JUST POSTED: We've just released an update to our Introduction to Security Onion overview video, recorded with Security Onion 3. Learn all about the platform, how it fits into your security architecture, the ways to pivot between logs from your network and your endpoints, and how it's all wrapped up in a lovely new interface. Alert investigation, detection engineering, ad hoc threat hunting -- Security Onion has everything you need to peel back the layers of your network and make the bad guys cry.
https://t.co/pp5uJWhTF8
DID YOU KNOW? Security Onion Pro includes a feature called Manager of Managers, or MoM, which leverages the Security Onion API to allow access to other Security Onion installations in your environment from a central console.
Perfect for MSSPs, for independent subsidiaries, for geographically siloed security teams, for dev environments, and more! Check out this video for more details.
https://t.co/hJY5kC6v6V
GPT-5.5-Cyber is our most capable cyber model yet, designed for advanced, authorized defensive work: tracing vulnerable code, validating issues, developing patches, and preparing evidence for human review.
Introducing Sakana Fugu: A full multi-agent orchestration system accessible via a single model API.
Our ‘Fugu Ultra’ model matches the performance of Fable and Mythos, delivering frontier capability without the risk of export controls.
Try it: https://t.co/hhO6qTawgb 🐡
‼️ Lancement de notre Projet - NEXUS_OSINT V1
🌐Une plateforme dédiée à la visualisation et à l'analyse de données en sources ouvertes intégrant :
• 🌍 Cartographie interactive Mondiale
• 📡 Flux OSINT géolocalisés
• 🎥 Live Cams synchronisées
• ⏪ Frise temporelle avancée
• ✏️ Outils d'analyse intégrés
💻Les visuels ci-dessous présentent de manière simplifiée les principales fonctionnalités de la plateforme.
👉 Disponible maintenant : https://t.co/vWqIUg0wxv
𝗜𝗻𝘁𝗿𝗼𝗱𝘂𝗰𝗶𝗻𝗴 𝗧𝗵𝗿𝗲𝗮𝘁 𝗛𝘂𝗻𝘁𝗶𝗻𝗴 𝗣𝗹𝗮𝘆𝗴𝗿𝗼𝘂𝗻𝗱. 𝗡𝗼𝘄 𝗹𝗶𝘃𝗲 𝗶𝗻 𝗧𝗵𝗿𝗲𝗮𝘁 𝗛𝘂𝗻𝘁𝗶𝗻𝗴 𝗟𝗮𝗯𝘀!
Launch a disposable Elastic or Splunk lab, run controlled adversary emulation, hunt the telemetry, and validate detection ideas against observed events.
𝗧𝗲𝗹𝗲𝗺𝗲𝘁𝗿𝘆 𝗮𝘃𝗮𝗶𝗹𝗮𝗯𝗹𝗲 𝗼𝘂𝘁 𝗼𝗳 𝘁𝗵𝗲 𝗯𝗼𝘅 𝗶𝗻𝗰𝗹𝘂𝗱𝗲𝘀:
- 𝗪𝗶𝗻𝗱𝗼𝘄𝘀 𝗹𝗮𝗯𝘀: Sysmon, Windows event logs, FLARE VM tooling, and Elastic Defend EDR when using Elastic environments.
- 𝗟𝗶𝗻𝘂𝘅 𝗹𝗮𝗯𝘀: Sysmon for Linux, auditd, syslog, and Elastic Defend EDR when using Elastic environments.
- 𝗙𝘂𝗹𝗹 𝗲𝗺𝘂𝗹𝗮𝘁𝗶𝗼𝗻 𝗹𝗮𝗯𝘀: a Kali attacker box equipped with Sliver, PoshC2, Merlin, and other tooling so you can test C2 workflows and detections hands-on in a controlled lab.
Navigate to the Atomic catalog, run an approved emulation with one click, inspect the resulting telemetry in your SIEM, or access the target host yourself and experiment as much as you want.
Run. Hunt. Validate.
Watch:
https://t.co/Zn751KBEXP
Read the blog post:
https://t.co/09qas8gBye
🇸🇦 🇮🇷 𝗡𝗲𝘄 𝗠𝗶𝗱𝗱𝗹𝗲 𝗘𝗮𝘀𝘁 𝗺𝗮𝗹𝗶𝗰𝗶𝗼𝘂𝘀 𝗶𝗻𝗳𝗿𝗮𝘀𝘁𝗿𝘂𝗰𝘁𝘂𝗿𝗲 𝗿𝗲𝗽𝗼𝗿𝘁: 𝟭,𝟯𝟱𝟬+ 𝗖𝟮 𝗦𝗲𝗿𝘃𝗲𝗿𝘀 𝗠𝗮𝗽𝗽𝗲𝗱 𝗔𝗰𝗿𝗼𝘀𝘀 𝟵𝟴 𝗣𝗿𝗼𝘃𝗶𝗱𝗲𝗿𝘀
Over a three-month window, we mapped more than 1,350 active C2 servers operating across 98 infrastructure providers in 14 Middle Eastern countries, covering telecoms, shared hosting, and VPS environments.
👉 Read the full report: https://t.co/Bnfwe2Yufq
Here's what the data shows:
→ A single telecom carrier accounts for nearly 72% of all detected regional C2 activity, most of it tied to compromised customer endpoints rather than provider-level abuse
→ C2 infrastructure makes up over 96% of all observed malicious artifacts in the region
→ Tactical RMM leads the malware family breakdown with 92 unique C2 IPs, followed by Keitaro TDS (71) and Acunetix (38)
→ The malware mix covers a wide range of attack types - IoT botnets (Mozi, Hajime, Mirai), remote access tools (AsyncRAT, Sliver, Cobalt Strike), active scanning (Acunetix), and phishing infrastructure (Gophish, Keitaro TDS)
→ Campaigns in the dataset include Eagle Werewolf espionage operations, the DYNOWIPER destructive campaign targeting Poland's energy sector, and RondoDox botnet exploitation infrastructure on Iranian hosting
The main takeaway is that malicious infrastructure in the region is not evenly spread. A small set of providers keeps showing up across unrelated campaigns and malware families, which is where the tracking value is.
Provider-level visibility is what lets defenders get ahead of that pattern, rather than reacting to individual indicators that rotate daily.
Full breakdown, including infrastructure observables, HuntSQL queries, and campaign examples, is in the report 👇
https://t.co/Bnfwe2Yufq
NSA is releasing security design considerations for AI-driven automation leveraging MCP which, while simplifying the integration of diverse capabilities into powerful agent workflows, requires caution. Learn more: https://t.co/zn2DyUz5be
Phantom-Evasion-Loader: Phantom-Evasion-Loader is a standalone, pure x64 Assembly injection engine engineered to minimize the detection surface of modern EDR/XDR solutions and Kernel-level monitors like Falco (eBPF). It… https://t.co/lckGXpD0eE #cyber#threathunting#infosec
We are proud to announce the launch of ChatCTI, grounded in SOS Intelligence data, ChatCTI lets analysts and enterprise security teams search dark web sources, ask natural-language questions, and receive evidence-backed answers. Shipping worldwide today.
NEW RELEASE: Guidance on minimum elements for an AI software bill of materials. The guide, developed with G7 cyber experts, offers practical advice to enhance transparency and #Cybersecurity throughout the AI supply chain. More here 👉 https://t.co/JXMlM7PIcS
The Google Threat Intelligence Group has detected the first known instance of a threat actor using an AI-developed zero-day exploit in the wild. While the attackers planned a wide-scale strike, our proactive counter-discovery may have prevented that from happening. This finding is part of our new report on AI-powered threats.
Security updates for May 2026 are now available. Details are here: https://t.co/FoXlCCPY0d
This month’s release reflects a broader shift across the industry, with advances in automation, increased researcher participation, and the growing use of AI accelerating the discovery of vulnerabilities. As a result, security updates may continue to trend larger over time, while the process behind how Microsoft validates, prioritizes, and delivers fixes remains consistent.
As discovery speeds up, the fundamentals matter more than ever. Stay current on patches, reduce exposure, strengthen identity protections, and invest in detection and response.
Learn more in our blog post by Tom Gallagher, VP of Engineering, MSRC: https://t.co/BYH090091w
Introducing Daybreak: frontier AI for cyber defenders.
Daybreak brings together the most capable OpenAI models, Codex, and our security partners to accelerate cyber defense and continuously secure software.
A step toward a future where security teams can move at the speed defense demands.
we're starting rollout of GPT-5.5-Cyber, a frontier cybersecurity model, to critical cyber defenders in the next few days.
we will work with the entire ecosystem and the government to figure out trusted access for cyber; we want to rapidly help secure companies/infrastructure.
We've released a new 5-point action plan for strengthening cyber defense.
AI is reshaping cybersecurity. The same capabilities that help defenders may be used by malicious actors.
One approach is to treat these systems as too dangerous for broad defensive use and limit them to a very small number of approved partners.
We think that misses the central challenge. Attackers won’t wait. Existing models are already useful for many cyber workflows and capabilities will keep advancing. Criminal groups will adopt whatever tools are available.
The best way to reduce national risk is to responsibly equip and accelerate trusted defenders faster than adversaries can adapt. Check out our plan ⬇️
https://t.co/pcV0XAWx1q
Türkiye – Somalia: A semi colonial relationship!
Five years ago, I wrote an opinion piece about the evolving relationship between Somalia and Türkiye. The essay pointed out the imbalance in the relationship and warned that the structure of the relationship did not bode well for Somalia and Somalis. Tragically, developments since then have vindicated the prognosis the essay made.
Our country is increasingly becoming a fiefdom for Türkiye interest and the derelict regime in Mogadishu behaves like a Bantustan.
https://t.co/T0vpY6Z5a5