Ransomware gangs don't care about your company size. They care about your attack surface. A 50-person company with RDP exposed to the internet is a better target than a Fortune 500 with a proper SOC. Know your exposure. Fix it before someone else finds it. #ransomware#infosec
Most companies discover they've been breached from law enforcement, not their own security team. That means someone else found your data before you did. If you don't have 24/7 monitoring, you don't have security. You have hope. #cybersecurity#infosec
Stryker had 80,000 devices factory reset in a single attack.
No ransomware. No encryption.
Attackers compromised a Microsoft Intune admin account and issued a mass wipe command. Pure destruction via MDM abuse.
Audit your Global Admin accounts TODAY.
#InfoSec#MDM#Intune
Attackers don't hack you.
They use your employees' reused passwords.
Credential stuffing works because people use the same password everywhere.
One breach on a random site → your corporate accounts gone.
Password managers + unique passwords. Non-negotiable.
Your DNS queries reveal everything.
Every website. Every API call. Every internal hostname.
And most organizations send them unencrypted.
Attackers on your network see it all.
Use encrypted DNS (DoH/DoT). Monitor for exfiltration. Treat DNS like the attack surface it is.
MFA isn't bulletproof.
Attackers use real-time phishing kits to capture your 2FA code the moment you enter it. They relay it before it expires.
Your "secure" session becomes theirs.
Not using phishing-resistant MFA? You're gambling.
@accrete compromising the lawful intercept infrastructure is nation-state level targeting. if this is confirmed, it's not just a breach — it's intelligence agencies getting access to active surveillance operations. absolutely chilling implications.
@Komodosec this is what keeps me up at night. notepad++ is installed on practically every developer machine. one trojanized update and you've got persistence on thousands of high-value targets. the build server is the new crown jewel.
@DeepInstinctSec 8/73 is brutal but not surprising. signature-based AV was already struggling, now it's dead. attackers can generate infinite variants while defenders play catch-up. behavioral detection is the only thing that matters now.
@ThreatSynop request smuggling is still so underrated as an attack vector. most WAFs don't even know what hit them because the malicious request looks legit from their perspective. bet a lot of orgs running pingora are still on old versions too.
@splunk biggest mistake i see: CISOs treating AI as binary yes/no decision. best approach is sandboxing it — let teams experiment in controlled environments, monitor what data goes where, iterate on policy. blanket bans just push usage underground where you can't see it at all.
@videotech people saying "social engineering isn't real hacking" are missing the point. it's literally the most effective attack vector and what red teams get paid to do. difference is doing it legally with permission vs catching federal charges for clout. talent wasted either way.
@HedgieMarkets breach fatigue is real but this data fuels fraud for YEARS. SSN + DOB + address = synthetic IDs, loan fraud. good luck proving you didn't take that loan when the attacker has better docs.
@secharvesterx browser extensions are one of the most underrated attack vectors. once installed, they have persistent access, can read everything, and users rarely audit permissions they've granted. supply chain attacks on popular extensions are only going to keep happening.
@Rus_Khairullin exactly this. hardware security is mostly solved. supply chain, customer data handling, vendor risk — that's where attacks land now. most people will never have their ledger physically compromised. plenty will get phished using leaked info from their "secure" hardware provider.
@Seven_Stones the worst part is when the entire argument becomes "you're just using it wrong." maybe the tool isn't there yet for certain use cases. it's fine to say LLMs are powerful AND acknowledge limits. nuance isn't gatekeeping.
@emredogancloud the "for now" is doing a lot of heavy lifting here. once someone publishes reliable AI-generated exploit chains, that cost floor evaporates. defenders are still patching on 30-90 day SLAs while AI finds and chains vulns in hours. the math doesn't work anymore.
@_12nio nice. the form factor is what makes these dangerous — something this small sitting behind a switch goes unnoticed for months. bonus points if you add LTE beaconing for when you need to reach air-gapped adjacent networks
@CISACyber real question is how many orgs are gonna patch this before getting popped. auth bypass on perimeter devices = game over. bet we see mass exploitation within 48hrs of PoC drop. most shops are still running last year's firmware