#security-operations — Public Fediverse posts

New by me: AI Is Exposing the Operational Debt Inside MSP Security Stacks

https://www.kylereddoch.me/blog/ai-is-exposing-the-operational-debt-inside-msp-security-stacks/

#Cybersecurity #InfoSec #MSP #AISecurity #SecurityOperations

New by me: AI Is Exposing the Operational Debt Inside MSP Security Stacks

https://www.kylereddoch.me/blog/ai-is-exposing-the-operational-debt-inside-msp-security-stacks/

#Cybersecurity #InfoSec #MSP #AISecurity #SecurityOperations

Wazuh Cloud Tackles Security Ops Complexity With AI-Driven Analysis

Tired of drowning in security ops complexity? Wazuh Cloud simplifies threat detection and response with AI-driven analysis, freeing you from infrastructure headaches and empowering you to stay ahead of evolving threats like ransomware and supply chain attacks.

https://osintsights.com/wazuh-cloud-tackles-security-ops-complexity-with-ai-driven-analysis?utm_source=mastodon&utm_medium=social

#CloudSecurity #SecurityOperations #AidrivenAnalysis #Ransomware #AdvancedPersistentThreats

SOCs Struggle to Unlock AI Value Amid Fragmented Architecture

Despite aggressive AI adoption, with surging growth in tools like large language models and AI co-pilots, a mere 10% of Security Operations Centers (SOCs) report that AI has delivered excellent value to their operations. Most SOCs are left wondering if their AI investments are truly paying off.

https://osintsights.com/socs-struggle-to-unlock-ai-value-amid-fragmented-architecture?utm_source=mastodon&utm_medium=social

#AiValueDelivery #ArtificialIntelligence #SecurityOperations #Soccmm #EmergingThreats

Torq Bolsters AI-Powered Security with Jit Context Graph Acquisition

Torq supercharges its AI-powered security with the acquisition of Jit's innovative context graph technology, enabling real-time understanding of business relationships between assets and alerts. This game-changing integration helps Torq deliver smarter, more effective security solutions.

https://osintsights.com/torq-bolsters-ai-powered-security-with-jit-context-graph-acquisition?utm_source=mastodon&utm_medium=social

#AiPoweredSecurity #ArtificialIntelligence #ContextGraph #SecurityOperations #Acquisition

Strengthen your security operations with smarter automation and faster incident response.

Our ServiceNow Security Operations solutions help organizations detect threats, streamline workflows, and improve security visibility across the enterprise — all from a unified platform.

✔ Faster incident resolution
✔ Automated security workflows
✔ Improved operational efficiency

#ServiceNow #SecurityOperations #CyberSecurity #DigitalTransformation #ITSM

https://www.sumasoft.com/business-services/servicenow-security-operations/

CISA Taps AI Automation to Bolster Threat Analysis Capabilities

With AI automation, CISA analysts can quickly sift through threats, cutting through the noise to focus on what matters most. This tech boost has supercharged their Security Operations Unit, enabling rapid, real-time assessments that help prevent threats from unfolding.

https://osintsights.com/cisa-taps-ai-automation-to-bolster-threat-analysis-capabilities?utm_source=mastodon&utm_medium=social

#AiAutomation #ThreatAnalysis #Cybersecurity #ArtificialIntelligence #SecurityOperations

Security metrics shouldn’t just exist for compliance, they should help you understand and improve your security posture.

This list of 40 infosec metrics covers key areas like:
• Detection and response times
• Vulnerability and patch management
• User behavior and access risks
• Threat visibility and coverage

A useful reference for teams trying to move from “we think we’re secure” to actually proving it.
Read here: https://graylog.org/post/40-infosec-metrics-organizations-should-track/
#InfoSec #CyberSecurity #SecurityOperations

Security metrics shouldn’t just exist for compliance, they should help you understand and improve your security posture.

This list of 40 infosec metrics covers key areas like:
• Detection and response times
• Vulnerability and patch management
• User behavior and access risks
• Threat visibility and coverage

A useful reference for teams trying to move from “we think we’re secure” to actually proving it.
Read here: https://graylog.org/post/40-infosec-metrics-organizations-should-track/
#InfoSec #CyberSecurity #SecurityOperations

AI in cybersecurity is shifting from hype to measurable outcomes.
"Compared to a year ago, the biggest shift is from promise to proof. Investors are no longer satisfied with AI as a feature, they want to see measurable operational outcomes."

If investigations and alert triage aren’t improving, AI isn’t delivering value.

https://www.technadu.com/ai-cybersecurity-is-moving-from-hype-to-proof-as-investors-demand-real-outcomes/627136/

#CyberSecurity #AISecurity #SecOps #MDR #SecurityOperations

NCSC Warns of Flawed SOC Metrics

The National Cyber Security Centre is warning that common security operations center metrics are fundamentally flawed, and that the only metric that truly matters is whether attacks are detected and responded to in a timely manner. By focusing on easily quantifiable but misleading metrics, organizations may inadvertently be encouraging their teams to prioritize…

https://osintsights.com/ncsc-warns-of-flawed-soc-metrics?utm_source=mastodon&utm_medium=social

#SocMetrics #SecurityOperations #Secops #NationalCyberSecurityCentre #Ncsc

CrowdStrike Tests Anthropic's Claude Mythos for Accelerated Vulnerability Detection

Imagine slashing the time between discovering a software flaw and fixing it - a new breed of large language models, like Anthropic's Claude Mythos, may hold the key. Early tests with CrowdStrike suggest that AI-powered vulnerability detection can accelerate discovery and bring broader situational…

https://osintsights.com/crowdstrike-tests-anthropics-claude-mythos-for-accelerated-vulnerability-detecti?utm_source=mastodon&utm_medium=social

#VulnerabilityDetection #Ai #LargeLanguageModel #GenerativeAi #SecurityOperations

What is DCSync Attack and Mimikatz Usage in Active Directory

One of the most critical attacks in Active Directory environments, DCSync, allows attackers to impersonate a Domain Controller and extract password hashes through replication abuse.

#CyberSecurity #ActiveDirectory #DCSync #RedTeam #BlueTeam #InfoSec #Pentesting #SOC #ThreatDetection #WindowsSecurity #EthicalHacking #ITSecurity #NetworkSecurity #SecurityOperations #DenizHalil

https://denizhalil.com/2026/03/27/dcsync-attack-active-directory-guide/

What is DCSync Attack and Mimikatz Usage in Active Directory

One of the most critical attacks in Active Directory environments, DCSync, allows attackers to impersonate a Domain Controller and extract password hashes through replication abuse.

#CyberSecurity #ActiveDirectory #DCSync #RedTeam #BlueTeam #InfoSec #Pentesting #SOC #ThreatDetection #WindowsSecurity #EthicalHacking #ITSecurity #NetworkSecurity #SecurityOperations #DenizHalil

https://denizhalil.com/2026/03/27/dcsync-attack-active-directory-guide/

The General Directorate of Security conducted simultaneous operations in five provinces (Istanbul, Izmir, Manisa, Siirt, and Bitlis) against individuals identified for using banners, chanting slogans, and singing marches promoting organizational propaganda during Nevruz celebrations. #SecurityOperations #PublicSafety

Every staffing decision affects security and compliance. Access control, onboarding, and offboarding processes must be designed carefully to reduce risk in 2026.

#ITCompliance #SecurityOperations #RiskManagement #AccessControl

A security incident involving restaurant technology provider HungerRush highlights the growing risk of compromised communication infrastructure.

A threat actor sent extortion emails to restaurant patrons, claiming access to millions of data records associated with the HungerRush platform.

Technical observations include:
• Emails delivered through Twilio SendGrid infrastructure
• Messages passed SPF, DKIM, and DMARC authentication checks
• Access was reportedly gained via compromised third-party vendor credentials
HungerRush states the incident was limited to an email marketing service account, and that no passwords, payment card information, or sensitive personal data were exposed.

The event demonstrates how attackers can leverage trusted messaging infrastructure to launch extortion or phishing campaigns at scale.

Source: https://www.bleepingcomputer.com/news/security/hacker-mass-mails-hungerrush-extortion-emails-to-restaurant-patrons/

How should organizations better secure email platforms and vendor integrations within SaaS environments?

Share your insights in the comments and follow TechNadu for more cybersecurity threat intelligence and breach coverage.

#InfoSec #CyberSecurity #EmailSecurity #VendorRisk #ThreatIntelligence #DataSecurity #SecurityOperations #CyberThreats #SupplyChainSecurity

CVE-2026-21902 represents a high-impact infrastructure exposure.

Affected platform: Junos OS Evolved on PTX series routers.

Attack vector: Unauthenticated network access.
Privilege level: Root execution.
Service: On-Box Anomaly Detection, enabled by default.

Strategic risk:
• Traffic interception capability
• Policy manipulation
• Controller redirection
• Lateral pivoting
• Long-term foothold persistence
Although no exploitation has been observed, historically, high-performance routing infrastructure is a prime target due to its control-plane visibility and network centrality.

Recommended actions:
– Immediate patch validation
– Control-plane traffic monitoring
– Service exposure review
– Network segmentation validation
– Threat hunting for anomalous routing behavior
Are infrastructure devices integrated into your continuous detection engineering pipeline?

Source: https://www.securityweek.com/juniper-networks-ptx-routers-affected-by-critical-vulnerability/

Engage below.
Follow TechNadu for high-signal vulnerability intelligence.
Repost to strengthen security awareness.

#Infosec #CVE2026 #Juniper #RouterSecurity #CriticalInfrastructure #ThreatModeling #DetectionEngineering #NetworkDefense #ZeroTrustArchitecture #CyberRisk #SecurityOperations #VulnerabilityManagement

A significant cross-border enforcement case targeting carding infrastructure.
A Chilean national has been extradited to the U.S., accused of operating Telegram-based carding marketplaces.

Allegations include:
• Trafficking unauthorized access devices
• Distribution of stolen card dumps
• ~26,000 cards from one brand
• Sales via encrypted channels
• Multi-year operation (2021–2023)
The case illustrates persistent fraud ecosystem patterns:
– Dump marketplaces leveraging messaging apps
– Bulk sale of compromised payment data
– International actors targeting U.S. financial brands
– Delayed but coordinated extradition efforts
For security teams, this reinforces the need for:
Real-time fraud analytics
Dark web & channel monitoring
Card reissuance automation
Cross-border intelligence sharing

Is fraud detection adapting fast enough to decentralized carding markets?

Source: https://www.justice.gov/usao-ut/pr/chilean-national-extradited-us-face-financial-fraud-crimes-district-utah

Engage below.
Follow TechNadu for high-signal infosec reporting.
Repost to amplify awareness.

#Infosec #Carding #FinancialSecurity #FraudDetection #PaymentFraud #ThreatIntelligence #AML #Cybercrime #DarkWebMonitoring #SecurityOperations #RiskManagement #DataProtection #GlobalCybercrime

Identity compromise continues to dominate intrusion chains.
From the Sophos Active Adversary Report 2026:
• 67% of initial access attributed to identity abuse
• 3.4-hour median to Active Directory pivot
• 3-day median dwell time
• 88% ransomware deployment off-hours
• 79% data exfiltration off-hours
Directory services remain high-value assets — authentication, authorization, policy control, privilege mapping.
The compressed timeline from credential misuse to directory-level access underscores the need for:
– Continuous identity monitoring
– Behavioral analytics
– After-hours SOC coverage
– Conditional access enforcement
– Least-privilege architecture
Generative AI is functioning as a force multiplier — improving phishing quality and campaign scale - not yet delivering autonomous attack chains.

Is identity governance keeping pace with adversary dwell time compression?
Engage below.

Source: https://www.sophos.com/en-us/press/press-releases/sophos-active-adversary-report-2026-identity-attacks-dominate-as-threat-groups-proliferate

Follow TechNadu for high-signal infosec analysis.

Repost to strengthen industry awareness.

#Infosec #IdentityThreats #RansomwareDefense #ActiveDirectorySecurity #ThreatModeling #GenAI #SecurityOperations #CyberRisk #ZeroTrustArchitecture #DetectionEngineering #EnterpriseSecurity #ThreatHunting

Third-party breach, 38M impacted, European e-commerce sector.
ManoMano disclosed unauthorized access linked to a subcontracted customer support provider. Exposed data reportedly includes PII and support communications.
Authorities notified: CNIL, ANSSI.
Passwords not reportedly accessed.
Subcontractor access revoked.

Key risk vectors:
– SaaS support platforms
– Vendor access governance
– Over-retention of ticketing data
– Centralized customer communication logs
– Supply chain attack surface expansion

This case reinforces that vendor monitoring must go beyond contractual clauses — continuous assessment, least privilege enforcement, data minimization strategies.

How mature is your third-party risk telemetry?
Engage below.

Source: https://www.bleepingcomputer.com/news/security/european-dyi-chain-manomano-data-breach-impacts-38-million-customers/

Follow @technadu for high-signal infosec reporting.

Repost to amplify awareness across the security community.

#Infosec #ThirdPartyRisk #VendorSecurity #SupplyChainSecurity #DataBreach #GDPRCompliance #EcommerceSecurity #CyberRiskManagement #SecurityOperations #GRC

Third-party breach, 38M impacted, European e-commerce sector.
ManoMano disclosed unauthorized access linked to a subcontracted customer support provider. Exposed data reportedly includes PII and support communications.
Authorities notified: CNIL, ANSSI.
Passwords not reportedly accessed.
Subcontractor access revoked.

Key risk vectors:
– SaaS support platforms
– Vendor access governance
– Over-retention of ticketing data
– Centralized customer communication logs
– Supply chain attack surface expansion

This case reinforces that vendor monitoring must go beyond contractual clauses — continuous assessment, least privilege enforcement, data minimization strategies.

How mature is your third-party risk telemetry?
Engage below.

Source: https://www.bleepingcomputer.com/news/security/european-dyi-chain-manomano-data-breach-impacts-38-million-customers/

Follow @technadu for high-signal infosec reporting.

Repost to amplify awareness across the security community.

#Infosec #ThirdPartyRisk #VendorSecurity #SupplyChainSecurity #DataBreach #GDPRCompliance #EcommerceSecurity #CyberRiskManagement #SecurityOperations #GRC

Sector alert: European football club targeted.

Olympique de Marseille confirmed an attempted cyberattack following alleged data leak claims involving:
• ~400,000 supporter records
• 2,050+ Drupal CMS accounts
• E-commerce and membership-related data
No confirmed compromise of banking credentials, investigation ongoing, incident reported to CNIL.
Attack surface observations:
– CMS exposure risk
– High-value fan PII aggregation
– Merchandising platforms as entry vectors
– Sector-wide vulnerability patterns (preceded by FFF breach)
Sports organizations increasingly mirror enterprise-scale digital infrastructures - yet often lack comparable security maturity.

What baseline controls should leagues enforce - MFA mandates, zero trust architecture, CMS hardening standards?

Source: https://www.bleepingcomputer.com/news/security/olympique-marseille-football-club-confirms-cyberattack-after-data-leak/

Engage in the comments.
Follow TechNadu for high-signal infosec coverage.

Repost to amplify sector awareness.

#Infosec #DrupalSecurity #DataBreach #SportsSecurity #ThreatIntelligence #CyberRisk #GDPRCompliance #SecurityOperations #DigitalForensics #CyberDefense

Sector alert: European football club targeted.

Olympique de Marseille confirmed an attempted cyberattack following alleged data leak claims involving:
• ~400,000 supporter records
• 2,050+ Drupal CMS accounts
• E-commerce and membership-related data
No confirmed compromise of banking credentials, investigation ongoing, incident reported to CNIL.
Attack surface observations:
– CMS exposure risk
– High-value fan PII aggregation
– Merchandising platforms as entry vectors
– Sector-wide vulnerability patterns (preceded by FFF breach)
Sports organizations increasingly mirror enterprise-scale digital infrastructures - yet often lack comparable security maturity.

What baseline controls should leagues enforce - MFA mandates, zero trust architecture, CMS hardening standards?

Source: https://www.bleepingcomputer.com/news/security/olympique-marseille-football-club-confirms-cyberattack-after-data-leak/

Engage in the comments.
Follow TechNadu for high-signal infosec coverage.

Repost to amplify sector awareness.

#Infosec #DrupalSecurity #DataBreach #SportsSecurity #ThreatIntelligence #CyberRisk #GDPRCompliance #SecurityOperations #DigitalForensics #CyberDefense

Threat Landscape Brief - 2026
Source: Darktrace Annual Threat Report

Key Metrics:
• 20% YoY rise in disclosed vulnerabilities
• 32M phishing emails detected
• 8.2M targeted VIP accounts
• 28% increase in QR-based phishing
• 70% of Americas incidents initiated via stolen credentials
• Microsoft Azure most targeted cloud
• Docker environments saw 54.3% honeypot targeting

Operational shift:
• Credential abuse > exploit development
• AI-assisted phishing increasing personalization
• DMARC bypass at 70% legitimacy pass rate
• Fresh domains deployed at scale

Strategic implication:
Identity telemetry and behavioral analytics are now mission-critical.

Source: https://www.darktrace.com/blog/what-the-darktrace-annual-threat-report-2026-means-for-security-leaders

Follow @technadu for actionable threat intelligence.
Share your detection strategy insights below.

#Infosec #ThreatIntel #IdentitySecurity #Darktrace #CloudSecurity #Azure #PhishingDefense #ZeroTrust #IAM #SecurityOperations #CyberRisk #TechNadu

Operational Summary:
Jurisdiction: Poland / Germany
Target Platform: Facebook
Impact: 100,000+ credentials seized
Suspects Charged: 11
Alleged Crimes: 400+

Tactics Observed:
• Fake news portal infrastructure
• Credential harvesting via spoofed login forms
• Account takeover operations
• Fraud leveraging payment systems (BLIK referenced)
• Money laundering

Strategic lesson:
Phishing + credential reuse + weak authentication continues to scale across borders.

Mitigation priorities:
• Phishing-resistant MFA
• FIDO2 / hardware keys
• Domain monitoring & takedown speed
• User education + anomaly detection

Source: https://the420.in/poland-cybercrime-bureau-facebook-phishing-100k-logins-germany-case/

Follow @technadu for threat intelligence updates.

Add your technical mitigation strategies below.

#Infosec #ThreatIntel #Phishing #AccountTakeover #FacebookSecurity #FraudPrevention #MFA #Cybercrime #SecurityOperations #EUCyber #TechNadu

Incident Overview:
Victim: Odido
Threat Actor: ShinyHunters (alleged)
Impact: 6.2M customers confirmed
Claimed Records: ~21M

Vector: Customer contact system access
Exposed data (varies per user):
• PII, contact details
• IBANs
• Limited ID metadata

Denied exposure:
• Passwords
• Billing data
• SSNs
ShinyHunters’ known TTPs include vishing, SSO hijack, OAuth device code abuse, targeting platforms tied to Microsoft, Google, and Okta.
Identity remains the breach multiplier.
Source: https://www.bleepingcomputer.com/news/security/shinyhunters-extortion-gang-claims-odido-breach-affecting-millions/

Follow TechNadu for threat-focused reporting,
Add your technical insights below.

#Infosec #ThreatIntel #DataBreach #ShinyHunters #Odido #IAM #SSO #MFA #CyberExtortion #PrivacyEngineering #SecurityOperations

Incident Overview:
Victim: Odido
Threat Actor: ShinyHunters (alleged)
Impact: 6.2M customers confirmed
Claimed Records: ~21M

Vector: Customer contact system access
Exposed data (varies per user):
• PII, contact details
• IBANs
• Limited ID metadata

Denied exposure:
• Passwords
• Billing data
• SSNs
ShinyHunters’ known TTPs include vishing, SSO hijack, OAuth device code abuse, targeting platforms tied to Microsoft, Google, and Okta.
Identity remains the breach multiplier.
Source: https://www.bleepingcomputer.com/news/security/shinyhunters-extortion-gang-claims-odido-breach-affecting-millions/

Follow TechNadu for threat-focused reporting,
Add your technical insights below.

#Infosec #ThreatIntel #DataBreach #ShinyHunters #Odido #IAM #SSO #MFA #CyberExtortion #PrivacyEngineering #SecurityOperations

Incident Overview:
Platform: Step Finance
Loss: ~$40M treasury theft
Vector: Compromised executive devices
Status: Operations terminated

Recovery efforts:
• ~$3.7M Remora assets recovered
• ~$1M additional tokens recovered
• Snapshot-based reimbursement for STEP holders
• Buyback + redemption process underway

Collateral shutdown:
Remora Markets, SolanaFloor

Strategic insight:
Executive endpoint compromise → treasury compromise.

Crypto treasury management must incorporate hardened device policies, hardware-backed key storage, enforced MFA, anomaly detection.

Source: https://therecord.media/step-finance-cryptocurrency-theft-shutdown

Follow us for tactical crypto threat briefings.
Share mitigation strategies below.

#Infosec #CryptoSecurity #DeFiRisk #TreasuryManagement #EndpointSecurity #Blockchain #DigitalAssets #ThreatModeling #CyberIncident #SecurityOperations

Operational summary:
Threat actor: UAC-0050
Alias: DaVinci Group / Mercenary Akula (per BlueVoyant)
Tooling: RMS (Remote Manipulator System)
Delivery: Spear-phishing, spoofed judicial domain, layered archives
TTP alignment consistent with reporting from CERT-UA.

Strategic overlay:
Russia-nexus actors, including APT29, continue high-confidence trust exploitation campaigns, as outlined by CrowdStrike.

Detection priorities:
- Monitor MSI execution anomalies
- Flag double-extension binaries
- Inspect outbound RMS traffic
- Harden executive email authentication
Follow for tactical intelligence briefings.
Comment with detection engineering recommendations.

#Infosec #ThreatIntel #UAC0050 #APT29 #RMS #SpearPhishing #DetectionEngineering #CyberEspionage #SOC #BlueTeam #SecurityOperations

CVE-2026-22769 (CVSS 10.0) in Dell RecoverPoint for VMs is under confirmed exploitation.

Attribution: UNC6201 (linked to Silk Typhoon)
Malware: BRICKSTORM (evolving) → GRIMBOLT
Vector: Hard-coded credentials
Impact Layer: VMware-integrated DR appliances

This is a high-leverage target:
- Elevated privileges
- Direct integration with hypervisors & storage
- Influence over replicated datasets
- Potential long-term espionage dwell time

CISA has mandated immediate patching for federal agencies.

Key takeaway: Recovery infrastructure is now an active battlefield.
How are you validating integrity of replicated VM copies?
Comment below.

Source: https://therecord.media/fed-agencies-ordered-to-patch-dell-bug-after-exploitation-warning

Follow TechNadu for threat intelligence updates.
Share within your security teams.
#Infosec #ThreatIntelligence #ZeroDay #CISAAlert #VMwareSecurity #CyberEspionage #BlueTeam #RedTeam #APT #SecurityOperations #DigitalForensics

Incident Overview:
• Accidental disclosure via incorrect link sharing
• Recipient knowingly accessed confidential police documents
• Refusal to delete without compensation
• Arrest under suspected computer trespass provisions

Security Takeaways:
– Operational errors remain a primary breach vector
– Access control workflows must differentiate upload vs. download permissions
– User awareness and response protocols are critical
– Legal frameworks increasingly address post-error exploitation

This case illustrates a subtle but important principle: accidental exposure does not equate to authorized access.

From a governance and control perspective, what technical safeguards would you implement to prevent similar incidents?

Engage below.
Follow @technadu for cybersecurity intelligence and policy analysis.

#Infosec #DataGovernance #AccessControl #CyberLaw #SecurityOperations #IncidentResponse #RiskManagement #PrivacyCompliance #TechNadu

A threat actor claims exfiltration of 331MB (734,160 lines) of sensitive personnel data from CNRS, France’s national research institution.

Alleged exposure includes:
• SSNs
• RIB bank details
• Employment status and contract types
• Organizational assignments
• Legacy recruitment records (pre-2006)

CNRS reports the impacted server was isolated and regulatory bodies were notified.
If validated, this incident underscores:
– Risks associated with legacy HR systems
– Long-term data retention exposure
– Financial fraud potential
– Identity theft amplification risk

What containment and notification strategy would you prioritize in a case involving decades-old personnel records?

Source: https://x.com/DarkWebInformer/status/2023619163474866500?s=20

Engage below.

Follow @technadu for structured threat intelligence updates.

#Infosec #ThreatIntelligence #DataLeak #GDPR #IncidentResponse #DataGovernance #RiskAssessment #EuropeanCybersecurity #SecurityOperations #TechNadu

🚨 Legitimate RMM Abuse in Crazy Ransomware Intrusions

Huntress investigations reveal:
• Net Monitor for Employees deployed via msiexec
• SimpleHelp persistence via PowerShell
• Disguised binaries (OneDriveSvc.exe, vhost.exe)
• Defender service tampering
• Crypto wallet keyword monitoring
• SSL VPN credential compromise as initial access

The adversary leveraged redundancy across remote access tools to guarantee persistence even if one method was removed.

Key takeaway: Detection must focus on anomalous deployment patterns of legitimate administrative tools - not just malware signatures.

Are you correlating RMM installations with VPN authentication anomalies?

Engage with your defensive insights below.
Follow @technadu for advanced threat intelligence coverage.

Source: https://www.bleepingcomputer.com/news/security/crazy-ransomware-gang-abuses-employee-monitoring-tool-in-attacks/

#InfoSec #ThreatHunting #Ransomware #MFA #RMM #CyberDefense #SecurityOperations #BlueTeam #ThreatIntel

🚨 JokerOTP PhaaS Seller Arrested - Netherlands

A coordinated law enforcement operation has resulted in the arrest of a suspected JokerOTP access seller. The platform enabled automated OTP interception via synchronized login attempts and vishing bots.

Impact:
• $10M in financial damage
• 28,000+ attacks
• 13 countries affected
• High-value targets: PayPal, Coinbase, Amazon, Apple

This incident underscores the operational reality: MFA bypass increasingly exploits the human layer rather than technical vulnerabilities.

Are phishing-resistant authentication methods becoming mandatory rather than optional?
Engage below with your defensive strategy insights.

Source: https://www.bleepingcomputer.com/news/security/police-arrest-seller-of-jokerotp-mfa-passcode-capturing-tool/

Follow @technadu for ongoing threat intelligence and global cybercrime updates.

#InfoSec #ThreatIntelligence #PhishingDefense #MFABypass #CyberCrime #SecurityOperations #FraudPrevention #TechNadu

🚨 JokerOTP PhaaS Seller Arrested - Netherlands

A coordinated law enforcement operation has resulted in the arrest of a suspected JokerOTP access seller. The platform enabled automated OTP interception via synchronized login attempts and vishing bots.

Impact:
• $10M in financial damage
• 28,000+ attacks
• 13 countries affected
• High-value targets: PayPal, Coinbase, Amazon, Apple

This incident underscores the operational reality: MFA bypass increasingly exploits the human layer rather than technical vulnerabilities.

Are phishing-resistant authentication methods becoming mandatory rather than optional?
Engage below with your defensive strategy insights.

Source: https://www.bleepingcomputer.com/news/security/police-arrest-seller-of-jokerotp-mfa-passcode-capturing-tool/

Follow @technadu for ongoing threat intelligence and global cybercrime updates.

#InfoSec #ThreatIntelligence #PhishingDefense #MFABypass #CyberCrime #SecurityOperations #FraudPrevention #TechNadu

Atlassian audit logs aren’t useless. They’re shaped wrong.

Nested JSON and shifting arrays turn simple questions into manual work. Dashboards break. The fix isn’t more parsing in the SIEM. It’s modeling audit data at the edge.
https://graylog.org/post/from-atlassian-json-to-actionable-audit-insights/
#SecurityOperations #SIEM #AuditLogs

Security planners supporting the Milano Cortina Winter Games say drones are now treated as a baseline threat category for major international events - alongside cyber incidents, protests, and opportunistic crime.

Officials highlighted the importance of coordination, terrain awareness at outdoor venues, and clear enforcement of no-drone zones, noting that most incidents historically involve unauthorized filming rather than malicious intent.

From a security operations perspective, where should priority be placed as event complexity increases?

Source: https://www.reuters.com/world/us-security-team-flags-drone-threat-milano-cortina-games-2026-01-26/

Join the discussion and follow @technadu for grounded reporting on security and technology.

#EventSecurity #CounterUAS #CyberRisk #SecurityOperations #InfoSec #TechNadu

SegurCaixa Adeslas disclosed a breach affecting personal identity and banking data of policyholders in Spain’s Extremadura region.

Health data and billing platforms were reportedly not accessed, and no fraud has been observed so far.

The incident reinforces the importance of secure data retention, breach containment, and clear post-incident communication to reduce secondary risks like phishing and impersonation.

How do you assess disclosure quality in incidents like this?

Source: https://www.hoy.es/extremadura/segurcaixa-adeslas-informa-clientes-extremenos-robo-datos-20260121131037-nt.html

Share insights and follow @technadu for objective InfoSec coverage.

#InfoSec #DataProtection #BreachDisclosure #CyberRisk #PrivacyEngineering #SecurityOperations

ESA is assessing claims of a data exposure involving hundreds of gigabytes of internal and contractor-linked information, following a prior incident disclosed weeks earlier.

Alleged data types include operational procedures, satellite system documentation, and third-party materials - highlighting challenges around:
Long-term identity and access management
Vendor and contractor trust boundaries
Monitoring across complex, distributed environments

This case reinforces the importance of continuous risk assessment and defense-in-depth, especially for organizations supporting critical infrastructure and research missions.

What defensive control would you prioritize in environments like this?

Source: https://www.theregister.com/2026/01/07/european_space_agency_breach_criminal_probe/

Engage in the discussion and follow TechNadu for objective InfoSec reporting.

#InfoSec #CyberDefense #ThirdPartyRisk #CriticalInfrastructure #SecurityOperations #TechNadu

Security teams are paying more attention to the energy cost of detection https://www.helpnetsecurity.com/2026/01/09/energy-aware-cybersecurity-ai-research/ #Artificialintelligence #securityoperations #machinelearning #cybersecurity #energysector #Don'tmiss #research #News #CISO

StackRox: Open-source Kubernetes security platform https://www.helpnetsecurity.com/2026/01/08/stackrox-kubernetes-security-platform-open-source/ #securityoperations #cybersecurity #containers #Kubernetes #opensource #Don'tmiss #DevSecOps #software #StackRox #DevOps #News

Turning plain language into firewall rules https://www.helpnetsecurity.com/2026/01/06/research-natural-language-firewall-configuration/ #securityoperations #cybersecurity #VersaNetworks #Don'tmiss #Features #Hotstuff #firewall #research #strategy #FireMon #howto #News #LLMs #tips

OpenAEV: Open-source adversarial exposure validation platform https://www.helpnetsecurity.com/2026/01/05/openaev-open-source-adversarial-exposure-validation-platform/ #securityoperations #endpointsecurity #opensource #Don'tmiss #Hotstuff #Filigran #software #GitHub #News

Detailed article discusses competing policy directions for (1) USA to be a leader in drone technology vs (2) the need to prevent drones from being used to inflict major harm in the USA. No paywall.

Pic is an image from the article. As if we did not already have enough to worry about. 😟
#Drone #CounterDrone #Defense #SecurityOperations

AI in a SOC shouldn’t be “push button, solve security.” It’s better as a force multiplier: faster triage, cleaner investigations, safer automation, and way less copy/paste misery.

I also get into the guardrails that actually matter (evidence-first summaries, human-in-the-loop, prompt injection, least privilege).

Read it here: https://www.kylereddoch.me/blog/putting-ai-to-work-in-the-soc/

#cybersecurity #SOC #SecurityOperations #AI #IncidentResponse #SIEM #SOAR

FBI is now training state and local police on counter-drone techniques.
No paywall

Snip:
"Drones, he said, are no longer confined to battlefields. They now offer surveillance and precision strike capabilities to individuals and small groups that once belonged only to nation states."

https://dronexl.co/2025/12/31/fbi-national-counter-drone-training
#Drone #SecurityOperations

Should you use supervised #AI for your SOC? 🤖 👀 Yes! When applied to first-pass alert triage, it strengthens the human decision layer rather than removing it — so it's a win-win. 🌟💪 It helps by prioritizing alerts based on how similar events were previously validated by analysts.

Let's talk some more about supervised AI. In our latest blog you can dig into the details of:
👉 Supervised AI for first-pass triage
👉 Why analyst attention is a limiting factor
👉 How supervised AI works by reflecting human judgment
👉 Why the ROI case is straightforward
➕ And more

https://graylog.org/post/supervised-ai-is-the-fastest-path-to-better-threat-triage-roi/ #Security #CyberSecurity #SecurityOperations

IT increasingly runs on Linux, which is both open-source and highly
customizable. And, as more and more of your dev and IT environments
rely on #Linux, focusing your collection and monitoring efforts on
these top 25 logs will help you investigate performance issues and
#security incidents faster. 🙌

Read on to learn more about reading Linux logs, improving your
operations and security by effectively managing your Linux logs, and
more.

https://graylog.org/post/25-linux-logs-to-collect-and-monitor/
#OpenSource #SecurityOperations

Check out ˗ˏˋ ⭒ https://lnkd.in/gE2wUqgc ⭒ ˎˊ˗ to see my intro whilst you listen.

I'm thus re-naming this work as "CVE Keeper - Security at x+1; rethinking vulnerability management beyond CVSS & scanners". I must also thank @andrewpollock for reviewing several of my verbose drafts. 🫡

So, Security at x+1; rethinking vulnerability management beyond CVSS & scanners -

Most vulnerability tooling today is optimized for disclosure and alert volume, not for making correct decisions on real systems. CVEs arrive faster than teams can evaluate them, scores are generic, context arrives late, and we still struggle to answer the only question that matters: does this actually put my system at risk right now?

Over the last few years working close to CVE lifecycle automation, I’ve been designing an open architecture that treats vulnerability management as a continuous, system-specific reasoning problem rather than a static scoring task. The goal is to assess impact on the same day for 0-days using minimal upstream data, refine accuracy over time as context improves, reason across dependencies and compound vulnerabilities, and couple automation with explicit human verification instead of replacing it.

This work explores:

⤇ 1• Same-day triage of newly disclosed and 0-day vulnerabilities
⤇ 2• Dependency-aware and compound vulnerability impact assessment
⤇ 3• Correlating classical CVSS with AI-specific threat vectors
⤇ 4• Reducing operational noise, unnecessary reboots, and security burnout
⤇ 5• Making high-quality vulnerability intelligence accessible beyond enterprise teams

The core belief is simple: most security failures come from misjudged impact, not missed vulnerabilities. Accuracy, context, and accountability matter more than volume.

I’m sharing this to invite feedback from folks working in CVE, OSV, vulnerability disclosure, AI security, infra, and systems research. Disagreement and critique are welcome. This problem affects everyone, and I don’t think incremental tooling alone will solve it.

P.S.

• Super appreciate everyone that's spent time reviewing my drafts and reading all my essays lol. I owe you 🫶🏻
• ... and GoogleLM. These slides would have taken me forever to make otherwise.

Take my CVE-data User Survey to allow me to tailor your needs into my design - lnkd.in/gcyvnZeE
See more at - lnkd.in/gGWQfBW5
lnkd.in/gE2wUqgc

#VulnerabilityManagement #Risk #ThreatModeling #CVE #CyberSecurity #Infosec #VulnerabilityManagement #ThreatIntelligence #ApplicationSecurity #SecurityOperations #ZeroDay #RiskManagement #DevSecOps #CVE #CVEAnalysis #VulnerabilityDisclosure #SecurityData #CVSS #VulnerabilityAssessment #PatchManagement #AI #AIML #AISecurity #MachineLearning #AIThreats #AIinSecurity #SecureAI #OSS #Rust #ZeroTrust #Security

https://www.linkedin.com/feed/update/urn:li:activity:7409399623087370240

Curious what the top SOC trends were in 2025? Take a look. 👀👇

🤖 AI outpaced oversight
📊 Dashboards expanded while context thinned
⛅ Cloud costs quietly dictated security decisions
🔃 Process, not skill, slowed investigations
❗ API exposure grew faster than tracking

And there are more! See all of the top SOC trends from 2025 plus our top prediction for the SOC in 2026, in our latest blog.

https://graylog.org/post/2025-security-trends-that-defined-the-soc-and-what-2026-will-demand/ #SecurityOperations #SIEM #CyberSecurity #InfoSec

Zabbix: Open-source IT and OT observability solution https://www.helpnetsecurity.com/2025/12/17/zabbix-open-source-it-ot-observability-solution/ #securityoperations #automation #monitoring #opensource #Don'tmiss #software #GitHub #News

Wondering how much a #SIEM solution will cost you? 💰🤔 Understanding the total cost of ownership (TCO) requires your to look at direct, indirect, and opportunity costs related to deploying, managing, and maintaining the system. So, let's take a look at:

💲Direct costs
💲Indirect costs
💲Opportunity costs
💲Different TCO calculations for on-premises & cloud-based SIEMs

Plus, read about 5 important things to consider when calculating SIEM TCO—in this super informative article. 🙌

👉 https://graylog.org/post/calculating-a-siems-total-cost-of-ownership/ #CyberSecurity #InfoSec #SecurityOperations

Trend Micro’s 2026 predictions highlight the shift toward industrialized cybercrime driven by AI automation, autonomous intrusion workflows, and synthetic attack chains. Hybrid cloud, supply chains, and AI ecosystems are expected to face increasing pressure.

How can defenders balance automation with human validation in the coming years?

Source: https://cxotoday.com/press-release/trend-micro-predicts-2026-as-the-year-cybercrime-becomes-fully-industrialized/

Follow us for more fact-driven analysis.

#infosec #cybersecurity #AI #automation #cloudsecurity #supplychainsecurity #threatintel #securityoperations #ransomware #technadu

Security teams are drowning in alerts, and AI might not be the answer everyone thinks it is.

In this episode, Erik Bloch, VP of Security at Illumio, breaks down the math on why AI-powered alert triage may be financially unfeasible for most organizations. With 85 to 90 percent of alerts being non-malicious, security teams are still sorting through massive volumes of noise to find the real threats.

Many vendors are betting that AI will solve this problem by triaging alerts at scale. But the reality?

Processing a thousand alerts per day over the course of a year can cost millions of dollars in compute time for LLMs. For most companies outside of Google or major financial institutions, that budget simply doesn't exist.

Erik's take is different: push the problem back to the vendors.

The tools generating 80 to 90 percent garbage alerts are the ones organizations pay millions of dollars per year for. Rather than adding another expensive layer on top to filter the noise, vendors should be delivering higher fidelity alerts from the start.

As a defender, the goal is finding high fidelity alerts that can be actioned. If vendors filtered better on their end, security teams could focus on catching bad guys instead of triaging false positives.

Full episode: https://www.youtube.com/watch?v=BTzrk8h52xk

#cybersecurity #AI #SOC #alertfatigue #infosec #securityoperations #podcast

New blog post live for my Sentinel Saturday series! :1000: :apartyblobcat:
Read the blog 👉 https://marshsecurity.org/sentinel-saturday-using-tasks-with-automation/

In this post, I explore the power of using Microsoft Sentinel Tasks as part of your automation workflows.

Most teams aren’t getting the full #value out of Tasks in Microsoft Sentinel. Are you? When you combine Sentinel Tasks with automation, they become a game-changer.

- Auto-create tasks when automation fails (so nothing slips through the cracks)
- Auto-complete tasks when automation succeeds
- Use tasks to verify automation outcomes
- Build engineering feedback loops and automation #QA

Read the blog 👉 https://marshsecurity.org/sentinel-saturday-using-tasks-with-automation/

#MicrosoftSentinel #SentinelAutomation #CyberSecurity #SOCAutomation
#CloudSecurity #AzureSecurity #SIEM #SecOps #Automation #InfoSec
#CyberSecurityCommunity #BlueTeam #ThreatDetection #SecurityEngineering #SecurityOperations