At a basic level, phishing kits are pre-built infrastructure that allow threat actors to harvest credentials from applications at scale. A phishing kit typically includes cloned login pages that mimic legitimate services, backend code to capture and exfiltrate submitted credentials, and evasion mechanisms to avoid detection by security tools and researchers. The simplest phishing kits […] The post Phishing Kits: An Interactive Deep Dive appeared first on Flare | Threat Exposure Management | Unmatched Visibility into Cybercrime.

What is MCP, and why does it matter for AI security? 🤔 Agentic AI is changing how LLMs interact with external services, but Anthropic’s Model Context Protocol (MCP) introduces new security challenges you need to know about. Join AI security researcher Joff Thyer from Black Hills InfoSec as he breaks down: ✅ What MCP is ✅ How it connects AI agents to real-world actions ✅ The critical security risks you can’t ignore AI security is the Wild West; Are you ready to be the deputy? #AI #CyberSecurity #MCP #LLM #AIagents Sign up for the next workshop: AI Foundation: Cyber Security Workflow Optimization using AI Technology with Joff Thyer and Derek Banks: https://www.antisyphontraining.com/product/workshop-ai-foundation-cyber-security-workflow-optimization-using-ai-technology-with-joff-thyer-and-derek-banks/ /// 🔗 Register for webcasts, summits, and workshops - https://poweredbybhis.com ///Black Hills Infosec Socials Twitter: https://twitter.com/BHinfoSecurity Mastodon: https://infosec.exchange/@blackhillsinfosec LinkedIn: https://www.linkedin.com/company/antisyphon-training Discord: https://discord.gg/ffzdt3WUDe ///Black Hills Infosec Shirts & Hoodies https://spearphish-general-store.myshopify.com/collections/bhis-shirt-collections ///Black Hills Infosec Services Active SOC: https://www.blackhillsinfosec.com/services/active-soc/ Penetration Testing: https://www.blackhillsinfosec.com/services/ Incident Response: https://www.blackhillsinfosec.com/services/incident-response/ ///Backdoors & Breaches - Incident Response Card Game Backdoors & Breaches: https://www.backdoorsandbreaches.com/ Play B&B Online: https://play.backdoorsandbreaches.com/ ///Antisyphon Training Pay What You Can: https://www.antisyphontraining.com/pay-what-you-can/ Live Training: https://www.antisyphontraining.com/course-catalog/ On Demand Training: https://www.antisyphontraining.com/on-demand-course-catalog/ Antisyphon Discord: https://discord.gg/antisyphon Antisyphon Mastodon: https://infosec.exchange/@Antisy_Training ///Educational Infosec Content Black Hills Infosec Blogs: https://www.blackhillsinfosec.com/blog/ Wild West Hackin' Fest YouTube: https://www.youtube.com/wildwesthackinfest Antisyphon Training YouTube: https://www.youtube.com/antisyphontraining Active Countermeasures YouTube: https://youtube.com/activecountermeasures Threat Hunter Community Discord: https://discord.gg/threathunter Join us at the annual information security conference in Deadwood, SD (in-person and virtually) — Wild West Hackin' Fest: https://wildwesthackinfest.com/

2025 was a golden year for malware takedowns. We asked our friends from the band HUNTR/X to weigh in on some of the biggest hits.

Operators behind RansomHouse, a ransomware-as-a-service (RaaS) group, have upgraded their encryption methods from single-phase to complex and layered. The post From Linear to Complex: An Upgrade in RansomHouse Encryption appeared first on Unit 42.

Everyone has a year-end list, and this is ours. See what our top-performing cybersecurity blogs were in 2025, there could be some you might have missed!

CVE-2025-55182 (also referred to as React2Shell and includes CVE-2025-66478, which was merged into it) is a critical pre-authentication remote code execution (RCE) vulnerability affecting React Server Components and related frameworks. The post Defending against the CVE-2025-55182 (React2Shell) vulnerability in React Server Components appeared first on Microsoft Security Blog.

Strengthen Your Identity Posture Before Attackers Find the Gaps In this cheat sheet, you’ll discover:• The four highest-risk identity categories to remediate today.• A step-by-step ISPM maturity model and 90-day implementation plan.• How to eliminate toxic permissions, enforce MFA, and remove dormant identities at scale. Download the ISPM Cheat Sheet Sponsored by Permiso Akash PatelMemory […]

Join us LIVE on Mondays, 4:30pm EST. A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team. https://bhisnews.transistor.fm Chat with us on Discord! - https://discord.gg/bhis 🔴live-chat 🔗 Register for FREE webcasts, summits, and workshops - https://poweredbybhis.com Brought to you by: Black Hills Information Security https://www.blackhillsinfosec.com Antisyphon Training https://www.antisyphontraining.com/ Active Countermeasures https://www.activecountermeasures.com Wild West Hackin Fest https://wildwesthackinfest.com #livestream #infosec #news #BHIS #podcast #Cybersecurity #infosecnews

Today we’re covering two cybercrime research stories: Tune in to this story on Spotify, Apple Podcasts, YouTube (below), and/or keep reading this article for the highlights. We also have instructions for a giveaway in the video episode for CTF players who would like another shot at unlocking a shirt from a past challenge… React2Shell (CVE-2025-55182) […] The post Winter CTF Giveaway?!, React2Shell (CVE-2025-55182), and Gamers are a Major Infostealer Malware Target appeared first on Flare | Threat Exposure Management | Unmatched Visibility into Cybercrime.

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com Could you triage an alert on the spot? Join us for a free one-hour BHIS webcast with SOC Analyst Tom Dejong and learn why alert triage is a crucial skill for every SOC analyst. Tom will teach you the basics of triage, including alert anatomy, how to separate real threats from noise, and when to escalate or close an alert. You’ll also learn documentation best practices, common mistakes to avoid, and tips for strengthening your soft skills. This webcast is ideal for anyone starting out in a SOC or looking to sharpen their foundational skills. Chat with your fellow attendees in the Antisyphon Discord server: https://discord.gg/bhis in the #🔴live-chat channel

Automated password rotation helps protect both cloud and on-premises environments from unauthorized access and credential compromise by reducing the risk associated with exposed credentials. Suspicious or unrecognized login attempts may indicate stolen credentials, compromised accounts, or malicious insider activity. By proactively managing credentials and monitoring authentication events, organizations reduce the risk of insider threats while […] The post Automated password rotation with Wazuh and Shuffle appeared first on Wazuh.

Setting goals is a deceptively simple career skill we all know is important, but how do you set goals you’re actually excited to work towards? The post How to Set Smart Goals (That Actually Work For You) appeared first on Black Hills Information Security, Inc..

Today we’re covering two cybercrime stories: Leaky Weekly is taking a break this week and Nick spoke with Simply Cyber – Gerald Auger, PhD for 2025 Cybercrime Wrapped:   Keep reading for current events in cybercrime.  Cyber Practitioners Living Double Lives as Ransomware Collaborators Two cybersecurity professionals have been indicted in Florida earlier this month for […] The post Cyber Practitioners Doubling as Ransomware Collaborators, Russian Infostealer Developers Arrested appeared first on Flare | Threat Exposure Management | Unmatched Visibility into Cybercrime.

Everything you need to know about npm compromises from Shai-Hulud’s latest campaign, including detection and prevention guidance

Hamas-affiliated threat actor Ashen Lepus (aka WIRTE) is conducting espionage with its new AshTag malware suite against Middle Eastern government entities. The post Hamas-Affiliated Ashen Lepus Targets Middle Eastern Diplomatic Entities With New AshTag Malware Suite appeared first on Unit 42.

In this post, we investigate a recent phishing campaign that targets Microsoft 365 users.

The Shai‑Hulud 2.0 supply chain attack represents one of the most significant cloud-native ecosystem compromises observed recently. Attackers maliciously modified hundreds of publicly available packages, targeting developer environments, continuous integration and continuous delivery (CI/CD) pipelines, and cloud-connected workloads to harvest credentials and configuration secrets. The Shai‑Hulud 2. The post Shai-Hulud 2.0: Guidance for detecting, investigating, and defending against the supply chain attack appeared first on Microsoft Security Blog.

We peel back the layers on a threat involving an adversary who brought their own VM into an environment following aggressive spam bombing.

01flip is a new ransomware family fully written in Rust. Activity linked to 01flip points to alleged dark web data leaks. The post 01flip: Multi-Platform Ransomware Written in Rust appeared first on Unit 42.

Password reuse is common in Active Directory (AD). From an attacker’s perspective, it is a reliable path to lateral movement or privilege escalation. Most IT teams recognize the risk, but longer passwords and password…

TLDR This post shows how to achieve a full authentication bypass in the Ruby and PHP SAML ecosystem by exploiting several parser-level inconsistencies: including attribute pollution, namespace confusi

Inside the Salesloft-Drift Breach: What It Means for SaaS & Identity Security In this session, Permiso’s CTO will cover:– How attackers moved from GitHub → AWS → Salesforce using stolen OAuth tokens.– Why this “all-machine” attack is a wake-up call for SaaS supply chains and NHIs.– Practical steps to detect and contain similar threats in […]

By Flare Research React2Shell is a newly disclosed vulnerability (CVE-2025-55182) that has exposed a critical flaw at the core of React Server Components (RSC), enabling unauthenticated remote code execution (RCE) in applications using React 19 and frameworks built on top of RSC, most notably Next.js. Current telemetry suggests that more than 1.4 million publicly accessible […] The post React2Shell (CVE-2025-55182): A Critical RCE in React Server Components appeared first on Flare | Threat Exposure Management | Unmatched Visibility into Cybercrime.

Join us LIVE on Mondays, 4:30pm EST. A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team. https://bhisnews.transistor.fm Chat with us on Discord! - https://discord.gg/bhis 🔴live-chat 🔗 Register for FREE webcasts, summits, and workshops - https://poweredbybhis.com Brought to you by: 🔗 Black Hills Information Security https://www.blackhillsinfosec.com/ 🔗 Antisyphon Training https://www.antisyphontraining.com/ #livestream #infosec #news #BHIS #podcast #Cybersecurity #infosecnews

Model Context Protocol connects LLM apps to external data sources or tools. We examine its security implications through various attack vectors. The post New Prompt Injection Attack Vectors Through MCP Sampling appeared first on Unit 42.