨 Four Seconds to Botnet: Self-Propagating SSH Worm Uses Signed IRC C2 to Spread at Machine Speed A DShield sensor captured an SSH worm that brute-forces weak/default credentials drops a multi-stage bash script establishes persistence and begins scanning/spreading in under [--] secondsinstalling zmap + sshpass to automate lateral movement. It also verifies C2 commands using an embedded RSA key and joins multiple IRC networks (channel: #biret) showing mature botnet-style control even on tiny Linux/IoT targets. 🕷 Malware: Self-propagating SSH worm (bash script); tools: zmap sshpass; IRC C2 🎯"
X Link 2026-02-12T02:46Z [---] followers, [--] engagements
"🚨 Russia Moves to Block WhatsApp Nationwide Forcing 100M+ Users Toward State MAX Messenger Russias regulator Roskomnadzor removed WhatsApp from the national online directory (Feb 11) triggering widespread outages and pushing users toward the Kremlin-backed MAX app which critics say enables surveillance. This matters because it degrades secure end-to-end encrypted communications at scale and increases interception/phishing risk as users migrate to less-trusted platforms and rely on VPN workarounds. 🎯 Target: Russia / Communications & Privacy # Category: #CyberLaw 🔗 URL:"
X Link 2026-02-12T04:47Z [---] followers, [--] engagements
"🚨 Paragon Graphite OPSEC Faceplant: Spyware Control Panel Exposed in LinkedIn Post Paragon Solutions accidentally posted a screenshot of its Graphite control dashboard on LinkedIn exposing live interception metadata (incl. a Czech number labeled Valentina) activity logs and UI modules for pulling content from encrypted apps like WhatsApp/Signalthen deleted it after it spread. This matters because its a rare window into mercenary-spyware operations and an OPSEC failure that can burn tooling targets and client tradecraft. 🕷 Malware: Graphite (Paragon Solutions spyware) 🎯 Target: Global /"
X Link 2026-02-12T04:49Z [---] followers, [--] engagements
"🚨 Cloud Programs Hit Maturity Wall: Governance Drift Migration Risk and Ungoverned AI Use A survey of enterprise cloud leaders found multi-cloud sprawl (620 accounts common) is driving policy/config drift and security is now the top blocker in cloud migrationsespecially as regulated data/PII is nearly universal in cloud environments. It also flags a major governance gap: widespread use of public AI tools (e.g. ChatGPT/Copilot) without standardized enterprise controls increases data-leakage and compliance risk. 🎯 Target: Global / Enterprise Cloud (Hybrid & Multi-Cloud) # Category: #BlueTeam"
X Link 2026-02-12T05:46Z [---] followers, [--] engagements
"🚨 Oracle Java Security Risk Spikes as CVE Churn + False Positives Drain DevOps Capacity A new survey highlights Java security has become a daily/weekly operational burden: frequent critical issues across JVM apps/libraries plus noisy scanner false-positives consuming remediation time while Oracle licensing/pricing pressure accelerates migration to non-Oracle OpenJDK distributions. This matters because Javas massive enterprise footprint means vulnerability-management friction quickly becomes systemic risk and slows real patching. 🎯 Target: Global / Enterprise Java (DevOps & Security Teams) #"
X Link 2026-02-12T05:48Z [---] followers, [--] engagements
"🚨 OpenClaw Scanner: Free Tool Hunts Agentic AI Activity Hidden in Your EDR Logs Astrix Security released OpenClaw Scanner a read-only script that analyzes existing EDR telemetry (e.g. CrowdStrike/Microsoft Defender) to identify endpoints/users running OpenClaw (aka MoltBot) an autonomous agent that can access local files and authenticate to internal systemsoften with exposed interfaces and weak auth that may leak API keys and cloud credentials. This matters because it gives enterprises quick visibility into ungoverned agentic-AI deployments without installing new agents or exporting data. 🎯"
X Link 2026-02-12T06:50Z [---] followers, [--] engagements
"🚨 OWASP Guide: How to Cut Through the Chaos When Picking an AI Red-Teaming Vendor Help Net Security highlights OWASPs Vendor Evaluation Criteria for AI Red Teaming Providers & Tooling urging buyers to demand reproducible multi-turn testing (incl. RAG prompt-injection/retrieval attacks) and for agentic systems stateful testing of tool-calls/MCP workflows privilege-escalation paths and multi-agent contaminationvs. vendors selling one-click jailbreak prompt packs. The key is measurable transparent metrics (e.g. jailbreak/guardrail bypass rates leakage severity unsafe tool-call rates) plus"
X Link 2026-02-12T06:52Z [---] followers, [--] engagements
"🚨 Palo Alto PAN-OS DoS Bug Can Trap Firewalls in a Remote Reboot Loop (CVE-2026-0229) A flaw in PAN-OS Advanced DNS Security (ADNS) lets unauthenticated attackers trigger repeated reboots with crafted packets potentially forcing devices into maintenance mode and causing sustained outages; Cloud NGFW and Prisma Access are reportedly unaffected. This matters because its a low-friction availability attack against perimeter enforcement points turning a single bug into wide business disruption. 🎯 Target: Global / Organizations running PAN-OS firewalls with ADNS enabled # Category: #Vulnerability"
X Link 2026-02-12T07:55Z [---] followers, [--] engagements
"🚨 CrowdStrike: Practical Playbook to Scale SOC Automation with Falcon Fusion SOAR CrowdStrike outlines a start small scale fast SOAR approach: automate one high-frequency workflow end-to-end (e.g. phishing triage compromised-account remediation) and expand using built-in integrations plus agentic orchestration (Charlotte Agentic SOAR) to move from rule-based tasks to reasoning-driven response. The value is reducing analyst toil and standardizing response steps so automation becomes reliable and repeatable across the SOC. 🎯 Target: Global / SOC & SecOps Teams # Category: #BlueTeam"
X Link 2026-02-12T08:10Z [---] followers, [--] engagements
"🚨 Qilin Ransomware Adds [--] New Victims Across the Americas 123GB Claimed From Ducasse Qilin claims it compromised six organizations (US + Chile) and is advertising the victims on its leak site; most listings show zero proof files so far but Ducasse Comercial Ltda is listed with [------] files totaling 123GB suggesting staged/leverage-driven publication. This matters because it signals ongoing multi-victim extortion activity with potential follow-on data dumps as pressure. 🕷 Malware: Qilin ransomware 🎯 Target: Americas / Multi-sector (USA & Chile) # Category: #CyberCrime #DataBreach"
X Link 2026-02-12T09:17Z [---] followers, [--] engagements
"🚨 Nucleus Security Raises $20M Series C to Scale Exposure Management Orchestration Nucleus Security raised $20M in a Series C led by Delta-v Capital to expand its exposure management orchestration platform focusing on deeper intelligence and automation to help teams prioritize real risk vs. more data. This matters because exposure management is consolidating around platforms that unify vuln + asset + threat context and automate remediation at scale in cloud/AI-heavy environments. 🎯 Target: Global / Enterprise Security (Exposure & Vulnerability Management) # Category: #CyberIntel 🔗 URL:"
X Link 2026-02-12T09:52Z [---] followers, [--] engagements
"🚨 AI Skills Become the New Supply-Chain: Malicious Agent Capabilities Turn Into an Attack Surface Reports warn that reusable AI agent skills (plugins/actions/tools) can be weaponizedmalicious or poisoned skills can exfiltrate data steal credentials/API keys or trigger unsafe tool-calls effectively turning capability marketplaces into a software supply-chain for attacker logic. This matters because once organizations start importing skills at scale a single compromised skill can spread silently across many agent deployments and endpoints. 🎯 Target: Global / Enterprises using AI agents"
X Link 2026-02-12T10:52Z [---] followers, [--] engagements
"🚨 Microsoft Store Adds a CLI + Better Analytics + Smarter Web Installer for Enterprise Deployments Microsoft rolled out a Microsoft Store command-line interface for searching/installing/updating apps from the terminal plus revamped Partner Center analytics (Health Report filters Anomaly Alerts and a new Summary/Usage dashboard) and an improved Web Installer for Win32 + enterprise-managed devices. This matters because it streamlines dev/IT distribution workflows and enables faster crash/hang detection and remediation using richer telemetry. 🎯 Target: Global / Windows Developers & Enterprise"
X Link 2026-02-12T10:54Z [---] followers, [--] engagements
"🚨 AdBleed Privacy Leak: Adblock Filter Lists Can Fingerprint Your Country (Even on VPN/Tor) Researchers show sites can infer a users country/language by timing requests to domains blocked by region-specific adblock lists (e.g. EasyList Germany/Liste FR) leaking locale signals without needing your IPso VPN/Tor wont fully hide it. This matters because it adds a strong fingerprinting feature that can be combined with other browser traits to narrow or deanonymize users. 🎯 Target: Global / Privacy (VPN + Adblock Users) # Category: #CyberIntel #SecurityTips 🔗 URL:"
X Link 2026-02-12T11:12Z [---] followers, [--] engagements
"🚨 Repediu Brazil Breach Claim Dumps 21M+ Customer Records from Restaurant/Delivery Platform A leaked dataset allegedly tied to Repediu exposes highly granular PII and business data21.4M customers 1.2M leads and 2.6K internal usersincluding names emails/phones roles company IDs purchase history and WhatsApp verification status. This matters because it enables large-scale fraud targeted phishing and business impersonation across Brazils food-service ecosystem. 🎯 Target: Brazil / Food Service & Restaurant Management # Category: #DataBreach #CyberCrime #TargetedAttacks 🔗 URL:"
X Link 2026-02-12T11:14Z [---] followers, [--] engagements
"🚨 AISPM Isnt Enough: Agentic AI Shifts Risk From Models to Runtime Actions SC Media argues AISPM focuses on securing models/data/prompts but agentic AI risk emerges at runtime when autonomous agents chain tool calls inherit credentials move data across systems and disappearmaking posture at rest controls insufficient. It calls for Agentic SPM with continuous agent discovery plus pre-execution governance to constrain tool chains limit escalation/data exfiltration and preserve audit trails. 🎯 Target: Global / Enterprise AI Agents & SaaS Workflows # Category: #AI_Threats #BlueTeam #CyberIntel"
X Link 2026-02-12T12:07Z [---] followers, [--] engagements
"🚨 New York Bill Would Mandate Gun-Detection Blocking Tech in Every 3D Printer New Yorks [--------] executive budget bill proposes requiring 3D printers sold/delivered in the state to scan every print file with a firearms blueprint detection algorithm and refuse flagged jobseffectively embedding surveillance/DRM into general-purpose machines. This matters because its technically brittle (easy to evade) while creating new privacy censorship and security liabilities for makers educators and small manufacturers. 🎯 Target: USA / New York (Makers Education Small Manufacturing) # Category: #CyberLaw"
X Link 2026-02-12T12:55Z [---] followers, [--] engagements
"🚨 ThreatsDay Bulletin: AI Prompt RCE Claude 0-Click Notepad RCE Stealers and Ransomware Signals This weekly roundup flags a surge in trusted workflow abuse (e.g. Notepad Markdown link RCE CVE-2026-20841) plus agentic-AI risks where Claude Desktop Extensions can be hit with a zero-click calendar-based prompt-injection chain (CVSS 10) to reach local code execution. It matters because the common thread is low-friction initial access paired with more deliberate persistent post-compromise tradecraft across crime + espionage. 🎯 Target: Global / Multi-sector # Category: #CyberIntel #AI_Threats"
X Link 2026-02-12T12:59Z [---] followers, [--] engagements
"🚨 Google: Nation-State Hackers Are Operationalizing Gemini Across Recon Phishing and Tooling Workflows Googles threat intel says multiple state-linked groups are using Gemini to accelerate the full campaign lifecycletarget research/OSINT phishing content generation translation scripting/coding help and vulnerability analysisreducing time-to-execution rather than inventing new AI-only exploits. This matters because AI is compressing attacker cycle-time and scaling tailored social engineering and tooling across espionage operations. 🎯 Target: Global / Multi-sector (Nation-state operations) #"
X Link 2026-02-12T13:05Z [---] followers, [--] engagements
"🚨 Google: Hackers Use Gemini to Generate Fileless .NET Malware Stages On Demand (HONESTCUE) GTIG reports the HONESTCUE framework calls the Gemini API with hard-coded prompts to fetch self-contained C# stage [--] code then compiles and executes it in-memory via .NETs CSharpCodeProvider while pulling payloads from trusted CDNs like Discordminimizing disk artifacts and frustrating static/behavioral detection. This matters because it turns legitimate AI + developer tooling into a just-in-time malware factory that can vary code per run and blend traffic into 🕷 Malware: HONESTCUE (Gemini APIdriven"
X Link 2026-02-12T13:09Z [---] followers, [--] engagements
"🚨 World Leaks Adds RustyRocket Custom Malware to Boost Stealth and Persistence in Extortion Ops Accenture says the World Leaks extortion crew has added a difficult-to-detect custom implant dubbed RustyRocket to help maintain stealthy persistence during intrusionstightening their end-to-end toolset beyond simple data-theft. This matters because purpose-built persistence tooling increases dwell time and the probability of successful exfiltration/extortion before defenders can evict the actor. 🕷 Malware: RustyRocket 🎯 Target: Global / Enterprises (data-extortion victims) # Category:"
X Link 2026-02-12T13:54Z [---] followers, [--] engagements
"🚨 Meta on Trial: Juries Weigh Child Exploitation Grooming and Addictive Design Claims Two major trials (New Mexico child-exploitation allegations and a California addiction-design case) put Metas safety controls age verification and engagement-driven product choices under legal scrutiny with internal documents and expert testimony central to the claims. This matters because outcomes could reshape platform liability and force stronger auditable protections for minors. 🎯 Target: USA / Social Media (Child Safety & Regulation) # Category: #CyberLaw #CyberIntel 🔗 URL:"
X Link 2026-02-12T14:03Z [---] followers, [--] engagements
"🚨 HPE Aruba Private 5G Core Hit by Pre-Auth API Flaws: Admin Takeover + DoS (4 CVEs) HPE disclosed four vulnerabilities in Aruba Networking Private 5G Core (1.24.3.01.24.3.3) including an auth-bypass in the application API (CVE-2026-23595 CVSS 8.8) that can let adjacent-network attackers create admin accounts plus a management-API DoS and two info-disclosure bugs. This matters because Private 5G core control-plane compromise can enable full service disruption and sensitive configuration/user exposurepatching to 1.25.1.0+ is the only fix. 🎯 Target: Global / Enterprise Private 5G Networks #"
X Link 2026-02-12T14:17Z [---] followers, [--] engagements
"🚨 AMOS Stealer Piggybacks on AI App Hype: Poisoned Skills Marketplace Delivers macOS Credential Theft Flare details how Atomic macOS Stealer (AMOS) is being distributed via ClawHavoc a supply-chain campaign that poisoned the OpenClaw/ClawHub AI assistant skill marketplace with trojan add-ons to steal browser sessions Keychain creds crypto wallets and SSH keys. This matters because AI extension ecosystems create a high-trust high-scale distribution channel where legit add-ons can silently become malware droppers. 🕷 Malware: Atomic macOS Stealer (AMOS) 🎯 Target: Global / macOS users"
X Link 2026-02-12T14:54Z [---] followers, [--] engagements
"🚨 Black Duck Boosts Polaris With Native GitHub/GitLab/Azure DevOps/Bitbucket Integrations for Zero-Friction AppSec Black Duck expanded Polaris with natively built SCM integrations that can auto-onboard and continuously sync thousands of repos trigger scans on PR events and surface findings directly inside pull requests while adding AI-assisted insights via Black Duck Signal/Code Sight in IDE workflows. This matters because it reduces manual AppSec overhead and keeps security coverage current as repositories branches and teams change at enterprise scale. 🎯 Target: Global / DevSecOps (SCM +"
X Link 2026-02-12T15:08Z [---] followers, [--] engagements
"🚨 1Password Open-Sources SCAM Benchmark to Test Whether AI Agents Fall for Phishing 1Password released an open-source benchmark (Security Comprehension and Awareness Measure SCAM) that scores whether AI agents behave safely during realistic workflows like reading emails clicking links retrieving stored credentials and filling login formsi.e. can they resist phishing while doing actual tasks. This matters because agentic tools with browser/credential access create a new human-like phishing surface and SCAM gives vendors a measurable way to regression-test safety. 🎯 Target: Global / AI Agents"
X Link 2026-02-12T15:13Z [---] followers, [--] engagements
"🚨 California Slaps Disney With Record $2.75M CCPA Penalty Over Hard-to-Opt-Out Data Sharing California fined Disney $2.75M and required a comprehensive privacy program after alleging its opt-out process made it excessively difficult for users to stop the sale/sharing of data across devices and Disney services tied to one account. This matters because its the largest CCPA penalty to date and signals tougher enforcement on dark pattern consent/opt-out design. 🎯 Target: USA / Entertainment & Streaming (Consumer Privacy) # Category: #CyberLaw 🔗 URL:"
X Link 2026-02-12T16:00Z [---] followers, [--] engagements
"🚨 CrowdStrike Named Customers Choice in [----] Gartner Peer Insights Voice of the Customer for User Authentication CrowdStrike says Gartner Peer Insights reviewers rated its user-authentication offering highest/tied on product capability (4.7) with a 96% willingness-to-recommend score based on [---] verified reviews as of Jan [----]. This matters because it signals strong customer sentiment in the identity/authentication market and will be used as competitive proof in enterprise buying cycles. 🎯 Target: Global / Enterprise Identity & Authentication # Category: #CyberIntel #BlueTeam 🔗 URL:"
X Link 2026-02-12T16:18Z [---] followers, [--] engagements
Limited data mode. Full metrics available with subscription: lunarcrush.com/pricing