Guardian Digital, Inc.

12.7K posts

Guardian Digital, Inc. banner
Guardian Digital, Inc.

Guardian Digital, Inc.

@gdlinux

The Open Source Internet Security Company

New Jersey, USA Katılım Mart 2015
486 Takip Edilen642 Takipçiler
Sabitlenmiş Tweet
Guardian Digital, Inc.
Guardian Digital, Inc.@gdlinux·
🛠️ Toolkit Time! 🛠️ Every sysadmin needs a reliable toolkit. Our newsletter is your virtual Swiss Army knife for combating email threats. Stay equipped and informed with the latest insights and strategies. Subscribe now and unpack the essentials! guardiandigital.com/newsletter-sig…
GIF
English
0
2
5
12K
Guardian Digital, Inc.
The GitHub AI agent attack relied on trusted content containing hidden instructions, not stolen credentials. Authentication alone is not the control. Microsoft 365 environments increasingly depend on AI processing email, documents, and collaboration data where malicious content can blend into normal workflows. Many issues appear only after reviewing AI interactions. Treat AI inputs with the same scrutiny as email attachments. csoonline.com/article/419444… #microsoft365 #InfoSec #CyberThreats
Guardian Digital, Inc. tweet media
English
0
0
0
20
Guardian Digital, Inc.
Social engineering remains a primary technique because attackers target people before they target systems. Valid credentials are often more valuable than exploits. Microsoft 365 tenants regularly see phishing attempts designed to harvest passwords and MFA approvals. Administrators often discover repeated login attempts against the same users before an incident escalates. Review Conditional Access exclusions and high-risk sign-ins regularly. guardiandigital.com/resources/blog… #microsoft365 #CyberDefense #CyberThreats
Guardian Digital, Inc. tweet media
English
0
0
0
30
Guardian Digital, Inc.
Many wiper attacks begin long before any systems are erased. The destructive phase is often the final step. In Microsoft 365 environments, phishing, credential theft, and account compromise can give attackers time to map the organization first. Administrators usually spot the early indicators in Entra ID logs. Don't ignore unusual authentication patterns. guardiandigital.com/resources/blog… #microsoft365 #CyberAttack #TechSecurity
Guardian Digital, Inc. tweet media
English
0
0
0
27
Guardian Digital, Inc.
Researchers describe this as the first documented end-to-end agentic ransomware operation driven by an LLM. The difference is operational decision making at machine speed. For Microsoft 365 administrators, identity telemetry becomes even more valuable when attacks can adapt without waiting for a human operator. Many compromises are first recognized through subtle authentication anomalies. Baseline normal sign-in behavior before you need it. csoonline.com/article/419319… #microsoft365 #CyberThreats #CyberDefense
Guardian Digital, Inc. tweet media
English
0
0
0
17
Guardian Digital, Inc.
Researchers highlight that The Gentlemen focuses on moving through an environment before encryption occurs. Speed reduces the window for defenders to respond. In Microsoft 365, compromised identities can quietly enable lateral movement through connected services and administrative access. Many teams detect encryption long after identity abuse begins. Watch for unusual privileged sign-in patterns. csoonline.com/article/419369… #microsoft365 #CyberAttack #InfoSec
Guardian Digital, Inc. tweet media
English
0
0
0
21
Guardian Digital, Inc.
This is an interesting approach to prompt injection. Embedding malicious instructions within image data shows how attackers are adapting to bypass traditional code review processes. Have there been discussions around detection methods for identifying hidden payloads within image files before they reach AI-powered development workflows?
English
0
0
1
98
Cyber Security News
Cyber Security News@The_Cyber_News·
Ghostcommit Attack Hides Malicious Prompts in Images to Exploit AI Agents Source: cybersecuritynews.com/ghostcommit-at… A novel supply chain attack called "Ghostcommit" that conceals prompt-injection instructions within PNG images to bypass AI code reviewers and trick coding agents into leaking secrets such as .env files. A pull request containing an explicit, plain-text instruction to exfiltrate a repository's .env file is caught immediately by LLM-based reviewers like Cursor Bugbot and CodeRabbit, which flag the coherent, text-visible exploit as high severity before merge. To evade this, the researchers split the payload: a harmless-looking AGENTS.md convention file instructs the coding agent to "derive a build constant" from a referenced image, docs/images/build-spec.png, while the actual malicious procedure, reading .env byte by byte and encoding it as ASCII integers, is rendered as text inside the image itself. #cybersecuritynews
Cyber Security News tweet media
English
11
50
167
12.4K
Guardian Digital, Inc.
@nahamike01 @Huntio @nahamike01 That's an interesting find. The presence of both VNC installers and ransomware executables on the same server, along with onion domain references, raises questions about the operational security practices of the actors involved.
English
0
0
0
117
Michael R
Michael R@nahamike01·
Interesting open directory at 148.222.187[.]222:9000 hosting Windows versions of Gentlemen ransomware, as well as bore tunnel, and installers for UltraVNC & TightVNC. Yesterday, the same server exposed a directory on port 8080 hosting similar files along with multiple ZIP archives. The executable's contain references to an onion domain : tezwsse5czllksjb7cwp65rvnk4oobmzti2znn42i43bjdfd2prqqkad[.]onion, simplex and tox chat, and a X profile: TheGentleman26
Michael R tweet mediaMichael R tweet mediaMichael R tweet media
English
5
14
56
5.8K
Guardian Digital, Inc.
@The_Cyber_News It's good they're taking this seriously. Disabling account access is a solid first step, but is there a projected timeline for when they expect to have a more permanent fix in place?
English
0
0
0
52
Cyber Security News
Cyber Security News@The_Cyber_News·
Progress Urges ShareFile Admins to Shut Down Servers Over Credible Security Threat Source: cybersecuritynews.com/progress-share… Progress Software has issued an urgent advisory instructing customers running on-premises ShareFile Storage Zone Controllers to immediately power down the servers hosting these components, citing a "credible external security threat" against the platform. The notice, sent directly to customers' inboxes, states that Progress has no current indication of unauthorized access to ShareFile accounts or data, but is taking the drastic step as a precaution while it works with internal and external cybersecurity experts to assess the threat. The email tells administrators that Progress has already disabled account access through Storage Zone Controllers for all affected customers, and separately demands manual shutdown of the underlying servers as a "critical additional step" to protect data. #cybersecuritynews
Cyber Security News tweet media
English
2
17
68
9.2K
Guardian Digital, Inc.
@SpecterAnalyst @hedera Concerns about security and privacy are definitely valid, especially with bridged assets. How are LayerZero's or Hedera's smart contracts structured to prevent such unauthorized asset transfers in the first place?
English
0
0
0
93
Specter
Specter@SpecterAnalyst·
There appears to be an ongoing hack involving @hedera Network, with over $3.7M already bridged to Ethereum by the attacker. The stolen funds are currently being swapped from WBTC for ETH after being bridged from the Hedera network via Layerzero. Theft addresses: 0x9A4966152F6e10b33Cb7a37975e8619816d6a494 0xaf20D792A19fD42dCf697ceBa6100291D96dD93e Stay smart.
Specter tweet mediaSpecter tweet media
English
27
16
137
72.5K
Guardian Digital, Inc.
@RoundtableSpace That's an interesting situation with the invoicing. I wonder how a billing error could escalate so rapidly and without any recorded usage or registered card. It does raise concerns about the security and privacy of user data with systems like these.
English
0
0
1
2.9K
0xMarioNawfal
0xMarioNawfal@RoundtableSpace·
Anthropic's billing system sent a Korean user a $16.6 million invoice this week, and his account showed zero usage and no registered card. The first email arrived July 7 for $1.67 million. By July 8 it had grown to $16.6 million, roughly tenfold in 24 hours, both sent through Stripe via Anthropic's official domain. His bank then declined two charge attempts on a card he says was never registered to the account. No money moved. Every attempt failed or was declined. Anthropic told ZDNet that individual account matters are difficult to confirm in specifics and has not said whether the invoices were a billing error.
0xMarioNawfal tweet media0xMarioNawfal tweet media
English
24
13
133
75.2K
Guardian Digital, Inc.
This is a significant step toward strengthening account security. Phishing remains a persistent threat, and moving beyond OTP-based authentication could help reduce a common attack vector. How will regulators ensure that alternative authentication methods provide strong security while remaining practical for users?
English
0
0
0
35
CoinMarketCap
CoinMarketCap@CoinMarketCap·
LATEST: 🇭🇰 Hong Kong’s SFC has told brokers and crypto platforms to phase out one-time password logins within 12 months, after phishing made up 57% of reported security incidents in 2025.
CoinMarketCap tweet mediaCoinMarketCap tweet media
English
44
25
139
60.2K
Guardian Digital, Inc.
This is a concerning discovery. A single message triggering an AI agent highlights the importance of strong input validation and secure handling of external communications. How are these vulnerabilities being addressed, and what security improvements are being prioritized in future releases?
English
0
0
0
36
Cyber Security News
Cyber Security News@The_Cyber_News·
One WhatsApp Message Turns OpenClaw Into a Remote Access Tool for Hackers Source: cybersecuritynews.com/whatsapp-messa… Three high-severity vulnerabilities in OpenClaw, the open-source AI coding assistant with 381,000 GitHub stars, that allow attackers to achieve remote code execution through a single WhatsApp message. The flaws, confirmed exploitable on OpenClaw 2026.6.1, expose a structural weakness in how AI agents handle untrusted input from messaging channels. OpenClaw is a self-hosted AI assistant that connects to WhatsApp, Slack, Discord, Telegram, and Teams, letting users text it coding requests the way they would message a coworker. #cybersecuritynews
Cyber Security News tweet media
English
8
29
97
7.3K
Guardian Digital, Inc.
@IntCyberDigest It's concerning to see billing discrepancies on this scale. A tenfold increase overnight for a user on the free plan is particularly alarming. It raises questions about whether there's a disconnect between internal usage tracking and how charges are reflected on invoices.
English
0
0
0
620
International Cyber Digest
International Cyber Digest@IntCyberDigest·
❗️ Anthropic tried to charge a Korean user who was on the free plan with zero API usage $16.6 million. A day earlier, the same invoice was $1.67 million, so it grew roughly 10x overnight. The user says he suspected phishing at first, then found the sender and payment link were Anthropic's official domain. His bank declined the charge attempts for exceeding the card's per-transaction limit... Last month auditing startup Vaudit told it found about $1.7 million in overcharges across $34 million in AI invoices, mostly tied to Claude Code, and after months of GitHub reports about contradictory Anthropic billing emails.
International Cyber Digest tweet mediaInternational Cyber Digest tweet media
English
265
558
7.8K
1.6M
Guardian Digital, Inc.
Wiper malware campaigns often rely on the same initial access techniques used in ransomware attacks. The difference is the attacker may have no intention of restoring anything. Compromised Microsoft 365 accounts can provide a path to users, endpoints, and administrative workflows. Most investigations start with suspicious sign-ins, not destructive activity. Review conditional access exclusions regularly. guardiandigital.com/resources/blog… #microsoft365 #CyberThreats #Cybersec
Guardian Digital, Inc. tweet media
English
0
0
0
63
Guardian Digital, Inc.
The Gentlemen combines self-propagation with legitimate Windows management tools to expand its reach. Trusted tools can make malicious activity harder to spot. Microsoft 365 administrators often see valid accounts performing unexpected administrative actions after compromise. Normal-looking admin activity deserves closer inspection. Correlate Entra ID sign-ins with privileged changes. csoonline.com/article/419369… #microsoft365 #CyberDefense #TechSecurity
Guardian Digital, Inc. tweet media
English
0
0
0
40
Guardian Digital, Inc.
Modern ransomware campaigns are organized operations that combine phishing, credential theft, and lateral movement. The encryption stage is only the final step. Microsoft 365 identities often provide the access attackers need before expanding deeper into the environment. Many investigations start with a single compromised user account. Watch for impossible travel and unfamiliar authentication patterns. guardiandigital.com/resources/blog… #microsoft365 #InfoSec #TechSecurity
Guardian Digital, Inc. tweet media
English
0
0
0
34
Guardian Digital, Inc.
The AI agent reportedly harvested credentials before establishing persistence and moving deeper into the environment. Credential collection remains a critical objective. Microsoft 365 security still comes down to limiting what stolen identities can reach after initial compromise. Stale accounts and excessive permissions are common findings during reviews. Regularly validate privileged accounts and dormant identities. csoonline.com/article/419319… #microsoft365 #Cybersec #TechSecurity
Guardian Digital, Inc. tweet media
English
0
0
0
26
Guardian Digital, Inc.
Researchers demonstrated that prompt injection can manipulate AI agents into revealing information they were authorized to access. Permissions become part of the attack surface. In Microsoft 365, AI assistants often have access to SharePoint, OneDrive, Exchange, and Teams, making data boundaries just as important as identity controls. Most organizations focus on identities before AI permissions. Review what connected AI services can actually read. csoonline.com/article/419444… #microsoft365 #CyberDefense #TechSecurity
Guardian Digital, Inc. tweet media
English
0
0
0
54
Guardian Digital, Inc.
@crypto_banter The laser fault injection attack sounds concerning, especially the part about it being unpatchable on existing cards. Has there been any discussion on how Tangem plans to address this for users who already own the cards?
English
1
0
1
399
Crypto Banter
Crypto Banter@crypto_banter·
🚨LEDGER: LASER ATTACK CAN RESET PASSWORDS ON ALL TANGEM CARDS! Ledger’s security research team disclosed a laser fault injection attack that bypasses a security check on Tangem hardware wallet cards, allowing password reset and potential fund theft. The attack needs physical access to the card plus ~$250k in specialized lab equipment. It cannot be patched on cards already in circulation. New cards may have mitigations; existing ones remain vulnerable per the findings.
English
87
110
455
137.8K