Threat Intel
Shiny Hunters/Scattered spider have published a leaked download site (DLS)/extortion site etc.
This is a fast publish with content mainly generated using an LLM (GROK). This appears to relate to victims who have been victims of social engineering, it does not appear to be related to the Salesforce, SalesLoft Drift breach: https://help.salesforce.com/s/articleView?id=005134951&type=1
Education
Your version of Adobe Reader is outdated. To ensure the best experience and security, please update to the latest version.
Update Adobe Reader Now
Guides
This weekend I was running a workshop with my awesome friend James, where we were discussing the realities of wireless network security, man in the middle attacks and what we have found in the field, both from an offensive perspective and as corporate network defenders. As with all things in life, sometime reality doesn’t work quite as well as a demo! So I’ve done a quick thread on twitter showing the kill chain an adversary can deploy when attacking WPA2 PSK (without PMF enforced) networks. This is written as a twitter thread so bear with the style!
Read more “Breaching WPA2 PSK Wireless Networks”
Education
Recently the Online Safety Act (OSA) has come into force, now regardless of your opinion on this, I wanted to look at some things that exist today when considering children’s mobile phone access.
When you setup an iPhone or Android phone for use by a child, you have to complete KYC with Apple and Google using an adult account which is verified by credit card/debit card.
So to get an account as a child you need the parent to set this up, link the account to the parents account and pass an element of KYC/verification including a 0 fee payment check.
What we found during recent testing is that Safe Search is enforced by default on children’s <13yo accounts. However we found that a some things that were a bit surprising.
Read more “Won’t someone think of the children!”
Defence
The U.S. bombing of Iranian nuclear facilities on June 22, 2025, alongside Israel’s ongoing military campaign, marks a significant escalation in the Middle East conflict. While these airstrikes target Iran’s nuclear capabilities, they are unlikely to alter the broader cyber threat landscape, which remains dominated by cybercriminals exploiting systemic weaknesses in global digital security. This blog explores why these high-profile military actions, though geopolitically significant, won’t address the entrenched issues fueling cyber threats.
Read more “Why U.S. and Israeli Airstrikes on Iran Won’t Shift the Cyber Threat Landscape”
Guides
In my travels I have found it matters more how you do IT securely than how you ‘do security’. What I mean by this is, the prevailing themes of orgs recently is to bolt on SOCs/MDR and other services to a low maturity/low capability IT organisations with the hope that its magic’s all the security problems away. This sounds lovely, the salespeople will almost certainly productise your security improvement journey and make it sound like a dream.
Read more “Bolting on security does not work”
Education
In the world of cybersecurity, the term Security Operations Center (SOC) carries significant weight. It evokes images of highly skilled analysts working around the clock to detect, respond to, and mitigate cyber threats. However, not all SOCs live up to this expectation. If a SOC lacks core functions like triage, analysis, assessment, and remedial action, it’s not truly a SOC—it’s merely a contact center masquerading as one. Let’s explore why these functions are non-negotiable for a SOC and why their absence undermines the entire purpose of cybersecurity operations.
Read more “Why a SOC Without Triage, Analysis, and Remediation Is Just a Contact Center”
Education
As part of my Cyber SOC GitHub repo I’ve put together lots of resources to try and help people with some common cyber security tasks, applicable to CISOs through to SOC analysts.
I also want to highlight one of the most common incident types if you are an Office 365 customer is a business email compromise scenario, so I’ve put together a high level view of the steps you might want to take after a BEC event is discovered:
Read more “Business Email Compromise Check List”
Defence
If you are are a victim of unauthorised mailbox access and/or attempted fraud via mailbox compromise (BEC) then you know that one of the tasks outside of understanding how the compromise has occurred, what configurations have been tampered with, removing devices and resetting usernames/passwords (and tokens/MFA) etc. is to start to understand the data breach impact.
If someone has logged into a mailbox it’s very very unlikely that zero data has been accessed!
News
Ok with my AI companion GROK I’ve gone exploring on the differences between Japan’s new cyber laws and the UK! This is more GROK than me, but I thought people might find this interesting!
Read more “Japan goes on the Cyber Offensive”