Securityblog @securityblog - Twitter Profile

about 3 hours ago

‼️ The alienation continues: more security researchers are sticking up the middle finger after feeling squeezed by Microsoft and GitHub. MSRC emailed Black Hat USA 2026 presenters asking which MSRC cases, VULN-IDs, or CVEs their talks would cover. GitHub told a researcher to delete his public PoC repos and flagged his accounts under ToS.

IntCyberDigest's tweet photo. ‼️ The alienation continues: more security researchers are sticking up the middle finger after feeling squeezed by Microsoft and GitHub. MSRC emailed Black Hat USA 2026 presenters asking which MSRC cases, VULN-IDs, or CVEs their talks would cover. GitHub told a researcher to delete his public PoC repos and flagged his accounts under ToS.

8

136

25

31

8K

Securityblog retweeted

0xor0ne

@0xor0ne

about 9 hours ago

lang Hardening Cheat Sheet (2026 edition) https://t.co/f451C7NKzV By @0xTRIKKSS and @bcreusillet #infosec

0

69

8

41

3K

Securityblog retweeted

Matt Johansen

@mattjay

about 6 hours ago

MSRC couldn’t possibly do anything worse this week… oh. Oh ok.

22

336

41

35

28K

Securityblog retweeted

Zhenpeng (Leo) Lin

@Markak_

about 6 hours ago

We helped FFmpeg find and fix 21 security vulnerabilities. In a 1.5M-line codebase, we spent just $1K in API costs. Some of these bugs had been hiding for decades. We also developed a PoC demonstrating an RCE primitive when FFmpeg processes RTSP streams. Full write-up: https://t.co/mIrjirCgcB

2

83

19

50

4K

Who to follow

Security BSides Dublin

@BSidesDublin

Security BSides Dublin (BSidesDub) Official Twitter account. Next conference taking place at Trinity College Dublin on 23rd May 2026. https://t.co/Rq2KYuFTUo

Marcello

@byt3bl33d3r

CyBeRsEcUrItY | Not afraid to put down with some THICC malware on disk | AI Research @PaloAltoNtwks | former purple team | Ex @spacex

hasherezade

@hasherezade

Programmer, #malware analyst. Author of #PEbear, #PEsieve, #TinyTracer. Private account. All opinions expressed here are mine only (not of my employer etc)

Securityblog retweeted

Source Defense Research

@sdcyberresearch

about 12 hours ago

#Magecart alert Hidden img ng-on-error reused a CSP nonce to load npm.clickcdn01[.]net, opened WebRTC to 85.17.55[.]137, injected a pixel-perfect fake @2c2p #payment form, and exfiltrated card data over WebRTC. #DataBreach #PCIDSS #ClientSideSecurity #WebSkimming #eSkimming #FormJacking

sdcyberresearch's tweet photo. #Magecart alert
Hidden img ng-on-error reused a CSP nonce to load npm.clickcdn01[.]net, opened WebRTC to 85.17.55[.]137, injected a pixel-perfect fake @2c2p #payment form, and exfiltrated card data over WebRTC.

#DataBreach #PCIDSS #ClientSideSecurity #WebSkimming #eSkimming #FormJacking

0

11

4

1K

Securityblog retweeted

Wiz

@wiz_io

about 9 hours ago

🚨 Our CIRT and Research teams uncovered JINX-0164, a threat actor targeting crypto organizations. A single LinkedIn message can lead to malware, CI/CD compromise, stolen crypto, and supply chain attacks. Read more: https://t.co/SBTWQYCjWK

wiz_io's tweet photo. 🚨 Our CIRT and Research teams uncovered JINX-0164, a threat actor targeting crypto organizations.

A single LinkedIn message can lead to malware, CI/CD compromise, stolen crypto, and supply chain attacks.

Read more: https://t.co/SBTWQYCjWK https://t.co/Z05ZNEg1kt

0

26

10

3

1K

Securityblog retweeted

Dark Web Informer @DarkWebInformer

about 7 hours ago

‼️ SSRF to Root: Unauthenticated File-Write Flaw in Cisco Unified CM (CVE-2026-20230) https://t.co/mlMlfDBDlL

0

15

6

4

3K

Securityblog retweeted

0x12 Dark Development @Salsa12__

2 days ago

Bring Your Own RWX Region DLL (BYORWXDLL) New Medium post, today we are exploring a technique I call Bring Your Own RWX Region DLL, inspired by the well-known BYOVD (Bring Your Own Vulnerable Driver) https://t.co/slNKv9qF4W

3

210

43

141

11K

Securityblog retweeted

OX Security

@OX__Security

about 13 hours ago

🚨 BREAKING: Miasma is back. The Shai-Hulud variant has returned to npm, impacting 57 packages with a combined 647K+ monthly downloads. ⚠️ GitHub token theft ⚠️ Cloud credential theft ⚠️ npm account compromise ⚠️ 118+ infected GitHub repos Full technical analysis to come — follow @OX__Security for updates #CyberSecurity #SupplyChainSecurity #AppSec #npm #OpenSource

0

7

3

0

1K

Securityblog retweeted

Michael Weber @BouncyHat

about 10 hours ago

We think of WASM as a mechanism to run compiled code in your browser, but what if we shimmed in all the host APIs necessary to run full implants with ALL logic entirely in the WASM VM? This post walks through what that looks like. https://t.co/xGVpPe2zyC #wasm #malware #sliver

2

40

16

30

4K

Securityblog retweeted

Managed IT Services

@itdotie

about 7 hours ago

🚨 Cybersecurity Alert: The HSE is experiencing IT disruption today due to a ransomware attack on an external vendor. The health service itself wasn't directly targeted, proving once again that your security is only as strong as your weakest third-party link. Read more: https://t.co/cebf46722b #Cybersecurity #hse #ransomware #cyberattack #nis2 #3rdPartyRisk

0

1

0

512

Securityblog retweeted

Eimer McAuley @eimer_mcauley

about 8 hours ago

HSE computer systems down after cyberattack on third party that stores data https://t.co/K1t2rMqvl7

2

10

5

7K

Securityblog retweeted

blackorbird

@blackorbird

about 9 hours ago

The attackers demonstrated strong operational security and evasion discipline during a 5-month campaign focused on stealing an executive’s Outlook mailbox. Their primary goal was to remain undetected by minimizing noise, blending with legitimate activity, and avoiding common detection triggers.

blackorbird's tweet photo. The attackers demonstrated strong operational security and evasion discipline during a 5-month campaign focused on stealing an executive’s Outlook mailbox.
Their primary goal was to remain undetected by minimizing noise, blending with legitimate activity, and avoiding common detection triggers.

1

28

6

11

2K

Securityblog retweeted

International Cyber Digest

@IntCyberDigest

about 8 hours ago

❗️Google employees are flooding an internal meme board with posts about how bad the company's AI is. A source says dozens of anti-AI memes post weekly, spiking when models update or their internal coding tool Jetski breaks. One showed Jetski admitting it fabricated report metrics with over 400 upvotes. Engineers say AI removed the code-gen bottleneck but jammed everything else: testing, build times, and human review now drowning in code nobody wrote. CEO Pichai says 75% of new code is AI-generated, btw. Via 404Media

IntCyberDigest's tweet photo. ❗️Google employees are flooding an internal meme board with posts about how bad the company's AI is.

A source says dozens of anti-AI memes post weekly, spiking when models update or their internal coding tool Jetski breaks. One showed Jetski admitting it fabricated report metrics with over 400 upvotes.

Engineers say AI removed the code-gen bottleneck but jammed everything else: testing, build times, and human review now drowning in code nobody wrote.

CEO Pichai says 75% of new code is AI-generated, btw.

Via 404Media

26

806

114

143

51K

Securityblog retweeted

Cyber_OSINT @Cyber_O51NT

about 23 hours ago

Flashpoint reports that XSS, once a unified Russian-speaking cybercrime hub, fractured into competing factions after a July 2025 takedown, with DamageLib, Rehub, XSS[.pro], and XSSF emerging. https://t.co/CZaoIw85fW

0

6

2

3

584

Securityblog retweeted

Renzon

@r3nzsec

about 9 hours ago

IRFlow Timeline v1.0.7 is live. This one focuses on a problem I think DFIR teams will see more often: AI assistant usage becoming part of the investigation surface. You can now collect and normalize local AI usage history from tools like Claude Code, ChatGPT Desktop, Cursor, GitHub Copilot, OpenAI Codex, Gemini CLI, Continue, Windsurf, and Claude Desktop into a unified timeline view. Also added AI Secret Hunt, which helps identify secrets, tokens, API keys, private keys, and credentials that may have been pasted into AI assistants during real investigations or day-to-day engineering work. The goal is simple: make AI app activity easier to preserve, search, tag, and correlate during incident response. AI usage is becoming part of the forensic record. We need tooling that treats it that way. Link in the comment ⬇️ #DFIR #IncidentResponse

3

34

6

18

1K

Securityblog retweeted

blackorbird

@blackorbird

about 9 hours ago

#Gamaredon This report analyses over a decade of malware families and establishes a unified naming taxonomy to cut through the fragmented nomenclature. 1: https://t.co/pjywWtlIkQ 2: https://t.co/fKcZ0hSaEf 3: https://t.co/vcMDWqD47S

blackorbird's tweet photo. #Gamaredon
This report analyses over a decade of malware families and establishes a unified naming taxonomy to cut through the fragmented nomenclature.
1:
https://t.co/pjywWtlIkQ
2:
https://t.co/fKcZ0hSaEf
3:
https://t.co/vcMDWqD47S https://t.co/RERpoAVuRz

0

20

8

10

1K

Securityblog retweeted

JAMESWT @JAMESWT_WT

about 10 hours ago

"Re: Family Room Reservation" fake #booking spam email ⛔️https://haddjskak827sja.]com/v drop zip > lnk 👇 drop genuine node-v24.13.0-win-x64. zip 👇 tonajukbhuakpo2.]shop Samples https://t.co/7BiTfkUY8d

JAMESWT_WT's tweet photo. "Re: Family Room Reservation"
fake #booking spam email

⛔️https://haddjskak827sja.]com/v
drop zip > lnk
👇
drop genuine node-v24.13.0-win-x64. zip
👇
tonajukbhuakpo2.]shop

Samples
https://t.co/7BiTfkUY8d https://t.co/OvnLLBK9Nb

1

6

4

1

475

Securityblog retweeted

zhero;

@zhero___

1 day ago

New short article on a real-world exploitation case rather than pure research, demonstrating how a specific mistake in Next.js can lead to a systematic zero-click SXSS on its latest versions (w/@inzo____): Re:CACHE - Excessive reflection, type confusion, and 0-click SXSS on Next.js https://t.co/0JWjH6yzC2

zhero___'s tweet photo. New short article on a real-world exploitation case rather than pure research, demonstrating how a specific mistake in Next.js can lead to a systematic zero-click SXSS on its latest versions (w/@inzo____):

Re:CACHE - Excessive reflection, type confusion, and 0-click SXSS on Next.js

https://t.co/0JWjH6yzC2

2

274

47

165

10K

Securityblog retweeted

Co11ateral

@co11ateral

about 15 hours ago

Using Nezha RMM as C2 - No Detection Earlier we spoke on this issue. RMMs are dangerous when not monitored. Here is an example of Nezha that doesn't trigger any AV alert and works really well if abused by hackers. The victim won't even see anything suspicious when hackers connect to their computer. We also showed the forensic artifacts it might leave. So, you better monitor them all Learn more: https://t.co/8np8jXJkF0 RMMs to monitor: https://t.co/CtFNVxjnlM @three_cube @_aircorridor #blueteam #redteam #apt

co11ateral's tweet photo. Using Nezha RMM as C2 - No Detection

Earlier we spoke on this issue. RMMs are dangerous when not monitored. Here is an example of Nezha that doesn't trigger any AV alert and works really well if abused by hackers. The victim won't even see anything suspicious when hackers connect to their computer. We also showed the forensic artifacts it might leave.

So, you better monitor them all

Learn more: https://t.co/8np8jXJkF0

RMMs to monitor: https://t.co/CtFNVxjnlM

@three_cube @_aircorridor #blueteam #redteam #apt

0

42

9

17

2K

Securityblog

@Securityblog

Who to follow

Last Seen Users on Sotwe

Trends for you

Most Popular Users