🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

Advisory for CVE-2022-42889 #Act4Shell (RCE via Apache Commons Text interpolation). Regardless of the similarities with #log4shell this one should be much less prevalent

The Sysdig Threat Research Team uncovered a massive cryptojacking operation targeting free GitHub and Heroku accounts. While freejacking isn't new, PURPLEURCHIN shows a new level of automation and sophistication. What do you need to know? 🔗: okt.to/AT7YQl #kubecon

Over the weekend, a verified account posing as FTX founder SBF posted dozens of copies of this deepfake video offering FTX users "compensation for the loss" in a phishing scam designed to drain their crypto wallets

ChatGPT exploits a buffer overflow 😳

I don't want to edit everything into 280 char chunks, so here's the rest: getrevue.co/profile/jackja…

Breaking RSA with a Quantum Computer schneier.com/blog/archives/…

1/The call for a 6 month moratorium on making AI progress beyond GPT-4 is a terrible idea. I'm seeing many new applications in education, healthcare, food, ... that'll help many people. Improving GPT-4 will help. Lets balance the huge value AI is creating vs. realistic risks.

Self-pinning for immortality. Congrats Ding!!

Good article from The Hacker News covering research by Matt Muir at Cado and Alessandro Brucato at Sysdig "SCARLETEEL Cryptojacking Campaign Exploiting AWS Fargate in Ongoing Campaign"

Chat with these rockstar #CloudSecurity threat researchers at #BHUSA! 🎩 Bring your burning cloud attack questions to Booth 1350 & come bet which vuln will be targeted the most in our #HoneypotHack game for sweet prizes 🍯 Read their annual threat report: okt.to/1RxTim

Reminder that Threat Actors (probably) haven't paid for a Red Teaming course or any sort of formal education

☁ In Part Two of SANS Certified Instructor, Ryan Nicholson’s Cloud Attack blog series, he reveals just a few of the new #Cloud threats seen today. 🧑‍💻 Read the blog: sans.org/u/1u2H

New article about attackers targeting LLMs in Cloud!

🚨 Researchers have uncovered a new attack called "LLMjacking" that targets large language models (LLMs) hosted on cloud services. Attackers steal cloud credentials to gain unauthorized access and sell it to other threat actors. Read: thehackernews.com/2024/05/resear… #cybersecurity

BREAKING: Julian Assange US extradition appeal will be heard at the UK High court on 9-10 July Detained for over 13 years the publisher faces a 175 year sentence if extradited for journalism #FreeAssangeNOW crowdfunder.co.uk/p/free-assange crowdjustice.com/case/assangeap… reuters.com/world/wikileak…

Our talk 'The Dark Economy of Stolen Cloud Accounts in Phishing Attacks' at fwd:cloudsec is out! youtu.be/6cpnz2x_0q4

It was a pleasure to contribute to such a great tool!

BREAKING: #Paragon reportedly terminates spyware contract with #Italy. Right on heels of reported targeting of journalist & activists in Italy. BIG DEAL: puts Italian government in the hot seat, since they denied knowing about it only hours ago.👇 x.com/jsrailton/stat…

Thanks Anthropic for the nice challenge! I learned a lot about jailbreaking to reach level 4 #claude

I made this MCP server for incident response in AWS, integrating several services. If you want to give it a try, I’d love to hear your feedback!