Tyler McLellan

New Blog: Sponsored by Russian military intelligence, APT44 is a dynamic and operationally mature threat actor that is actively engaged in the full spectrum of espionage, attack, and influence operations. cloud.google.com/blog/topics/th…

Getting Gemini to book my calendar items like a big list of school sport events is a massive time saver.

“I didn’t know limewire was still a thing” the latest on Shiny Hunters cloud.google.com/blog/topics/th…

@borealissaves I’m skeptical of that report because it conflates "intrusion attempts" with actual intrusions. 2.6M "attempts" a day usually means automated pings and port scans, not millions of unique breaches.

In 2025, China undertook an average of 2.6 million cyber intrusions per day against Taiwan’s infrastructure - and Canada 're-sets' its relations with the PRC... nytimes.com/2026/01/17/opi…

Merry Cyber Christmas!

UPDATE: New guidance due to the recent Salesforce advisory regarding Gainsight applications. Get hardening, logging, and detection recommendations for programmatic credentials. cloud.google.com/blog/topics/th…

We can all agree onions do not belong on a burger, or anything really.

Nooooo

After 32 years... 🇨🇦 O Canada at the #WorldSeries

Showing the kids how it’s done.

What do we call the teenage stage where they drink two gallons of milk over two days?

Mandiant: "In many cases, the average dwell time of 393 days exceeded log retention periods and the artifacts of the initial intrusion were no longer available."

The FBI has released a FLASH alert on the targeting of Salesforce platforms by the cybercriminal groups UNC6040 and UNC6395, which are responsible for a surge in data theft and extortion attempts. Click for indicators of compromise (IOCs) and protect your organization: ic3.gov/CSA/2025/25091…

📣 In other news… Join me in Washington D.C. for the Cyber Defense Summit from Sept. 22-23! This two-day event will feature insights from @GoogleCloudSec and @Mandiant experts. I’ll be there presenting with SA Anthony Quinones, FBI on countering sophisticated PRC cyber threats.

🍌

⚠️ @Google Threat Intelligence Group (GTIG) is tracking a widespread data theft campaign by UNC6395 targeting @salesforce instances via compromised @Salesloft Drift OAuth tokens. The actor's primary goal is harvesting credentials (AWS keys, passwords, etc) from exfiltrated data.

New blog! Widespread Data Theft Targets Salesforce Instances via Salesloft Drift cloud.google.com/blog/topics/th…

My first attempt at smoking a brisket turned out pretty good!

Happy Canada Day!

Vegas heat but Ottawa humidity.