apt28 recycling roundcube exploits like it's still 2022. check your webmail configs if you're in the crosshairs. > Operation Roundish: How We Uncovered An APT28 Roundcube Toolkit > > > https:// > hunt.io/blog/operation > -roundish-apt28-roundcube-exploitation > … > > Earlier this month, we published a blog post on Operation Roundish, showing how APT28 continues to exploit Roundcube against Ukrainian government targets. > > The toolkit enables credential — @Huntio

Operation Roundish: Uncovering an APT28 Roundcube Exploitation Toolkit Targeting Ukraine

Hunt.io investigation uncovered Operation Roundish, an APT28 toolkit used to exploit Roundcube webmail and target Ukrainian government systems. Lea...

Operation Roundish: Uncovering an APT28 Roundcube Exploitation Toolkit Targeting Ukraine

Hunt.io investigation uncovered Operation Roundish, an APT28 toolkit used to exploit Roundcube webmail and target Ukrainian government systems. Lea...

Operation Roundish: Uncovering an APT28 Roundcube Exploitation Toolkit Targeting Ukraine

Hunt.io investigation uncovered Operation Roundish, an APT28 toolkit used to exploit Roundcube webmail and target Ukrainian government systems. Lea...

Operation Roundish: Uncovering an APT28 Roundcube Exploitation Toolkit Targeting Ukraine (t.co) Operation Roundish: Uncovering an APT28 Roundcube Exploitation Toolkit Targeting Ukraine (t.co) Operation Roundish: Uncovering an APT28 Roundcube Exploitation Toolkit Targeting Ukraine (t.co) #cybersecurity #infosec #news #threat-intel

X (formerly Twitter)

Hunt.io (@Huntio) on X

📌 Operation Roundish: How We Uncovered An APT28 Roundcube Toolkit https://t.co/klYepcAyw6 Earlier this month, we published a blog post on Oper...

nice for those times you're pivoting through socks without full rdp access. saves headaches on engagements. > Small updated to DRSAT just pushed that will also allow Group Policy Editor and Certificate Authority / Templates MMC snap-ins work over a TCP only SOCKS connection. — @_EthicalChaos_

GitHub

GitHub - CCob/DRSAT: Disconnected RSAT - A method of running Group Policy Manager, Certificate Authority and Certificate Templates MMC snap-ins from non-domain joined machies

Disconnected RSAT - A method of running Group Policy Manager, Certificate Authority and Certificate Templates MMC snap-ins from non-domain joined m...

GitHub

GitHub - CCob/DRSAT: Disconnected RSAT - A method of running Group Policy Manager, Certificate Authority and Certificate Templates MMC snap-ins from non-domain joined machies

Disconnected RSAT - A method of running Group Policy Manager, Certificate Authority and Certificate Templates MMC snap-ins from non-domain joined m...

#cybersecurity #infosec #news #tooling

X (formerly Twitter)

CCob🏴󠁧󠁢󠁷󠁬󠁳󠁿 (@_EthicalChaos_) on X

Small updated to DRSAT just pushed that will also allow Group Policy Editor and Certificate Authority / Templates MMC snap-ins work over a TCP only...

fake signer on a fake akira decryptor. verifying hashes is table stakes now, but chasing signer authenticity mid-incident? that's the real time sink. > USING A FAKE SIGNER SERVICE > > I signed a #Fake #Signer to genuine #Akira #Ransomware #Decryptor > > [ORIGINAL]: 53e0234a052a4180162ea8dbec598bdf > [FAKE]: 5c16494178e776d016af0e5de179312e > > #antivirus #malware #ThreatIntel #Hack #infosec #security #CyberSecurity #OSINT #CyberSec — @RakeshKrish12 #cybersecurity #infosec #news #threat-intel

X (formerly Twitter)

RAKESH KRISHNAN (@RakeshKrish12) on X

🧵USING A FAKE SIGNER SERVICE✍🏽 I signed a #Fake #Signer to genuine #Akira #Ransomware #Decryptor [ORIGINAL]: 53e0234a052a4180162ea8dbec59...

> Best models to run on your hardware level > > I'll be doing this every week, I hope you guys enjoy. > > ---- 8 GB ---- > > Autocomplete for coding (like Cursor Tab) > - > https:// > huggingface.co/NexVeridian/ze > ta-2-4bit > … > - > https:// > huggingface.co/bartowski/zed- > industries_zeta-2-GGUF > … > > Tool calling, assistant style > - > https:// > huggingface.co/nvidia/NVIDIA- > Nemotron-3-Nano-4B-GGUF > … > > ---- 16 Gb — @0xSero

NexVeridian/zeta-2-4bit · Hugging Face

We’re on a journey to advance and democratize artificial intelligence through open source and open science.

bartowski/zed-industries_zeta-2-GGUF · Hugging Face

We’re on a journey to advance and democratize artificial intelligence through open source and open science.

nvidia/NVIDIA-Nemotron-3-Nano-4B-GGUF · Hugging Face

We’re on a journey to advance and democratize artificial intelligence through open source and open science.

nvidia/NVIDIA-Nemotron-3-Nano-4B-GGUF · Hugging Face

We’re on a journey to advance and democratize artificial intelligence through open source and open science.

nvidia/NVIDIA-Nemotron-3-Nano-4B-GGUF · Hugging Face

We’re on a journey to advance and democratize artificial intelligence through open source and open science.

NexVeridian/zeta-2-4bit · Hugging Face (t.co) bartowski/zed-industries_zeta-2-GGUF · Hugging Face (t.co) nvidia/NVIDIA-Nemotron-3-Nano-4B-GGUF · Hugging Face (t.co) nvidia/NVIDIA-Nemotron-3-Nano-4B-GGUF · Hugging Face (t.co) nvidia/NVIDIA-Nemotron-3-Nano-4B-GGUF · Hugging Face (t.co) #cybersecurity #infosec #news #ai

X (formerly Twitter)

0xSero (@0xSero) on X

Best models to run on your hardware level I'll be doing this every week, I hope you guys enjoy. ---- 8 GB ---- Autocomplete for coding (like Cu...

socops beta drop. anything that might tame the soc alert apocalypse without adding more noise gets my attention after 25 years of drowning in them. > If anyone wants to play with this: > https:// > github.com/diagonalciso/S > ocops > … > Note: very beta! — @CisoDiagonal

GitHub

GitHub - diagonalciso/Socops: Meet SOCops! Your self-hosted, #wazuh based, SOC. Comes with AI support if you want to!

Meet SOCops! Your self-hosted, #wazuh based, SOC. Comes with AI support if you want to! - diagonalciso/Socops

GitHub - diagonalciso/Socops: Meet SOCops! Your self-hosted, #wazuh based, SOC. Comes with AI support if you want to! (GitHub) #cybersecurity #infosec #news #tooling

X (formerly Twitter)

sudo rm -rf ~/DiagonalCiso / Global Cyber Security (@CisoDiagonal) on X

If anyone wants to play with this: https://t.co/xWbgDsf8xF Note: very beta!

chasing ghosts in ir while the db creds were sitting in world-readable config.xml the whole time. fixes half my old breach scars just reading this. > One of the most common post-compromise wins is finding sensitive configuration files left readable on disk. Web applications, internal tools, and backend services often store database hosts, usernames, API endpoints, SMTP credentials, and secret keys in plain text configuration — @Officialwhyte22 #cybersecurity #infosec #news #incident

X (formerly Twitter)

Winston Ighodaro (@Officialwhyte22) on X

One of the most common post-compromise wins is finding sensitive configuration files left readable on disk. Web applications, internal tools, and b...

> Friday = #BloodHoundBasics, this week courtesy for > @_wald0 > ! > > BloodHound is extensible - you can add your own nodes and edges from any source with BloodHound's "OpenGraph". > > Get started here → > https:// > ghst.ly/3PmS0f1 — @SpecterOps

OpenGraph Graph Theory - SpecterOps

Attack Graph Model Design Requirements and Examples

OpenGraph Graph Theory - SpecterOps (t.co) #cybersecurity #infosec #news #tooling

X (formerly Twitter)

SpecterOps (@SpecterOps) on X

Friday = #BloodHoundBasics, this week courtesy for @_wald0! BloodHound is extensible - you can add your own nodes and edges from any source w...

soc2 is security theater funded by vc checks. you get a shiny badge, zero breach protection, and a story for the board when it all burns down. > The SOC2 fraud goes deeeeeeeeeeeeeep > > Delve into the world of SOC2 (and other compliance certificates) and see how much of a scam they are. > > The idea of these isn’t terrible; the reality is! > > There are some useful things that you can get from: > ISO27001 > CMMC > SOC2 > > But the — @UK_Daniel_Card #cybersecurity #infosec #news #rant

X (formerly Twitter)

mRr3b00t (@UK_Daniel_Card) on X

The SOC2 fraud goes deeeeeeeeeeeeeep Delve into the world 🗺️ of SOC2 (and other compliance certificates) and see how much of a scam they are....

rop chains for remote dll inject without allocs. the kind of evasion that keeps edr vendors up at night and makes us patch our mitigations twice. > Malware development series: How to use ROP to inject a DLL into a remote thread > > > https:// > infosecwriteups.com/t-rop-h-thread > -hijacking-without-executable-memory-allocation-d746c102a9ca > … — @5mukx https://t.co/tNqUbLIE4W #cybersecurity #infosec #news #research

X (formerly Twitter)

Smukx.E (@5mukx) on X

Malware development series: How to use ROP to inject a DLL into a remote thread https://t.co/tNqUbLIE4W

microsoft's turning your copilot history into free training data. if your prompts ever had api keys or business logic, opt out before it ends up regurgitated in someone else's code. > GitHub is updating its policy and will start using your code and data to train AI using Copilot. > > From April 24, your Copilot chats will be used by default to train their AI models. This includes your prompts, the code it suggests, and related context. > > Deactivate it ASAP. — @Pirat_Nation #cybersecurity #infosec #news #ai

X (formerly Twitter)

Pirat_Nation 🔴 (@Pirat_Nation) on X

GitHub is updating its policy and will start using your code and data to train AI using Copilot. From April 24, your Copilot chats will be used by...

> We can't lose cheap subsidized tokens yet I gotta let this stuff rip across more network appliances — @HackingLZ #cybersecurity #infosec #news #culture

X (formerly Twitter)

Justin Elze (@HackingLZ) on X

We can't lose cheap subsidized tokens yet I gotta let this stuff rip across more network appliances 🤠

asset-centric sounds good until you realize attackers don't care about your labels. they follow the path of least resistance, every time. > Take home message from this article: The asset-centric approach focuses on *what* Tier 0 is instead of how attackers reach it. — @IAMERICAbooted #cybersecurity #infosec #news #research

X (formerly Twitter)

EZ (@IAMERICAbooted) on X

Take home message from this article: The asset-centric approach focuses on *what* Tier 0 is instead of how attackers reach it.

ai agents crawling for vulns sounds promising until they hallucinate a buffer overflow. worth a test run anyway. > Penetration testing with AI > > > https:// > github.com/hackerai-tech/ > hackerai > … — @tom_doerr

GitHub

GitHub - hackerai-tech/hackerai: AI-Powered Penetration Testing Assistant

AI-Powered Penetration Testing Assistant. Contribute to hackerai-tech/hackerai development by creating an account on GitHub.

GitHub - hackerai-tech/hackerai: AI-Powered Penetration Testing Assistant (GitHub) #cybersecurity #infosec #news #tooling

X (formerly Twitter)

Tom Dörr (@tom_doerr) on X

Penetration testing with AI https://t.co/3VuVDRgciO

apps hoover up your data like it's free candy. stick to mission critical or you're just funding the next breach. > Good idea to avoid apps to begin with, unless they're mission critical. > > Most apps are privacy death traps. — @secretsofprivac #cybersecurity #infosec #news #opinion

X (formerly Twitter)

Secrets of Privacy | Make Yourself a Harder Target (@secretsofprivac) on X

Good idea to avoid apps to begin with, unless they're mission critical. Most apps are privacy death traps. ☠️

> If the FBI and United States military are using the same email server someone needs to seriously sit down with the feds and explain basic network segmentation because that would be a serious problem — @vxunderground #cybersecurity #infosec #news #rant

X (formerly Twitter)

vx-underground (@vxunderground) on X

If the FBI and United States military are using the same email server someone needs to seriously sit down with the feds and explain basic network s...

> DarkSword: iOS Exploit sample uploaded > @abuse_ch > > 'ghostblade.js' > > https:// > bazaar.abuse.ch/sample/2e5a56b > eb63f21d9347310412ae6efb29fd3db2d3a3fc0798865a29a3c578d35/ > … — @smica83 https://t.co/g7hNWOTaQp MalwareBazaar | Checking your browser (t.co) #cybersecurity #infosec #news #threat-intel

X (formerly Twitter)

Szabolcs Schmidt (@smica83) on X

DarkSword: iOS Exploit sample uploaded @abuse_ch 'ghostblade.js' https://t.co/g7hNWOTaQp

> Microslop sucks... If someone hacks your account, they can't retrieve your files. But if the FBI calls? Sure thing. No problem. — @kmcnam1 #cybersecurity #infosec #news #rant

X (formerly Twitter)

sudox (@kmcnam1) on X

Microslop sucks... If someone hacks your account, they can't retrieve your files. But if the FBI calls? Sure thing. No problem.

bots growing 8x faster than humans and we're still pretending behavioral analytics isn't a band-aid on a gunshot wound. > AI and bots have officially taken over much of the internet, according to a new report. > > HUMAN Security's 2026 State of AI Traffic & Cyberthreat Benchmark Report finds that in 2025: > > - Automated traffic grew 23.51% year over year > - Human traffic grew 3.10% year over year > - — @Pirat_Nation #cybersecurity #infosec #news #ai

X (formerly Twitter)

Pirat_Nation 🔴 (@Pirat_Nation) on X

AI and bots have officially taken over much of the internet, according to a new report. HUMAN Security's 2026 State of AI Traffic & Cyberthrea...

lockdown mode holding up against spyware so far. good if it lasts, but opt-in features only help people who bother. > Apple says it has no record of a successful spyware attack against any device running Lockdown Mode > > The opt-in security feature it introduced in 2022. — @Pirat_Nation #cybersecurity #infosec #news

X (formerly Twitter)

Pirat_Nation 🔴 (@Pirat_Nation) on X

Apple says it has no record of a successful spyware attack against any device running Lockdown Mode The opt-in security feature it introduced in 2...

anthropic cooking up an ai strong in cybersecurity. deliberate release means they're scared of what it can break. > Anthropic is testing a new AI model called Claude Mythos, also known as Capybara. > > “We’re developing a general purpose model with meaningful advances in reasoning, coding, and cybersecurity. > > Given the strength of its capabilities, we’re being deliberate about how we release it. — @Pirat_Nation #cybersecurity #infosec #news #ai

X (formerly Twitter)

Pirat_Nation 🔴 (@Pirat_Nation) on X

Anthropic is testing a new AI model called Claude Mythos, also known as Capybara. “We’re developing a general purpose model with meaningful ad...