Steve Ginty
@seginty.bsky.social
Reposted by Steve Ginty
The Microsoft Digital Defense Report 2025 shows how threats are evolving faster than ever, fueled by AI. msft.it/63322sf3y4
Key insights from report include:
- More than 50% of cyberattacks with known motives had financial objectives such as extortion or ransom.
Key insights from report include:
- More than 50% of cyberattacks with known motives had financial objectives such as extortion or ransom.
Extortion and ransomware drive over half of cyberattacks
Microsoft launches its sixth annual Digital Defense Report, highlighting trends from July 2024 to June 2025, including that over half of cyberattacks with known motives were driven by extortion or ransomware. The report stresses that legacy security is insufficient—modern AI-driven defenses and cross-industry collaboration are essential. For individuals, strong tools like phishing-resistant MFA can block over 99% of identity-based attacks.
msft.it
October 16, 2025 at 2:54 PM
The Microsoft Digital Defense Report 2025 shows how threats are evolving faster than ever, fueled by AI. msft.it/63322sf3y4
Key insights from report include:
- More than 50% of cyberattacks with known motives had financial objectives such as extortion or ransom.
Key insights from report include:
- More than 50% of cyberattacks with known motives had financial objectives such as extortion or ransom.
Reposted by Steve Ginty
PipeMagic is a sophisticated malware framework with a modular, stealthy, and highly extensible architecture, giving threat actors granular control over code execution and making detection and analysis challenging. msft.it/63321spbNh
Dissecting PipeMagic: Inside the architecture of a modular backdoor framework
A comprehensive technical deep dive on PipeMagic, a highly modular backdoor used by Storm-2460 masquerading as a legitimate open-source ChatGPT Desktop Application. Beneath its disguise, PipeMagic is a sophisticated malware framework designed for flexibility and persistence. Once deployed, it can dynamically execute payloads while maintaining robust command and control (C2) communication via a dedicated networking module.
msft.it
August 18, 2025 at 3:27 PM
PipeMagic is a sophisticated malware framework with a modular, stealthy, and highly extensible architecture, giving threat actors granular control over code execution and making detection and analysis challenging. msft.it/63321spbNh
Reposted by Steve Ginty
Microsoft is sharing details from ongoing investigations of threat actors exploiting vulnerabilities targeting on-premises SharePoint servers. Linen Typhoon, Violet Typhoon, and Storm-2603 have been observed exploiting the vulnerabilities: msft.it/6044sE1ua
Disrupting active exploitation of on-premises SharePoint vulnerabilities | Microsoft Security Blog
Microsoft has observed two named Chinese nation-state actors, Linen Typhoon and Violet Typhoon, exploiting vulnerabilities targeting internet-facing SharePoint servers. In addition, we have observed a...
msft.it
July 22, 2025 at 1:11 PM
Microsoft is sharing details from ongoing investigations of threat actors exploiting vulnerabilities targeting on-premises SharePoint servers. Linen Typhoon, Violet Typhoon, and Storm-2603 have been observed exploiting the vulnerabilities: msft.it/6044sE1ua
Reposted by Steve Ginty
At this time of day on July 2, I’m drawn to think of the several thousand US troops spread out in an ever thinning line along Culp’s Hill, on the US right. All afternoon, units have been pulled from this position to bolster the left flank - Little Round Top, the Wheatfield, and Cemetery Ridge
July 3, 2025 at 12:53 AM
At this time of day on July 2, I’m drawn to think of the several thousand US troops spread out in an ever thinning line along Culp’s Hill, on the US right. All afternoon, units have been pulled from this position to bolster the left flank - Little Round Top, the Wheatfield, and Cemetery Ridge
Reposted by Steve Ginty
Microsoft has discovered a cluster of worldwide cloud abuse activity by new Russia-affiliated threat actor Void Blizzard (LAUNDRY BEAR), whose cyberespionage activity targets gov't, defense, transportation, media, NGO, and healthcare in Europe and North America. https://msft.it/63324S9Jkp
New Russia-affiliated actor Void Blizzard targets critical sectors for espionage | Microsoft Security Blog
Microsoft Threat Intelligence has discovered a cluster of worldwide cloud abuse activity conducted by a threat actor we track as Void Blizzard, who we assess with high confidence is Russia-affiliated and has been active since at least April 2024. Void Blizzard’s cyberespionage operations tend to be highly targeted at specific organizations of interest to Russia, including in government, defense, transportation, media, non-governmental organizations (NGOs), and healthcare sectors primarily in Europe and North America.
msft.it
May 27, 2025 at 9:55 AM
Microsoft has discovered a cluster of worldwide cloud abuse activity by new Russia-affiliated threat actor Void Blizzard (LAUNDRY BEAR), whose cyberespionage activity targets gov't, defense, transportation, media, NGO, and healthcare in Europe and North America. https://msft.it/63324S9Jkp
Reposted by Steve Ginty
Lumma Stealer, an infostealer malware used by multiple financially motivated threat actors like Octo Tempest (Scattered Spider) to target a wide range of industries, has shown persistent growth and operational sophistication over the past year: https://msft.it/63326Sd2PM
Lumma Stealer: Breaking down the delivery techniques and capabilities of a prolific infostealer | Microsoft Security Blog
Over the past year, Microsoft Threat Intelligence observed the persistent growth and operational sophistication of Lumma Stealer, an info-stealing malware used by multiple financially motivated threat actors to target various industries. Microsoft, partnering with others across industry and international law enforcement, facilitated the disruption of Lumma infrastructure.
msft.it
May 21, 2025 at 4:15 PM
Lumma Stealer, an infostealer malware used by multiple financially motivated threat actors like Octo Tempest (Scattered Spider) to target a wide range of industries, has shown persistent growth and operational sophistication over the past year: https://msft.it/63326Sd2PM
Reposted by Steve Ginty
Both unsurprising given the administration’s swing toward the authoritarian bloc, and yet also so shocking. You can bet Russia has no such illusions and isn’t unilaterally backing down. therecord.media/hegseth-orde...
Exclusive: Hegseth orders Cyber Command to stand down on Russia planning
The secretary of Defense has ordered U.S. Cyber Command to stand down from all planning against Russia, including offensive digital actions, sources tell Recorded Future News.
therecord.media
March 1, 2025 at 7:29 PM
Both unsurprising given the administration’s swing toward the authoritarian bloc, and yet also so shocking. You can bet Russia has no such illusions and isn’t unilaterally backing down. therecord.media/hegseth-orde...
Reposted by Steve Ginty
I am trying to imagine the reaction of Joe Biden or Barack Obama had spoken to a Republican governor in this way at a public event.
I just can’t. None of us can.
I just can’t. None of us can.
Gov. Mills: I’ll comply with the state and federal laws
Trump: We are the federal law. You better do it because you’re not going to get any federal funds.
Gov Mills: See you in court
Trump: We are the federal law. You better do it because you’re not going to get any federal funds.
Gov Mills: See you in court
February 22, 2025 at 4:40 AM
I am trying to imagine the reaction of Joe Biden or Barack Obama had spoken to a Republican governor in this way at a public event.
I just can’t. None of us can.
I just can’t. None of us can.
Reposted by Steve Ginty
"What a far cry from the days of Democrat corruption. It’s like we were living in darkness, only to emerge into this bright and blinding light where we literally refuse to see what’s in front of our eyes."
Government Welfare Is Evil, Unless the Money Goes to the Wealthiest Man in the World
“The Trump administration is expected to purchase $400 million worth of armored Tesla vehicles, according to a new State Department document detail...
buff.ly
February 14, 2025 at 2:20 AM
"What a far cry from the days of Democrat corruption. It’s like we were living in darkness, only to emerge into this bright and blinding light where we literally refuse to see what’s in front of our eyes."
Reposted by Steve Ginty
It feels like no one should have to say this, and yet we are in a situation where it needs to be said, very loudly and clearly, before it’s too late to do anything about it: The United States is not a startup. If you run it like one, it will break.
🔗 www.wired.com/story/the-us...
🔗 www.wired.com/story/the-us...
February 7, 2025 at 2:16 PM
It feels like no one should have to say this, and yet we are in a situation where it needs to be said, very loudly and clearly, before it’s too late to do anything about it: The United States is not a startup. If you run it like one, it will break.
🔗 www.wired.com/story/the-us...
🔗 www.wired.com/story/the-us...
Reposted by Steve Ginty
Hey everyone. We're hiring a Systems and Security Technical Lead @citizenlab.ca
Come join us! It's an extraordinary place with extraordinary people ... and *extraordinary* security risks!
Never a dull day, I can promise you that!!
jobs.utoronto.ca/job/Toronto-...
Come join us! It's an extraordinary place with extraordinary people ... and *extraordinary* security risks!
Never a dull day, I can promise you that!!
jobs.utoronto.ca/job/Toronto-...
Systems and Security Technical Lead
Systems and Security Technical Lead
jobs.utoronto.ca
February 1, 2025 at 2:04 AM
Hey everyone. We're hiring a Systems and Security Technical Lead @citizenlab.ca
Come join us! It's an extraordinary place with extraordinary people ... and *extraordinary* security risks!
Never a dull day, I can promise you that!!
jobs.utoronto.ca/job/Toronto-...
Come join us! It's an extraordinary place with extraordinary people ... and *extraordinary* security risks!
Never a dull day, I can promise you that!!
jobs.utoronto.ca/job/Toronto-...
Reposted by Steve Ginty
Deeply, deeply unserious
so for users outside the US, Google will display: “Gulf of Mexico (Gulf of America)”
we’re so deeply unserious at this point www.nytimes.com/2025/01/27/t...
we’re so deeply unserious at this point www.nytimes.com/2025/01/27/t...
How Google Maps Plans to Handle the ‘Gulf of America’
Google said it would follow the Trump administration in renaming the Gulf of Mexico once the new name is updated in government sources.
www.nytimes.com
January 28, 2025 at 4:39 AM
Deeply, deeply unserious
Reposted by Steve Ginty
Seeing a lot of kneejerk hate for SNL booking LMM here, but I thought this gag was sublime. Nobody else remembers "Hamilton" as a foundational Resistance text, Pence going to see it and getting lectured, etc? www.youtube.com/watch?v=oDtS...
Founding Fathers Cold Open - SNL
YouTube video by Saturday Night Live
www.youtube.com
January 26, 2025 at 2:36 PM
Seeing a lot of kneejerk hate for SNL booking LMM here, but I thought this gag was sublime. Nobody else remembers "Hamilton" as a foundational Resistance text, Pence going to see it and getting lectured, etc? www.youtube.com/watch?v=oDtS...
Reposted by Steve Ginty
For the umpteenth time - history matters.
Read Heather.
“January 25, 2025, marks eighty years since the end of the Battle of the Bulge.”
heathercoxrichardson.substack.com/p/january-24...
Read Heather.
“January 25, 2025, marks eighty years since the end of the Battle of the Bulge.”
heathercoxrichardson.substack.com/p/january-24...
January 24, 2025
“NUTS!”
heathercoxrichardson.substack.com
January 25, 2025 at 3:49 PM
For the umpteenth time - history matters.
Read Heather.
“January 25, 2025, marks eighty years since the end of the Battle of the Bulge.”
heathercoxrichardson.substack.com/p/january-24...
Read Heather.
“January 25, 2025, marks eighty years since the end of the Battle of the Bulge.”
heathercoxrichardson.substack.com/p/january-24...
Reposted by Steve Ginty
I’ve focused on security for at-risk civil society groups for over a decade now (🙀), including human rights defenders, lawyers, and journalists. I’m available for collaboration, consulting, and presenting, so please get in touch if you’d like to work together!
January 24, 2025 at 6:40 PM
I’ve focused on security for at-risk civil society groups for over a decade now (🙀), including human rights defenders, lawyers, and journalists. I’m available for collaboration, consulting, and presenting, so please get in touch if you’d like to work together!
Reposted by Steve Ginty
"Seriously, I don’t care how much it costs. Take every dime I have. But know this: I would level my house to the ground before I paid slightly higher property taxes to fund infrastructure that would prevent a landslide from leveling my house to the ground."
I Will Pay Any Amount to Not Pay My Taxes
I’ve gotten myself into a bit of a jam. A series of natural disasters is barreling towards my home, and there is a severe shortage of resources and...
buff.ly
January 10, 2025 at 2:20 AM
"Seriously, I don’t care how much it costs. Take every dime I have. But know this: I would level my house to the ground before I paid slightly higher property taxes to fund infrastructure that would prevent a landslide from leveling my house to the ground."
Reposted by Steve Ginty
MSTIC is hiring! Current roles in US and AU.
The Microsoft Threat Intelligence Center (MSTIC) is recruiting experienced nation-state threat hunters with highly honed threat intel analysis skills. MSTIC is responsible for delivering timely threat intelligence across our product & services teams.
The Microsoft Threat Intelligence Center (MSTIC) is recruiting experienced nation-state threat hunters with highly honed threat intel analysis skills. MSTIC is responsible for delivering timely threat intelligence across our product & services teams.
December 5, 2024 at 6:22 PM
MSTIC is hiring! Current roles in US and AU.
The Microsoft Threat Intelligence Center (MSTIC) is recruiting experienced nation-state threat hunters with highly honed threat intel analysis skills. MSTIC is responsible for delivering timely threat intelligence across our product & services teams.
The Microsoft Threat Intelligence Center (MSTIC) is recruiting experienced nation-state threat hunters with highly honed threat intel analysis skills. MSTIC is responsible for delivering timely threat intelligence across our product & services teams.
Reposted by Steve Ginty
The DPRK IT Worker apparatus is a well oiled machine. Few grasp the depth of how many pieces enable these operations.
🚨 New Research Drop:
🇰🇵 DPRK IT Workers | A Network of Active Front Companies and Their Links to China
Summary:
⚪ Newly Disrupted Front Companies by USG
⚪ Impersonating US based software and tech orgs
⚪ Links to still-active front orgs, CN association
Report:
www.sentinelone.com/labs/dprk-it...
🇰🇵 DPRK IT Workers | A Network of Active Front Companies and Their Links to China
Summary:
⚪ Newly Disrupted Front Companies by USG
⚪ Impersonating US based software and tech orgs
⚪ Links to still-active front orgs, CN association
Report:
www.sentinelone.com/labs/dprk-it...
DPRK IT Workers | A Network of Active Front Companies and Their Links to China
SentinelLabs has identified multiple deceptive websites linked to businesses in China fronting for North Korea's fake IT workers scheme.
www.sentinelone.com
November 21, 2024 at 8:01 PM
The DPRK IT Worker apparatus is a well oiled machine. Few grasp the depth of how many pieces enable these operations.
Reposted by Steve Ginty
@hultquist.bsky.social kicks off this year's #CYBERWARCON.
November 22, 2024 at 2:05 PM
@hultquist.bsky.social kicks off this year's #CYBERWARCON.
Reposted by Steve Ginty
Hi everyone.
The Onion, with the help of the Sandy Hook families, has purchased InfoWars.
We are planning on making it a very funny, very stupid website.
We have retained the services of some Onion and Clickhole Hall of Famers to pull this off.
I can't wait to show you what we have cooked up.
The Onion, with the help of the Sandy Hook families, has purchased InfoWars.
We are planning on making it a very funny, very stupid website.
We have retained the services of some Onion and Clickhole Hall of Famers to pull this off.
I can't wait to show you what we have cooked up.
The Onion Buys Alex Jones’s Infowars Out of Bankruptcy
The satirical news site planned to turn Infowars into a parody of itself, mocking “weird internet personalities” who peddle conspiracy theories and health supplements.
www.nytimes.com
November 14, 2024 at 2:09 PM
Hi everyone.
The Onion, with the help of the Sandy Hook families, has purchased InfoWars.
We are planning on making it a very funny, very stupid website.
We have retained the services of some Onion and Clickhole Hall of Famers to pull this off.
I can't wait to show you what we have cooked up.
The Onion, with the help of the Sandy Hook families, has purchased InfoWars.
We are planning on making it a very funny, very stupid website.
We have retained the services of some Onion and Clickhole Hall of Famers to pull this off.
I can't wait to show you what we have cooked up.
This. 100% This.
People have said to me ‘why wouldn’t you vote for T? Your taxes will go up under H?’ I guess I’m the weird one. I genuinely care about other people and think society is a social construct where we take care of each other. I don’t care how you choose to live unless it impacts me. You do you.
November 8, 2024 at 1:03 PM
This. 100% This.
Reposted by Steve Ginty
Any Dem acting like we need to push further right needs to be tossed immediately. Harris lost, but not by as much as people are saying.
Anyone talking like this has always wanted to be more conservative and now they have an excuse. Fuck off.
Anyone talking like this has always wanted to be more conservative and now they have an excuse. Fuck off.
November 8, 2024 at 12:14 AM
Any Dem acting like we need to push further right needs to be tossed immediately. Harris lost, but not by as much as people are saying.
Anyone talking like this has always wanted to be more conservative and now they have an excuse. Fuck off.
Anyone talking like this has always wanted to be more conservative and now they have an excuse. Fuck off.
Reposted by Steve Ginty
until the day I die I will never understand why he was even still allowed to run after this
November 5, 2024 at 3:13 AM
until the day I die I will never understand why he was even still allowed to run after this
Reposted by Steve Ginty
The Microsoft team found SOHO routers manufactured by TP-Link made up most of a covert network of compromised devices used for Storm-0940 hacking operations. They exploit a vulnerability in the routers to gain remote code execution capability for a botnet
www.microsoft.com/en-us/securi...
www.microsoft.com/en-us/securi...
Chinese threat actor Storm-0940 uses credentials from password spray attacks from a covert network | Microsoft Security Blog
Since August 2023, Microsoft has observed intrusion activity targeting and successfully stealing credentials from multiple Microsoft customers that is enabled by highly evasive password spray attacks....
www.microsoft.com
November 1, 2024 at 2:42 PM
The Microsoft team found SOHO routers manufactured by TP-Link made up most of a covert network of compromised devices used for Storm-0940 hacking operations. They exploit a vulnerability in the routers to gain remote code execution capability for a botnet
www.microsoft.com/en-us/securi...
www.microsoft.com/en-us/securi...