SentinelVault

They didn't exploit our weakness. They exploited our virtues. In 2025, Americans lost $20.8 billion to internet crime. Older Americans took the worst of it. Sentinel Vault founder Pete Hish on why this is an industry, not 10,000 isolated crimes: sentinelvault.net/insights/explo…

Sentinel Vault founder Pete Hish rebuilt The Nexus this week. Faster reading surface, interactive China Watch timeline (zoom + click-through), public storylines view, full-archive search on Pro. 100+ open sources structured into intelligence. thenexus.news

New from Sentinel Vault: thenexus.news now includes China Watch. Free dashboard tracking PRC activity in the US across 13 categories. Nexus Pro ($4.99/mo): watchlist alerts, archive search, state digests, on-demand briefings. thenexus.news

@FBICyberDiv The FBI partnership piece is underrated for SMBs too. In BEC cases we've worked, companies that had a prior FBI field office contact recovered funds faster. The relationship before the incident is what made the difference, not the report filed after.

Last week, Cyber Division Assistant Director Brett Leatherman joined global CEOs and board directors at the Kellogg Leadership & Governance Conference. He highlighted the importance of organizations having a whole-of-enterprise approach to cyber risk and why engaging with the FBI before and during a cyber incident can strengthen resilience and response efforts. Cyber risk is not only a business risk, but also a national security risk, and the threats are constantly evolving. Learn how your organization can build resilience: fbi.gov/wintershield

Sentinel Vault founder Pete Hish on why cybersecurity is a leadership responsibility, not an IT problem. Hacked or Hardened? walks through 12 real cases, the decisions executives faced, and what those decisions cost. sentinelvault.net/hacked-or-hard…

3,867 victims were identified in Operation Ramz. Most weren't in MENA. The arrests made headlines. The part that matters to U.S. business owners was buried in the press release. sentinelvault.net/insights/inter…

@Cloudflare Curious what Mythos surfaced that your internal scanners missed. In BEC cases we've worked, the gap wasn't unpatched CVEs. It was logic flaws no scanner flagged. Does offensive AI find those, or does it still chase known-pattern vulns?

Cloudflare's security team spent the last few weeks testing Anthropic's Mythos against fifty of our own repositories. What we learned about offensive AI, why faster patching is the wrong reaction, and what the architecture around vulnerabilities has to look like next. cfl.re/49BRUqW

@FBI Romance scam victims we've seen rarely report because shame runs deeper than the financial loss. That silence is why $4.8B is almost certainly undercounted. The hardest conversation isn't with the scammer. It's with the family afterward.

🚨 May 15 is National Senior Fraud Awareness Day 🚨 The #FBI reminds families, caregivers, and communities that awareness and conversation are key to prevention. Older Americans lost more than $4.8 billion to fraud in 2024, according to the FBI’s Internet Crime Complaint Center (IC3). Scammers commonly target seniors through tech support scams, romance scams, phishing messages, and fake investment opportunities. Learn more about elder fraud prevention from the fbi.gov/how-we-can-hel…

@DarkReading Rail OT security is a different animal than IT. Curious what access the attacker actually reached. Passenger display compromise is embarrassing. Control network access is catastrophic. The article's framing matters a lot here.

Taiwan Bullet Train Hack Highlights Cybersecurity Gaps in Rail Systems: bit.ly/3R37aqF by Rob Lemos #DRGlobal

Your car has 8 cameras, 12 ultrasonic sensors, a cabin mic, and a cellular modem running 24/7. It is not a vehicle with software. It is a sensor platform. The Connected Vehicle Security Act finally treats it that way. sentinelvault.net/insights/chine…

@USDOJ_Intl The unusual beat: the victim drove to the Lexington airport to hand cash to the launderer in person. Most romance-scam prevention assumes the scammer is overseas and unreachable. That assumption is the playbook gap that lets cases like this run for years.

Nigerian man sentenced to 9+ years in prison for conspiracy to commit money laundering in a decade-long scheme. The Defendant victimized at least 23 victims, many of the victims being senior citizens and often withdrew the victims’ funds in cash, transferred the money to accounts in the name of relatives or businesses, or transferred the funds to his own bank accounts or bank accounts belonging to family members located in Nigeria. justice.gov/usao-edky/pr/n…

@ChinaSelect @NASA The Wolf Amendment enforcement gap mirrors what we see in grant fraud cases: the paperwork looks compliant but the actual data flows never get audited. Is NASA's issue weak policy, weak verification, or both?

New @ChinaSelect Report | Research Security for America’s Future in Space: NASA’s Enforcement of the Wolf Amendment According to our latest report released today, federally funded @NASA research, intended to advance American innovation, has been repeatedly linked to collaborations with institutions embedded in China’s defense and military ecosystem. In one case alone, researchers produced more than 200 co-authored publications between 2020 and 2025 with Chinese defense-affiliated institutions, while still receiving U.S. federal funding. @ChinaSelect also found multiple active grants, some running through 2026 and 2027, supporting research conducted alongside entities linked to China’s military-industrial base, including those on U.S. restricted lists. These findings reveal systemic failures in oversight, disclosure, and enforcement of the Wolf Amendment, allowing taxpayer-funded research to flow into China’s military-civil fusion strategy and raising urgent national security concerns that demand immediate action. chinaselectcommittee.house.gov/media/press-re…

@Mandiant Curious what percentage of your IR-grounded curriculum ends up in the fundamentals track vs. staying in advanced courses. In our experience, the TTPs that feel "advanced" today are exactly what SMB defenders need first.

Cybersecurity training hits different when it’s built from real-world incident response. Mandiant Academy courses are grounded in real-time threat intel and adversary methodologies that our incident response teams see every day. 🎥 What to expect from June’s Fundamentals class:

Arcadia shows this isn’t an abstract DC issue. The line is not Chinese culture or Chinese Americans; it is foreign-state direction, coercion, and undisclosed influence inside local civic life. Cities need transparency, reporting paths, and protection for residents pressured by Beijing.

The CCP is running “united front” influence campaigns here at home, targeting Chinese Americans and Chinese nationals in our communities, often through front groups disguised as cultural or heritage organizations. Chairman @RepMoolenaar lays out how these transnational influence and coercion operations work and why they’re a national security threat. ⤵️

@CrowdStrike The MSPs we work with rarely know what AI apps their clients have spun up in containerized environments. If prompt-layer activity isn't visible to the MSP's existing tooling, who owns the alert? That gap is worth naming before the detection conversation starts.

AI apps on Kubernetes create a new attack surface and add a layer traditional detection can’t see, opening the door to policy violations and data exposure. Falcon AIDR + Falcon Cloud Security bring runtime detection to the prompt layer. Blog: crowdstrike.com/en-us/blog/fal…

@FBICyberDiv Third-party risk is where we see BEC cases quietly originate. A vendor's compromised email sits undetected for weeks, then the actor pivots to the target. Curious what FINRA's guidance says about vendor email authentication requirements specifically.

Cyber Division Deputy Assistant Director Michael Machtinger joined industry experts on a cybersecurity panel hosted by the Financial Industry Regulatory Authority (FINRA). The discussion covered the current cyber threat landscape, third-party cyber risk management, and the #FBI’s Operation Winter SHIELD. The success of the FBI’s cyber mission depends on partnerships. Our private sector partners play an integral role in defending against a cyber threat that no organization can face alone. The FBI proactively engages with organizations across the private sector to share threat information, strengthen resilience, and build trusted relationships before an incident occurs. Learn more about partnering with #FBI Cyber: fbi.gov/investigate/cy…

A sitting U.S. mayor pleaded guilty to acting as an illegal agent of China. Eileen Wang of Arcadia, California. This is what that case actually says about the threat operating inside American city halls right now. sentinelvault.net/insights/arcad…

@OpenAI What does "automated response" actually do when the detection is wrong? False positive rates in automated systems can cause more damage than the original alert. Who reviews the logic before it acts?

Automate security detection, validation, and response with Daybreak

Introducing Daybreak: frontier AI for cyber defenders. Daybreak brings together the most capable OpenAI models, Codex, and our security partners to accelerate cyber defense and continuously secure software. A step toward a future where security teams can move at the speed defense demands.

@vxunderground The Arcadia mayor story is the one that should keep local agencies up at night. Elected officials sit in briefings, sign contracts, approve vendor access. That's not espionage at the margins. That's a seat at the table.

TanStack was hit by a supply chain attack. MistralAI was hit by a supply chain attack. The Mayor of Arcadia, California, was a Chinese spy. Forza Horizon 6 leaked. Canvas bamboozled. Shai-Hulud open-sourced. Nightmare-Eclipse teases two new Windows 0days. It is Tuesday. What will happen on Wednesday? Find out on the next action packed episode of Dragon Ball Z

@NetworkChuck Worked a BEC case where the actor poisoned internal DNS to redirect the CFO's banking portal. Encrypted DNS wouldn't have stopped the initial access but it would've made that pivot a lot noisier to pull off.

It's 2026, and you're still using plaintext DNS, which anyone on your network can read and alter?  It's high time you protect and sneak in your DNS queries under HTTPs encryption, protecting your queries from bad actors! 🔒

@DarkReading The automation piece is what I'm watching most. In BEC cases we're already seeing faster pivot times between initial access and wire request. If AI is cutting that window shorter, victim notification gets even harder to make useful.

Hackers Use AI for Exploit Development, Attack Automation: bit.ly/42Y3ybY by Alexander Culafi