Vishing-Based Compromise at Optimizely Highlights Identity Risk

Attackers gained access via voice phishing, targeting SSO-linked systems and CRM records.

No confirmed privilege escalation, but exposure of business contact data reinforces how social engineering bypasses perimeter defenses.

Activity patterns resemble ShinyHunters campaigns abusing MFA prompts and OAuth 2.0 device authorization flows.

Common post-access targets include Salesforce, Microsoft 365, Google Workspace, Slack, SAP, Atlassian - wherever SSO tokens provide lateral access.

Identity is the control plane. Once tokens are compromised, downstream exposure scales quickly.

Is your organization monitoring abnormal device code authentication and token issuance events?

Source: https://www.bleepingcomputer.com/news/security/ad-tech-firm-optimizely-confirms-data-breach-after-vishing-attack/

Engage below.
Follow @technadu for actionable threat intelligence.

#Infosec #Vishing #OAuth #IAM #SSO #ZeroTrust #ThreatHunting #SOC #IdentitySecurity #CyberRisk

New from the THOR Collective Dispatch:

"The More I Learn, The Less I Know" by Bella San Lorenzo

On the paradox of choice in cybersecurity, why the research about learning displaces the learning itself, and what to do when every career map makes you feel more lost.

https://dispatch.thorcollective.com/p/the-more-i-learn-the-less-i-know

#cybersecurity #infosec #threathunting #thrunting #careerdevelopment #THORcollective

Browser based ES/Mac Monitor log analyzer

- Story timelines
- Sigma rule matching
- In-depth process tree analyzer
- Much much more!

Amazing work by my coworker @txhaflaire.bsky.social

Check it out! https://es.decompiler.dev/

#macos #malware #reverseengineering #threathunting #dfir

🌟New report out today!🌟

Apache ActiveMQ Exploit Leads to LockBit Ransomware

Analysis and reporting completed by @malforsec, @lapadrino, and @PeteO.

🔊Audio: Available on Spotify, Apple, YouTube and more!

https://thedfirreport.com/2026/02/23/apache-activemq-exploit-leads-to-lockbit-ransomware/

#DFIR #ThreatIntel #IncidentResponse #CyberSecurity #InfoSec #ThreatHunting #IncidentResponse #DigitalForensics #BlueTeam

🎉New report out Monday 2/23 by @malforsec, @lapadrino, and @PeteO!

"The Base64 string $dsU contained the shellcode. We decoded it and used SpeakEasy to simulate an environment in which it would run. The simulation showed network activity toward a specific IP address, port, URI, and User-Agent used for C2 communication."

If you would like to be notified when we publish the report 👉️ https://thedfirreport.com/subscribe/

#DFIR #ThreatIntel #IncidentResponse #CyberSecurity #InfoSec #ThreatHunting

🎉New report out Monday 2/23 by @malforsec, @lapadrino, and @PeteO!

"The first step in the exploitation was to send a maliciously crafted OpenWire command to the ActiveMQ server"

If you would like to be notified when we publish the report 👉️ https://thedfirreport.com/subscribe/

#DFIR #ThreatIntel #IncidentResponse #CyberSecurity #InfoSec #ThreatHunting #IncidentResponse #DigitalForensics #BlueTeam

The Rhysida ransomware group claims it breached the Cheyenne and Arapaho Tribes, demanding 10 BTC after disrupting education and administrative systems.

Governor Reggie Wassana confirmed refusal to negotiate.

Rhysida has a history of targeting public-sector networks, including state and municipal infrastructure.

Technical considerations:
• Initial access vector? Phishing vs exposed RDP?
• Backup segmentation and immutability
• Insurance-driven IR workflows
• Data exfiltration + double extortion tactics
• Public-sector attack surface mapping
Should smaller governments move toward managed detection and response (MDR) as a baseline requirement?

Source: https://therecord.media/cheyenne-arapaho-ransomware-rhysida

Share your technical insights below.

Follow @technadu for advanced ransomware intelligence.

#Ransomware #ThreatHunting #IncidentResponse #PublicSectorSecurity #CyberResilience #BlueTeam #Infosec #GovTech #DigitalForensics #CyberThreatIntel #DataProtection #SOC #ZeroTrust

According to Dragos, Volt Typhoon continues active operations inside U.S. utilities, shifting toward direct OT interaction and sensor data theft in 2025.

Notable elements:
• Pre-positioning in ICS environments
• Exploitation of Ivanti & Trimble Cityworks vulnerabilities
• GIS data harvesting for infrastructure mapping
• Access broker activity attributed to SYLVANITE
• Long-term persistence objectives
CEO Rob Lee stated some compromised sites may never be identified.

Technical question:
If adversaries maintain low-and-slow OT access, how should defenders adapt detection engineering?
– Network baselining?
– Sensor telemetry validation?
– Asset-level anomaly detection?
– Zero trust for OT?

Drop your technical analysis below.
Follow @technadu for advanced threat coverage.

#ICSsecurity #OTsecurity #ThreatHunting #DetectionEngineering #VoltTyphoon #InfrastructureDefense #CyberResilience #EnergyGrid #WaterUtilities #NationalSecurity #BlueTeam #CyberThreatIntel

Global Incident Response Report 2026 - Key Observations:
• Identity present in ~90% of investigations
• 87% of intrusions spanned multiple attack surfaces
• 48% involved browser-based activity
• Fastest exfiltration window reduced to ~72 minutes
• Encryption declining, data theft remains primary leverage

Operational implications:
– Consolidated telemetry is mandatory
– Phishing-resistant MFA should be prioritized
– Machine identity governance requires urgent maturity
– SaaS integration mapping must become continuous

Source: https://www.paloaltonetworks.com/resources/research/unit-42-incident-response-report

Question for practitioners:
Where is your greatest visibility gap today - identity, SaaS, cloud, or browser?

Follow @technadu for structured IR intelligence and emerging threat analysis.

#IncidentResponse #ThreatDetection #SOC #IdentitySecurity #SaaSRisk #SupplyChainSecurity #CyberDefense #ThreatHunting #CISO

Join us tomorrow @ 12:30 PM CT as Recon’s very own threat hunting aficionado, Watson Brown, dives into Detecting AI in the tuMoltuous Shadows!

Don’t get left in the dark with the AI - secure your spot here: thursdef.com

#ThursDef #ThreatHunting #ShadowAI #InfoSec #CyberSecurity