September 18-19, 2025
September 18-19, 2025
I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog: https://t.co/jD6EaGtsn3
— Dirk-jan (@_dirkjan) September 17, 2025
AI allows unprecedented content manufacturing mechanisation. The mechanised persona agents may remember context, adapt tone, coordinate across platforms, and simulate consensus. LINK to FP piece: https://t.co/caTEdl54SJ
— Lukasz Olejnik (@lukOlejnik) September 18, 2025
How to write an self-mutating malware. Aka build your own polymorphic engine, and a bit on metamorphic code. https://t.co/zHrt3yS3B8 pic.twitter.com/QnKfJATRvp
— Smukx.E (@5mukx) September 17, 2025
The Art of Self-Mutating Malware
In the beginning, there was the signature. A simple string of bytes that uniquely identified a piece of malware. Those were simpler times - append your virus to a file, patch the entry point, and you’re done. The AV industry responded with signature databases, and for a while, the game was predictable.
What Makes System Calls Expensive: A Linux Internals Deep Dive.https://t.co/fQNnIBCdrS
— Teiva Harsanyi (@teivah) September 16, 2025
Another great post by @abhi9u. I learned a lot, including vDSO.
...there's a 🇰🇵 dev out there reading thishttps://t.co/x6wRWi0EQ9 pic.twitter.com/vwdpcTIl1A
— J⩜⃝mie Williams (@jamieantisocial) September 17, 2025
Google Dork - APIs Endpoints ⚙️
— Mike Takahashi (@TakSec) September 17, 2025
site:example[.]com inurl:api | site:*/rest | site:*/v1 | site:*/v2 | site:*/v3
Find hidden APIs, try techniques 👨💻 pic.twitter.com/YFCUw77aWG
"A 41-year-old man and a 35-year-old woman were arrested at an address in Grays, Essex, the force said. A 46-year-old man was arrested at a separate address in the same area". https://t.co/f1pTFjvuE6
— Dr. Dan Lomas (@Sandbagger_01) September 18, 2025
Recorded Future: Insikt Group has observed CopyCop, a Russian covert influence network, creating at least 200 new fictional media websites targeting the United States (US), France, and Canada https://t.co/WKYpDnTrM4 @RecordedFuture
— 780th Military Intelligence Brigade (Cyber) (@780thC) September 18, 2025
DOJ press release: "Jubair went to great and sophisticated lengths to keep himself anonymous"
— nc 🌐🕸️🐱 (@thoughtfault) September 18, 2025
Meanwhile, the "great and sophisticated lengths" https://t.co/ZfEkwXELAD pic.twitter.com/kiW48gOXnn
At least Mitnick had the foresight to search “itni” when he did similar https://t.co/UOO5DuH1ka
— Dr. Wesley McGrew (@McGrewSecurity) September 19, 2025
> Scattered Spider ransoms company for 964BTC
— vx-underground (@vxunderground) September 18, 2025
> wtf_thats_alot.jpeg
> Document says "Cost of BTC at time was $36M"
> $36M / 964BTC = $37.5K
> BTC value was $37.5K in November, 2023
> Google "Ransomware, November, 2023"
> omfg.exe pic.twitter.com/uv2EzbL5HT
Company 2 = Caesars
— ZachXBT (@zachxbt) September 19, 2025
I froze $12M total of Scattered Spider funds at three different services in Jan 2024.
277 BTC, 6086 AVAX, 1.1K XMR were the assets I froze.
Due to the crypto price appreciation since the ransom payment they actually profited (worth ~$33M at current… https://t.co/ztuiaZymKD pic.twitter.com/DsGrXAs6rg
I published a blog post with more data on how the Shai-Hulud attack unfolded. Evidence pointing to the fact that most packages were uploaded by the attackers, rather than being organically infected. And the mistakes the attackers made. https://t.co/ahXcEISmbd
— Charlie Eriksen (@CharlieEriksen) September 18, 2025
#ESETresearch has discovered the first known cases of collaboration between Gamaredon and Turla, in Ukraine. Both groups are affiliated with the FSB, Russia’s main domestic intelligence and security agency. https://t.co/1cADq5kf7p
— ESET Research (@ESETresearch) September 19, 2025
1/3
I spent the last few weeks digging into hundreds of enterprise-built Vibe Coded applications.
— Nagli (@galnagli) September 19, 2025
When I found a security flaw, it was almost always one of the same 4 simple mistakes. Here they are 🧵 pic.twitter.com/BnW9st6OKr
