Hasamba
LightNews LightNews
hasamba72.bsky.social
Hasamba
@hasamba72.bsky.social
7 followers 20 following 170 posts
https://linktr.ee/yanivr
linktr.ee
Posts Media Videos Starter Packs
hasamba72.bsky.social
Hasamba @hasamba72.bsky.social · 6h
Containers are ephemeral but vulnerabilities persist; the piece lists five lifecycle controls: build hygiene, image scanning and SBOMs, minimal images, runtime policy enforcement, and continuous monitoring. #containers #sbom #security https://bit.ly/4oR41Wd
hasamba72.bsky.social
Hasamba @hasamba72.bsky.social · 9h
Forecast: adversaries will normalize AI use, increasing prompt injection and AI‑driven vishing with voice cloning. Expect ransomware + data extortion and attacks targeting virtualization infrastructure. #AI #promptinjection #ransomware https://bit.ly/43X22HU
1
hasamba72.bsky.social
Hasamba @hasamba72.bsky.social · 10h
Missing Windows Security 4624 left a host blind for the Oct 1, 2025 incident; last 4624 logged Sep 13, 4776 present, audit policy change suspected — lateral access inferred. #incidentresponse #windows_security https://bit.ly/3XciCzN
hasamba72.bsky.social
Hasamba @hasamba72.bsky.social · 2d
Hands‑on IR simulator with 70+ real cases from Standoff cyberbattles; provides reconstructed kill chains, logs and traffic dumps in isolated virtual environments for analyst practice. #incidentresponse #cybertraining #bookmark https://bit.ly/3LfzlzL
hasamba72.bsky.social
Hasamba @hasamba72.bsky.social · 2d
Rhysida runs Bing malvertising to push fake installers (Teams, PuTTy) delivering OysterLoader; samples are packed and code-signed for low VT detections and persistent backdoor delivery. #Rhysida #malvertising #OysterLoader https://bit.ly/3WA83X9
hasamba72.bsky.social
Hasamba @hasamba72.bsky.social · 2d
Containers are ephemeral but vulnerabilities persist; the piece links Wazuh-based ransomware defense to five build-to-runtime practices for managing container risk at scale. #containers #wazuh #security https://bit.ly/492JppA
hasamba72.bsky.social
Hasamba @hasamba72.bsky.social · 2d
SesameOp backdoor uses the OpenAI Assistants API as a command-and-control channel, showing Assistants endpoints can be abused; e-book summarizes five generative AI threats and steps to bolster security. #OpenAI #SesameOp #AIsecurity https://bit.ly/3LkRNH6
hasamba72.bsky.social
Hasamba @hasamba72.bsky.social · 2d
CoSAI released AI Incident Response Framework v1.0: NIST-aligned lifecycle, focus on prompt injection, memory/context poisoning and model extraction; includes OASIS CACAO playbooks for RAG and MINJA response. #AIsecurity #IR #CoSAI https://bit.ly/43NuP1B
hasamba72.bsky.social
Hasamba @hasamba72.bsky.social · 2d
Catalog of adversary techniques that exploit people: detailed taxonomy covering phishing, pretexting, baiting and insider risks, plus methodology and permissive reuse license. #socialengineering #humanrisk #bookmark https://bit.ly/492JXM2
hasamba72.bsky.social
Hasamba @hasamba72.bsky.social · 2d
P2P desktop transfer using iroh: end-to-end QUIC+TLS1.3, Blake3-verified streaming and resumable downloads; macOS unsigned builds may trigger Gatekeeper. #p2p #blake3 #tool https://bit.ly/49yc7P5
hasamba72.bsky.social
Hasamba @hasamba72.bsky.social · 3d
mcp-scanner detects prompt‑injection vectors and insecure agent behavior via LLM analysis; supports Cisco AI Defense, AWS Bedrock (Claude), OpenAI and Azure integrations. #tool #promptinjection #LLMsecurity https://bit.ly/4qDUnrO
hasamba72.bsky.social
Hasamba @hasamba72.bsky.social · 5d
High-accuracy OCR: Chandra outputs layout-preserving HTML/Markdown/JSON, handles handwriting, tables and forms, and supports local (HuggingFace) and remote (vLLM) inference modes. #ocr #chandra #tool https://bit.ly/4okXIKY
hasamba72.bsky.social
Hasamba @hasamba72.bsky.social · 6d
Google details Android’s layered anti‑scam stack: Play Protect app verification, Safe Browsing signals, and on‑device ML models to detect phishing and fraudulent apps. #android #MobileSecurity #PlayProtect https://bit.ly/3LC3g52
hasamba72.bsky.social
Hasamba @hasamba72.bsky.social · 6d
Author bypassed NeuroShield (AI WAF) with ChatGPT-crafted payloads and exploited an overlooked API rate limit, enabling full account takeover. Key finding: AI defenses can be evaded by adversarially generated inputs. #AI #WAF #security https://bit.ly/4qUiHpJ
hasamba72.bsky.social
Hasamba @hasamba72.bsky.social · 6d
Aardvark (ChatGPT-5) auto-scans code, builds threat models, sandboxes exploits, and proposes patches. Reported 92% detection in golden repos and 10 CVEs assigned so far. #Aardvark #OpenAI #tool https://bit.ly/4nxZXJA
hasamba72.bsky.social
Hasamba @hasamba72.bsky.social · 6d
Kerberos reflection using Ghost SPNs can lead to remote SYSTEM elevation (CVE-2025-58726). Default AD DNS registration and missing SMB signing enable the chain; Microsoft patched Oct 2025. #CVE202558726 #Kerberos #GhostSPN https://bit.ly/3LmOMpz
1
hasamba72.bsky.social
Hasamba @hasamba72.bsky.social · 6d
Skills in Claude are markdown files with YAML metadata, token‑efficient, and operate across Claude.ai, Claude Code, and the API. Key capabilities: Rube MCP integrations, Playwright test generation, Document Suite for Office/PDF. #tool #Claude #Playwright https://bit.ly/48Xwm8K
1
hasamba72.bsky.social
Hasamba @hasamba72.bsky.social · 7d
Repository for CoSAI Workstream 2 defines a Defender’s Framework to scale investments and mitigation for pivotal offensive AI advances; leads: Josiah Hagen (Trend Micro), Vinay Bansal (Cisco). #tool #AIsecurity #OASIS https://bit.ly/4nsZdW4
hasamba72.bsky.social
Hasamba @hasamba72.bsky.social · 8d
Mandiant reports stolen credentials caused 16% of initial access in 2024; growth in human and non‑human privileged identities expands attack surface. Recommends Zero Trust, MFA, PAM and SIEM tuning. #MTrends #PrivilegedAccess #IdentitySecurity https://bit.ly/4qAo7pA
hasamba72.bsky.social
Hasamba @hasamba72.bsky.social · 8d
Active exploitation observed for WSUS deserialization bug CVE-2025-59287; report from a customer alert on Windows Server Update Services noted by Bas van den Berg. Limited IoCs published. #CVE-2025-59287 #WSUS #deserialization https://bit.ly/49q0nhx
hasamba72.bsky.social
Hasamba @hasamba72.bsky.social · 8d
Agentic browser AI for pentesting that can run tasks in an isolated Kali container, preserve session context, and connect via OpenVPN; includes embedded terminal and dynamic task checklist. #tool #pentest #AI https://bit.ly/48UwyWi
hasamba72.bsky.social
Hasamba @hasamba72.bsky.social · 8d
Telegram unveils Cocoon, a Confidential Compute Open Network on TON. GPU owners can earn TON tokens; developers gain low‑cost AI compute. Telegram to integrate via mini‑apps. Launch Nov 2025. #Cocoon #TON #AI https://bit.ly/4o84seW
hasamba72.bsky.social
Hasamba @hasamba72.bsky.social · 8d
Registry hives like NTUSER.DAT and SYSTEM contain artifacts (UserAssist, RunMRU, ShellBags, Enum\USB\USBSTOR) that reveal program execution, USB history and local account details. #registry #forensics #DFIR https://bit.ly/49rXYTE
hasamba72.bsky.social
Hasamba @hasamba72.bsky.social · 9d
Curated AI+OSINT index highlighting ChatGPT/Grok prompt guides, image ID tools like Lenso.ai, and GEOINT tools such as GeoSpy and GeoGPT. Resource portal for investigators. #ai #osint #bookmark https://bit.ly/3WYaDWZ
hasamba72.bsky.social
Hasamba @hasamba72.bsky.social · 9d
Windows service triggers can enable low‑privilege starts of services (RemoteRegistry, WebClient, EFS). Enumerate via sc qtriggerinfo, registry TriggerInfo or QueryServiceConfig2. TrustedSec maps trigger types and activation methods. #windows #service #infosec https://bit.ly/48LDll9