This case led me to be the 1st industry analyst to clearly document, model, and explain how Iran developed the lock-and-leak information operations model to exploit eCrime ransomware and leak trends to conduct disruptive attacks using crappy personas—something they eventually did to ALL OF ALBANIA.
Nothing like providing opportunities to your team and watching them absolutely kill it!
The growth is incredible to witness every time.
Table of contents for a paper about the Houken intrusion campaign
ANSSI has published details about the Houken intrusion campaign, which seeks initial access to the networks of French entities through the exploitation of several zero-day vulnerabilities on Ivanti Cloud Service Appliance devices. www.cert.ssi.gouv.fr/cti/CERTFR-2...
image of a text that reads: "Although authenticode stuffing is common practice, ConnectWise’s decision to influence critical behavior and its user interface with unauthenticated attributes is clearly dangerous. It entices threat actors to build their own remote access malware with custom icons, background images and text, that is signed by a trusted company. Given how widely (ab-)used ConnectWise’s ScreenConnect is, it is a good idea to keep an eye out for these samples. Until ConnectWise changes their authenticode stuffing practices, the possibility of signed malware being created and distributed remains a threat. On June 12, we contacted ConnectWise prior to the release of this article to make them aware of the issues described above and give them the opportunity to issue a statement. We noticed on Tuesday, June 17, 2025 that the signature used to sign the samples was revoked. We have not received a statement by the time this article was released."
I guess we found out why ConnectWise rotated its certs
www.gdatasoftware.com/blog/2025/06...
Google's @hultquist.bsky.social says in an emailed statement that the company is seeing "multiple intrusions in the US" that bear the hallmarks of Scattered Spider activity and "now seeing incidents in the insurance industry." Google spox. confirmed there's more than one U.S.-based insurance victim.
I missed this story by @arielabergriger.bsky.social on the importance of AM Radio even today in @technologyreview.com.
It is beautifully illustrated and the point is important: we're letting a critical source of emergency management fade away and we don't have anything to fully replace it.
Akamai has spotted two Mirai botnets abusing a recently patched RCE (CVE-2025-24016) in the Wazuh SIEM
www.akamai.com/blog/securit...
cvereports.com/cve-2025-240...
Just saw an updated picture of my childhood home. The owners ripped out the tree in the front yard.
No more tire swing.
No more Magnolias all over the ground.
No more tree house.
It feels like a piece of my childhood memory was just cut out.
Can relate. Struggling at my current place, trying to decide where to focus my next phase, while also attempting to ensure I don’t wind up facing the same challenges.
Hello, friends! I'm thrilled to announce that The Homelab Almanac, v3.0 has officially launched! There is a **ton** of new stuff in this version, including:
- Proper DNS
- PKI
- Automatic signed certificates
- New secrets management
- Proxmox clustering
- Cloud integration
Risky Biz calling The Com criminals APTeens. 🏆
"Ransomware is a pain in the ass for us, but also it looks like we're a pain in the ass for them." - Bavi Sadayappan #SLEUTHCON
Superb from @michaeldweiss.bsky.social and the @theins.press . The gold standard of investigative teams is at it again. Giv them the Pulitzer pls. Honestly, they have a better understanding of 29155 than the US IC.
At this year's AusCERT conference we presented "Sigma and Detection Engineering with Velociraptor". Learn how to implement real time Sigma detection with forensic enhancements.
Full presentation youtube.com/watch?v=3EBr... and slides docs.velociraptor.app/presentation...
NSA and Others Publish Advisory Warning of Russian State-sponsored Cyber Campaign Targeting Western Logistics and Technology Entities | www.nsa.gov/Press-Room/P...
This should be getting more attention.
tough crowd 😂
1/
Absolutely love this resource 💙
Just came across this gem from JPCERT
👉 jpcertcc.github.io/ToolAnalysis...
It maps forensic artifacts left behind by tools used for lateral movement or credential dumping. Super detailed.
The Wire, but a cybercrime version of it
“I dOn’T ThInK I eVeR MeT hIm”
Full suite of projections seen:
Happy Friday everyone. Thanks for reading NPR.org this week.
Wanted to take a second to also remind you: I interviewed whistleblower Dan Berulis to accompany my lengthy written story on NLRB. Hear from him in his own words:
one.npr.org/i/nx-s1-5355...
Last chance to register for today’s webinar so you can prepare for your next pen test. We’ll talk about the latest attack trends and social engineering tactics. Don’t miss out! Register now! trustedsec.com/resources/we...
The CVE Board had been preparing to take the mission private through a non-profit foundation, saying that the government's role raised longstanding concerns" about "sustainability and neutrality." www.thecvefoundation.org
CISA blinks, extending its CVE contract at the last minute. I'm guessing someone in the Trump administration just learned how important this work is. bsky.app/profile/ddim...
On this week's show I talk to former NSA Cybersecurity Director Rob Joyce (@rgblights.bsky.social) about Donald Trump's unprecedented, unwarranted and completely bonkers political persecution of Chris Krebs and his employer SentinelOne.
AUDIO: risky.biz/RB788
VIDEO: youtu.be/uXY_HouhZww
Graffiti Alley in Toronto a few weeks ago.
