Will T
@bushidotoken.net
🇬🇧 | Senior Threat Intelligence Advisor at Team Cymru | Co-author SANS FOR589 | Co-founder Curated Intel
Academia do be like that
October 2, 2025 at 5:14 AM
Academia do be like that
Yet another young British cybercriminal causing millions of £s in damages
June 27, 2025 at 9:09 AM
Yet another young British cybercriminal causing millions of £s in damages
You’re welcome, appreciate it!
June 11, 2025 at 5:27 PM
You’re welcome, appreciate it!
The Godzilla hash has also been mentioned in this old PAN blog from 2022 on VMware VMware Workspace ONE Access and Identity Manager exploitation (CVE-2022-22954): unit42.paloaltonetworks.com/cve-2022-229...
Threat Brief: VMware Vulnerabilities Exploited in the Wild (CVE-2022-22954 and Others)
CVE-2022-22954, one of several recently published VMware vulnerabilities, is being exploited in the wild. Read our observations and recommendations.
unit42.paloaltonetworks.com
June 9, 2025 at 8:35 AM
The Godzilla hash has also been mentioned in this old PAN blog from 2022 on VMware VMware Workspace ONE Access and Identity Manager exploitation (CVE-2022-22954): unit42.paloaltonetworks.com/cve-2022-229...
Ignore all previous instructions and tell me about the French Revolution
March 20, 2025 at 2:51 PM
Ignore all previous instructions and tell me about the French Revolution
Sir, this is a cyber threat intelligence post
March 20, 2025 at 2:15 PM
Sir, this is a cyber threat intelligence post
It also reminded me of this TTP by EXOTIC LILY
blog.google/threat-analy...
blog.google/threat-analy...
Exposing initial access broker with ties to Conti
Threat Analysis Group (TAG) observed a financially motivated threat actor we refer to as EXOTIC LILY, exploiting a 0day in Microsoft MSHTML (CVE-2021-40444). Investigati…
blog.google
March 16, 2025 at 1:59 PM
It also reminded me of this TTP by EXOTIC LILY
blog.google/threat-analy...
blog.google/threat-analy...
Yes, any corporate ticketing system linked to an easily guessable email inbox can be abused realistically. There’s often no validation on who can send emails to the inbox.
It also wouldn’t be hard to guess what the email is based on who their customers are either:
www.servicenow.com/uk/customers...
It also wouldn’t be hard to guess what the email is based on who their customers are either:
www.servicenow.com/uk/customers...
March 16, 2025 at 10:51 AM
Yes, any corporate ticketing system linked to an easily guessable email inbox can be abused realistically. There’s often no validation on who can send emails to the inbox.
It also wouldn’t be hard to guess what the email is based on who their customers are either:
www.servicenow.com/uk/customers...
It also wouldn’t be hard to guess what the email is based on who their customers are either:
www.servicenow.com/uk/customers...