Recovering Threat Intel addict. Came for the Intel, stayed for the memes.
Looking for a daily dose of Cyber News? 👉🏻 @soc_goulash
| Newsletter | https://opalsec.io |
Ubisoft may want to take this MongoDB box offline ASAP or disable zlib, they appear to have people inside i3D.
Volexity piggy backed on the (slightly crap) WSJ article about GenAI citing Anthropic for publicity over this, which isn't ideal, but I get it.
The leading take away for defenders, now there's some actual IOCs, I think is... keep defending. If your existing vendors and controls aren't picking this stuff up, you have a crap vendor.
You shouldn't really be getting owned by widely detected .exes in .rar files from random websites. It isn't advanced cyber warfare.
Volexity put out a report about likely GenAI being used in cyber attacks by China... and it contains IOCs! It's a good report.
It has all the low hanging fruit classics defenders have been aware of forever, e.g. .rar files with .exe files inside, all of the "GenAI malware" was detected out of the box across all leading vendors etc etc.
Also the payloads contain unique phrases (and Wav files, lol) which made them easy to detect.
https://www.volexity.com/blog/2025/10/08/apt-meets-gpt-targeted-operations-with-untamed-llms/
The decades-old "finger" command is making a comeback,, with threat actors using the protocol to retrieve remote commands to execute on Windows devices.
Wait, are you telling me that if I want a linked-cloneable Win11 VM, I need to create a Win10 VM and then upgrade it to Win11? That sounds silly. Can't I just use Rufus to achieve the same goal?
Of course it is silly. But also silly (IMO) is that Rufus doesn't have a "Save as ISO" option. You must have a physical USB drive. But fear not, we can achieve the same goal in a couple of steps:
Kevin Beaumont
BleepingComputer
Will DormannMBR / BIOS (or UEFI-CSM) options in Rufus.E: drive):robocopy E:\ C:\rufus_iso_root /E /XD "System Volume Information"
oscdimg.exe from the ADK.oscdimg -m -o -u2 -udfver102 -bootdata:2#p0,e,bC:\rufus_iso_root\boot\etfsboot.com#pEF,e,bC:\rufus_iso_root\efi\microsoft\boot\efisys.bin C:\rufus_iso_root C:\tmp\Win11_25h2_noprereqs.iso
Enjoy your installable Windows 11 ISO without the requirements you don't want.
The latest releases of Cursor and Windsurf integrated development environments are vulnerable to more than 94 known and patched security issues in the Chromium browser and the V8 JavaScript engine.
Vidar is back, baby!
Please note the specific callout for attacking Chrome's password store, which is still not hardened enough. Don't use the Chromium browsers' password stores!
Trend Research examines the latest version of the Vidar stealer, which features a full rewrite in C, a multithreaded architecture, and several enhancements that warrant attention. Its timely evolution suggests that Vidar is positioning itself to occupy the space left after Lumma Stealer’s decline.
Great analysis from Will Thomas @bushidotoken on the Capita breach of 2023 and a stark reminder of the need to adequately staff and resource your SOCs to properly triage and escalate threats!
https://blog.bushidotoken.net/2025/10/lessons-from-blackbasta-ransomware.html
Taggart 
