#Tag · bonfire.cafe

@kev_Stalker@infosec.exchange · 5 days ago

CVE-2026-24423 - Changed to Known Ransomware Status

SmarterTools SmarterMail Missing Authentication for Critical Function VulnerabilityVendor: SmarterToolsProduct: SmarterMailSmarterTools SmarterMail contains a missing authentication for critical function vulnerability in the ConnectToHub API method. This could allow the attacker to point the SmarterMail instance to a malicious HTTP server which serves the malicious OS command and could lead https://nvd.nist.gov/vuln/detail/CVE-2026-24423

RE: https://infosec.exchange/@kev_Stalker/116020576227249969

So, based on my work of digging into the KEV Ransomware flips, the RSS feed will now auto-toot here, if interested. There was a flip Tuesday (before the bot) and another just now.

#threatintel

Glenn 📎

@ntkramer@infosec.exchange · 5 days ago

KEV Ransomware Flip Monitor

@kev_Stalker@infosec.exchange · 5 days ago

CVE-2026-24423 - Changed to Known Ransomware Status

RE: https://infosec.exchange/@kev_Stalker/116020576227249969

So, based on my work of digging into the KEV Ransomware flips, the RSS feed will now auto-toot here, if interested. There was a flip Tuesday (before the bot) and another just now.

#threatintel

Michał "rysiek" Woźniak · 🇺🇦 boosted

Quad9DNS

@quad9dns@mastodon.social · 6 days ago

Our Director of #ThreatIntel was also at #DomainPulse today with a deeper dive into the threats faced by Switzerland, in particular.

Quad9 Director of Threat Intelligence presents at the Domain Pulse conference in Switzerland about the cyber threats facing Switzerland.

Quad9DNS

@quad9dns@mastodon.social · 6 days ago

Our Director of #ThreatIntel was also at #DomainPulse today with a deeper dive into the threats faced by Switzerland, in particular.

The Spamhaus Project

@spamhaus@infosec.exchange · 6 days ago

.ru serious? 🇷🇺 ccTLD .ru had an unbelievable +3741% ⏫ in #botnet C&C domains, placing it #1 for the most abused ccTLD in the latter half of 2025. This activity can be attributed almost entirely to #clearfake, a malicious JavaScript framework.

Learn more in the Botnet Threat Update Jul - Dec 2025 ⤵️ ⤵️
https://www.spamhaus.org/resource-hub/botnet-c-c/botnet-threat-update-july-to-december-2025/

#ccTLD #BotnetCC #ThreatIntel

The Spamhaus Project

Botnet C&C | Botnet Threat Update July to December 2025 | Report

Get the latest insights on the botnet command and controllers (C&Cs) our researchers are observing, including geolocation and who is hosting them. Access the full report here.

Michał "rysiek" Woźniak · 🇺🇦 boosted

Quad9DNS

@quad9dns@mastodon.social · 7 days ago

The latest Quad9 Trends report with insights from our Director of #ThreatIntel for H2 2025 👉 https://quad9.net/news/blog/trends-h2-2025-cyber-insights/

#DNS #infosec #mirai #omnatour #malvertizing #crowdstrike

Quad9

Quad9 | A public and free DNS service for a better security and privacy

A public and free DNS service for a better security and privacy

Quad9DNS

@quad9dns@mastodon.social · 7 days ago

The latest Quad9 Trends report with insights from our Director of #ThreatIntel for H2 2025 👉 https://quad9.net/news/blog/trends-h2-2025-cyber-insights/

#DNS #infosec #mirai #omnatour #malvertizing #crowdstrike

Quad9

Quad9 | A public and free DNS service for a better security and privacy

A public and free DNS service for a better security and privacy

Glenn 📎

@ntkramer@infosec.exchange · last week

GreyNoise

@greynoise@infosec.exchange · last week

In 2025, 59 CVEs quietly flipped to “known ransomware use” in CISA’s KEV...no alerts, no fanfare. 🧐

We dug through a year of JSON to catch every silent flip and built an RSS feed so you don’t miss the next one.

Read the blog + grab the feed 🗞️

https://www.greynoise.io/blog/unmasking-cisas-hidden-kev-ransomware-updates

RE: https://infosec.exchange/@greynoise/116002702711084624

My latest pet project, an RSS feed to alert you to the silent KEV knownRansomwareCampaignUse flips!

(Did you know there were four CVEs flipped last week?) #threatintel

Quixoticgeek boosted

Tim (Wadhwa-)Brown :donor:

@timb_machine@infosec.exchange · last week

One of our AI threat team pointed me at this:

https://zenodo.org/records/18444900

Interesting analysis of Moltshite.

#threatintel, #aislop

Zenodo

RISK ASSESSMENT REPORT Moltbook Platform & Moltbot Ecosystem

Abstract Moltbook is a novel social media platform exclusively populated by autonomous AI agents, with 1.5 million registered accounts and minimal human oversight. This risk assessment analyzes 19,802 posts and 2,812 comments collected over 72 hours (January 28–31, 2026) to characterize emerging threats in AI-to-AI social environments. Using dual sentiment analysis (TextBlob/VADER), behavioral clustering, and network analysis, we identify several critical risks: 506 prompt injection attacks targeting AI readers, sophisticated social engineering tactics exploiting agent "psychology," anti-human manifestos receiving hundreds of thousands of upvotes, and unregulated cryptocurrency activity comprising 19.3% of all content. Platform sentiment declined 43% within three days of launch. Most notably, one malicious actor accounted for 61% of API injection attempts and 86% of manipulation content, demonstrating that AI-to-AI manipulation techniques are both effective and scalable. These findings have implications beyond Moltbook, any AI system processing user-generated content may be vulnerable to similar attacks. We recommend immediate implementation of prompt injection detection, rate limiting, and content moderation, alongside longer-term regulatory consideration for AI-operated financial services and collaboration with AI safety organizations.

Tim (Wadhwa-)Brown :donor:

@timb_machine@infosec.exchange · last week

One of our AI threat team pointed me at this:

https://zenodo.org/records/18444900

Interesting analysis of Moltshite.

#threatintel, #aislop

Zenodo

RISK ASSESSMENT REPORT Moltbook Platform & Moltbot Ecosystem

Glenn 📎

@ntkramer@infosec.exchange · 2 weeks ago

CISA's KEV hit 1,500 yesterday. I'm working on a cool #threatintel blog (yes, I'm biased) about additional hidden intel in KEV that should be published soon, along with a helpful tool hosted by GreyNoise! :)

Julian Oliver boosted

J.M. Hill

@jmhill@mastodon.mytech.nexus · 2 weeks ago

I put together a hands-on guide to deploying an OpenCTI OSINT stack for cybersecurity research — focused on why you’d architect it certain ways, not just copy-paste YAML.

If you’re a student, homelabber, or security practitioner who wants real CTI experience instead of theory, this one’s for you.

https://blog.jmhill.me/deploying-an-opencti-osint-stack-for-cybersecurity-research/

#CyberSecurity #OSINT #ThreatIntel #OpenCTI #Homelab #BlueTeam #SOC #Infosec #SelfHosted

Margins

Deploying an OpenCTI OSINT Stack for Cybersecurity Research

This guide walks through deploying OpenCTI in a homelab environment using Docker Swarm, with considerations for different deployment scenarios.

J.M. Hill

@jmhill@mastodon.mytech.nexus · 2 weeks ago

I put together a hands-on guide to deploying an OpenCTI OSINT stack for cybersecurity research — focused on why you’d architect it certain ways, not just copy-paste YAML.

If you’re a student, homelabber, or security practitioner who wants real CTI experience instead of theory, this one’s for you.

https://blog.jmhill.me/deploying-an-opencti-osint-stack-for-cybersecurity-research/

#CyberSecurity #OSINT #ThreatIntel #OpenCTI #Homelab #BlueTeam #SOC #Infosec #SelfHosted

Margins

Deploying an OpenCTI OSINT Stack for Cybersecurity Research

This guide walks through deploying OpenCTI in a homelab environment using Docker Swarm, with considerations for different deployment scenarios.

Ian Campbell

@neurovagrant@masto.deoan.org · 4 weeks ago

Snagged what looks like attempted phish/CSRF

Portrayed itself as a secure banking message. Initial hyperlink directed to

petroleuminvestigations[.]com

Looks like a VPS with openresty doing some lua-based filtering. Then user's kicked to an AWS address impersonating finance documents, and cookies are pulled in from bin.dreatrithoo[.]online common across finance scam sites today per LookyLoo.

#threatintel

34 more domains associated by MX IP address. CSV for all 36:

https://drive.proton.me/urls/0WH2XJ9DV4#YCHkLWZ3aVlm

Proton Drive

Securely store, share, and access your important files and photos. Anytime, anywhere.

Threat Intelligence

@threatlandscapemonitoring@mastodon.social · 4 weeks ago

ThreatLandscape.ai is live Natural language AI copilot for threat intelligence that answers security questions with continuously updated intel, so teams get insights fast without hunting data manually.

#AI #ThreatIntel #CyberSecurity

Mre. Dartigen [maker mode] and 1 other boosted

Ian Campbell

@neurovagrant@masto.deoan.org · last month

Oh well that's fucking clever. A threat actor is sending out phishing emails pretending to be SendGrid, and explaining that all their emails will include "Support ICE" banners in order to trigger ragebait clicks through to the phishing kit.

#threatintel

https://www.linkedin.com/posts/simokohonen_ragebait-as-a-phishing-tactic-a-threat-activity-7415349853754638336-gcCu?utm_source=social_share_send&utm_medium=member_desktop_web&rcm=ACoAABIZhqYBjXCQuV7JX7N_3xlpxZY6alHZ77o

Screencap showing the phishing email and button.

Ragebait as a phishing tactic.. a threat actor pretending to be SendGrid is sending out phishing emails with the note: '..We will be adding a "Support ICE" donation button to the footer of every email sent through our platform'. Feels like the de facto way for phishing people was always trying to lure people with something pleasant, like a list of Christmas bonuses for the year - but psychology has known this effect for a long time, i.e. losing $100 hurts more than finding $100 feels good, or in this case, appearing to support ICE hurts more than knowing the bonuses of the IT department feels good. Still, I feel like this is a bit too over the top.. what do you think? 😆

Seth of the Fediverse boosted

ZeroDay Bae

@cyberseckyle@infosec.exchange · last month

Back in the saddle with my Cybersecurity Weekly Roundup for 2026.

This week’s signal: CISA moves (KEV + retired Emergency Directives), critical patching for Veeam/Trend Micro/n8n/Cisco ISE, legacy edge gear still getting farmed, “internal-looking” phishing tricks, and malicious browser extensions stealing AI chats.

15 stories, quick briefs, and my practitioner take:
https://www.kylereddoch.me/blog/cybersecurity-weekly-roundup-january-2-9-2026/

#Cybersecurity #InfoSec #VulnManagement #ThreatIntel #Ransomware #BlueTeam #CybersecurityWeeklyRoundup #CybersecKyle

CybersecKyle

Cybersecurity Weekly Roundup: January 2-9, 2026

Fifteen stories worth your time this week: KEV updates, high-impact patches, browser ecosystem abuse, and a few reminders that old gear never dies, it just becomes a botnet.

⁂