Will

New Blog! The Beast Returns: Analysis of a Beast Ransomware Server 👹 In March 2026, @TeamCymru detected a Beast operator’s server that enabled us to understand the flow of their attacks from start, to middle, to the end, including ransomware binaries. team-cymru.com/post/beast-ran…

I’ve also added Beast’s Profile added to the Ransomware Tool Matrix: github.com/BushidoUK/Rans…

New Blog! The Beast Returns: Analysis of a Beast Ransomware Server 👹 In March 2026, @TeamCymru detected a Beast operator’s server that enabled us to understand the flow of their attacks from start, to middle, to the end, including ransomware binaries. team-cymru.com/post/beast-ran…

Decided to share this quick tool I vibe-coded, I'm finding it useful for my research Grab-Bulk-CVE-Details - An all-in-one HTML applet for grabbing bulk details for a long list of CVE numbers. github.com/BushidoUK/Grab…

I had an interview with DarkReading :) darkreading.com/threat-intelli…

@craiu Great find 🤣

“Don’t get caught in the wild” 😅

Wtaf 😳

Fun IP overlap spotted 🔍 🇮🇷 MuddyWater IP {209.74.87[.]100} reported by @polygonben in his blog (ctrlaltintel.com/threat%20resea…) That same IP appeared in Telekom Security’s list of IOCs (github.com/telekom-securi…) from their blog (github.security.telekom.com/2026/03/ivanti…) on Ivanti VPN exploitation.

Additional research on CyberStrikeAI 👇 x.com/500mk500/statu…

My 🆕 @TeamCymru Blog: Tracking CyberStrikeAI Usage In this post, we are diving into CyberStrikeAI, an open-source AI offensive security tool developed by a China-based developer who we assess has some ties to Chinese MSS affiliated organisations. team-cymru.com/post/tracking-…

@FalconFeedsio @CyberIL Couple threat reports with actual new info 1. security.com/threat-intelli… 2. research.checkpoint.com/2026/interplay…

@FalconFeedsio @CyberIL Notable update 👇 x.com/polygonben/sta…

First public report I’ve seen of cyber activity surrounding the US/Iran emerging conflict👇

⚠️ 600+ FortiGate devices breached in an AI-assisted campaign. Team Cymru traced it to #CyberStrikeAI, an open-source Go tool bundling 100+ security utilities, run from 21 IPs across Asia and beyond. The maintainer shows ties to #China’s vulnerability ecosystem. 🔗 Details → thehackernews.com/2026/03/open-s…

@feedly @Equinix @teamcymru Looking forward to it!

#Cybercrime isn't slowing down, and neither should your investigation skills. Join our next #CTI Session on Wed, Mar 4th with: 🔹 Sean O'Connor, Global Head of the @Equinix Threat Analysis Center 🔹 Will Thomas, Senior Threat Intelligence Advisor @teamcymru 🔹 Garrett Carstens, SVP of Intel Operations @Intel471 We'll break down the latest cybercrime trends, real investigation tradecraft, and how to build your CTI career. 🔗 feedly.com/cti-sessions/c…

Please join myself, Sean O’Connor, and Garrett Carstens for a @feedly webinar all about the latest Cybercrime Trends and Tradecraft: feedly.com/cti-sessions/c…

CyberStrikeAI tool adopted by hackers for AI-powered attacks bleepingcomputer.com/news/security/… bleepingcomputer.com/news/security/…

@rj_chap @teamcymru @will_baxter is mostly to blame 😁

@teamcymru Just want to say that whoever hired @BushidoToken should get a promotion or a raise or at least a nice big hug. Love that your crew is letting our man Will cook:).

IOCs inside!