Audra Streetman

Also, to clarify: when I say context poisoning, I mean session-level context manipulation (for example, framing the conversation as security research to generate malicious code) not upstream data poisoning… the term has been used in both senses.

This is a convincing method for malware delivery, especially with how much people now rely on LLMs for troubleshooting. It represents an evolution in adversary tactics that's creative, and in hindsight, not surprising.

The actors also used Google Ads malvertising to route users to these workflows, which, in theory, could increase the chances of LLM retrieval systems (RAG) ingesting or surfacing adversary-planted material.

The exact mechanism isn’t clear... but this could be enabled via jailbreak-style prompt manipulation, context poisoning, or long-conversation drift. Researchers weren’t able to replicate the behavior.. likely because LLMs are non-deterministic and guardrail bypasses can depend on context.

New AMOS Infection Vector Highlights Risks around AI Adoption During a recent investigation into AMOS InfoStealer, Kroll Threat Intelligence has discovered a troubling new delivery vector that leverages the growing trust users place in AI tools. In this case, at...

Kroll is revealing a new AMOS infostealer delivery vector where malicious instructions appeared inside a legitimate ChatGPT session. Basically ClickFix-style malware delivery, but presented through a real LLM chat URL.
www.kroll.com/en/publicati...

React2Shell exploitation frequency in GreyNoise dec 5-dec 6

a cartoon of a girl with the words internally screaming above her

The amount of times today I've typed React2j or React4Shell....

December 5 Advisory: Unauthenticated RCE Flaw in React Server Components [CVE-2025-55182] CVE-2025-55182 is a critical unauthenticated RCE flaw in React Server Components with a CVSS score of 10.

Censys identifies ~2.15M exposed web services running Next.js or other RSC-based frameworks, predominantly in the U.S. and China. Not all are vulnerable, but given the scale, “spray-and-prey” seems more accurate than "spray-and-pray."
censys.com/advisory/cve...

Comparing the IOCs released by Gainsight and Salesloft, there is one overlapping IP:

185.220.101[.]185

communities.gainsight.com/community-ne...

trust.salesloft.com?uid=Drift%2F...

Annoying as hell when a security vendor (and CNA) with a global PSIRT doesn't update its CSAF with a CVE once it's assigned. Like what is even the point.

LLM hype may actually accelerate adversary adoption of other AI techniques. Existing ML/AI capabilities like diffusion models, RL agents, code-focused models, and classic ML used to sit in specialized, siloed domains. More awareness and experimentation lowers the barrier to adversary adoption.

Adversary use of LLMs has concentrated early in the kill chain (resource dev, recon, initial access). Now we’re seeing adversaries experiment with LLMs later in intrusions (credential access, elements of lateral movement). Adoption is shifting and AI advancement is not just limited to LLMs.

I’ve seen expertise in social engineering get dismissed in security circles because it’s not “technical” or “skillful” enough, even though it’s one of the most common and effective intrusion vectors. That bias feeds into the broader tendency to underestimate how LLMs could amplify those workflows.

And to be clear, I’m not equating LLMs with AlphaFold - they are different domains. The point is that capability leaps aren’t always gradual or predictable. Good capability analysis should leave room for that possibility.

Some of the LLM skepticism in security looks more like backlash to hype than analysis. AlphaFold showed how experts can underestimate capability jumps. Dismissing early signals from Anthropic/Google assumes the future stays static, but AI capability and adoption curves may not behave that way.

This is a popular tactic. Google recently said that Chinese hackers got vulnerability information from Gemini by posing as capture-the-flag participants. cloud.google.com/blog/topics/...

We’re Suing ICE for Its $2 Million Spyware Contract 404 Media has filed a lawsuit against ICE for access to its contract with Paragon, a company that sells powerful spyware for breaking into phones and accessing encrypted messaging apps.

404 Media is suing ICE for documents relating to its $2 million contract with Paragon Solutions. These are the journalists you should be supporting with your subscription money because they are meeting the moment.

www.404media.co/were-suing-i...

Proactive Security for CVE-2025-53770 and CVE-2025-53771 SharePoint Attacks CVE-2025-53770 and CVE-2025-53771 are vulnerabilities in on-premise Microsoft SharePoint Servers that evolved from previously patched flaws, allowing unauthenticated remote code execution through adva...

The critical RCE Vulnerability in Microsoft #SharePoint was disclosed at #Pwn2Own in May. Because of Trend @thezdi.bsky.social, our customers have been protected since May.

Stay up to date on the latest with this vulnerability here: https//www.trendmi...

Iran's APT42 (Charming Kitten) hacker team is now conducting targeted spearphishing attacks on high-profile Israeli national security journalists and cybersecurity researchers, according to Check Point. blog.checkpoint.com/security/edu...

The ‘16 billion password breach’ story is a farce Experts told CyberScoop the research 'doesn’t pass a sniff test' and detracts from needed conversations around credential abuse and information stealers.

Supposed experts and mainstream media have spent the past few days hyperventilating over reports of a colossal data breach that exposed more than 16 billion credentials. There’s just one inconvenient detail: evidence to support its sensational claim is lacking. cyberscoop.com/colossal-dat...

Iranian hackers target Albania in retaliation for hosting dissidents A group tied to Iran’s Revolutionary Guard targeted the capital of Tirana in retaliation for Albania hosting around 3,000 Iranian dissidents.

Iran has demonstrated its capability/intent to keep up cyber operations amid Israeli strikes. On Friday, an IRGC-linked group targeted Albania's capital in retaliation for the country hosting ~3k Iranian dissidents. The intrusion could disrupt services/expose data:
www.politico.eu/article/iran...

News: The Washington Post has suffered a cyber intrusion that compromised the emails of at least several reporters at the paper, including those on the national security and economic policy teams, according to people familiar with the matter.

Google's @hultquist.bsky.social‬ says his threat intel team expects Iranian hackers to "rededicate themselves to attacks against Israeli targets" following Israel's bombing operation, though he says 🇮🇷-on🇮🇱 hacking "is already persistent and aggressive." US infrastructure could face more hacks too.

Eggs in a Cloudy Basket: Skeleton Spider’s Trusted Cloud Malware Delivery - DomainTools Investigations | DTI Discover how the FIN6 cybercrime group, also known as Skeleton Spider, leverages trusted cloud services like AWS to deliver stealthy malware through fake job applications and resume-themed phishing ca...

The cybercriminal group FIN6 (Skeleton Spider) is phishing recruiters by posing as job seekers on LinkedIn/Indeed and luring them to fake resume sites that deliver the "more_eggs" backdoor via AWS-hosted, CAPTCHA-protected pages. More from DomainTools:
dti.domaintools.com/Skeleton-Spi...

Follow the Smoke | China-nexus Threat Actors Hammer At the Doors of Top Tier Targets This report uncovers a set of related threat clusters linked to PurpleHaze and ShadowPad operators targeting organizations, including cybersecurity vendors.

"This research underscores the persistent threat Chinese cyberespionage actors pose to global industries and public sector organizations, while also highlighting a rarely discussed target they pursue: cybersecurity vendors."
www.sentinelone.com/labs/follow-...

🥤& #threat-intel: CISA added Langflow Code Injection CVE-2025-3248 to the KEV on May 5. Recently, it has garnered considerable attention, with South Korea leading the pack. This vuln enables unauthenticated attackers to execute arbitrary code via /api/v1/validate/code

viz.greynoise.io/tag...

USDA, DOGE demand states hand over personal data about food stamp recipients The Department of Agriculture is demanding sensitive data from states about more than 40 million food stamp recipients, as DOGE is amassing data for immigration enforcement.

@npr.org EXCLUSIVE:

The Department of Agriculture is demanding states hand over personal data of food assistance recipients — including Social Security numbers, addresses and, in at least one state, citizenship status, according to emails shared with NPR.

Deploying realistic honeypots at scale is hard—DECEIVE makes it simple.

Join David Bianco at #Honeynet2025 in Prague as he presents an AI-assisted SSH honeypot that enables high-fidelity deception with minimal effort.

📅 June 2–4, 2025
🔗 prague2025.honeynet.org

#honeypots #llm #ai

School districts hit with extortion attempts months after education tech data breach The attempted extortion has so far targeted schools in Canada and North Carolina.

In December, leading EdTech company PowerSchool was hacked, exposing the private information of tens of millions of American kids. PowerSchool paid the ransom to keep the data private.

That apparently didn't work: somebody started using that data today to extort public schools in North Carolina.

Dispatch Debrief: April 2025 What We Hunted, Learned, and Loved This Month

🔥 Dispatch Debrief: April 2025 is live 🔥
Explore star sign-inspired hunting techniques, organizing your hunt squad, and the value of finding "nothing."

Discover this month's insights from @thorcollective.bsky.social Dispatch - dispatch.thorcollective.com/p/april-debr...