Susannah Clark Matt

For @nytimes, I wrote a Tiny Love Story about my dad. nytimes.com/2024/04/16/sty…

@NtiAning omg everyone's earnestly hopeful faces in the first photo...😭

it was a blast unfortunately

The most fun I have (at work) all year!

📣 Filmed In Gaza is in 2nd place and so close to joining the #Webbys Winners Circle. RT + VOTE: vote.webbyawards.com/PublicVoting#/…

The 2026 Threat Detection Report is packed with brand-new sections on the AI trends we’re seeing in the wild. 🤖🛡 From AI-powered threats to AI infrastructure risks, these are the priorities every security leader needs to prioritize. Our experts break down everything you’ll find in this year's report right here 👉 bit.ly/4rAVtDR

Read our liner notes to see which threats, techniques, and trends these songs pair with! redcanary.com/threat-detecti…

If you’re waiting for a breach to learn how adversaries move, you’re already behind. 📉 We’ve crunched the numbers, analyzed the latest techniques, and built the ultimate guide to keeping your environment safe. The 2026 Red Canary Threat Detection Report is dropping soon! bit.ly/4s9PSoT

In June of 2025, @NBCNews published its investigation into Rwanda's secret war in the DRC. At the time of publication, Rwanda was at the table for US-backed peace negotiations for a conflict they had never admitted to taking part in. Now, we're starting to see that admission🧵

What a year 2025 has been! From relentless threat detection to excitedly joining the Zscaler family, it has been a busy year for the Red Canary team. We're looking back at the most beloved and informative content we brought you, the cybersecurity community, throughout 2025 in this "best of" list. Explore our top picks here ➡️ bit.ly/49itKly

The "Sticky Bandits" of cybercrime are out there waiting for an opportunity to wreak havoc. Your cloud security strategy needs a bit of Kevin McCallister's legendary proactive defense! ➡️ Click here before your cloud gets hit with a paint can: bit.ly/3Y7M2Q5

The @CISAgov is strongly encouraging organizations to patch a critical-severity Windows Server Update Services (WSUS) vulnerability (CVE-2025-59287) after adding it to its catalog of Known Exploited Vulnerabilities (KEV Catalogue). On servers with WSUS Server Role enabled and ports open to 8530/8531, adversaries can leverage specially crafted requests to exploit a deserialization of untrusted data vulnerability that allows for remote code execution. This can lead to PowerShell and Windows Command Shell executing base64 encoded commands designed to enumerate users and network information on affected endpoints. While Microsoft has issued guidance for mitigating this vulnerability, including releasing an out-of-band security update for impacted Windows Server versions, some organizations may not be able to patch immediately. Red Canary has detected post exploitation activity related to this vulnerability through the following detection analytics: 𝐀𝐛𝐮𝐬𝐞 𝐨𝐟 𝐖𝐢𝐧𝐝𝐨𝐰𝐬 𝐜𝐨𝐦𝐦𝐚𝐧𝐝 𝐬𝐡𝐞𝐥𝐥 𝐟𝐨𝐫 𝐞𝐱𝐞𝐜𝐮𝐭𝐢𝐨𝐧 Security teams could detect this activity by looking for 𝙘𝙢𝙙.𝙚𝙭𝙚 being spawned from the Windows Server IIS worker process (𝙬3𝙬𝙥.𝙚𝙭𝙚) or the WSUS service binary (𝙬𝙨𝙪𝙨𝙨𝙚𝙧𝙫𝙞𝙘𝙚.𝙚𝙭𝙚), with a /𝙘 command that starts another 𝙘𝙢𝙙.𝙚𝙭𝙚 /𝙘 instance. bit.ly/3L4bliW 𝐀𝐛𝐮𝐬𝐞 𝐨𝐟 𝐏𝐨𝐰𝐞𝐫𝐒𝐡𝐞𝐥𝐥 𝐭𝐨 𝐨𝐛𝐟𝐮𝐬𝐜𝐚𝐭𝐞 𝐜𝐨𝐦𝐦𝐚𝐧𝐝𝐬 Another detection opportunity involves looking for the use of the shortened encodedCommand flag in 𝙋𝙤𝙬𝙚𝙧𝙎𝙝𝙚𝙡𝙡. Adversaries often try to obfuscate the use of malicious code on an endpoint, wrapping them up for PowerShell to execute. bit.ly/4nv9YqJ

Based on all the Easter eggs, we were expecting Taylor's new album to be called "The Life of a SOC analyst." But we're excited for this new era nonetheless! ❤️‍🔥 👩‍💻 Revisit @Susannigans's blog on why Swifties should work in cybersecurity: bit.ly/4liqUjb

@fxmatt4 won an Emmy and I couldn’t be prouder!

🐣 A new color bird threat has hatched! Mocha Manakin employs paste and run with PowerShell to drop a custom NodeJS backdoor that could lead to ransomware. ☕ Read our breaking research for detection opportunities and more technical details on this Red Canary-named threat. bit.ly/4lbRpXR

Rwanda has never admitted to taking part in the conflict in the DRC that since 2021 has killed thousands and displaced millions. @NBCNews Digital Docs investigation discredits Rwanda's narrative of this conflict and lays bare their hidden invasion. 🧵 with links to watch & read

NBC News analyzed leaked reports, satellite images and interviews to reveal the extent of Rwanda's carefully concealed and high-tech war in the Congo, as the U.S. tries to strike a deal for peace and access to the region's minerals. nbcnews.com/world/africa/r…

Another year, another Emmy nomination for @fxmatt4! Watch his piece on Tesla crashes here: youtu.be/mPUGh0qAqWA?si…

@ReichlinMelnick @immcouncil Well done, Aaron!

Today I testified on behalf of @immcouncil in front of House Homeland's Border Security and Enforcement subcommittee. I testified about how Trump's diversion of thousands of law enforcement officers to mass deportation work is making us less safe. Watch my opening statement here.

I found a way to mash up up my love of music with my career in infosec. Check out Threat Sounds vol. 5! redcanary.com/threat-detecti…

This is the fifth Threat Detection Report I've worked on, and I'm so proud of the way it has evolved into an evergreen resource that people refer to as they run into cyber threats throughout the year. Don't try to take it in all once! redcanary.com/threat-detecti…

📣 The 2025 Threat Detection Report is here! Dive into our analysis of 93,000 threats our customers' security controls missed, with actionable guidance on every page. Read the ungated report here: redcanary.com/threat-detecti…