Taggart

@[email protected]
8K Followers
891 Following
10.5K Posts

Displaced Philly boy. Threat hunter. Educator. #infosec, #programming #rust , #python  #haskell , and #javascript . #opensource advocate. General in the AI Resistance. Runs @thetaggartinstitute. Made https://wtfbins.wtf. Not your bro. All opinions my own. Dad. #fedi22 #searchable

Pronouns: He/him.

The Taggart Institutehttps://taggartinstitute.org
Bloghttps://taggart-tech.com
Codeberghttps://codeberg.org/mttaggart
YouTubehttps://youtube.com/taggarttech
GitHubhttps://github.com/mttaggart
Keyoxideaspe:keyoxide.org:G4ADJFWICZZZXGR4STZQVMBJNM
Taggart7h ago

Ooh baby you know I love an eBPF rootkit breakdown.

https://www.elastic.co/security-labs/illuminating-voidlink

Illuminating VoidLink: Technical analysis of the VoidLink rootkit framework — Elastic Security Labs

Elastic Security Labs analyzes VoidLink, a sophisticated Linux malware framework that combines traditional Loadable Kernel Modules with eBPF to maintain persistence.

Taggart8h ago
B'ad Samurai 🐐🇺🇦8h ago

@porkbun RDAP is a pretty silly address and I appreciate that.

You never see ‘.horse‘ in IOCs because it’s a $25 domain!

#dns

Taggart8h ago
Show threadStephan Neuhaus8h ago
@mttaggart Not my discovery, BTW. I have this from a blog by quantum computing professor Scott Aaronson https://scottaaronson.blog/?p=9615
The ”JVG algorithm” is crap

Sorry to interrupt your regular programming about the AI apocalypse, etc., and return to the traditional beat of this blog’s very earliest years … but I’ve now gotten multiple mes…

Shtetl-Optimized
Taggart8h ago

Hey, if you run into me at RSAC, that's my doppelgänger. Do not speak to it, for it craves human experience with which to fuel its anti-soul. To speak to it is to drain your own life force.

But you're already at RSAC, so maybe the thing will starve anyhow.

Taggart9h ago
Show threadStephan Neuhaus9h ago

@mttaggart A followup on this one. Turns out that Shor needs so many qubits because it needs to compute x^r mod n for all r in range 1..n-1. Shor does this with quantum magic and lots of qubits.

The giant reduction in qubits for the claimed breakthrough is that they compute these classically and then load them up into the quantum computer. Of course that saves on qubits, but only at the expense of exponential running time. So, not actually a breakthrough, just more trickery.

Taggart9h ago
cR0w   🏴‍☠️9h ago
allowing html emails is still the largest risk that pretty much every org is intentionally accepting send toot
Taggart10h ago

Good:

https://www.latimes.com/california/story/2026-03-25/social-media-lawsuit-trial-meta-google-verdict

Paywall-free: https://archive.ph/kdMf1

Instagram, YouTube found liable in lawsuit alleging they were designed to addict kids

Jurors handed down a landmark decision in Los Angeles County Superior Court in a civil trial over a lawsuit filed by a Chico woman who charged social media companies built apps to hook young people.

Los Angeles Times
Taggart10h ago
Tiffany Li10h ago
This is a big deal. Court finds Meta and Google liable for kids’ social media addiction under product liability theories. This strategy gets around Section 230 protections because the focus is on the platforms’ product designs, not the content posted by users. https://www.latimes.com/california/story/2026-03-25/social-media-lawsuit-trial-meta-google-verdict
Instagram, YouTube found liable in lawsuit alleging they were designed to addict kids

Jurors handed down a landmark decision in Los Angeles County Superior Court in a civil trial over a lawsuit filed by a Chico woman who charged social media companies built apps to hook young people.

Los Angeles Times
Taggart10h ago
It is my sincere belief that TLP:CLEAR should be the default and any restriction of threat intelligence should require significant justification.
Taggart10h ago
Infoblox Threat Intel11h ago

Poisonseed has successfully phished enterprise email accounts for over a year to further their crypto seed phrase poisoning attacks. 🎣 ✉️ 💸

It's been one year since @troyhunt's Mailchimp phishing incident (https://www.troyhunt.com/a-sneaky-phish-just-grabbed-my-mailchimp-mailing-list/) which resulted in threat actors downloading his entire email list and creating an API key likely in an attempt to send mass emails from his account.

Before we get into some fresh domains you can hunt, here's a bit of background on this ongoing threat...

The threat actors behind this campaign are seemingly associated with The Com / Scattered Spider threat actors and use a compromised email account to send CRM phishing emails and also crypto seed phrase poisoning / crypto phishing emails. They essentially compromise a CRM to send more CRM phishing emails from it – a supply chain compromise that just keeps spreading -- very clever! The threat actors are targeting Mailchimp, Sendgrid, ActiveCampaign and allegedly other CRM providers.

We've had some great writeups in the last year on this threat including:

Validin: "Pulling the Threads on the Phish of Troy Hunt" @ https://www.validin.com/blog/pulling_threads_on_phishing_campaign

Silent Push: "PoisonSeed Campaign Targets CRM and Bulk Email Providers in Supply Chain Spam Operation" https://www.silentpush.com/blog/poisonseed/

NViso: "Shedding Light on PoisonSeed’s Phishing Kit" https://blog.nviso.eu/2025/08/12/shedding-light-on-poisonseeds-phishing-kit/

Domain Tools: "Newly Identified Domains Likely Linked to Continued Activity from PoisonSeed E-Crime Actor" https://dti.domaintools.com/research/newly-identified-domains-likely-linked-to-continued-activity-from-poisonseed-e-crime-actor

Over the last year, Poisonseed have successfully phished *dozens* of major organizations, seemingly with no or minimal public disclosures about these incidents from impacted organizations. And while we don't share victim details, we have a breakdown of the industries who have been impacted by the CRM phishing campaigns (essentially every major industry):