Yaniv Radunsky

Fake Claude pages push ACR Stealer via Google malicious ads. Pages serve OS-specific malware. C2: yw.enhanceblabber[.]cc #ACRStealer #Malvertising #MalwareAnalysis isc.sans.edu/diary/33018

Hacknect — The Wi-Fi Enabled Hacking & Automation Cable by Little Gadgets — Kickstarter kickstarter.com/projects/littl…

Vaultify: open-source Go binary scanning endpoints for 350+ exposed secret patterns. Vaults keys to 1Password/AWS/HashiCorp or redacts on disk. AI agent Vee pre-fills triage. Zero telemetry, fully offline. #tool #appsec vaultify.live

Anthropic open-sourced 11 Knowledge Work Plugins for Claude Cowork/Code. Each bundles skills, connectors, slash commands, and sub-agents for specific roles (sales, legal, finance, data, bio-research). Customizable per org. #claude #plugins #tool github.com/anthropics/kno…

OpenOSINT: AI OSINT agent using Anthropic tool use API. 9 tools (sherlock, holehe, sublist3r, phoneinfoga, HIBP). Structurally prevents hallucinated results. MCP server + web UI included. #tool #osint github.com/perplexityai/b…

AI red teaming adversarially tests LLMs for jailbreaks, prompt injection, and data exfiltration. Microsoft Copilot was compromised via one malicious email. Real attack surface, not theoretical. #AI #RedTeaming #LLMSecurity blog.securelayer7.net/ai-red-teaming/

Bumblebee maps which dev machines match a package advisory by scanning on-disk lockfiles and extension manifests. Single Go binary, zero deps, read-only, NDJSON output. Covers npm, PyPI, Go, RubyGems, MCP configs. #tool #supplychain github.com/perplexityai/b…

Bumblebee: read-only inventory collector for macOS/Linux dev endpoints. Turns scattered lockfiles, extension manifests, and MCP configs into structured NDJSON for supply-chain response matching. #tool #supplychain #SBOM github.com/perplexityai/b…

Clawpatch maps repos into semantic features, runs Codex-based reviews per feature, persists findings and patch attempts in .clawpatch, and can apply explicit fixes with validation. #clawpatch #codex #tool #overview" target="_blank" rel="nofollow noopener">clawpatch.ai/#overview

RDP lateral movement can turn one compromised machine into a domain problem fast. This week’s Velociraptor hunt: Custom.DFIR.RDPLateralMovementDetection It parses Security.evtx for 4624 LogonType 10, 4648, and 4778 to help scope RDP movement. #velociraptor github.com/hasamba/Hasamb…

awesome-dfir-skills is a repo of reusable DFIR "skills": prompts, templates and helper files for Claude/Codex. Keep placeholders like {{time_window}} intact and validate AI outputs against evidence. #dfir #incidentresponse #tool github.com/tsale/awesome-…

Ransomware extortion increasingly includes threats of physical violence. FBI data shows US incidents surged to ~1,008,597 with $20.8bn losses in 2025; Semperis found physical threats in ~40% of global ransomware cases. #ransomware #doxxing #FBI bbc.com/news/articles/…

AiSOC is an open-source, self-hostable AI SOC that logs LLM prompts/responses in an Investigation Ledger, includes a CI‑gated eval harness (200 synthetic cases, 1,000‑alert stream), and runs entirely on customer infra. #tool #MIT #LangGraph github.com/beenuar/AiSOC

🛠️ New open-source DFIR tool: NSRL→VT Hash Checker Recursively SHA-1s every PE file on a Windows host, checks them against the NSRL RDS, sends only the unknowns to VT. Fast triage for "what shouldn't be here?" open issues, send PRs bit.ly/3PE5d3p #DFIR #IR #InfoSec

Anthropic with Software engineers:

GitHub tool documents a reg.exe-based flow to export SAM/SYSTEM/SECURITY hives, use RegReduction and BootKey to obtain the BootKey, then apply secretsdump to extract NTLM hashes — presented as an EDR bypass technique. #tool #EDR #DumpHash github.com/AabyssZG/HashD…

Webinar: Digital Forensics — Basic Linux Analysis after data exfiltration (Feb 13, 2026). Focus on post-exfiltration artifacts and the adversary-inside perspective. #digitalforensics #linux #dataexfiltration hackers-arise.com/digital-forens…

EventHawk speeds Windows EVTX DFIR with a Rust multi-process parser, Juggernaut Mode (Parquet + DuckDB), Sentinel anomaly scoring, PowerShell reconstruction and ATT&CK mapping at scale. #tool #DFIR #forensics github.com/Mihir-Choudhar…

Unauthenticated memory-leak in Ollama (CVE-2026-7482, CVSS 9.1) exposes full process memory — including user prompts, system prompts, and env vars — potentially impacting ~300,000 servers. #BleedingLlama #Ollama #CVE-2026-7482 cyera.com/research/bleed…

🚨GOOGLE JUST SILENTLY DOWNLOADED A 4GB AI MODEL TO YOUR COMPUTER WITHOUT ASKING.. WITHOUT TELLING YOU.. AND WITHOUT ANY WAY TO STOP IT.. If you use Chrome.. There's a good chance a 4 gigabyte file is sitting on your hard drive right now that you never agreed to download.. It's called Gemini Nano.. Google's on-device AI model.. A security researcher just proved it installs itself with zero clicks.. Zero prompts.. Zero notifications.. Alexander Hanff set up a completely fresh Chrome profile.. Didn't click anything.. Didn't scroll.. Didn't type a single keystroke.. Just opened the browser and watched.. 14 minutes and 28 seconds later.. Chrome had silently scanned his hardware.. Read his GPU, RAM, and storage.. Then wrote a 4GB file to his hard drive.. No permission dialog.. Nothing.. Chrome's own logs show the download begins BEFORE the settings page where you could opt out is even loaded.. The file starts installing before the refusal button exists.. As of Chrome 148.. Any website you visit can trigger this download.. One line of JavaScript.. You click a link to read a blog post.. That click counts as "user activation".. And Chrome silently pulls 4GB in the background.. No install prompt.. No consent dialog.. Google's own docs admit this.. Your laptop overheats.. Storage disappears.. Battery drains.. And you have no idea why.. The model doesn't even work well.. Cloud requests take 1.3 seconds.. The local model at worst case takes over 9 minutes for a single response.. Google is using your storage, electricity, and bandwidth to run an AI that's 40 times slower than their own servers.. And the "AI Mode" button in Chrome's address bar.. Doesn't even use the local model.. It sends everything to Google's cloud anyway.. You pay the storage penalty.. The heat penalty.. The bandwidth penalty.. And the visible AI feature ignores the local file entirely.. Because Chrome fails to clean up old versions.. Users are finding 12GB or more of duplicate AI files stacked on their drives.. Palo Alto Networks found a vulnerability where a browser extension could hijack the local AI model's permissions.. Accessing your webcam.. Microphone.. Local files.. Through an AI you never installed.. Here's how to check if it's on your machine.. Windows.. C:\Users\[YourName]\AppData\Local\Google\Chrome\User Data\Default\OptGuideOnDeviceModel\ Mac.. ~/Library/Application Support/Google/Chrome/Default/OptGuideOnDeviceModel/ If there's a file called weights.bin.. Google downloaded their AI to your computer without asking.. To stop it.. Type chrome://flags.. Search "optimization-guide-on-device-model" and disable it.. Search "prompt-api-for-gemini-nano" and disable that too.. Restart Chrome.. Then manually delete the folder.. If you don't disable the flags first.. Chrome redownloads the 4GB file on next launch.. Firefox requires explicit opt-in for AI.. Apple Intelligence requires explicit consent.. Chrome just takes your hard drive.. Google didn't ask to use your storage.. Your electricity.. Your bandwidth.. They just took it.