Vadim Gordas

For most of 2025, I was skeptical that AI was already playing a major operational role in real intrusions. Most public examples seemed limited to phishing and supporting tasks. This report by my friend Eyal Eyal lines up with what I have been hearing elsewhere, too - in recent publications and in private conversations with people seeing this stuff up close. I think that phase is over. AI is moving into the operational core of attacks. With stronger models, open models, and jailbroken variants circulating, the economics have changed. Tailored tooling, exploit adaptation, and large-scale analysis get cheaper and faster. I expect AI to play a major role in future campaigns, and that means more variation, more fresh tooling, and less reliance by attackers on recycled code. All the more reason to focus on controls and detections that do not depend only on known samples. Worth reading.

Well, maybe this will force a serious discussion around encryption as privacy being a basic human right

One of our very smart Active Directory experts has been putting together a series of blog posts about hardening AD. Already into its 7th installment, it covers SMB hardening, disabling NTLMv1, least privilege and more. Check the series out - techcommunity.microsoft.com/tag/adhardening

CISA releases a Secure Software Development Attestation Form that will help ensure the software producers who partner with the US federal government leverage minimum secure development techniques and toolsets: cisa.gov/resources-tool…

@quentynblog Hilti would make me really worried

#Android: At BlackHat Europe researchers demonstrated that most #password managers for Android (1Password, LastPass, Dashlane, Keepass etc) are vulnerable to #AutoSpill attack allowing to steal account credentials on Android during the autofill operation: bleepingcomputer.com/news/security/…

The long-awaited Microsoft Cybersecurity Reference Architectures (MCRA) update is now live! aka.ms/MCRA In addition to the latest products & names, this is the first MCRA version integrated into the Microsoft Security Adoption Framework (SAF). Share and Enjoy!

@securestep9 @elonmusk Looks like app mfa still remains free, for now

Hundreds of millions of #Twitter users using SMS for 2FA will have their accounts suspended if they don't upgrade to paid Twitter by 19th March 2023. I wonder how long until @elonmusk starts charging Tesla drivers $8/hour for wearing seatbelts while driving 🤔

Check out ⁦@RobDuhart⁩ in this ⁦@SCMagazine⁩ article! scmagazine.com/feature/leader…

Tech people on Twitter be like, "just buy and install a pi hole to make your $2000 smart TV not play constant ads and narc on your viewing habits"

There is some truth in it:

NEW: Conti affiliates use ProxyShell Exchange exploit in ransomware attacks ⚠️ In one of the ProxyShell-based attacks observed by Sophos, the Conti affiliates managed to gain access to the target’s network and set up a remote web shell in under a minute... 1/14

Wanted to do a quick blog on o365 audit logging and its quirks for a while now. Finally finished it. TLDR: enable it even if you dont monitor any of it. Atleast your incident responder will thank you. zolder.io/office-365-aud…

Blue team trying to keep up with the latest Microsoft vulns

The recent "All the ways to run containers on AWS" threads have left me super confused so I made this flowchart to help. It's probably also wrong.

Ransomware shuts down one of the most critical regional pipelines. This has gotten out of control. bloomberg.com/news/articles/…

Syncing your phone to the car or having a built in GPS are privacy risks. Cars don’t have the data protection of a modern phone. jalopnik.com/the-feds-can-a…

What fresh hell is this?

Just to add to this, look at ParkMobile’s password requirements then look at the cracked passwords and ask yourself: do those requirements help people make good passwords? No, of course not, that’s why we ditched that craziness years ago: troyhunt.com/passwords-evol…

If you are using #F5 @F5Networks kit - be aware of 4 CRITICAL CVEs just announced minutes ago with almost all versions of BIG-IP and BIG-IQ 7.x vulnerable. Unauthenticated #RCE. Patches released - do check out the knowledgebase article: support.f5.com/csp/article/K0… @F5Security