Our monthly open source challenges just got an upgrade... With hidden codes - a corrupted archive and a mysterious figure pulling the strings. Get started at challenge.bellingcat.com
We recently released the Synapse @Feedly Power-Up! Ingest Feedly TI API feeds into Synapse, model articles as media:news, link indicators, and automate daily/hourly pulls to speed up reporting + enrichment. Learn more: synapse.docs.vertex.link/projects/rap...
A sign above a bar reads "Counter Intelligence"
What are they up to at Matt's in the Market in Seattle? ๐
You can now scan for #react2shell in Burp Suite! To enable, install the Extensibility Helper bapp, go to the bambda tab and search for react2shell. Shout-out to Assetnote for sharing a quality detection technique!
China-nexus cyber threat groups rapidly exploit React2Shell vulnerability (CVE-2025-55182) #React2Shell aws.amazon.com/blogs/securi...
Made this last night, itโs useful for finding a large number of domains hosting phishing kits or malware based on a consistent pattern github.com/singe/domain-pโฆ Might be useful for some of you.
A man involved in the DPRK's fraudulent IT worker scheme appears in a recorded Zoom call. The recording is projected on a large screen, on stage at the CYBERWARCON conference.
If the talks at @cyberwarcon.bsky.social today are any indication, while you may think threat actor adoption of generative AI improves sophistication and eliminates telling mistakes in phishing and info ops, that future is not evenly distributed!
Ah @cyberwarcon.bsky.social the only conference for intel ops research authored by the terminally online
Itโs rare that we see an actual NEW ransomware family, so it will be interesting to see how this develops.
via @lawrenceabrams.bsky.social & @bleepingcomputer.com
Attackers move fast, so your blocklists should too. GreyNoise now lets you convert any query into a real-time blocklist that updates automatically as attacker infrastructure changes. Start using it today on the GreyNoise platform.
Great talk by @pylos.co on possible futures for Volt Typhoon and why the cluster's strategic goal means the activity will evolve and at times be disrupted but not stop any time soon
Now I can say I've seen a DPRK IT Worker (recorded) on a video call, thanks to Caleb Marquis and Eric Kerr! Next up is @pylos.co on Volt Typhoon.
Kicked off @cyberwarcon.bsky.social with @dmitri.silverado.org apologizing for 15yrs of threat actor naming chaos and proposing a new scheme, and plenty of Russia-related content (with top-tier memes)
Good morning, @cyberwarcon.bsky.social! โ๏ธ
We've hired Colonel Shawn Smagh to up our @greynoise.io intel reporting game and we've started producing weekly intelligence briefs. This week's is a banger.
Game on! The @cyberwarcon.bsky.social Synapse challenge is live! ๐๐๐
Coming up at 12:40 EST for #IanGillespie presenting "From Memecoins to Missiles: How North Korea Launders Stolen Crypto into Real World Riches"
#BSidesPyongyang25 #BSPY25
https://www.twitch.tv/bsidespyongyang
https://www.youtube.com/@BSidesPyongyang
Watching @bsidespyongyang.bsky.social on the way to @cyberwarcon.bsky.social twitch.tv/BSidesPyongy...
Have questions about submitting to the #SOCON2026 CFP? Weโve got answers.
The CFP closes soon โ submit your proposal by Nov 15 to participate in the only conference dedicated to advancing Attack Path Management.
๐ Submit: ghst.ly/socon26-cfp
Obsidian Importer now lets you generate Markdown files from a CSV.
It converts thousands records in seconds and automatically generates a Base that you can use to explore and edit the data.
cloud.google.com/blog/topics/...
google cloud / mandiant blogged about a cool investigation that I got to pitch in on & had a small verse to contribute in the broader context of it. these are the things that remind me how much I enjoy what I do.
It was recorded, and slides are now being shared....
Slides and videos from ATT&CKcon 6.0 are now posted in an easy to find way. Check out attack.mitre.org/resources/at... to check out our great talks (and Couch Talks) from October, or even check out past ATT&CKcons from that same page.
There's an open role for a Staff CTI Analyst on my team here
@huntress.com
๐ข๐ซ
โจDo you love doing correlations between different incidents, sometimes digging into them, or doing malware analysis?
โจDo you like doing data analysis, and using this to make threat reports? ๐
"The DPRK IT worker threat is more than a fraud or sanctions evasion issue; it exposes systemic weaknesses in how identity is verified and managed across the global economy." Chandana Seshadri looks at DPRK IT worker typologies & identifies a path forward.
Our new and improved Bellingcat Toolkit is one-year-old today! If you haven't used it yet its a one-stop shop for discovering useful open source tools, maintained by an amazing group of volunteers. You can find use cases, guidance and honest reviews for each tool. bellingcat.gitbook.io/toolkit
We are releasing details on BRICKSTORM malware activity, a China-based threat hitting US tech to potentially target downstream customers and hunt for data on vulnerabilities in products. This actor is stealthy, and we've provided a tool to hunt for them. cloud.google.com/blog/topics/...
First public report at Recorded Future by yours truly is out! RedNovember (formerly TAG-100, a.k.a. Storm-2077) is a Chinese state-sponsored threat group focused on intelligence collection, especially on flashpoint issues of strategic interest to China. www.recordedfuture.com/research/red...
CFP closes this Friday, September 26th at 11:59pm EST!
If you'd like to speak at CYBERWARCON this year, get your talk submission in ASAP to be considered!
Submit your talk here >> www.cyberwarcon.com/cfp2025
#CYBERWARCON #CFP
It is a good time to learn how to find accurate information online. Weโre offering virtual training sessions over the month of October, teaching you Bellingcatโs investigative techniquesโฆ
