North Korean hackers are using AI-generated deepfakes of military IDs to make phishing attacks more convincing. Our Head of Threat Intelligence, John Fokker, weighs in on this evolving threat. Read the full story on Dark Reading: bit.ly/4pNWLMd

🚨 Trellix Advanced Research Center is tracking XWorm V6, a highly effective malware. Learn how its new plugins are creating sophisticated threats, and get the essential security strategies to protect your organization. bit.ly/42o9POm

pagedout.institute ← we've just released Paged Out! zine Issue #7 pagedout.institute/download/Paged… ← direct link lulu.com/search?page=1&… ← prints for zine collectors pagedout.institute/download/Paged… ← issue wallpaper Enjoy! Please please please RT to spread the news - thank you!

#threatreport #HighCompleteness XWorm V6: Exploring Pivotal Plugins | 02-10-2025 Source: trellix.com/blogs/research… Key details below ↓ 🧑‍💻Actors/Campaigns: Xcoder 💀Threats: Xworm_rat, Darkcloud, Houdini_rat, Snake_keylogger, Shadowsniff_stealer, Phantom_stealer, Phemedrone,

Trellix ARC reports that XWorm development paused after V5.6 and then returned with V6.0, as seen in a 4 June 2025 post on hackforums. The blog details key plugins, additional payloads, and a script for persistence. trellix.com/blogs/research…

XWorm malware resurfaces with ransomware module, over 35 plugins - Ionut Ilascu bleepingcomputer.com/news/security/… bleepingcomputer.com/news/security/…

⚡ALERT: XWorm 6.0 is back — and it’s evolved. Now packing 35+ plug-ins for everything from webcam spying to ransomware ops. Over 18,000 devices compromised — and even threat actors got hit. Learn more ↓ thehackernews.com/2025/10/xworm-…

After laying dormant for a year, XWorm is back, and more dangerous than ever before. techradar.com/pro/security/t…

LLM Poisoning [1/3]: Local LLMs are vulnerable to supply chain attacks. Inject a trigger-activated Trojan in a LLM. First step, build a probe to read a transformer's pre-down MLP activations to detect your chosen trojan trigger. 🔗 Full article synacktiv.com/publications/l…

Looks like some interesting prompting tricks. 👀👀 ---- Tell it "You explained this to me yesterday" — Even on a new chat. "You explained React hooks to me yesterday, but I forgot the part about useEffect" It acts like it needs to be consistent with a previous explanation and

I held a talk about reverse engineering and bypassing Denuvo in Hogwarts Legacy at Navaja Negra Conference The recording and the slides are now online :D momo5502.com/posts/2025-10-…

Looooooads of DEF CON 33 vids just came online. Enjoy. youtube.com/playlist?list=…

In-depth analysis and deobfuscation of Zelix KlassMaster's flow obfuscation github.com/LvStrnggg/zkm-…

You can use unicode in Firefox extension names which probably defeats a lot of filters.

🤓 I created a new community project dedicated to Adversarial Prompts called PromptIntel. PromptIntel is a public and free database that helps you: ・ Explore and classify adversarial prompts taxonomy ・ Contribute new prompts from your research ・ Access a live feed with

The target audience for all these documents in QT seems to be upper management, not actual engineers who write code. If you are an engineer and want to learn about building agents, then start here: docs.google.com/document/d/1rs…

It is not "i am limited by the technology of my time". It is " I am limited by the economics of my time".

Researchers pointed a satellite dish at the sky for 3 years and monitored what unencrypted data it picked up. The results were shocking: They obtained thousands of T-Mobile users' phone calls and texts, military and law enforcement secrets, much more: wired.com/story/satellit…🧵👇