⚠️ We are observing actors sending test exploits against the recent Drupal vulnerability CVE-2026-9082 since this morning
Probes hit /jsonapi/node/* with a malformed filter[…][value][…] key, triggering the SQL injection bug to check whether the site is vulnerable.
No data-extraction payloads yet, so this is likely recon ahead of the real wave.
Monitor live attacks against Drupal 👉https://t.co/rEG9aqrq5l
The name ‘fast16’ is referenced in the infamous ShadowBrokers’ leak of NSA’s ‘Territorial Dispute’ components.
fast16.sys selectively targets high-precision calculation software, patching code in memory to tamper with results. By combining this payload with self-propagation mechanisms, the attackers aim to produce equivalent inaccurate calculations across an entire facility.
https://t.co/21xcadwNjU
https://t.co/e4m47EJDw4
Our new Discarded episode explores the stealthy world of backdoors, malware detection, and the “secret signals” threat actors use to stay hidden.
Stream now for expert insights on signature development, PCAP analysis, and countering espionage tools.
🎙️ https://t.co/t0tET38lGz
🔥 Can you get RCE from an email address? Yep. In my NDC Manchester talk Splitting the email atom, I break down how RFC weirdness leads to auth bypasses, parser confusion, and full remote code execution. Watch here 👇 https://t.co/vUCY6Haqom
Debloat removes junk from inflated executables: https://t.co/yv0LBdVRdO
In v1.5.5, I added result-codes: telling the user which tactic was used. This allows measuring success and what tactics are used.
From 700 files, Debloat worked 97.8% of the time.
Wireshark now has an easy way to embed TLS pre-master secrets (SSLKEYLOGFILE) into a capture file from the GUI:
Edit -> Inject TLS Secrets
This will make it MUCH easier to save decrypted TLS sessions in a .pcapng file to share with others!
39 new OPEN, 42 new PRO (39 + 3) Connectwise Screenconnect ,Ghostlocker, Lumma Stealer, and more
Thanks: @Jane_0sint, @ConnectWiseCRU
https://t.co/3jKxyRSdZ2