Philippe Tremblay 🇨🇦🇫🇷 🇺🇦

‼️🚨 Microsoft calls this "intended behaviour," so here we go. How to dump the credentials of every user stored in Microsoft Edge: 1. Open Edge. Don't browse anywhere, just open it. 2. Flip to Task Manager, find Edge, expand the task. 3. Highlight the "browser" sub-task,

Unit 42 | The npm Threat Landscape: Attack Surface and Mitigations unit42.paloaltonetworks.com/monitoring-npm…

Our investigation has revealed that the incident originated from a third-party AI tool with hundreds of users whose Google Workspace OAuth app was compromised. We recommend that Google Workspace Administrators check for usage of this app immediately. #indicators-of-compromise-iocs" target="_blank" rel="nofollow noopener">vercel.com/kb/bulletin/ve…

@SocketSecurity We dug into this more: The blast radius is larger than it looks. Axios only needed to be resolved somewhere in the dependency graph during the window (e.g. via CLI tools, npx installs, CI jobs, etc). In some cases, you can check now and see nothing, even if it ran. 🫥

More relevant than ever …

Best practices for securing Microsoft Intune In view of the March 11, 2026 cyberattack against U.S.-based medical technology firm Stryker Corporation, which affected their Microsoft environment. Microsoft has newly released the following guidance: techcommunity.microsoft.com/blog/intunecus…

@HackingDave @HackingDave Nice cut with a Jamie Diamon intro.

Here's my CNBC interview today on Iran.

daylight savings sucks Now I’m jet lagged and I haven’t even gone anywhere

@cyb3rops @rapid7 @pseudonyme_ovb Subtle😆

@rapid7 @pseudonyme_ovb beyond trust …

🚨 On 2/6/26, #BeyondTrust disclosed a critical RCE vulnerability affecting its Remote Support (RS) and Privileged Remote Access (PRA) products. The flaw has been assigned CVE-2026-1731 and a near-maximum CVSSv4 score of 9.9. More in the Rapid7 blog: r-7.co/4arAjln

RT @cyb3rops: Here’s how I currently see software development. Imagine a farmer who grows cabbage. He has one large field and several sma…

Rapid7 dropped a write-up on the Notepad++ update-chain abuse and - finally - it comes with real IOCs - update.exe downloaded from 95.179.213[.]0 after notepad++.exe -> GUP.exe - file hashes for update.exe / log.dll / BluetoothService.exe / conf.c / libtcc.dll - network IOCs

For convenience: I wrote a small collector that pulls all SHA-256, SHA-1 and MD5 hashes from Notepad++ releases and compiles them into big CSV + JSON files Use it to check if any Notepad++ installs in your org match known-good release hashes - and spot weird/malicious outliers

@cyb3rops …and learned from it

I liked this one

the brand new sensation that’s sweeping your nation it’s our special military operation m.youtube.com/shorts/Xq4TpiK…

Google now lets you change your @gmail.com address, rolling out - @mayank_jee bleepingcomputer.com/news/technolog… bleepingcomputer.com/news/technolog…

My annual MRI scan gives me a USB stick with the data, but you need this commercial windows software to open it. Ran Claude on the stick and asked it to make me a html based viewer tool. This looks... way better.

What frequently happens when people read threat reports is 1. they notice the IOCs 2. go to Virustotal and check if their org's AV covers the threat But they shouldn't stop there. They should click on "Security vendor's analysis on: ..." 3. select the earliest date 4. check

Yep. What the hell. futurism.com/artificial-int…

Amazing performance Blue Jays. We are still proud of you. Onwards.

The timelines in this CISA directive to patch F5 vulnerabilities are not grounded in the risk posed. The required remediation timelines have been artificially extended to ensure there's a possibility for compliance given staff impacted by the shutdowns. cisa.gov/news-events/di…