DevSecOpsDad

This week’s six briefs produced 30 KQL candidates across an NTLM-relay-to-Shadow-Credentials privilege chain, the WhatsApp VBScript RMM dropper, an npm postinstall implant, SharkLoader staging Cobalt Strike under the StrikeShark campaign, StealC and Amadey infostealers raiding browser credential stores, a photo-themed ZIP delivering a Node.js implant, and a fresh batch of... [Read More]

This week’s five briefs produced 20 KQL candidates across an Oracle PeopleSoft zero-day (CVE-2026-35273), evil MSI loaders, the VHDX-to-Remcos delivery chain, Dropping Elephant’s Fondue.exe side-loading, a Tor-speaking crypto clipper, the Mastra npm supply-chain compromise, an AI-agent RCE, and a pile of SSH brute force. [Read More]

Every day our Detection Engineering Brief turns fresh threat intel into deployable detection content — KQL for Microsoft Sentinel and Defender XDR, ATT&CK mappings, triage runbooks, and deployment-readiness calls. This week’s five briefs produced 21 KQL candidates across Apache ActiveMQ and Gogs RCE, a Check Point VPN zero-day (CVE-2026-50751), PAN-OS... [Read More]

Every day our Detection Engineering Brief turns fresh threat intel into deployable detection content — KQL for Microsoft Sentinel and Defender XDR, ATT&CK mappings, triage runbooks, and deployment-readiness calls. This week’s five briefs produced 23 KQL candidates across npm supply-chain attacks, NetSupport RAT, a macOS FlutterShell dropper chain, a Key... [Read More]

So what does your daily “stay current” routine actually look like? If you’re honest, it’s probably a blur—tabs open, feeds scrolling, headlines competing for attention. Cybersecurity moves fast enough that even well-run teams struggle to keep pace. So here’s a better question: what if the signal came to you, already... [Read More]