Patrick

🚨 Heads up! 🚨 APT41 is getting creative, using Google Calendar 🗓️ as their latest C2 trick. Google Threat Intelligence Group just pulled back the curtain 🎭 on the TOUGHPROGRESS malware campaign and how we shut it down 💪. Dive into the details here: 🚀cloud.google.com/blog/topics/th…

I think the key takeaway is that threat actors are finding ways to use AI tools to augment every stage of the attack life-cycle.

Update on AI Threats from @Google Threat Intelligence Group 🔥 cloud.google.com/blog/topics/th…

3. Behind the 1.5 million AI agents on @moltbook ? Something closer to 17k likely human owners. And zero mechanism to validate what was what. In fact, a human could post to it just using an HTTP POST request. And any user could be impersonated.... wiz.io/blog/exposed-m…

2/ I have seen many posts highlighting the agents talking about "their human". They are prompted to do this in their skills\.md. This file defines that they should interact with each other like a social network. LLMs exceed at this type of role play.

My team is hiring — check out our role with Google FLARE Team goo.gle/4pUxrmM.

@0xMatt Why do I own a dish washer if I can't put things in it?!

CVE-2025-55182 (aka "React2Shell") continues to be exploited 🚨 Google Threat Intelligence Group has observed multiple campaigns, including China-nexus and financially motivated activity. Get the latest insights to identify and remediate this threat ➡️ bit.ly/3XYde3S

Still Spying: even after getting hit with U.S. sanctions, spyware vendor Intellexa (Predator) is still dodging restrictions, exploiting 0days and selling digital weapons to the highest bidder. @google 🧵 #zerodayexploit #spyware cloud.google.com/blog/topics/th…

This was also a talk @CYBERWARCON! Definitely worth a read if you missed the talk. cyberwarcon.com/poisoned-water…

This campaign is fascinating. The malicious JS was likely delivered to millions of endpoints, but the malware payload was only delivered to precise targets based on device fingerprinting. cloud.google.com/blog/topics/th…

This is a very interesting read and we will likely see more of this going forward. The report left me wondering how exactly the threat actor was using Claude. What were they prompting? What data were they sending? What jailbreaks/prompt injection techniques? How many accounts?

CYBERWARCON is ONE WEEK AWAY! 💣💥💻 ✉️ Check out our website to view the agenda and plan your day, read more about our speakers, or buy a last minute ticket! We can't wait to see everyone in Arlington, VA on November 19th! cyberwarcon.com

Unit 42 has observed #StatelyTaurus (aka #MustangPanda) used the following domains in various campaigns to enable its globally spanning espionage operations in the last 90 days: bit.ly/4oXon01

I couldn't have asked for a better venue than @RooCon_AU 🇦🇺 for my first Cyber Threat Intel talk! It was an amazing and surreal experience. A huge thanks to the organizers for having me and another thanks to everyone that attended!

Happy to introduce our speaker Harshvardhan Parashar! Harsh is a Senior Security Engineer within Google's Threat Intelligence Group (GTIG) where he has been tracking APT actors for last 4 years. His talk, "Poisoned Waters: Dive into APT24’s Multi-Pronged BADAUDIO Espionage Campaign", offers a look into a sophisticated, multi-pronged espionage campaign by APT24, a China-nexus threat actor, primarily targeting a wide range of sectors in Taiwan. Check out more on our website, and grab your ticket before we sell out! cyberwarcon.com

Woah! More UNC6384 indicating active development of payloads and continued focus on diplomatic entities.

Tickets are almost sold out. Nerds. cyberwarcon.com

See the full schedule: rsvp.withgoogle.com/events/roocon2…

If you’ve been laid off from a cyber threat intel position, and you want a ticket to CYBERWARCON, please reach out.

1/ Who wins in the Information Security AI arms race: Defenders? Attackers? or the new AI tools just cancel each other? Our answer...👇