tlansec
@tlansec.bsky.social
Threat Intel @volexity.com n stuff.
London, UK.
London, UK.
Reposted by tlansec
Some phishers have taken inspiration from Russian cyber-espionage group UTA0355 and are using a technique that tricks users into sharing their OAuth material in a web page (UAT0355 did it via email replies)
pushsecurity.com/blog/consent...
pushsecurity.com/blog/consent...
December 11, 2025 at 6:13 PM
Some phishers have taken inspiration from Russian cyber-espionage group UTA0355 and are using a technique that tricks users into sharing their OAuth material in a web page (UAT0355 did it via email replies)
pushsecurity.com/blog/consent...
pushsecurity.com/blog/consent...
Reposted by tlansec
A study in the evolution of SVR cyberespionage tradecraft
December 6, 2025 at 7:07 PM
A study in the evolution of SVR cyberespionage tradecraft
Reposted by tlansec
@volexity.com tracks a variety of threat actors abusing Device Code & OAuth authentication workflows to phish credentials, which continue to see success due to creative social engineering. Our latest blog post details Russian threat actor UTA0355’s campaigns impersonating European security events.
Dangerous Invitations: Russian Threat Actor Spoofs European Security Events in Targeted Phishing Attacks
In early 2025, Volexity published two blog posts detailing a new trend among Russian threat actors targeting organizations through the abuse of Microsoft 365 OAuth and Device Code authentication workf...
www.volexity.com
December 4, 2025 at 6:36 PM
@volexity.com tracks a variety of threat actors abusing Device Code & OAuth authentication workflows to phish credentials, which continue to see success due to creative social engineering. Our latest blog post details Russian threat actor UTA0355’s campaigns impersonating European security events.
On the plus side, everytime there's a Cloudflare outage 1000s of threat actors around the world have their malware C2 go down for a few hours.
December 5, 2025 at 10:16 AM
On the plus side, everytime there's a Cloudflare outage 1000s of threat actors around the world have their malware C2 go down for a few hours.
Reposted by tlansec
🎵🎶All I want for Christmas is… electrons 🎶🎵
November 21, 2025 at 3:09 PM
🎵🎶All I want for Christmas is… electrons 🎶🎵
Reposted by tlansec
Yara-x 1.10.0 released today! It can now automatically fix some warnings, and some improvements in code generation. This is another great step forward for the project.
github.com/VirusTotal/y...
github.com/VirusTotal/y...
Release v1.10.0 · VirusTotal/yara-x
New yr fix warnings command (#493).
Generate more efficient WASM code for some expressions, reducing the size of compiled rules (5efc214, a865681).
Improve the API for traversing the AST in DFS ord...
github.com
November 20, 2025 at 6:33 PM
Yara-x 1.10.0 released today! It can now automatically fix some warnings, and some improvements in code generation. This is another great step forward for the project.
github.com/VirusTotal/y...
github.com/VirusTotal/y...
Reposted by tlansec
Really digging this year’s CYBERWARCON logo
November 19, 2025 at 3:51 PM
Really digging this year’s CYBERWARCON logo
Reposted by tlansec
#PIVOTcon26 registration is now OPEN 🤟📷 #ThreatResearch #ThreatIntel 📷https://pivotcon.org
Please read carefully the whole 🧵 for the rules about invite -> registration (1/6)🌐
Please read carefully the whole 🧵 for the rules about invite -> registration (1/6)🌐
a man says where do i register in front of a woman
ALT: a man says where do i register in front of a woman
media.tenor.com
November 13, 2025 at 3:28 PM
#PIVOTcon26 registration is now OPEN 🤟📷 #ThreatResearch #ThreatIntel 📷https://pivotcon.org
Please read carefully the whole 🧵 for the rules about invite -> registration (1/6)🌐
Please read carefully the whole 🧵 for the rules about invite -> registration (1/6)🌐
Enhance your CyberChef experience with GeoCities mode!
November 13, 2025 at 8:42 PM
Enhance your CyberChef experience with GeoCities mode!
Reposted by tlansec
This post from the President of Windows basically reads like someone trained an AI on those SF billboards that just say incomprehensible nonsense.
November 13, 2025 at 7:36 AM
This post from the President of Windows basically reads like someone trained an AI on those SF billboards that just say incomprehensible nonsense.
Reposted by tlansec
Remember NFTs? 😂😂😂😂😂😂😂
November 11, 2025 at 1:00 AM
Remember NFTs? 😂😂😂😂😂😂😂
Private jets don't pay fuel tax. Now I don't either.
YouTube video by Oli Frost
www.youtube.com
November 7, 2025 at 10:27 AM
Reposted by tlansec
At @ncsc.gov.uk we have just launched the CyberUK tech talks call for papers across three topics
- Cyber applications of AI
- What works: approaches that reduce cyber harm
- The evolving threat
www.cyberuk.uk/2026/call-fo...
- Cyber applications of AI
- What works: approaches that reduce cyber harm
- The evolving threat
www.cyberuk.uk/2026/call-fo...
Tech Talks - Call for Papers
www.cyberuk.uk
November 6, 2025 at 8:12 PM
At @ncsc.gov.uk we have just launched the CyberUK tech talks call for papers across three topics
- Cyber applications of AI
- What works: approaches that reduce cyber harm
- The evolving threat
www.cyberuk.uk/2026/call-fo...
- Cyber applications of AI
- What works: approaches that reduce cyber harm
- The evolving threat
www.cyberuk.uk/2026/call-fo...
Reposted by tlansec
my response to this is the loudest OK BRO you've ever heard in your life
Famed Russian spy hunter Christo Grozev claimed on this podcast four months ago that North Korea hacked the Democratic National Committee in 2016 and passed the info to Russia, which in exchange divulged access to Bangladesh Bank. 🤔 #infosec Passage at 13m 31s:
www.youtube.com/watch?v=dimh...
www.youtube.com/watch?v=dimh...
November 6, 2025 at 10:10 PM
my response to this is the loudest OK BRO you've ever heard in your life
Reposted by tlansec
New Iran drop from me tracking an attribution nightmare - UNK_SmudgedSerpent! A little Charming, a little Muddy, and a lot C5. Targeting policy experts with benign conversation starters, health-themed infra, OnlyOffice spoofs, and RMMs. Check out the full story www.proofpoint.com/us/blog/thre...
Crossed wires: a case study of Iranian espionage and attribution | Proofpoint US
Proofpoint would like to thank Josh Miller for his initial research on UNK_SmudgedSerpent and contribution to this report. Key findings Between June and August 2025,
www.proofpoint.com
November 5, 2025 at 1:37 PM
New Iran drop from me tracking an attribution nightmare - UNK_SmudgedSerpent! A little Charming, a little Muddy, and a lot C5. Targeting policy experts with benign conversation starters, health-themed infra, OnlyOffice spoofs, and RMMs. Check out the full story www.proofpoint.com/us/blog/thre...
Reposted by tlansec
Meet our speaker Patrick Whitsell!
Patrick has expertise in monitoring and defending against cyber espionage threat actors.
His talk, "Cyber(trade)war: Paradigm Shift in Economic Espionage", will cover the shift in PRC state-sponsored cyber espionage.
Learn more! www.cyberwarcon.com
Patrick has expertise in monitoring and defending against cyber espionage threat actors.
His talk, "Cyber(trade)war: Paradigm Shift in Economic Espionage", will cover the shift in PRC state-sponsored cyber espionage.
Learn more! www.cyberwarcon.com
November 5, 2025 at 7:47 PM
Meet our speaker Patrick Whitsell!
Patrick has expertise in monitoring and defending against cyber espionage threat actors.
His talk, "Cyber(trade)war: Paradigm Shift in Economic Espionage", will cover the shift in PRC state-sponsored cyber espionage.
Learn more! www.cyberwarcon.com
Patrick has expertise in monitoring and defending against cyber espionage threat actors.
His talk, "Cyber(trade)war: Paradigm Shift in Economic Espionage", will cover the shift in PRC state-sponsored cyber espionage.
Learn more! www.cyberwarcon.com
Reposted by tlansec
i heard my kids singing about "APT"s and i was sorely disappointed www.youtube.com/watch?v=ekr2...
ROSÉ & Bruno Mars - APT. (Official Music Video)
YouTube video by ROSÉ
www.youtube.com
October 24, 2025 at 2:46 PM
i heard my kids singing about "APT"s and i was sorely disappointed www.youtube.com/watch?v=ekr2...
Reposted by tlansec
Thanks to @xorhex for an interesting discussion that is worth sharing here. I knew I read this somewhere but here's a fun thing you can do in YARA-X:
2 of ($a*, $b*, 3 of ($c*))
This is documented but not widely known: virustotal.github.io/yara-x/docs/...
2 of ($a*, $b*, 3 of ($c*))
This is documented but not widely known: virustotal.github.io/yara-x/docs/...
Differences with YARA
Documents the differences between YARA-X and YARA.
virustotal.github.io
October 16, 2025 at 5:48 PM
Thanks to @xorhex for an interesting discussion that is worth sharing here. I knew I read this somewhere but here's a fun thing you can do in YARA-X:
2 of ($a*, $b*, 3 of ($c*))
This is documented but not widely known: virustotal.github.io/yara-x/docs/...
2 of ($a*, $b*, 3 of ($c*))
This is documented but not widely known: virustotal.github.io/yara-x/docs/...
Reposted by tlansec
We’re just normal men
October 13, 2025 at 10:34 PM
We’re just normal men
Reposted by tlansec
This was an interesting one to work on! tldr: Chinese aligned actor uses LLM to empower their malware development, target gathering, and phishing operation. Goes wrong and starts randomly including pornographic material and other random files/info.
www.volexity.com/blog/2025/10...
www.volexity.com/blog/2025/10...
APT Meets GPT: Targeted Operations with Untamed LLMs
Starting in June 2025, Volexity detected a series of spear phishing campaigns targeting several customers and their users in North America, Asia, and Europe. The initial observed campaigns were tailor...
www.volexity.com
October 8, 2025 at 2:08 PM
This was an interesting one to work on! tldr: Chinese aligned actor uses LLM to empower their malware development, target gathering, and phishing operation. Goes wrong and starts randomly including pornographic material and other random files/info.
www.volexity.com/blog/2025/10...
www.volexity.com/blog/2025/10...
Reposted by tlansec
APT meets GPT: @volexity.com #threatintel is tracking #threatactor UTA0388's spear phishing campaigns against targets in North America, Europe & Asia, appearing to use LLMs to assist their ops. Letting #AI run your espionage operations? What could go wrong?
APT Meets GPT: Targeted Operations with Untamed LLMs
Starting in June 2025, Volexity detected a series of spear phishing campaigns targeting several customers and their users in North America, Asia, and Europe. The initial observed campaigns were tailor...
www.volexity.com
October 8, 2025 at 12:35 PM
APT meets GPT: @volexity.com #threatintel is tracking #threatactor UTA0388's spear phishing campaigns against targets in North America, Europe & Asia, appearing to use LLMs to assist their ops. Letting #AI run your espionage operations? What could go wrong?
Reposted by tlansec
We would like to thank @volexity.com for sponsoring the #FTSCon 2025 Evening Reception, which will be at VUE Rooftop DC this year! If you haven’t registered for FTSCon yet, there’s still time! Registration closes Sunday Oct 12; learn more + register here: volatilityfoundation.org/from-the-sou...
October 7, 2025 at 4:47 PM
We would like to thank @volexity.com for sponsoring the #FTSCon 2025 Evening Reception, which will be at VUE Rooftop DC this year! If you haven’t registered for FTSCon yet, there’s still time! Registration closes Sunday Oct 12; learn more + register here: volatilityfoundation.org/from-the-sou...
Reposted by tlansec
Reposted by tlansec
⏰ The inaugural SOS conference is 30 days away! Have you gotten your ticket yet?!?
Listen to expert discussions on state-sponsored operations covering espionage, sabotage, and attribution of Russia, China, Iran, and more.
Registration is still open! stateofstatecraft.com/agenda
Listen to expert discussions on state-sponsored operations covering espionage, sabotage, and attribution of Russia, China, Iran, and more.
Registration is still open! stateofstatecraft.com/agenda
September 29, 2025 at 3:01 AM
⏰ The inaugural SOS conference is 30 days away! Have you gotten your ticket yet?!?
Listen to expert discussions on state-sponsored operations covering espionage, sabotage, and attribution of Russia, China, Iran, and more.
Registration is still open! stateofstatecraft.com/agenda
Listen to expert discussions on state-sponsored operations covering espionage, sabotage, and attribution of Russia, China, Iran, and more.
Registration is still open! stateofstatecraft.com/agenda