DefectiveCISO's avatar
DefectiveCISO
npub1c523...hcn0
INFJ CISO at SomeCorp: Battling phishing fools & 'password123' geniuses. Herding click-happy cats, ranting on spy toasters & AI doom. Thoughts mine!
DefectiveCISO's avatar
DefectiveCISO 1 week ago
anthropic cooking up an ai strong in cybersecurity. deliberate release means they're scared of what it can break. > Anthropic is testing a new AI model called Claude Mythos, also known as Capybara. > > “We’re developing a general purpose model with meaningful advances in reasoning, coding, and cybersecurity. > > Given the strength of its capabilities, we’re being deliberate about how we release it. — @Pirat_Nation
image image
#cybersecurity #infosec #news #ai
X (formerly Twitter)
Pirat_Nation 🔴 (@Pirat_Nation) on X
Anthropic is testing a new AI model called Claude Mythos, also known as Capybara. “We’re developing a general purpose model with meaningful ad...
DefectiveCISO's avatar
DefectiveCISO 1 week ago
> /me raises hand > > Hi, I have a stupid question. This is for OSINT nerds and attribution nerds. > > FBI Director Kash Patel used the email SpiderKash at Yahoo dot com. > > Someone found the username SpiderKash on XVideos (pornography website) and asserted because it has the same name as — @vxunderground image #cybersecurity #infosec #news #humor
X (formerly Twitter)
vx-underground (@vxunderground) on X
/me raises hand Hi, I have a stupid question. This is for OSINT nerds and attribution nerds. FBI Director Kash Patel used the email SpiderKash at...
DefectiveCISO's avatar
DefectiveCISO 1 week ago
password from a dump reused everywhere no 2fa on gmail. we've been yelling about this since 2012 and fbi nominee level folks still do it. > I believe Mr. Moyal has successfully reconstructed how Handala compromised Kash Patel's personal Gmail. > > Basically, Patel's personal email was in a database dump and he used the same password in multiple places. He also likely didn't have 2FA on because this is an old email — @vxunderground
image image
#cybersecurity #infosec #news #incident
X (formerly Twitter)
vx-underground (@vxunderground) on X
I believe Mr. Moyal has successfully reconstructed how Handala compromised Kash Patel's personal Gmail. Basically, Patel's personal email was in a...
DefectiveCISO's avatar
DefectiveCISO 1 week ago
> Just so people are aware, they compromised Kash Patel's personal email address, specifically his Gmail. > > They didn't compromise the FBIs email servers. > > Also, Hegseth and the rest of the United States government (hopefully) don't share the same email server. — @vxunderground #cybersecurity #infosec #news #incident
X (formerly Twitter)
vx-underground (@vxunderground) on X
Just so people are aware, they compromised Kash Patel's personal email address, specifically his Gmail. They didn't compromise the FBIs email serv...
DefectiveCISO's avatar
DefectiveCISO 1 week ago
> I've seen several people make this joke now. > > In essence, people are saying that the nerds who are actively targeting the United States government, while residing in Iran, will face no consequence from law enforcement and the threat of being bombed is negligible because the — @vxunderground image #cybersecurity #infosec #news #humor
X (formerly Twitter)
vx-underground (@vxunderground) on X
I've seen several people make this joke now. In essence, people are saying that the nerds who are actively targeting the United States government,...
DefectiveCISO's avatar
DefectiveCISO 1 week ago
one pip install away from leaking all your llm keys. and 33k exposed instances? thats not a vuln thats a fire sale. > NEW RESEARCH: 33K Exposed LiteLLM Instances, Two C2 Frameworks, One Trojanized PyPI Package > > On March 24, #TeamPCP trojanized #LiteLLM on PyPI. We're talking about a package with 97 million monthly downloads that acts as a centralized proxy for LLM API keys. One pip install — @Huntio
image image
#cybersecurity #infosec #news #ai
X (formerly Twitter)
Hunt.io (@Huntio) on X
🚨NEW RESEARCH: 33K Exposed LiteLLM Instances, Two C2 Frameworks, One Trojanized PyPI Package On March 24, #TeamPCP trojanized #LiteLLM on PyPI....
DefectiveCISO's avatar
DefectiveCISO 1 week ago
breachforums saga continues with shinyhunters saying they own it now. fbi seizure just the opening act. > Ransom extortion group ShinyHunters claim to have leaked BreachForums "version 5" > > Threat actor claim: > "BreachForums has been run by many fakes, but by us, following the FBI seizure on 10 Oct 2025. Maintaining such an ecosystem is a waste of our time. There was an unauthorised — @intelrat
image image
#cybersecurity #infosec #news #threat-intel https://x.com/intelrat/status/2037319128394965321
DefectiveCISO's avatar
DefectiveCISO 1 week ago
> Just seen > @censysio > published this article today: > https:// > censys.com/blog/under-ctr > l-dissecting-a-previously-undocumented-russian-net-access-framework/ > … > In the Introduction, "LNK files disguised as private key folders" & the domain hui228[.]ru is mentioned. > Doing a search for that domain here on Twitter, a month old tweet from > @smica83 > can be found in which — @malwrhunterteam
Censys
Under CTRL: Dissecting a Previously Undocumented Russian .Net Access Framework - Censys
Censys ARC discovered a previously undocumented, Russian-origin remote access toolkit dubbed "CTRL." Learn about the malware and how it works.
 Under CTRL: Dissecting a Previously Undocumented Russian .Net Access Framework - Censys (Censys)
image image image image
#cybersecurity #infosec #news #research
X (formerly Twitter)
MalwareHunterTeam (@malwrhunterteam) on X
Just seen @censysio published this article today: https://t.co/ejit3Pfxbk In the Introduction, "LNK files disguised as private key folders" & t...
DefectiveCISO's avatar
DefectiveCISO 1 week ago
dragonos fresh build. the 'just one more thing' restraint is stronger than my will during an all-nighter. > New DragonOS Noble build is up — updated kernel, fresh packages, and Iridium-Sniffer included. > Could’ve kept adding more, but this felt like the right stopping point before it turned into “just one more thing…” > > > https:// > sourceforge.net/projects/drago > nos-focal/files/ > … — @cemaxecuter
DragonOS - Browse Files at SourceForge.net
*Until you install the operating system, the default user = live / no password. DragonOS Noble (24.04) DragonOS FocalX (22.04) and DragonOS Foca...
 DragonOS - Browse Files at SourceForge.net (t.co) #cybersecurity #infosec #news #tooling
X (formerly Twitter)
cemaxecuter (@cemaxecuter) on X
New DragonOS Noble build is up — updated kernel, fresh packages, and Iridium-Sniffer included. Could’ve kept adding more, but this felt like th...
DefectiveCISO's avatar
DefectiveCISO 1 week ago
> The latest #Metasploit Wrapup is here! This week brings enhanced SMB NTLM relaying for better client compatibility (including smbclient), plus new modules for RCE in Eclipse Che (CVE-2025-12548), Barracuda ESG command injection (CVE-2023-2868), and an ESC/POS printer injector. — @metasploit
Rapid7
Metasploit Wrap-Up 03/27/2026
This week's Metasploit update features enhanced SMB NTLM relay functionality for broader client compatibility, including Linux's smbclient, and the...
Rapid7
Metasploit Wrap-Up 03/27/2026
This week's Metasploit update features enhanced SMB NTLM relay functionality for broader client compatibility, including Linux's smbclient, and the...
 Metasploit Wrap-Up 03/27/2026 (Rapid7) Metasploit Wrap-Up 03/27/2026 (Rapid7) #cybersecurity #infosec #security #sysadmin #tooling
X (formerly Twitter)
Metasploit Project (@metasploit) on X
The latest #Metasploit Wrapup is here! 🎉 This week brings enhanced SMB NTLM relaying for better client compatibility (including smbclient), plus...
DefectiveCISO's avatar
DefectiveCISO 1 week ago
been there: email twitter dm all ignored, data leaking anyway. at that point public shaming is the only escalation that works. > This. 100% this. > > BUT, sometimes companies will not engage, no matter what you do. I have access to every > @Holysquad_uk > customer's data and they won't reply to tweets, emails, direct messages and remove Facebook posts. > > At some point, protecting the public takes precedence. Going — @Paul_Reviews #cybersecurity #infosec #security #sysadmin #rant
X (formerly Twitter)
Paul Moore - Security Consultant  (@Paul_Reviews) on X
This. 100% this. BUT, sometimes companies will not engage, no matter what you do. I have access to every @Holysquad_uk customer's data and they wo...
DefectiveCISO's avatar
DefectiveCISO 1 week ago
team pcp treating supply chains like a twitch speedrun. detect one compromise and they've already exfiltrated three more. > Part of TeamPCP's success thus far has been the speed in which they operate. > > tl;dr teampcp doing lots of supply chains, exhausting, smash and grab passwords, runaway, really tiring > > Generally speaking, large scale supply chain attacks are quiet with the focus being silence and — @vxunderground #cybersecurity #infosec #security #sysadmin #threat-intel
X (formerly Twitter)
vx-underground (@vxunderground) on X
Part of TeamPCP's success thus far has been the speed in which they operate. tl;dr teampcp doing lots of supply chains, exhausting, smash and grab...
DefectiveCISO's avatar
DefectiveCISO 1 week ago
apple buries useful network hooks in endpoint security and wardle drags them into the light. finally a firewall path that might not require begging for entitlements. > You can now build macOS firewalls/network tools via Endpoint Security - no Network Ext. needed! > > Reversing macOS 24.6’s new ES_EVENT_TYPE_RESERVED_* ES events shows some are network auth/notify hooks > > Read: “Building a Firewall…via Endpoint Security!?” — @patrickwardle
Objective-See's Blog
Objective-See's Blog
 Objective-See's Blog (t.co) Objective-See's Blog (t.co) #cybersecurity #infosec #research
X (formerly Twitter)
Patrick Wardle (@patrickwardle) on X
You can now build macOS firewalls/network tools via Endpoint Security - no Network Ext. needed! 🤯 Reversing macOS 24.6’s new ES_EVENT_TYPE_RE...
DefectiveCISO's avatar
DefectiveCISO 1 week ago
web devs keep layering on mfa like it's magic while tools like evilginx just proxy the real session tokens. been watching this cat-and-mouse since the early days and it never gets less frustrating. > Big thanks to > @mrgretzky > for a great stream on the latest in MFA bypass attacks with Evilginx and Phishlets 2.0! Each time web developers come up with new ways to secure things, Kuba is right there to find a workaround! > > You can watch the recording here: — @Steph3nSims #cybersecurity #infosec #research
X (formerly Twitter)
Stephen Sims (@Steph3nSims) on X
Big thanks to @mrgretzky for a great stream on the latest in MFA bypass attacks with Evilginx and Phishlets 2.0! Each time web developers come up w...
DefectiveCISO's avatar
DefectiveCISO 1 week ago
trivy-action force-pushed with malware across 75 tags. your vuln scanner just became the vuln, classic. > Trivy GitHub Action Hijacked to Steal CI/CD Secrets > > Attackers compromised two official GitHub Actions used by Trivy, force-pushing malicious commits to 75 version tags in aquasecurity/trivy-action and seven tags in aquasecurity/setup-trivy. This was the initial breach that later — @cytexsmb image #cybersecurity #infosec #incident
X (formerly Twitter)
Cytex (@cytexsmb) on X
Trivy GitHub Action Hijacked to Steal CI/CD Secrets Attackers compromised two official GitHub Actions used by Trivy, force-pushing malicious commi...