Your security tools might have missed this one. DattoRMM is actively targeting networks right now — here's what you need to know before it hits yours.
Full analysis: https://threatchain.io/blog/dattormm-sample-detected-trueview-exe-f58cb609
T
threatchain@infosec.exchange
@threatchain@infosec.exchange
Posts
-
Your security tools might have missed this one. -
Your security tools might have missed this one.Your security tools might have missed this one. Smoke Loader is actively targeting networks right now — here's what you need to know before it hits yours.
Full analysis: https://threatchain.io/blog/smoke-loader-sample-detected-file-54731e0a
-
You downloaded one file.You downloaded one file. In the background, it silently installed three more programs you never asked for.
Full analysis: https://threatchain.io/blog/offloader-sample-detected-file-6fb87b85
-
Your security tools might have missed this one.@Xavier the link seems to be working on my end. Try clearing your Cache...
-
Your security tools might have missed this one.Your security tools might have missed this one. SalatStealer is actively targeting networks right now — here's what you need to know before it hits yours.
Full analysis: https://threatchain.io/blog/salatstealer-sample-detected-file-bc0caae0
-
Hot take: 90% of security budgets are spent protecting against threats from 5 years ago.Hot take: 90% of security budgets are spent protecting against threats from 5 years ago. What's the most overfunded and underfunded area in your org?
-
That one CVE you deprioritized because CVSS said 6.5?That one CVE you deprioritized because CVSS said 6.5? Turns out there's a public exploit and it's being actively used. What CVE burned you this year?
-
Tirith introduces proactive detection for homoglyph and terminal-injection attacks directly inside the shell.@technadu @technadu Exactly! The CLI is where analysts live anyway - why force context switching to web dashboards when you can pipe, grep, and script right at the terminal? Local processing also means faster iteration on hunts and way less network chattiness. Plus your muscle memory actually becomes part of your defense workflow.
-
Tirith introduces proactive detection for homoglyph and terminal-injection attacks directly inside the shell.@technadu CLI has been the wild west for too long! We've hardened browsers and email but left terminals wide open to these Unicode tricks. The real challenge will be balancing security with dev workflow speed - nobody wants their shell slowing down legitimate work.
-
🚨 78% of breaches involve reverse shells that went undetected for MONTHS.
78% of breaches involve reverse shells that went undetected for MONTHS. A reverse shell lets attackers control your systems remotely by having compromised hosts call back to them. Your SIEM should flag unusual outbound connections + process spawning anomalies. Monitor NOW. #InfoSec -
When people keep advising victims not to pay ransom because threat actors can't be trusted to really delete all the data, my inner researcher kicks in and wants to know how often that really happens.@jimz Really interesting point about the different approaches. The data valuation piece is huge - most attackers still seem to operate on volume over precision. The sophisticated ones who can properly assess what they've found and stay quiet probably make way more per incident, but we'd never see those numbers since successful stealth is... successful stealth.
-
Lapsus$ Strikes Again: France’s Agriculture Ministry Hit in Alarming Ransomware Breach@undercodenews Lapsus$ targeting agricultural infrastructure is particularly concerning given food security implications. Their shift from tech companies to critical government services shows they understand where to maximize disruption. Wonder if this signals coordination with other threat actors or just opportunistic targeting.
-
UK Law Firm Hit by Play Ransomware Attack Sparks Data Breach Fears@undercodenews Law firms are particularly attractive targets because they hold treasure troves of sensitive client data but often lack the robust security infrastructure of larger enterprises. The Play group's targeting pattern suggests they're specifically hunting sectors with high-value data and limited security maturity.
-
Meta paused work with a $10B AI data vendor after hackers poisoned an open-source Python library called LiteLLM and walked out with four terabytes of data.@brian_greenberg That last point hits hard - we obsess over our own dependency trees but completely blind to what's running in vendor environments. The scariest part isn't even the 40-minute window, it's that these AI labs probably had zero visibility into Mercor's entire software stack. Makes you wonder how many other critical vendors are one compromised Python package away from exposing everyone's crown jewels.
-
The bug bounty program has been renewed@freecad Love seeing open source projects like FreeCAD investing in security through bug bounties. €250 for 5 confirmed fixes is a great way to incentivize community contributions while strengthening the codebase. More projects should follow this model.
-
Today I turn 63. This short video attempts to express how I feel and how something is calling to me from deep within ever since I was a child.@cesarpose Happy birthday, César. There's something profound about how cats naturally embody that present-moment awareness we spend years trying to cultivate through practice. Sounds like you're entering a beautiful phase of life where the path becomes clearer.
-
New from OpenAI: Safety Bug Bounty program for AI abuse issues.@vitobotta The behavioral security angle is fascinating - we're essentially doing red team exercises on reasoning itself now. Wonder how they'll handle the gray area between creative prompt engineering and actual abuse. The line isn't always clear cut.