Olivia
Online
The Monday Brief
@TheMondayBrief
🎙 Each week the Monday Brief helps leaders navigate cyber threats, AI, technology change, human & geopolitical risk. By @aboutsecurity and @fulmetalpackets
Subscribe now at
Joined January 2026
32 Following
31 Followers
33 Posts
Pinned Tweet
For the first time since launching The Monday Brief, @fulmetalpackets and @aboutsecurity were in the same room, in Dallas, Texas, where we sat down with @GregRich_AI to talk about how AI is changing the fight.
🎥 Special Edition: AI, Cybersecurity & the Small Business Blind Spot
https://t.co/3z7CzW25vH…
#ThinkRedActBlue #CyberSecurity #AI #Infosec #ThreatIntel #SecurityLeaders
Attackers do not need the vulnerability first. They need the map.
This week: Ivanti Sentry, ShinyHunters vs PeopleSoft, Agentjacking, a record Patch Tuesday, plus guest commentary from Thomas Roccia (@fr0gger_) on securing AI agents.
👇Subscribe and never miss a Monday.
https://t.co/OAcdA5VfKC
By @fulmetalpackets and @aboutsecurity
#ThinkRedActBlue #TheMondayBrief
New Monday Brief is live.
This week the attacker's R&D budget shrank while your attack surface grew. Tricked AI bots, automated EDR evasion, a Claude Code repo takeover, and fake recruiters. No zero-days needed.
Plus a first for us: our debut guest perspective, featuring the great Vicente Diaz @trompi
Douglas McKee (@fulmetalpackets) thinks 🔴
Ismael Valenzuela (@aboutsecurity) 🔵
Vicente Diaz (@trompi) adds the threat intel lens 🔍
https://t.co/RN8kOJ9sHt
#ThinkRedActBlue #TheMondayBrief
Four unrelated campaigns last week. One control they all beat: your approval chain.
→ ransomware that spreads itself over SMB, WMI, and PsExec, no operator needed
→ AI-built lures and malware at machine scale
→ a credential stealer pushed as a trusted update
→ trojanized Zoom installers aimed at US firms
New issue of @TheMondayBrief by @fulmetalpackets and @aboutsecurity is out 👇
https://t.co/fHgQb1BGQz
#ThinkRedActBlue #TheMondayBrief
In today's issue of @TheMondayBrief, @aboutsecurity
and @fulmetalpackets unpack four signals where adversaries went after the layers defenders use to define trust itself:
1️⃣ A PAN-OS zero-day (CVE-2026-0300) gave suspected state-sponsored actors root on internet-facing firewalls for nearly a month before disclosure.
2⃣MuddyWater dressed an Iranian espionage operation as a Chaos ransomware hit to misdirect IR.
3⃣Russian-linked actors struck Polish water treatment SCADA amid a 144% year-over-year surge in attacks on Poland. 📷
🔗Read the full issue: https://t.co/QlAFIwnzxt
#ThinkRedActBlue #ThreatIntelligence #ZeroTrust #DetectionEngineering #CISO
Attackers didn’t break new ground this week.
They operated where no one was looking.
Four intrusions. Different entry points. Same pattern.
- A stolen OAuth token from an AI tool became cross-environment access
- A patched firewall stayed compromised for months
- Consumer routers became covert relay infrastructure
- Teams messages delivered malware outside traditional inspection paths
The pattern is clear. The attack surface is not where controls exist. It is where visibility ends.
🔴 Think Red: You don’t need to bypass controls if you can operate outside of them
🔵 Act Blue: Monitor the parts of your environment that fall outside your normal coverage
Read the full breakdown by @fulmetalpackets and @aboutsecurity: https://t.co/I8o7v7WL6k
The Monday Brief is written to be shared.
#Cybersecurity #ThreatIntelligence #CISO #DetectionEngineering #TheMondayBrief
Attackers didn’t bypass defenses this week.
They used them.
Defender zero-days. MCP flaws. Obsidian plugin abuse.
Same pattern:
👉 Weaponizing trusted tools
🔴 Think Red: Inherit trust
🔵 Act Blue: Monitor your controls
Read the latest issue by @aboutsecurity and @fulmetalpackets:
🔗https://t.co/fNAVXYkpaj
#Cybersecurity #ThreatIntel
While You Were Watching Your XDR Alerts, Attackers Took the Pipeline, the Phone, and the Executive
🔴 Attackers optimize for blind spots
🔵 Defenders optimize for visibility
Read the latest issue of @TheMondayBrief → https://t.co/cfKTyttbsL
by @aboutsecurity and @fulmetalpackets
This week on @TheMondayBrief: Three threat actors. One blindspot.
🔴 Think Red: One Intune session. 200K devices wiped. 79 countries. No custom malware required.
🔵 Act Blue: Multi-party approval for destructive ops. No single credential owns that blast radius.
🔴 Think Red: Signal's encryption is fine. The linked device list may not be.
🔵 Act Blue: Audit it. Remove what you can't identify. Two minutes.
Full issue by @aboutsecurity and @fulmetalpackets: https://t.co/C097o4umNd
#ThinkRedActBlue #CyberSecurity #ZeroTrust #ThreatIntel #CISO #InfoSec
As the new Zero Day Clock highlights, AI is compressing cyber operations from weeks to minutes.
But something important happens when attackers move that fast: they leave evidence.
Automated attacks create patterns.
🔴 Think Red: AI runs thousands of attack variations at machine speed. Speed favors attackers.
🔵 Act Blue: Defenders who understand their environment can detect those attempts through pattern analysis. Environmental knowledge favors defenders.
New issue of @TheMondayBrief 👇
https://t.co/l6KnyHAXPj w/ @fulmetalpackets
#ThinkRedActBlue #CyberSecurity #AI #ThreatIntelligence #DetectionEngineering #AllAroundDefender
AI is speeding up cyber attacks.
But speed alone doesn’t win the fight.
This week’s Monday Brief examines:
• AI-driven attack automation
• Long-dwell nation-state intrusions
• Mobile exploit kits spreading beyond APTs
• South Asia espionage campaigns
The real advantage still belongs to defenders who know their environment. By @aboutsecurity and @fulmetalpackets
https://t.co/eIHvPnWTnh
#CyberSecurity #ThreatIntelligence #CyberDefense #AI #SecurityLeadership
New Monday Brief 👇
This week isn’t about breaches.
It’s about control.
Iran tensions rising.
Federal AI posture shifting.
Ransomware escalating to psychological warfare.
Edge zero-days at industrial scale.
China flexing semiconductor leverage.
Whoever controls the intermediary layer controls the outcome.
https://t.co/HP6bv0SjRn
🔴 Think Red by @fulmetalpackets
🔵 Act Blue by @aboutsecurity
#CyberSecurity #CISO #ThreatIntelligence #Geopolitics #ThinkRedActBlue
Persistence is no longer about registry keys and scheduled tasks. It’s about control over trusted systems.
In this week’s issue of @TheMondayBrief, @fulmetalpackets and @aboutsecurity look at persistence inside backup platforms, control planes, AI runtimes, and the hybrid wars across Europe's critical infrastructure.
Think about it: it's not always about speed, but strategic placement. When an attacker compromises:
• A backup system
• An identity or management control plane
• An AI agent runtime
• Telecom or hybrid infrastructure
They gain durability, leverage, and time.
🔴 Think Red: Target the trust layer.
🔵 Act Blue: Harden, monitor, and verify the systems you assume are “safe.”
Full issue here 👇
https://t.co/u2T5nMzI9I
#ThinkRedActBlue #CyberSecurity #ThreatIntelligence #ZeroTrust #AllAroundDefender
🏎️ AI is accelerating offense faster than defenders are adapting.
In this week’s issue of #TheMondayBrief, @aboutsecurity and @fulmetalpackets unpack how adversarial AI is compressing attack lifecycles, collapsing traditional patch timelines, and reshaping how threat actors operate across industrial, identity, and geopolitical fronts.
♦️ Zero-day saturation now collapses patch windows into hours.
♦️ Threat actors use AI platforms to scale reconnaissance, payload generation, and social engineering.
♦️ Trusted developer ecosystems and extensions have become high-ROI supply chain beachheads.
♦️ Geopolitical actors are blending AI misuse with financial infrastructure compromise.
The defensive advantage no longer comes from reacting faster. It comes from architecting resilience, constraining blast radius, and instrumenting visibility across the entire attack chain.
👉 The full issue, with practical, role-based recommendations, is live:
https://t.co/Y3g4z7UXAJ
#cybersecurity #threatintel #ZeroTrust #AdversarialAI #patchmanagement #identitysecurity #supplychainsecurity #securityoperations #riskmanagement #securityleadership #ThinkRedActBlue #TheMondayBrief #AllAroundDefender
🥇 Attackers are breaking trust at Olympic speed.
In this week’s issue, @fulmetalpackets and @aboutsecurity examine how attackers are disabling endpoint defenses with signed but revoked drivers, hijacking SaaS platforms through voice-phished credentials, and probing global events as future leverage.
These are not 0-day vulnerabilities. They are failed defensive strategies:
🔻 Revoked certificates still load.
🔻 OAuth tokens persist unchecked.
🔻 Event infrastructure gets tested months before opening ceremonies.
👉 Full issue, with practical, role based recommendations, is live at
https://t.co/pzBtq57TWd
#cybersecurity #threatintel #ZeroTrust #supplychainsecurity #identitysecurity #SaaS #EDR #riskmanagement #securityleadership #allarounddefender #thinkredactblue
Everyone’s excited about agentic AI systems like #OpenClaw. There’s huge opportunity there, no question about it, but also huge risk.
The problem is that most orgs are still trying to govern these agents like a chatbot. Of course that only works until the AI stops answering questions and starts doing things: calling APIs, changing configs, browsing and clicking on admin panels, and making decisions for you. At that point, the risk isn’t what the model says. It’s what the agent is allowed to do.
I was just thinking that this feels a lot like the early days of Cloud. Too much implicit trust and too many permissions. Same old mistakes, just new tech.
Think about it: AI systems should be treated as enterprise actors with bounded authority, not as mere IT tools. By the way, this is one of the signals that @fulmetalpackets and I are tracking at @TheMondayBrief this week 👇
https://t.co/g2C3DqK8RG
#CyberSecurity #SecurityLeadership #AIinSecurity #ZeroTrust #ThreatIntelligence #RiskManagement #TheMondayBrief w/ @robtlee @SANSInstitute @SANSDefense
Most Popular Users
Elon Musk
@elonmusk
240.3M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.7M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.2M followers
Taylor Swift
@taylorswift13
81M followers
Lady Gaga
@ladygaga
72.6M followers
Kim Kardashian
@kimkardashian
69.6M followers
Virat Kohli
@imvkohli
69.2M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.6M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.8M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.3M followers