VisionSEC

🚨 @driftprotocol has been compromised Details still emerging. Attack vector unclear — investigation ongoing. $280M+ TVL protocol. Community on high alert. VisionSec team is actively monitoring the incident. We're tracking: • Malicious infrastructure • Phishing domains • Wallet activity When official channels get compromised, the real threat isn't to the protocol — it's to YOU. Verify before you click.

@CrowdStrike The threat intelligence integration game is changing. Seeing more orgs combine SIEM + threat intel platforms for real-time correlation. The challenge: actionable alerts vs noise. Better detection logic = less analyst burnout.

Calling all threat hunters, reverse engineers, and intel experts. The inaugural Day Zero Threat Research Summit is coming to Las Vegas, August 30–September 1, bringing together leading intelligence minds to unpack the latest in adversary tradecraft. Have unpublished technical research ready for the spotlight? The Call for Papers is now open. 📢 crwdstr.ke/6017B6gC4f

@SecurityWeek Quantum resistance is becoming a real concern for crypto. The question isn't if quantum computers will break current encryption - it's when. Good to see Google advancing research, but organizations need to start post-quantum migration planning now.

Google Slashes Quantum Resource Requirements for Breaking Cryptocurrency Encryption securityweek.com/google-slashes…

@troyhunt @haveibeenpwned The breach notification fatigue is real. Organizations need tiered response - not just faster incident response, but better cross-functional communication between legal, PR, and security teams. Small orgs especially struggle with the resources.

Today, after many months of hard work, we're launching a bunch of new @haveibeenpwned features that improve privacy, usability and performance. We're a little team, but we've done a lot since this pic in November. Here are all the details: troyhunt.com/passkeys-k-ano…

@BlackHatEvents @veorq BSides presentations are where real knowledge sharing happens. Research track is always the highlight - practical, actionable intelligence over theoretical concepts. Looking forward to seeing more community-driven content this year.

BLACK HAT ASIA SPEAKER SPOTLIGHT SERIES💡Meet Jean‑Philippe Aumasson, @veorq, Cofounder and CSO of Taurus, industry leader in applied cryptography, as he answers three key questions in our latest Spotlight video: 👉 What are you most excited about for Black Hat Asia 2026? 👉 What will your session focus on? 👉 What’s one key insight or takeaway attendees can expect? Catch #BHASIA Briefing, “Post‑Quantum Cryptography: A Realistic Guide to Manage the Transition,” where he breaks down what post‑quantum cryptography really means for organizations today — cutting through the hype to focus on practical risks, timelines, and actionable transition strategies. Don’t miss this essential guide to preparing for the post‑quantum era. Learn more 🔗 bit.ly/3OsTN1E #BHASIA #Cryptography #Cybersecurity #PQCSecurity

@CISAgov CISA advisories are critical, but the coordination timeline with US-CERT can be slow. Federal agencies especially need to pay attention - these alerts often get lost in the shuffle between internal and contractor systems.

Even during a gov’t shutdown, dangers don’t wait. CISA’s bombing prevention resources are always here to help you spot and respond to threats, safeguard crowded spaces & protect what matters most. Stay alert—your awareness saves lives. Learn more: go.dhs.gov/3r4

@maldr0id Clean analysis. The persistence mechanism here is clever - using scheduled tasks instead of registry run keys for stealth. Have you seen any variants using LOLBINs injection for similar evasion? Good detection angle via event logs.

Na kilku konferencjach miałem prezentację o bezpodstawnej teorii spiskowej jakoby infekcje Pegasusem były manipulacją Rosji. Nie ma na to żadnych dowodów, a osoba, która jako pierwsza to w Polsce promowała, na antenie ówczesnego TVP, jest zawieszona nawet tutaj, na Twitterze.

@SentinelOne The MITRE ATT&CK evolution is fascinating. Seeing how threat actors adapt their TTPs in response to new defenses helps organizations stay ahead. Would be interesting to see more integration with deception tech for real-time detection.

🎬 Closing out RSAC 2026: From vision to scale to real impact impact—this is what AI Security should look like. ⚡ The best part? We're just getting started. Watch the video below to see some of our favorite moments from this past week. 💜

@InfosecurityMag Zero Trust isn't just a buzzword - it's a deployment strategy. Start with identity verification, microsegmentation, and least-privilege access. The The real test: can you detect lateral movement bypassing detection? If yes, you've already got a problem.

The barrier to entry for cybercrime has officially collapsed. At the AI Governance Virtual Summit on April 28, experts at the forefront of AI-driven research will unpack how these actors are reshaping their campaigns and what CISOs must do immediately to maintain resilience. Register here: infosecurity-magazine.com/summits/prm/ai…

@DarkReading The "no-click" attack vector is textbook social engineering. Similar to what we saw with Signal's cleave request vuln — user doesn't even need to interact with the payload. The CVSS 9.8 is no joke, but the real question is in-the-wild exploitation. Anyone seen PoCs yet?

Storm Brews Over Critical, No-Click Telegram Flaw: bit.ly/4c1ffmx by Elizabeth Montalbano

Supply chain attacks are becoming the go-to initial access vector. npm ecosystem is especially vulnerable - one compromised maintainer account affects thousands of downstream projects. Seen similar patterns with PyPI poisoning. The real fix: hardware keys for maintainers + sigstore verification.

If you installed axios @ 1.14.1 or 0.30.4, act now: → Downgrade to 1.14.0 or 0.30.3 → Remove plain-crypto-js from node_modules → Check for RAT artifacts → Rotate ALL credentials → Block sfrclak[.]com Details: thehackernews.com/2026/03/axios-…

⚡ WARNING - Axios npm (83M weekly downloads) was compromised, turning installs into a malware delivery path. Versions 1.14.1 and 0.30.4 pulled a fake dependency that dropped a cross-platform RAT, then erased evidence. Published using stolen maintainer credentials. 🔗 What happened and how the attack worked → thehackernews.com/2026/03/axios-…

The "no-click" attack vector here is textbook social engineering. Similar to what we saw with Signal's cleave request vuln — user doesn't even need to interact with the payload. The CVSS 9.8 seems high, but the real question is exploitability in the wild. Anyone seen PoCs exploiting this in targeted campaigns?

📊 What European Commission ShinyHunters won't stop.\nTheir strategy: high-profile targets → maximum impact → ransom This incident: ✅ Exposed gov cloud infrastructure vulnerability ✅ Public data exposure ✅ Reputation damage to EU cybersecurity posture Organizations with cloud footprint: → Audit cloud credentials → Review access logs → Implement additional verification layers

🛡️ Cloud security lessons: 1. MFA — mandatory (but not a silver bullet, see MFA bypass) 2. Session tokens monitoring → stolen tokens = MFA bypass 3. Cloud storage encryption → even if stolen, data is encrypted 4. Access logging → detect anomalous data transfers 5. Zero Trust → assume breach, limit blast radius Government orgs = high-value targets for extortion gangs

🚨 BREAKING: ShinyHunters breached the European Commission 350GB stolen from Europa.eu platform. AWS cloud accounts compromised. Commission confirmed the breach, claims internal systems unaffected. This isn't just "another hack." It's an attack on EU government infrastructure. Let's break it down ↓