Zach Corum
LightNews LightNews
banner
infrasecalliance.org
Zach Corum
@infrasecalliance.org
65 followers 390 following 51 posts
IT | OT | Cybersecurity | GICSP | Whisk(e)y | Bonsai Open to Work Infrasec Aliance: A non-profit dedicated to securing critical infrastructure https://infrasecalliance.org https://blog.infrasecalliance.org https://bio.site/zachcorum
infrasecalliance.org
Posts Media Videos Starter Packs
infrasecalliance.org
Zach Corum @infrasecalliance.org · May 27
I am doing some research on the usage of llms.txt / llms-full.txt and thought it useful to create an index site for anyone to search for these files. llms-text.ai

I also added a simple API endpoint for programmatic access if you need it.
llms-text.ai/api/search-l...
#ai #llms #aidevelopment
LLMS.txt Explorer
Explore and analyze LLMS.txt files from various domains across the web
llms-text.ai
infrasecalliance.org
Zach Corum @infrasecalliance.org · Apr 6
No honor amongst thieves.
campuscodi.risky.biz Catalin Cimpanu @campuscodi.risky.biz · Apr 5
There's a ransomware group named DragonForce going around hacking its rivals.

After Mamona and BlackLock, the group has now hacked RansomHub—a major RaaS platform and one of the most active groups today.
Reposted by Zach Corum
campuscodi.risky.biz
Catalin Cimpanu @campuscodi.risky.biz · Apr 5
There's a ransomware group named DragonForce going around hacking its rivals.

After Mamona and BlackLock, the group has now hacked RansomHub—a major RaaS platform and one of the most active groups today.
2 5 16
Reposted by Zach Corum
therecordmedia.bsky.social
The Record @therecordmedia.bsky.social · Mar 20
Website outages were observed across Russia this week, with regulators attributing them to issues with foreign servers. Observers said the problems might be tied to Russian government moves to block the Cloudflare service. https://therecord.media/russia-websites-dark-reported-cloudflare-block
Major web services go dark in Russia amid reported Cloudflare block
Website outages were observed across Russia this week, with regulators attributing them to issues with foreign servers. Observers said the problems might be tied to Russian government moves to block the Cloudflare service.
therecord.media
2 2
infrasecalliance.org
Zach Corum @infrasecalliance.org · Mar 20
Credit: techcrunch.com/2025/03/20/h...
Hackers are ramping up attacks using year-old ServiceNow security bugs to target unpatched systems | TechCrunch
Threat intelligence startup GreyNoise says it has observed a ‘notable resurgence’ in attack activity
techcrunch.com
1
infrasecalliance.org
Zach Corum @infrasecalliance.org · Mar 20
4/4 ServiceNow spokesperson Erica Faltous says that the company has not observed any customer impact from an attack campaign, but users should prioritize patching their systems as soon as possible. Stay vigilant and keep your systems up-to-date! #CybersecurityAwareness
1 1
infrasecalliance.org
Zach Corum @infrasecalliance.org · Mar 20
3/4 Organizations use ServiceNow to host sensitive data about employees, including personally identifiable information and HR records related to employment. If hackers exploit these vulnerabilities, they could gain unauthorized access to this sensitive data. #DataSecurity
1 1
infrasecalliance.org
Zach Corum @infrasecalliance.org · Mar 20
2/4 The vulnerabilities, CVE-2024-4879, CVE-2024-5178, and CVE-2024-5217, were first disclosed in May 2024 and patched by ServiceNow in July 2024. However, GreyNoise says that the flaws can be chained together for "full database access" of affected ServiceNow instances. #Cybersecurity
1 1
infrasecalliance.org
Zach Corum @infrasecalliance.org · Mar 20
🧵1/4 Hackers are ramping up attacks using year-old ServiceNow security bugs to target unpatched systems. Threat intelligence startup GreyNoise warns that 70% of recent malicious activity targeted systems in Israel, Germany, Japan, and Lithuania. #Security #ServiceNow
1 1
infrasecalliance.org
Zach Corum @infrasecalliance.org · Mar 20
It's a markdown file placed in your root directory that
Provides a concise summary of your site
Links to key pages with descriptions
Eliminates HTML/JS noise that confuses AI
infrasecalliance.org
Zach Corum @infrasecalliance.org · Mar 20
🤖 #LLMsTxt: A Game-Changer for AI & Websites

The /llms.txt file is a new web standard that helps LLMs better understand your website content.
Here is a simple google dork with roughly 700+ results
www.google.com/search?q=fil...
Google Search
www.google.com
1
Reposted by Zach Corum
campuscodi.risky.biz
Catalin Cimpanu @campuscodi.risky.biz · Feb 20
PAN's Unit42 solves an old APT mystery and links the Stately Taurus APT to Bookworm, a mysterious trojan used in espionage campaigns for the past decade.

unit42.paloaltonetworks.com/stately-taur...
Stately Taurus Activity in Southeast Asia Links to Bookworm Malware
Unit 42 details the just-discovered connection between threat group Stately Taurus (aka Mustang Panda) and the malware Bookworm, found during analysis of the group's infrastructure. Unit 42 details th...
unit42.paloaltonetworks.com
6 10
Reposted by Zach Corum
carlypage.bsky.social
Carly Page @carlypage.bsky.social · Feb 21
A trove of chat logs allegedly belonging to the prolific Black Basta ransomware group has leaked online, revealing unprecedented insights into the gang's operations

The logs, seen by TechCrunch, also name several previously unknown targeted organizations techcrunch.com/2025/02/21/a...
A huge trove of leaked Black Basta chat logs expose the ransomware gang’s key members and victims | TechCrunch
A leaker allegedly published the leaked internal messages after the group allegedly targeted Russian banks
techcrunch.com
3 1
infrasecalliance.org
Zach Corum @infrasecalliance.org · Feb 7
When did this "feature" get added to the Edge browser? Don't do this, its dumb. #nothanks #cybersecurity #privacy
infrasecalliance.org
Zach Corum @infrasecalliance.org · Dec 6
It may seem like a daunting task to upgrade 5 decades worth of equipment. It enrages me when they blame the outdated equipment like it has a choice. It was their choice not to update it! Don't let them get away with that decision it will happen again.
wylienewmark.bsky.social Horkos @wylienewmark.bsky.social · Dec 6
And you thought your business had a lot of unpatched edge devices that enable long-dwell persistence!

I love how so many problems in cybersecurity are basic and ubiquitous — like common networking appliances having code riddled with vulnerabilities — but people wanna invest in AI or whatever…
samsabin.bsky.social Sam Sabin @samsabin.bsky.social · Dec 6
There's a reason why it's going to take U.S. telcos a pretty long time to toss Beijing out of their networks: They have so much equipment they need to map out, patch and update.

But until each device is secured, Beijing is likely going to keep finding new ways in.

www.axios.com/2024/12/06/t...
infrasecalliance.org
Zach Corum @infrasecalliance.org · Dec 4
This is another one of those turning point moments isn't it?
Reposted by Zach Corum
troyhunt.com
Troy Hunt @troyhunt.com · Dec 4
Happy birthday @haveibeenpwned.com! 11 years today, and now with its very own Bluesky account 😊 www.troyhunt.com/introducing-...
Introducing “Have I been pwned?” – aggregating accounts across website breaches
I often write up analyses of the passwords disclosed in website breaches. For example, there was A brief Sony password analysis [https://www.troyhunt.com/2011/06/brief-sony-password-analysis.html] bac...
www.troyhunt.com
11 68 300
infrasecalliance.org
Zach Corum @infrasecalliance.org · Dec 3
youtube.com/shorts/8XvCE...
Security Through Obscurity #engineering #chrisboden #hacking #infrastructure #energy #power #safety
YouTube video by Chris Boden
youtube.com
infrasecalliance.org
Zach Corum @infrasecalliance.org · Dec 3
Security through obscurity is not the answer...

Until you share a screen shot of your SCADA network topology (That you have been meaning to update for the last 6 years) by accident in the background of a webinar slide you were trying to save.
#cybersecurity
Now it's security through deception!! 🤘
1
infrasecalliance.org
Zach Corum @infrasecalliance.org · Dec 2
Shout out to the organizations that helped law enforcement with this huge takedown

#cybersecurity #BEC #ransomware
#CybercrimeAtlas, #Fortinet, #Group-IB, #Kaspersky, #TeamCymru, #TrendMicro and #UppsalaSecurity
cyberscoop.com/african-cybe...
African cybercrime crackdown nets more than 1,000 suspects
Operation Serengeti, a collaborative effort by Interpol and Afripol, captured over 1,000 cybercrime suspects across 19 African countries,
cyberscoop.com
infrasecalliance.org
Zach Corum @infrasecalliance.org · Dec 2
Another Justice Hammer 🔨 brought down on crimials. This time 1000! across 19 african countries.

- African cybercrime crackdown nets more than 1,000 suspects in enforcement operation dubbed Operation Serengeti.
- It linked the criminals to 35,000 victims and $193 million worth of losses.
1 1
infrasecalliance.org
Zach Corum @infrasecalliance.org · Nov 27
PopeyeTools taken down by FBI
#takedown #cybersecurity
www.justice.gov/opa/pr/justi...
Justice Department Seizes Cybercrime Website and Charges Its Administrators
The Justice Department today announced the seizure of PopeyeTools, an illicit website and marketplace dedicated to selling stolen credit cards and other tools for carrying out cybercrime and fraud, an...
www.justice.gov
infrasecalliance.org
Zach Corum @infrasecalliance.org · Nov 22
www.bloomberg.com/news/newslet...
Putin’s Assassination Targets Revealed in Declassified Memo
The Office of the Director of National Intelligence has released a long-classified memorandum shedding light on the targeted killings of Vladimir Putin’s political adversaries, following nearly eight ...
www.bloomberg.com
infrasecalliance.org
Zach Corum @infrasecalliance.org · Nov 22
“Kremlin-Ordered Assassinations Abroad Will Probably Persist.” is a now declassified document detailing a series of extra judicial killings most likely ordered by the Kremlin. Although a little dated it's still an interesting read. @jasonleopold.bsky.social
#odni #foia
2 4 10
infrasecalliance.org
Zach Corum @infrasecalliance.org · Nov 20
More Justice Hammers being served