The Banshee Queen 👑
@cyberoverdrive.bsky.social
#threatintel @Recorded Future | Formerly @PwC GTI | Malware & infrastructure analysis with a side of cyberpunk. 🌃🌌 She/her, support 🏳️🌈🏳️⚧️✨
Pinned
RedNovember Targets Government, Defense, and Technology Organizations
RedNovember, a likely Chinese state-sponsored cyber-espionage group, has targeted global government, defense, and tech sectors using advanced tools like Pantegana and Cobalt Strike. Discover the lates...
www.recordedfuture.com
First public report at Recorded Future by yours truly is out! RedNovember (formerly TAG-100, a.k.a. Storm-2077) is a Chinese state-sponsored threat group focused on intelligence collection, especially on flashpoint issues of strategic interest to China. www.recordedfuture.com/research/red...
Reposted by The Banshee Queen 👑
Like others we are seeing attacks attempting to exploit React CVE-2025-55182 at scale, incl. botnet related activity. How successful have these attacks been? You can get a view here, where we track compromised host with Next.js attacking our sensors:
dashboard.shadowserver.org/statistics/h...
dashboard.shadowserver.org/statistics/h...
December 8, 2025 at 11:31 AM
Like others we are seeing attacks attempting to exploit React CVE-2025-55182 at scale, incl. botnet related activity. How successful have these attacks been? You can get a view here, where we track compromised host with Next.js attacking our sensors:
dashboard.shadowserver.org/statistics/h...
dashboard.shadowserver.org/statistics/h...
Reposted by The Banshee Queen 👑
Israeli surveillance targets US and allies at joint base planning Gaza aid and security, say sources www.theguardian.com/world/2025/d...
Israeli surveillance targets US and allies at joint base planning Gaza aid and security, say sources
Concerns over recording of meetings at coordination centre excluding Palestinians that was set up to provide support for Trump’s Gaza plan
www.theguardian.com
December 8, 2025 at 8:09 AM
Israeli surveillance targets US and allies at joint base planning Gaza aid and security, say sources www.theguardian.com/world/2025/d...
Reposted by The Banshee Queen 👑
React2Shell exploitation frequency in GreyNoise dec 5-dec 6
December 7, 2025 at 4:14 PM
React2Shell exploitation frequency in GreyNoise dec 5-dec 6
Reposted by The Banshee Queen 👑
I spend so much time verifying everything now from art to cited sources to photos to historical references to citations to quotes to legal and medical information that it's really hard to fathom how much work AI has collectively added to the world, not reduced
Here's the reality this example illustrates:
It's not even just about people blindly trusting what ChatGPT tells them. LLMs are poisoning the entire information ecosystem. You can't even necessarily trust that the citations in a published paper are real (or a search engine's descriptions of them).
It's not even just about people blindly trusting what ChatGPT tells them. LLMs are poisoning the entire information ecosystem. You can't even necessarily trust that the citations in a published paper are real (or a search engine's descriptions of them).
December 7, 2025 at 2:58 AM
I spend so much time verifying everything now from art to cited sources to photos to historical references to citations to quotes to legal and medical information that it's really hard to fathom how much work AI has collectively added to the world, not reduced
Reposted by The Banshee Queen 👑
lol... you don't say...
🇷🇺🤝🇺🇸 #Russia has welcomed changes in the U.S. National Security Strategy, saying the adjustments that marked a radical departure from Washington's previous policy were "largely consistent" with Moscow's vision.
www.themoscowtimes.com/2025/12/07/c...
#usa
www.themoscowtimes.com/2025/12/07/c...
#usa
Changes to U.S. Security Strategy 'Largely Consistent' With Russia's Vision – Kremlin - The Moscow Times
Russia has welcomed changes in the U.S.
www.themoscowtimes.com
December 7, 2025 at 11:17 AM
lol... you don't say...
Reposted by The Banshee Queen 👑
A study in the evolution of SVR cyberespionage tradecraft
December 6, 2025 at 7:07 PM
A study in the evolution of SVR cyberespionage tradecraft
Reposted by The Banshee Queen 👑
Asked how a stalker might target an ex-partner, Grok immediately produced a long, detailed list of predatory + dangerous tactics organized into escalating "phases." (Our overview is in the first screenshot.)
Notable: all other leading chatbots we tested declined to engage in a similar interaction.
Notable: all other leading chatbots we tested declined to engage in a similar interaction.
December 6, 2025 at 6:56 PM
Asked how a stalker might target an ex-partner, Grok immediately produced a long, detailed list of predatory + dangerous tactics organized into escalating "phases." (Our overview is in the first screenshot.)
Notable: all other leading chatbots we tested declined to engage in a similar interaction.
Notable: all other leading chatbots we tested declined to engage in a similar interaction.
Reposted by The Banshee Queen 👑
@mohamhawish.bsky.social speaks to more than a dozen people living in Gaza under a regime of ceaseless surveillance. One man now avoids calling his brother and has described the collapse of connection itself in his life.
Watched, Tracked, and Targeted in Gaza
Life under Israel’s all-encompassing surveillance regime.
nymag.com
December 5, 2025 at 1:39 PM
@mohamhawish.bsky.social speaks to more than a dozen people living in Gaza under a regime of ceaseless surveillance. One man now avoids calling his brother and has described the collapse of connection itself in his life.
Reposted by The Banshee Queen 👑
Trump's national security strategy is out and some of the Europe sections are shocking. "...the growing influence of patriotic European parties indeed
gives cause for great optimism."
www.whitehouse.gov/wp-content/u...
gives cause for great optimism."
www.whitehouse.gov/wp-content/u...
December 5, 2025 at 7:33 AM
Trump's national security strategy is out and some of the Europe sections are shocking. "...the growing influence of patriotic European parties indeed
gives cause for great optimism."
www.whitehouse.gov/wp-content/u...
gives cause for great optimism."
www.whitehouse.gov/wp-content/u...
Reposted by The Banshee Queen 👑
"The extensive leak, called the Damascus Dossier, contains over 134,000 documents and images exposing how thousands of people were systematically imprisoned, tortured, and killed under Bashar al-Assad’s rule."
"A historic document leak creates new opportunities to hold perpetrators accountable. Today, one of the largest document leaks ever from Syria’s intelligence services was made public."
Damascus Dossier reveals regime's systematic brutality - Civil Rights Defenders share.google/rjRv1rStW3RT...
Damascus Dossier reveals regime's systematic brutality - Civil Rights Defenders share.google/rjRv1rStW3RT...
Damascus Dossier reveals regime's systematic brutality - Civil Rights Defenders
A historic document leak creates new opportunities to hold perpetrators accountable. Today, one of the largest document leaks ever from Syria’s intelligence services was made public. The extensive lea...
share.google
December 5, 2025 at 8:04 AM
"The extensive leak, called the Damascus Dossier, contains over 134,000 documents and images exposing how thousands of people were systematically imprisoned, tortured, and killed under Bashar al-Assad’s rule."
Reposted by The Banshee Queen 👑
@volexity.com tracks a variety of threat actors abusing Device Code & OAuth authentication workflows to phish credentials, which continue to see success due to creative social engineering. Our latest blog post details Russian threat actor UTA0355’s campaigns impersonating European security events.
Dangerous Invitations: Russian Threat Actor Spoofs European Security Events in Targeted Phishing Attacks
In early 2025, Volexity published two blog posts detailing a new trend among Russian threat actors targeting organizations through the abuse of Microsoft 365 OAuth and Device Code authentication workf...
www.volexity.com
December 4, 2025 at 6:36 PM
@volexity.com tracks a variety of threat actors abusing Device Code & OAuth authentication workflows to phish credentials, which continue to see success due to creative social engineering. Our latest blog post details Russian threat actor UTA0355’s campaigns impersonating European security events.
Reposted by The Banshee Queen 👑
Holy shit.
Reuters reporting that new admin instructions on visas are if you worked at a platform in trust & safety or content moderation or on fact checking or online safety at an platform you *and your loved ones* are ineligible for H-1B visa.
www.reuters.com/world/us/tru...
Reuters reporting that new admin instructions on visas are if you worked at a platform in trust & safety or content moderation or on fact checking or online safety at an platform you *and your loved ones* are ineligible for H-1B visa.
www.reuters.com/world/us/tru...
December 4, 2025 at 5:41 PM
Holy shit.
Reuters reporting that new admin instructions on visas are if you worked at a platform in trust & safety or content moderation or on fact checking or online safety at an platform you *and your loved ones* are ineligible for H-1B visa.
www.reuters.com/world/us/tru...
Reuters reporting that new admin instructions on visas are if you worked at a platform in trust & safety or content moderation or on fact checking or online safety at an platform you *and your loved ones* are ineligible for H-1B visa.
www.reuters.com/world/us/tru...
Reposted by The Banshee Queen 👑
"How We Caught Lazarus's IT Workers Scheme Live on Camera" published by AnyRun. #ITWorker, #FamousChollima, #DPRK, #CTI https://any.run/cybersecurity-blog/lazarus-group-it-workers-investigation/
December 4, 2025 at 5:30 PM
"How We Caught Lazarus's IT Workers Scheme Live on Camera" published by AnyRun. #ITWorker, #FamousChollima, #DPRK, #CTI https://any.run/cybersecurity-blog/lazarus-group-it-workers-investigation/
Reposted by The Banshee Queen 👑
CISA, the NSA, and Canada's cyber agency have published a report on the sophisticated Brickstorm malware that China has used (www.cybersecuritydive.com/news/china-e...) to penetrate software vendors, SaaS providers, and other targets: www.cisa.gov/sites/defaul...
December 4, 2025 at 4:30 PM
CISA, the NSA, and Canada's cyber agency have published a report on the sophisticated Brickstorm malware that China has used (www.cybersecuritydive.com/news/china-e...) to penetrate software vendors, SaaS providers, and other targets: www.cisa.gov/sites/defaul...
Reposted by The Banshee Queen 👑
🚨 - New report by Haaretz, Inside Story, Inside-IT and Amnesty International release the Intellexa Leaks. Which exposes Intellexa support staff had access through Teamviewer to customer deployments and confirms found IOC's in the past by civil society. 🧵👇
December 4, 2025 at 11:37 AM
🚨 - New report by Haaretz, Inside Story, Inside-IT and Amnesty International release the Intellexa Leaks. Which exposes Intellexa support staff had access through Teamviewer to customer deployments and confirms found IOC's in the past by civil society. 🧵👇
Reminder to never wear a cute dress for a conference presentation, because with T-25 minutes the mic is now clipped to my back and I look like the hunchback of Nôtre-Dame 🙃
December 4, 2025 at 2:47 PM
Reminder to never wear a cute dress for a conference presentation, because with T-25 minutes the mic is now clipped to my back and I look like the hunchback of Nôtre-Dame 🙃
@k8em0.bsky.social being (as always) an absolute trailblazer and visionary at SANS #CyberThreat2025
December 4, 2025 at 12:47 PM
@k8em0.bsky.social being (as always) an absolute trailblazer and visionary at SANS #CyberThreat2025
Reposted by The Banshee Queen 👑
Today’s sanctions also zero in on eight cyber military intelligence officers for working for the GRU for cyber operations targeting Yulia Skripal with X-agent malware and, five years later, the attempted murder of Yulia and her father on UK soil
www.gov.uk/government/n...
www.gov.uk/government/n...
UK cracks down on Russian intelligence agency authorised by Putin to target Skripals
UK announces sanctions against the GRU as Dawn Sturgess Inquiry report finds Putin personally ordered their activity in Salisbury in 2018.
www.gov.uk
December 4, 2025 at 12:19 PM
Today’s sanctions also zero in on eight cyber military intelligence officers for working for the GRU for cyber operations targeting Yulia Skripal with X-agent malware and, five years later, the attempted murder of Yulia and her father on UK soil
www.gov.uk/government/n...
www.gov.uk/government/n...
the fact that people can even THINK like this?? with this level of callousness and disregard for human life?? just abominable
Palantir CEO Says Making War Crimes Constitutional Would Be Good for Business
Palantir CEO Says Making War Crimes Constitutional Would Be Good for Business
Alex Karp vows to use his "whole influence" on immigration and defense policy.
gizmodo.com
December 4, 2025 at 9:32 AM
the fact that people can even THINK like this?? with this level of callousness and disregard for human life?? just abominable
Reposted by The Banshee Queen 👑
1/ Today we release a new report exposing previously undisclosed entities connected to the wider #Intellexa ecosystem as well as newly identified activity clusters in Iraq and indications of activity in Pakistan: www.recordedfuture.com/research/int...
Intellexa’s Global Corporate Web
www.recordedfuture.com
December 4, 2025 at 4:18 AM
1/ Today we release a new report exposing previously undisclosed entities connected to the wider #Intellexa ecosystem as well as newly identified activity clusters in Iraq and indications of activity in Pakistan: www.recordedfuture.com/research/int...
Reposted by The Banshee Queen 👑
🇷🇺 French NGO Reporters Without Borders targeted by #Calisto in recent campaign
Sekoia #TDR analysed a recent #Calisto (aka #ColdRiver #Star Blizzard) spear-phishing campaign aimed at Reporters sans frontières and other #Ukraine-supporting organisations.
blog.sekoia.io/ngo-reporter...
Sekoia #TDR analysed a recent #Calisto (aka #ColdRiver #Star Blizzard) spear-phishing campaign aimed at Reporters sans frontières and other #Ukraine-supporting organisations.
blog.sekoia.io/ngo-reporter...
December 4, 2025 at 8:26 AM
🇷🇺 French NGO Reporters Without Borders targeted by #Calisto in recent campaign
Sekoia #TDR analysed a recent #Calisto (aka #ColdRiver #Star Blizzard) spear-phishing campaign aimed at Reporters sans frontières and other #Ukraine-supporting organisations.
blog.sekoia.io/ngo-reporter...
Sekoia #TDR analysed a recent #Calisto (aka #ColdRiver #Star Blizzard) spear-phishing campaign aimed at Reporters sans frontières and other #Ukraine-supporting organisations.
blog.sekoia.io/ngo-reporter...
Reposted by The Banshee Queen 👑
A 28-year-old Russian citizen trained in the use of cryptocurrency wallets and linked to the Russian FSB ran a spy and sabotage network in Poland, from Russia for over two years, recruiting about 30 people via Telegram.
December 3, 2025 at 8:02 PM
A 28-year-old Russian citizen trained in the use of cryptocurrency wallets and linked to the Russian FSB ran a spy and sabotage network in Poland, from Russia for over two years, recruiting about 30 people via Telegram.
Reposted by The Banshee Queen 👑
Everyone's got their own thoughts about the Anthropic AI report but the thing sticking in my head is the idea that Claude has "strong guardrails" when all it takes to break them is to say oh no I'm actually a good guy working in cybersecurity. Maybe the guardrails aren't that strong?
December 3, 2025 at 4:34 PM
Everyone's got their own thoughts about the Anthropic AI report but the thing sticking in my head is the idea that Claude has "strong guardrails" when all it takes to break them is to say oh no I'm actually a good guy working in cybersecurity. Maybe the guardrails aren't that strong?
Reposted by The Banshee Queen 👑
The Natto Team examines the leaked incident from Knownsec’s perspective to explore the role that elite Chinese cybersecurity companies play in building the country’s cyber capabilities.
nattothoughts.substack.com/p/knownsec-t...
nattothoughts.substack.com/p/knownsec-t...
Knownsec: The King of Vulnerability Missed Three Vulnerabilities of Its Own
The leak incident involving Chinese cybersecurity firm Knownsec shows the company’s seemingly transparent crisis management strategy and underscores its position in the industry, but mysteries remain.
nattothoughts.substack.com
December 3, 2025 at 5:10 PM
The Natto Team examines the leaked incident from Knownsec’s perspective to explore the role that elite Chinese cybersecurity companies play in building the country’s cyber capabilities.
nattothoughts.substack.com/p/knownsec-t...
nattothoughts.substack.com/p/knownsec-t...