Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Omri Segev Moyal Profile picture
Omri Segev Moyal
@GelosSnake
I used to take things apart, now I build them | CEO @proferosec | @forbes 30 under 30. Co-founder @minervalabs (Acquired by @rapid7)
Mar 28 8 tweets 3 min read
We don't know exactly how Handala got into Kash Patel's accounts. But from responding to MOIS-linked intrusions: it's rarely a zero-day.
It's credential dumps. Stealer logs. Data sitting in the open for years.
Let me show you what we found. 🧵 Searching "Kash Patel" in breach databases gets you nowhere. Lots of noise, mostly anti-us BS.
But his legal name isn't Kash Patel.
Wikipedia: Kashyap Pramod Patel
That's the search that matters. Image
Aug 13, 2025 4 tweets 1 min read
Introducing a new attack vector: AI-Induced Destruction.
After a shared volume of incident responses, we can confirm: AI coding assistants are now a legitimate threat category.

Not sci-fi. Not theoretical. Happening daily.

Thread (1/4) Image The pattern is simple:
- Dev gives vague instruction
- AI has production access
- Literal interpretation
- Catastrophic damage

Your SOC won't flag it. Your SIEM won't alert.

The attack comes from inside, from tools you authorized.
Apr 1, 2025 9 tweets 2 min read
Oracle is facing serious backlash for concealing two major breaches affecting Oracle Cloud and Oracle Health. Here’s what we know about this failure. Thread 1/8 A threat actor, "rose87168," claims they infiltrated a main login server. SSO and LDAP data was compromised, impacting over 140,000 tenants. Proof was posted on BreachForums. Oracle denies it. 2/8
Dec 10, 2021 4 tweets 1 min read
Watch out: 45[.]155[.]205[.]233 actively exploiting CVE-2021-44228 (Log4j/Shell).
Final payloads:
nspps/Kinsing
2nd/3rd/4th stage via the following IPs
44[.]240[.]146[.]137
45[.]137[.]155[.]55
185[.]154[.]53[.]140
185[.]191[.]32[.]198 http://185[.]154.53.140/mg
http://185[.]154.53.140/get
http://45[.]137.155.55/cron.sh
http://185[.]154.53.140/mg
cc @GossiTheDog
Dec 9, 2021 4 tweets 2 min read
Elderly abuse is one of the most offensive things one can do. When @N12News approached us at @ProferoSec to assist with investigation of such exploit conducted by a company called “HelpPC” we immediately said yes. The company was accused of selling un-needed software to the Elderly at costly prices. For example, @IObitSoft was sold for thousands of USD per year. In addition they were threatening their victims with computer lockdown and more.