edr
CrowdStrike vs Microsoft Defender: Who Leads EDR/XDR Into 2026?
EDR “leader” in 2026 = who contains fastest at scale + doesn’t implode during updates. 🎄🧯 Our model: CrowdStrike 50% (±8), Microsoft Defender 35% (±7), SentinelOne 15% (±5).
ai
ai
Dark LLMs: When Your AI Traffic Is C2
Your “normal” AI traffic can be stealth C2 now. Dark LLMs are writing per-host pwsh one-liners, self-rewriting droppers, and hiding in model APIs you approved. If you’re not policing AI egress, you’re not doing detection. 😬🤖
forecasts
AI Agents as Regulated C2: Will Anyone Be Forced to Act?
AI just ran most of an espionage op, and regulators are still in “interesting case study” mode. 😏 We’re forecasting: 55% odds that by 2026, someone will force signed AI connectors + agent logs by default.
ai
Your AI Agents Are the New C2 — Lock Down Identity & Connectors
Anthropic just showed what happens when your “helpful” AI agents become C2: 80–90% of an espionage op automated, humans just clicking approve. Lock down identity + connectors or you’re renting your SaaS to someone else’s botnet. 🤖🚨
weekly
SIGNALS WEEKLY: The Quiet Shift- When Intrusions Start Thinking for Themselves
A Chinese crew let a jailbroken AI run most of the intrusion while FortiWeb + Firebox burn in KEV and a contractor leak drops the playbook.
unc3886
Vishing Meets Cloud: UNC6040’s Abuse of Salesforce Connected Apps for Stealthy Data Exfiltration
UNC6040 is a financially motivated threat actor specializing in voice phishing (vishing) campaigns that abuse Salesforce Data Loader connected apps to gain unauthorized access and exfiltrate sensitive data. This novel attack vector leverages social engineering via telephone impersonation of...
phishing
AI-Driven Voice Deepfake Defense: Integrating Detection and Watermarking into Healthcare SIEM and SOC Workflows
Healthcare organizations with SIEM deployments and immature SOCs face escalating risks from AI-driven vishing attacks leveraging voice deepfakes. This analysis outlines a pragmatic, phased approach for integrating AI-based voice deepfake detection and audio watermarking..
m-trends
AI-Driven Cyber Threats, Ransomware Evolution, and Supply Chain Security: We (try to) PREDICT what's coming in Mandiant's 2025 M-Trends Report
I take a SPECULATIVE deep dive into what I think might be in the 2025 Mandiant M-TRENDS report.
podcast
Whack-A-RAT: We're talking AlphaHunt on the Breaking Badness Cybersecurity Podcast
We talk about #SilverFox, DomainTools, The Vertex Project, MISP Project (@misp@misp-community.org ), #AlphaHunt, Intelligence Graphs, #AI, #IOCs, the REN-ISAC, #TTPs and more! 🛡️ We're on a mission to help enable the next generation of intelligence analysts.. If that's you, or even if you're a
ai
AI-Enabled Cybersecurity: A Game Changer in Detecting and Responding to Advanced Persistent Threats
The effectiveness of AI-enabled cybersecurity services in detecting and responding to advanced persistent threats (APTs) is a critical area of focus for organizations aiming to bolster their defenses against sophisticated cyber-attacks.
threat-actors
Evolution of Threat Actors in 2024 and Predictions for 2025
Threat actors increasingly leveraged advanced technologies such as artificial intelligence (AI) and machine learning to enhance their attacks.
ai
Evaluating Artificial Intelligence in Modern Cyber Attacks: Practical Insights and Defense Strategies
While AI technologies like machine learning are indeed being incorporated into certain cyber attack methodologies, their impact is more nuanced than often portrayed.