Ismael Valenzuela

New issue of @TheMondayBrief is live. Three Threat Actors, One Blindspot 👇 🔴 44.5% of initial access now comes from third-party software vulns, not credentials - via @GoogleCloudSec 🔴 Handala wiped 200K devices using Intune. One session. No custom malware - via @briankrebs 🔴 Russia is mirroring your Signal chats. They didn't break the encryption. They linked a device - via @AIVD The common thread: too much implicit trust in infrastructure defenders stopped questioning. Full breakdown + role-based takeaways, from @fulmetalpackets and I: themondaybrief.substack.com/p/three-threat… #TheMondayBrief #CyberSecurity #ThreatIntelligence #ZeroTrust #Ransomware #CISO #SecurityOperations #InfoSec #CyberThreats #ThinkRedActBlue

For the first time since launching The Monday Brief, @douglasmckee and @aboutsecurity were in the same room, in Dallas, Texas, where we sat down with @GregRich_AI to talk about how AI is changing the fight. 🎥 Special Edition: AI, Cybersecurity & the Small Business Blind Spot open.substack.com/pub/themondayb… #ThinkRedActBlue #CyberSecurity #AI #Infosec #ThreatIntel #SecurityLeaders

🤓 A month ago I published a blog post on how to monitor Claude Code sessions using hooks and NOVA! The post covers how I built NOVA Tracer, a security monitoring layer that traces every action Claude Code takes, detects prompt injection, and generates a full HTML audit report at the end of each session. Since then, @pedrinazziM and @udgover joined and contributed to the Tracer to make it even better! If you missed it, you can read it below 👇 blog.securitybreak.io/coding-agents-…

The Cybersecurity Booklist: 11 Must-Reads for 2026 from The Three Buddy Problem Podcast: @costin.raiu/the-cybersecurity-booklist-11-must-reads-for-2026-from-the-three-buddy-problem-podcast-ef8216958bd3" target="_blank" rel="nofollow noopener">medium.com/@costin.raiu/t… @ryanaraine @juanandres_gs

This week on @TheMondayBrief: Three threat actors. One blindspot. 🔴 Think Red: One Intune session. 200K devices wiped. 79 countries. No custom malware required. 🔵 Act Blue: Multi-party approval for destructive ops. No single credential owns that blast radius. 🔴 Think Red: Signal's encryption is fine. The linked device list may not be. 🔵 Act Blue: Audit it. Remove what you can't identify. Two minutes. Full issue by @aboutsecurity and @fulmetalpackets: themondaybrief.substack.com/p/three-threat… #ThinkRedActBlue #CyberSecurity #ZeroTrust #ThreatIntel #CISO #InfoSec

🤓 Agent security. AI threat intelligence. I have been deep in this rabbit hole for a while now! What is actually happening out there. What you can do about it. Where the market is heading. We packed all of that into a full podcast interview with @unixguy_cyber 👇 youtu.be/UmOBX8NhmeA?si…

Cybersecurity’s Need for Speed & Where To Find It 1. Software Delivery 2. Change Boards / Approvals 3. High Tempo Board Oversight 4. Fast Executive Decision Making 5. Risk Convergence 6. Autonomic Security Operations 7. Systematized Threat Intelligence 8. Prioritized Vulnerability Management 9. Control Reliability Engineering 10. Platform Shift Down (not just shift left) 11. Buying Time philvenables.com/post/cybersecu…

Russia-linked hackers target Signal, WhatsApp of officials globally securityaffairs.com/189156/intelli…

As the new Zero Day Clock highlights, AI is compressing cyber operations from weeks to minutes. But something important happens when attackers move that fast: they leave evidence. Automated attacks create patterns. 🔴 Think Red: AI runs thousands of attack variations at machine speed. Speed favors attackers. 🔵 Act Blue: Defenders who understand their environment can detect those attempts through pattern analysis. Environmental knowledge favors defenders. New issue of @TheMondayBrief 👇 open.substack.com/pub/themondayb… w/ @fulmetalpackets #ThinkRedActBlue #CyberSecurity #AI #ThreatIntelligence #DetectionEngineering #AllAroundDefender

AI is speeding up cyber attacks. But speed alone doesn’t win the fight. This week’s Monday Brief examines: • AI-driven attack automation • Long-dwell nation-state intrusions • Mobile exploit kits spreading beyond APTs • South Asia espionage campaigns The real advantage still belongs to defenders who know their environment. By @aboutsecurity and @fulmetalpackets themondaybrief.substack.com/p/ai-is-speedi… #CyberSecurity #ThreatIntelligence #CyberDefense #AI #SecurityLeadership

🔐 Protect your enterprise like a pro with Defensible Security Architecture and Engineering: Implementing Zero Trust for the Hybrid Enterprise! Try the FREE preview and see why SEC530 is a game-changer. 🛡️💡 #ZeroTrust #SEC530 go.sans.org/bAI5Sn

Coruna iOS Exploit kit is one of those stories where the more you dig the weirder it gets. I love it.. Started as surveillance vendor tooling, ended up in mass Chinese crypto scams, and this week someone registered Iran war-themed dropper domains. Full timeline thread. 🧵

“If software development becomes cheap, reverse engineering will be too.” Great job @fr0gger_ 👏🏼

Two respected voices in cyber—@aboutsecurity and @fulmetalpackets—are cutting through the noise with The Monday Brief. Strategic insights on threats, AI, and geopolitical risk for security leaders. Worth your Monday morning: themondaybrief.substack.com

General Caine on cyber operations against Iran: "The first movers were US CyberCom and US Spacecom, layering non-kinetic effects, disrupting and degrading and blinding Iran's ability to see, communicate, and respond." youtube.com/live/2l3vfInJB…

Today at @AWNetworks Labs we published new research on #SloppyLemming, an India‑nexus espionage actor quietly targeting government, law enforcement, and critical sectors in Pakistan and Bangladesh using modern tooling, abused #Cloudflare services, and, true to their name, some notably sloppy OPSEC that gave our team deep insight into their playbook. Full technical analysis, including infrastructure, victimology, attribution, mitigations, IOCs and YARA rules in our latest post 👇 🔗arcticwolf.com/resources/blog… #CTI #CyberThreatIntel #ThinkRedActBlue #CyberDefense #ThreatResearch #ThreatIntelligence

New Monday Brief 👇 This week isn’t about breaches. It’s about control. Iran tensions rising. Federal AI posture shifting. Ransomware escalating to psychological warfare. Edge zero-days at industrial scale. China flexing semiconductor leverage. Whoever controls the intermediary layer controls the outcome. open.substack.com/pub/themondayb… 🔴 Think Red by @fulmetalpackets 🔵 Act Blue by @aboutsecurity #CyberSecurity #CISO #ThreatIntelligence #Geopolitics #ThinkRedActBlue

Persistence is no longer about registry keys and scheduled tasks. It’s about control over trusted systems. In this week’s issue of @TheMondayBrief, @fulmetalpackets and @aboutsecurity look at persistence inside backup platforms, control planes, AI runtimes, and the hybrid wars across Europe's critical infrastructure. Think about it: it's not always about speed, but strategic placement. When an attacker compromises: • A backup system • An identity or management control plane • An AI agent runtime • Telecom or hybrid infrastructure They gain durability, leverage, and time. 🔴 Think Red: Target the trust layer. 🔵 Act Blue: Harden, monitor, and verify the systems you assume are “safe.” Full issue here 👇 themondaybrief.substack.com/p/hiding-in-pl… #ThinkRedActBlue #CyberSecurity #ThreatIntelligence #ZeroTrust #AllAroundDefender

The Monday Brief: Strategic cyber intelligence for leaders who need to make decisions, not just read headlines. By @aboutsecurity and @fulmetalpackets. Subscribe 👉 themondaybrief.substack.com

🔐 Enhance your security strategy with Zero Trust! Access our comprehensive resources to protect every layer of your organization. Learn more: go.sans.org/BUWVW0 #ZeroTrust #CyberSecurity #InfoSec