Hunting for malicious OpenClaw AI in the modern enterprise We deconstruct a threat hunt for malicious OpenClaw AI agents, outlining how we identify and migitate risks posed by unauthorized AI skills.

Originally from Red Canary: Hunting for malicious OpenClaw AI in the modern enterprise ( :-{ı▓ #threatintel #redcanary #cyberresearch

FBI Seizes Leakbase: One of the Largest English-Speaking Cybercrime Forums Shut Down The FBI has seized and taken control of Leakbase, one of the largest English-speaking cybercrime forums in recent history. The takedown marks a significant milestone in the ongoing global effort to dismantle underground markets for stolen data. Seizure banner on the Leakbase homepage Details of the Takedown: Operation Leak On March 3 and 4, 2026, […] The post FBI Seizes Leakbase: One of the Largest English-Speaking Cybercrime Forums Shut Down appeared first on Flare | Threat Exposure Management | Unmatched Visibility into Cybercrime.

Originally from Flare: FBI Seizes Leakbase: One of the Largest English-Speaking Cybercrime Forums Shut Down ( :-{ı▓ #flare #CTI #cyberresearch

Building a Detection Foundation: Part 2 - Windows Security Events The Audit Policies Nobody ConfiguresIn Part 1, we looked at why relying on a single telemetry source is a recipe for blind spots. Now let's get practical. Windows has a rich set of security auditing capabilities…

Originally from TrustedSec: Building a Detection Foundation: Part 2 - Windows Security Events ( :-{ı▓ #trustedsec #pentesting #cyberresearch

The defense supply chain is struggling with CMMC implementation, and it’s not because the requirements are inherently complex. The problem is misinformation, scope creep, and upstream contractors who don’t understand when CMMC actually applies. During our next webinar, our experts will cover the misunderstandings that are creating the most problems for contractors and subcontractors, from CUI marking confusion to unnecessary Level 2 requirements. In this live session, we will cover: - Understanding what CUI really means and when protection is actually required - Distinguishing between ITAR, classified information, and legitimate CUI - Identifying when CMMC Level 2 certification is truly necessary - Managing upstream contractors who are overreaching with CMMC requirements - Controlling scope creep in your compliance program - Ensuring external service provider compliance without overcomplicating the process Join us for an in-depth session with Director of Advisory Services Chris Camejo and Compliance Practice Lead Lee Quinton that addresses the real challenges you’re facing in your CMMC journey. They’ll dig into the specific issues that are causing delays, increasing costs, and creating compliance headaches across the defense industry. Designed for contractors, subcontractors, and service providers, this webinar will provide practical, actionable guidance to navigate CMMC requirements effectively. Get the clarity your CMMC program needs to succeed. Let’s tackle your CMMC questions together! Webinar - CMMC Challenges and Misunderstandings

Originally from From TrustedSec: Webinar - CMMC Challenges and Misunderstandings ( :-{ı▓ #TrustedSec #Pentesting #cyberresearch

Breaking down a supply chain attack leveraging a malicious Google Workspace OAuth app How to detect and respond to OAuth consent attacks in Google Workspace

Originally from Red Canary: Breaking down a supply chain attack leveraging a malicious Google Workspace OAuth app ( :-{ı▓ #threatintel #redcanary #cyberresearch

The “P” in PAM is for Persistence: Linux Persistence Technique Learn about a pentesting tool using the Pluggable Authentication Module for privilege escalation, lateral movement, and persistence in Linux. The post The “P” in PAM is for Persistence: Linux Persistence Technique appeared first on Black Hills Information Security, Inc..

Originally from BHIS: The “P” in PAM is for Persistence: Linux Persistence Technique ( :-{ı▓ #BlackHillsInfoSec #Pentesting #cyberresearch

Monitoring Cyberattacks Directly Linked to the US-Israel-Iran Military Conflict The US-Israel-Iran conflict has generated one of the most intensive periods of state-linked cyber warfare since the Russia-Ukraine war, with operations conducted by both sides across multiple domains including critical infrastructure, financial systems, communications networks, and social media platforms. The cyber dimension of this conflict encompasses three distinct phases:  Each phase saw a marked increase […] The post Monitoring Cyberattacks Directly Linked to the US-Israel-Iran Military Conflict appeared first on Flare | Threat Exposure Management | Unmatched Visibility into Cybercrime.

Originally from Flare: Monitoring Cyberattacks Directly Linked to the US-Israel-Iran Military Conflict ( :-{ı▓ #flare #CTI #cyberresearch

Inside Tycoon2FA: How a leading AiTM phishing kit operated at scale Tycoon2FA has become a leading phishing-as-a-service (PhaaS) platforms, enabling campaigns that reach over 500,000 organizations monthly, prompting Microsoft’s Digital Crimes Unit (DCU) to work with Europol and industry partners to facilitate a disruption of Tycoon2FA’s infrastructure and operations. The post Inside Tycoon2FA: How a leading AiTM phishing kit operated at scale appeared first on Microsoft Security Blog.

Originally from MS Threat Intel: Inside Tycoon2FA: How a leading AiTM phishing kit operated at scale ( :-{ı▓ #CTI #cybersecurity #cyberresearch

Taming Agentic Browsers: Vulnerability in Chrome Allowed Extensions to Hijack New Gemini Panel A high-severity CVE-2026-0628 in Chrome's Gemini allowed local file access and privacy invasion. Google quickly patched the flaw. The post Taming Agentic Browsers: Vulnerability in Chrome Allowed Extensions to Hijack New Gemini Panel appeared first on Unit 42.

Originally from Unit 42: Taming Agentic Browsers: Vulnerability in Chrome Allowed Extensions to Hijack New Gemini Panel ( :-{ı▓ #unit42 #threathunting #cyberresearch

When AI can integrate across projects, systems, and security with a simple text, innovation stops being theoretical — it becomes reality. Watch the full episode "Ten Years: A Decade of Doing This" now! https://youtu.be/zlaWEVnu8Pg Obviously, you have to call an AI "Jarvis" #ai #podcast

Originally from From TrustedSec: Obviously, you have to call an AI "Jarvis" #ai #podcast ( :-{ı▓ #TrustedSec #Pentesting #cyberresearch

How Neo found an SSRF vulnerability in Faraday, and why it matters for every team that ships code Executive Summary Neo found a Server-Side Request Forgery (SSRF) vulnerability in Faraday, a widely used HTTP client library in the Ruby ecosystem. This is Neo’s first credited CVE discovery. Neo is ProjectDiscovery’s AI security copilot for tasks like code review and vulnerability discovery. For this finding, Neo reviewed a widely used open source dependency and, without human guidance, surfaced a subtle URL-handling edge case, validated it in runtime, and produced a clear write-up that maint

Originally from ProjectDiscovery: How Neo found an SSRF vulnerability in Faraday, and why it matters for every team that ships code ( :-{ı▓ #projectdiscovey #bugbounty #cyberresearch

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com What if you could safely harness AI agents to automate real work, without spending a dime?  Join us for a free one-hour BHIS webcast with Ethan Robish and Derek Banks to cut through the hype and learn what coding agents really are, why they’re not just for developers, and how to start for free.  You’ll learn how tools like Opencode work, how to overcome security and trust barriers, and how to give agents the context, skills, and guardrails they need to safely plan, execute, and iterate. Chat with your fellow attendees in the Black Hills Infosec Discord server: https://discord.gg/BHIS in the #🔴live-chat channel. Learning to Trust AI Agents with Automation w/ Ethan and Derek

Originally from BHIS: Learning to Trust AI Agents with Automation w/ Ethan and Derek ( :-{ı▓ #BlackHillsInfoSec #cybersecurity #cyberresearch

Fooling AI Agents: Web-Based Indirect Prompt Injection Observed in the Wild Uncover real-world indirect prompt injection attacks and learn how adversaries weaponize hidden web content to exploit LLMs for high-impact fraud. The post Fooling AI Agents: Web-Based Indirect Prompt Injection Observed in the Wild appeared first on Unit 42.

Originally from Unit 42: Fooling AI Agents: Web-Based Indirect Prompt Injection Observed in the Wild ( :-{ı▓ #unit42 #threathunting #cyberresearch

Join us for our next Discord Livestream “AMA: Incident Response” on March 19 at 11:00am ET! Incident Response Practice Lead Ryan Macfarlane will field your questions on what TrustedSec is seeing on IR engagements, common attack vectors, as well as AI threats and how criminal and nation state actors are using it. Ryan is also willing to answer questions about his time as an FBI Cyber agent – questions about aliens will be considered on a case-by-case basis ;) Bring all your incident response questions and connect with our Discord community! Discord Livestream - AMA: Incident Response

Originally from From TrustedSec: Discord Livestream - AMA: Incident Response ( :-{ı▓ #TrustedSec #Pentesting #cyberresearch

Ghost Jobs and Ghost Companies: Pulling Back the Curtain Using OSINT Patrick Wheltle How can job seekers research companies before applying? In today’s job market, it is easier than ever to share professional information with companies that may not be legitimate. This talk focuses on how job seekers can use basic research techniques to avoid wasting time or exposing sensitive details to organizations with no real intent to hire. What is this presentation about? This session explores a series of methods that can be used to research companies claiming to be hiring qualified applicants. The goal is to help professionals verify legitimacy before submitting resumes, portfolios, or personal data. What role does OSINT play in job research? Using open-source intelligence techniques, the talk demonstrates how publicly available information can reveal red flags about a company’s operations, leadership, and credibility. Attendees will learn where to look and what questions to ask when evaluating a potential employer. What case study is covered? The presentation includes a real world case study of a company advertising roles with unusually high compensation. On the surface, the opportunity looked promising. However, basic OSINT research revealed deeper concerns. What was uncovered during the investigation? The company appeared to have no customers, no public reputation, and no verifiable business activity. Further research uncovered layers of shell companies and raised questions about whether the listed officers were even real individuals. Why does this matter for job seekers? Job scams and deceptive hiring practices can lead to identity theft, financial loss, or wasted effort. This session shows how a small amount of investigation can protect professionals from falling into these traps. Who should watch this talk? This campfire talk is ideal for job seekers, security professionals, recruiters, and anyone interested in OSINT or online investigation techniques. What is the takeaway? Sometimes the truth is hidden in plain sight. Knowing where to look can make all the difference. Sign Up for WWHF Register for this year’s Wild West Hackin Fest here: https://wildwesthackinfest.com/register/ Get access to workshops, labs, and sessions taught by experienced practitioners, all focused on real world defensive and investigative skills. #cybersecurity #osint #jobsearch #careeradvice #infosec #onlinesafety #employmentscams #digitalinvestigations #cyberawareness ///Black Hills Infosec Socials Twitter: https://twitter.com/BHinfoSecurity Mastodon: https://infosec.exchange/@blackhillsinfosec LinkedIn: https://www.linkedin.com/company/antisyphon-training Discord: https://discord.gg/ffzdt3WUDe ///Black Hills Infosec Shirts & Hoodies https://spearphish-general-store.myshopify.com/collections/bhis-shirt-collections ///Black Hills Infosec Services Active SOC: https://www.blackhillsinfosec.com/services/active-soc/ Penetration Testing: https://www.blackhillsinfosec.com/services/ Incident Response: https://www.blackhillsinfosec.com/services/incident-response/ ///Backdoors & Breaches - Incident Response Card Game Backdoors & Breaches: https://www.backdoorsandbreaches.com/ Play B&B Online: https://play.backdoorsandbreaches.com/ ///Antisyphon Training Pay What You Can: https://www.antisyphontraining.com/pay-what-you-can/ Live Training: https://www.antisyphontraining.com/course-catalog/ On Demand Training: https://www.antisyphontraining.com/on-demand-course-catalog/ Antisyphon Discord: https://discord.gg/antisyphon Antisyphon Mastodon: https://infosec.exchange/@Antisy_Training ///Educational Infosec Content Black Hills Infosec Blogs: https://www.blackhillsinfosec.com/blog/ Wild West Hackin' Fest YouTube: https://www.youtube.com/wildwesthackinfest Antisyphon Training YouTube: https://www.youtube.com/antisyphontraining Active Countermeasures YouTube: https://youtube.com/activecountermeasures Threat Hunter Community Discord: https://discord.gg/threathunter Join us at the annual information security conference in Deadwood, SD (in-person and virtually) — Wild West Hackin' Fest: https://wildwesthackinfest.com/ Ghost Jobs and Ghost Companies: Pulling Back the Curtain Using OSINT | Patrick Wheltle

Originally from From WWHF: Ghost Jobs and Ghost Companies: Pulling Back the Curtain Using OSINT | Patrick Wheltle ( :-{ı▓ #WWHF #BHIS #cyberresearch

Red Canary CFP tracker: March 2026 Red Canary's monthly roundup of upcoming security conferences and calls for papers (CFP) submission deadlines

Originally from Red Canary: Red Canary CFP tracker: March 2026 ( :-{ı▓ #threatintel #redcanary #cyberresearch

Counterfeits, Money Laundering, and Scams in the Cybercrime Haute Couture Economy By Assaf Morag, Cybersecurity Researcher Haute couture is presented as the most controlled, exclusive, and artisanal corner of the fashion industry. Invitation-only shows. One-of-one garments. Months of handwork. Astronomical prices. But when you step away from the runway narrative and look at couture as a system (materials, labor, knowledge, logistics, and incentives), a different picture […] The post Counterfeits, Money Laundering, and Scams in the Cybercrime Haute Couture Economy appeared first on Flare | Threat Exposure Management | Unmatched Visibility into Cybercrime.

Originally from Flare: Counterfeits, Money Laundering, and Scams in the Cybercrime Haute Couture Economy ( :-{ı▓ #flare #CTI #cyberresearch

Threat Brief: March 2026 Escalation of Cyber Risk Related to Iran Unit 42 details recent Iranian cyberattack activity, sharing direct observations of phishing, hacktivist activity and cybercrime. We include recommendations for defenders. The post Threat Brief: March 2026 Escalation of Cyber Risk Related to Iran appeared first on Unit 42.

Originally from Unit 42: Threat Brief: March 2026 Escalation of Cyber Risk Related to Iran ( :-{ı▓ #unit42 #threathunting #cyberresearch

Week 09 – 2026 Belkasoft X v2.10 Is Here—With Smarter AI Assistant – BelkaGPT now holds context—ask follow-up questions without restating your query– Import Magnet Axiom (.mfdb) cases directly for AI analysis– Similar face search and grouping across pictures, no external tools needed– Timestamped transcriptions in audio and video help pin statements to exact moments  Request your trial of […]

Originally from This Week in 4n6: Week 09 – 2026 ( :-{ı▓ #dfir #incidentresponse #cyberresearch

Ethics on the Line Balancing Social Engineering Success with Target Protection Presenter: Jennifer Isacoff Why do social engineering assessments raise ethical concerns? Social engineering engagements like phishing and vishing are powerful tools for exposing weaknesses in an organization’s defenses. They work by exploiting human trust. But what happens to the people who fall for them after the test is over? What is this talk about? This 15 minute campfire talk explores the ethical challenges of selling and conducting social engineering assessments without causing unintended harm to employees. Even when reports anonymize identities, basic security logs can often reveal who failed, sometimes leading to blame or punishment long after the engagement ends. Why is this a problem for practitioners? This creates a difficult question for social engineering professionals. How do you clearly demonstrate risk to a client while protecting the individuals being tested? The tension between accountability and education can undermine trust in both the assessment and the security team. What ethical questions are discussed? The session sparks an open discussion around whether mandatory post engagement training is the only ethical path forward, or if engagements can be designed to preserve anonymity while still delivering meaningful value to clients. What real world experiences inform this talk? Drawing from real world social engineering engagements, the discussion explores situations where proving impact, such as initial access or credential capture, conflicted with safeguarding individuals from negative consequences. What solutions are on the table? Expect a lively debate around practical approaches including creative contract language, log obfuscation strategies, client education, and engagement design choices that prioritize learning over punishment. Who should attend? This talk is for social engineering professionals, red teamers, defenders, and newcomers interested in the human side of security testing. What is the goal of this session? This is not just about ethics. It is about sustaining trust in the craft of social engineering while responsibly addressing the human factor that makes these attacks so effective. Bring your stories, ideas, and opinions and let’s hash it out around the campfire. Sign Up for WWHF Register for this year’s Wild West Hackin Fest here: https://wildwesthackinfest.com/register/ Get access to workshops, labs, and sessions taught by experienced practitioners, all focused on real world defensive and investigative skills. #cybersecurity #socialengineering #phishing #vishing #infosec #redteam #securityethics #humanfactor #defensivesecurity #cyberawareness ///Black Hills Infosec Socials Twitter: https://twitter.com/BHinfoSecurity Mastodon: https://infosec.exchange/@blackhillsinfosec LinkedIn: https://www.linkedin.com/company/antisyphon-training Discord: https://discord.gg/ffzdt3WUDe ///Black Hills Infosec Shirts & Hoodies https://spearphish-general-store.myshopify.com/collections/bhis-shirt-collections ///Black Hills Infosec Services Active SOC: https://www.blackhillsinfosec.com/services/active-soc/ Penetration Testing: https://www.blackhillsinfosec.com/services/ Incident Response: https://www.blackhillsinfosec.com/services/incident-response/ ///Backdoors & Breaches - Incident Response Card Game Backdoors & Breaches: https://www.backdoorsandbreaches.com/ Play B&B Online: https://play.backdoorsandbreaches.com/ ///Antisyphon Training Pay What You Can: https://www.antisyphontraining.com/pay-what-you-can/ Live Training: https://www.antisyphontraining.com/course-catalog/ On Demand Training: https://www.antisyphontraining.com/on-demand-course-catalog/ Antisyphon Discord: https://discord.gg/antisyphon Antisyphon Mastodon: https://infosec.exchange/@Antisy_Training ///Educational Infosec Content Black Hills Infosec Blogs: https://www.blackhillsinfosec.com/blog/ Wild West Hackin' Fest YouTube: https://www.youtube.com/wildwesthackinfest Antisyphon Training YouTube: https://www.youtube.com/antisyphontraining Active Countermeasures YouTube: https://youtube.com/activecountermeasures Threat Hunter Community Discord: https://discord.gg/threathunter Join us at the annual information security conference in Deadwood, SD (in-person and virtually) — Wild West Hackin' Fest: https://wildwesthackinfest.com/ Ethics on the Line Balancing Social Engineering Success with Target Protection | Jennifer Isacoff

Originally from From WWHF: Ethics on the Line Balancing Social Engineering Success with Target Protection | Jennifer Isacoff ( :-{ı▓ #WWHF #BHIS #cyberresearch

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com How does PAM abuse fit into a real‑world attack chain? Join us for a free one‑hour BHIS webinar with Ben Bowman as he introduces PAMSkeletonKey, a tool designed for red teamers and CTF players to explore persistence, lateral movement, and privilege escalation on Linux systems. Ben will teach why the tool was created, how to use it safely in lab environments, and what this technique means for defenders working to detect or prevent authentication abuse. You'll learn a practical understanding of Linux PAM (Pluggable Authentication Modules) authentication and how it can be abused to create a skeleton‑key backdoor for persistence. Get started with PAMSkeletonKey: https://github.com/her3ticAVI/PAMSkeletonKey Chat with your fellow attendees in the Black Hills Infosec Discord server: https://discord.gg/BHIS in the #🔴live-chat channel. Intro to PAMSkeletonKey for Persistence w/ Ben Bowman

Originally from BHIS: Intro to PAMSkeletonKey for Persistence w/ Ben Bowman ( :-{ı▓ #BlackHillsInfoSec #cybersecurity #cyberresearch

AI code review has come a long way, but it can’t catch everything AI code review can reason about intent, but real incidents often stem from business logic flaws that only show up in runtime. Our benchmark reveals where code-only review falls short.

Originally from ProjectDiscovery: AI code review has come a long way, but it can’t catch everything ( :-{ı▓ #projectdiscovey #bugbounty #cyberresearch

Apache ActiveMQ Exploit Leads to LockBit Ransomware Key Takeaways An audio version of this report can be found on Spotify, Apple, YouTube, Audible, & Amazon.  This intrusion began in mid-February 2024 after a threat actor exploited a vulnerability (CVE-2023-46604) on an exposed Apache ActiveMQ server. The threat actor was able to perform remote code execution (RCE) by using a Java Spring class and a custom Java Spring […] The post Apache ActiveMQ Exploit Leads to LockBit Ransomware appeared first on The DFIR Report.

Originally from The DFIR Report: Apache ActiveMQ Exploit Leads to LockBit Ransomware ( :-{ı▓

Hook, line, and vault: A technical deep dive into the 1Phish kit We analyze the evolution of the 1Phish phishing kit from a basic credential harvester into an MFA-aware, multi-stage phishing kit targeting 1Password users.

Originally from DataDog: Hook, line, and vault: A technical deep dive into the 1Phish kit ( :-{ı▓ #cloudsecurity #datadog #cyberresearch

We are getting a lot of requests for AI-generated Zoom video attacks! It's ramping up quick. Watch the full episode on LLM attacks now! https://youtu.be/QA_j4ZUYDAs AI-Generated Zoom Video Attacks? It's more common than you think. #podcast #security

Originally from From TrustedSec: AI-Generated Zoom Video Attacks? It's more common than you think. #podcast #security ( :-{ı▓ #TrustedSec #Pentesting #cyberresearch

The million-dollar front door and the tailgater: Why strong auth could fail at SaaS session integrity The protocol gap is real. Authentication proves identity once but remember that session protection must be continuous.

Originally from Red Canary: The million-dollar front door and the tailgater: Why strong auth could fail at SaaS session integrity ( :-{ı▓ #threatintel #redcanary #cyberresearch

Malware Analysis: How to Analyze and Understand Malware Malware analysis is an amazing field that can be interesting, fun, and useful for your cybersecurity career. If you’re wondering WHY anyone would want to dig into malware, it’s all for a better understanding of cybersecurity! The post Malware Analysis: How to Analyze and Understand Malware appeared first on Black Hills Information Security, Inc..

Originally from BHIS: Malware Analysis: How to Analyze and Understand Malware ( :-{ı▓ #BlackHillsInfoSec #Pentesting #cyberresearch

Detection Without Remediation is Just Surveillance Theater By John Williamson, Chief Revenue Officer (CRO) For fifteen years, the external threat intelligence market has operated on a simple premise: Scan the dark web, find bad things, alert the customer, repeat. The companies that dominated this era, such as Recorded Future and ZeroFox, built impressive platforms. They cataloged billions of threats. They generated thousands […] The post Detection Without Remediation is Just Surveillance Theater appeared first on Flare | Threat Exposure Management | Unmatched Visibility into Cybercrime.

Originally from Flare: Detection Without Remediation is Just Surveillance Theater ( :-{ı▓ #flare #CTI #cyberresearch

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com What if an attacker lived inside your network for seven months and your tools never noticed? BHIS discovered a stealthy intrusion during a real breach assessment: attackers used a COM-based persistence technique hidden in Windows scheduled tasks, leaving no obvious indicators, suspicious processes, or malicious file hashes. Just a quiet foothold designed to stay invisible. Join BHIS SOC analyst Troy Wojewoda for a free one-hour session as he investigates a two-year-long attack campaign, revealing how the attacker stayed hidden, how the SOC uncovered the activity, and how you can spot similar techniques in your own environment. Chat with your fellow attendees in the Black Hills Infosec Discord server: https://discord.gg/BHIS in the #🔴live-chat channel. Breach Assessment - The Curious Case of the Comburglar w/ Troy Wojewoda

Originally from BHIS: Breach Assessment - The Curious Case of the Comburglar w/ Troy Wojewoda ( :-{ı▓ #BlackHillsInfoSec #cybersecurity #cyberresearch

ChatGPT in your inbox? Investigating Entra apps that request unexpected permissions How to observe, detect, investigate and mitigate against overly permissive Entra app consent

Originally from Red Canary: ChatGPT in your inbox? Investigating Entra apps that request unexpected permissions ( :-{ı▓ #threatintel #redcanary #cyberresearch