31Wedge

Source: Microsoft Security Blog

Author: Natalie Isak and Sarah Cooley

URL: https://www.microsoft.com/en-us/security/blog/2026/06/22/guarding-ai-memory/

ONE SENTENCE SUMMARY:

AI memory enables persistent personalization but expands attack surface, requiring rigorous governance, logging, boundaries, and defense-in-depth protections across systems.

MAIN POINTS:

1. Persistent memory turns AI from stateless tool into continuous learning collaborator.
2. Stored context increases attack surface beyond single-prompt compromise opportunities.
3. Agent memory holds sensitive user data requiring customer-data-grade protections.
4. Memory influences behavior and tool calls, demanding strong governance controls.
5. Asynchronous memory updates disrupt traditional human-in-the-loop safety patterns.
6. Adversaries can poison memory and trigger delayed tool execution later.
7. M365 sanitizes memory writes using prompt-injection classifiers and stripping.
8. Task Adherence checks detect tool-call misalignment with user intent.
9. Storage inherits M365 compliance: DSR, tenant isolation, Lockbox, encryption-at-rest.
10. Auditability via MemoryUpdated logs enables SOC hunting, alerts, eDiscovery, and traceability.

TAKEAWAYS:

1. Persistent memory converts transient prompt attacks into long-lived compromises.
2. Multi-turn attacker strategies require defenses beyond single-interaction guardrails.
3. Provenance and intent validation should precede any durable memory persistence.
4. Deterministic access boundaries must isolate memory across users, agents, and tenants.
5. End-to-end visibility and user controls build trustworthy, governable AI at scale.

Source: Windows Incident Response

Author: Unknown

URL: http://windowsir.blogspot.com/2026/06/timelines.html

ONE SENTENCE SUMMARY:

Timelines are foundational DFIR tools, enabling early, contextual investigation by correlating multi-source events and guiding evidence collection decisions.

MAIN POINTS:

1. Timeline analysis has been central to the author’s investigations since around 2008.
2. A custom five-field “TLN” format was developed and remains in use.
3. Prior blog series detailed tools and methods for building consistent forensic timelines.
4. Published threat reports often contain timeline information, sometimes reformatted for readability.
5. Earlier SecureWorks work showcased the same timeline format used for years.
6. Eventmap was created to tag relevant events and reduce timeline noise.
7. Events Ripper was developed to establish pivot points for deeper investigative branching.
8. Recent ransomware predeployment investigation used long-standing tools and techniques.
9. Micro-timelines and overlays combined MFT, USN journal, browser history, and more.
10. Timelines should start investigations after collection, not be a final spreadsheet task.

TAKEAWAYS:

1. Start building timelines early to steer analysis and accelerate incident understanding.
2. Standardized formats improve repeatability and communication across investigations and reports.
3. Tagging and pivoting techniques help analysts focus amid high-volume event data.
4. Overlaying diverse artifacts reveals relationships and sequences invisible in isolation.
5. Missing data sources should be documented because absence informs control effectiveness assessments.

Source: Black Hills Information Security, Inc.

Author: BHIS

URL: https://www.blackhillsinfosec.com/introducing-fusion-ai/

ONE SENTENCE SUMMARY:

Fusion AI augments external penetration testing with transparent, methodology-driven agents and human verification, lowering costs while improving coverage against AI-enabled attackers.

MAIN POINTS:

1. Market hype claims agentic red teams will replace pentesters; Fusion AI rejects that premise.
2. Offering costs about one-third of traditional external pentests, keeping humans in final control.
3. Originated from an internal challenge to build an AI-powered external testing capability.
4. Initial prototypes used Claude Code before evolving into a custom agentic investigation platform.
5. Core differentiator is embedding BHIS testing methodology, not merely automating scanner output.
6. Agents prioritize chaining medium/low/informational findings into impactful exploit paths.
7. Platform provides full transparency: commands, steps, validation evidence, and reproducibility details.
8. Motivation included adversaries adopting AI, highlighted by Anthropic’s report on Chinese actor misuse.
9. Pilot testing focused on reducing hallucinations and improving actionable output quality.
10. Real-world coverage win: detected compromised site via injected gambling links and likely exploit chain.

TAKEAWAYS:

1. Human-in-the-loop review remains essential for severity accuracy and false-positive control.
2. Methodology and institutional knowledge matter more than “AI-powered” branding.
3. Transparent audit trails help solve AI interpretability and enable reliable verification.
4. Automation can uncover tedious indicators humans often miss under tight engagement timelines.
5. Lower-cost external testing expands access for smaller organizations previously priced out.

Source: CQURE Academy

Author: Daniel

URL: https://cqureacademy.com/blog/cqure-hacks-81-the-ultimate-kql-query-toolkit-for-threat-hunters-and-security-analysts/

ONE SENTENCE SUMMARY:

Eight reusable KQL queries enable baselining, incident response, and threat hunting through traffic, auth, scanning, C2, anomalies, fingerprints, and egress monitoring.

MAIN POINTS:

1. Daily baseline query tracks volume, success rate, failures, intrusion attempts, and unique IPs.
2. Trend binning with 1-day intervals helps detect deviations like sudden intrusion spikes.
3. Incident-response query identifies top malicious IPs, timing, attack types, ports, and protocols.
4. make_set() highlights multi-technique attackers and supports rapid blocklisting and triage.
5. Failed authentication analysis uses hourly grouping and thresholds to spot brute force patterns.
6. Distinct source/target counts differentiate password spraying from targeted account attacks.
7. Port-scan detection monitors 15-minute windows, flagging hosts probing multiple ports quickly.
8. Botnet C2 hunting profiles payload percentiles and user agents to find beaconing behavior.
9. Protocol anomaly detection flags rare protocol-port combinations and scores suspicious patterns via joins.
10. User-agent and egress queries distinguish scanners from attackers and expose risky outbound communications.

TAKEAWAYS:

1. Establish normal behavior first, then investigate meaningful deviations.
2. Pivot quickly from baseline anomalies to attacker attribution and response actions.
3. Use time windows, thresholds, and uniqueness metrics to reduce noise and reveal patterns.
4. Combine behavioral profiling (payloads, user agents, protocol-port mismatches) with scoring for stealthy threats.
5. Treat these queries as a coordinated, customizable toolkit run on reliable schedules.

Source: Varonis Blog

Author: Nolan Necoechea

URL: https://www.varonis.com/blog/zero-trust-for-ai-agents

ONE SENTENCE SUMMARY:

Anthropic proposes Zero Trust for AI agents, while Varonis argues enforcement demands data-context discovery, guardrails, monitoring, governance, and testing.

MAIN POINTS:

1. Perimeter defenses fail as social engineering and stolen credentials bypass traditional controls.
2. AI accelerates attacks by scaling manipulation and increasing compromised-identity blast radius.
3. Agents bypass application controls, directly hitting databases, APIs, and data stores at machine speed.
4. Zero Trust must adapt to agents with cryptographic identity, task-scoped permissions, and protected memory.
5. Six pillars include identity, access scoping, observability, behavioral response, I/O controls, integrity recovery.
6. Agent-specific threats span prompt injection, tool poisoning, privilege abuse, memory poisoning, supply chain attacks.
7. Frontier models can chain weaknesses to create exploits in hours, compressing attacker timelines.
8. Framework defines maturity tiers and an implementation workflow, plus Agentic SOAR for rapid response.
9. Bolt-on AI controls miss the data layer, where excessive access and sensitive exposure cause damage.
10. Varonis Atlas maps to and extends the framework across discover, assess, enforce, govern, monitor, test.

TAKEAWAYS:

1. Treat agent identities as first-class principals with verifiable provenance and authorization boundaries.
2. Implement least privilege per task rather than persistent role-based permissions for autonomous systems.
3. Combine runtime guardrails with deep logging to detect tool-chaining and indirect leakage patterns.
4. Prioritize data context—classification, lineage, and exposure—so “authorized” access doesn’t equal safe access.
5. Close the loop using continuous adversarial testing feeding policies and automated response workflows.

Source: Help Net Security

Author: Sinisa Markovic

URL: https://www.helpnetsecurity.com/2026/06/08/microsoft-defender-for-endpoint-edr-updates/

ONE SENTENCE SUMMARY:

Microsoft will deliver Defender for Endpoint EDR updates via Microsoft Update, accelerating independent improvements across supported Windows versions by fall 2026.

MAIN POINTS:

1. EDR security improvements will ship independently from monthly Windows OS updates.
2. Rollout began late May 2026 for Windows 10 devices.
3. Expansion to Windows 11 and other supported Windows versions occurs later in 2026.
4. Microsoft expects deployment completion by fall 2026.
5. Microsoft Update-managed organizations require no changes to receive EDR updates.
6. Manual package deployment environments must add the new Defender update package.
7. Existing documentation and procedures should be revised to reflect the new delivery method.
8. Helpdesk and SecOps teams should be informed about updated EDR update behavior.
9. Delivery uses Microsoft Update via KB5005292 after prerequisites are installed.
10. New Defender Update Service creates %ProgramData%\Microsoft\Microsoft Defender\Defender Update on first EDR update.

TAKEAWAYS:

1. Plan prerequisites and Sense version compliance before expecting EDR updates through Microsoft Update.
2. Treat KB5005292 as the enabling mechanism once required cumulative updates exist.
3. Update orchestration processes for manual deployment to avoid missing EDR improvements.
4. Prepare operational teams for generally restart-free updates and rare failure-driven reboots.
5. Verify supported OS builds have the specified 2025-07/2025-08 cumulative updates or newer.

Source: Microsoft Defender for Endpoint Blog articles

Author: EdanZwick

URL: https://techcommunity.microsoft.com/blog/microsoftdefenderatpblog/microsoft-defender-now-monitors-rpc-activity/4523368

ONE SENTENCE SUMMARY:

Microsoft Defender now audits inbound remote RPC calls at OpNum granularity to detect, disrupt, and hunt common Windows attacks.

MAIN POINTS:

1. Remote procedure call enables invoking remote functions as if executed locally.
2. Windows and Active Directory rely heavily on RPC, making it a frequent attacker target.
3. RPC interfaces group server functionality and are identified by UUIDs.
4. OpNum uniquely identifies the specific function invoked within an RPC interface.
5. Lateral movement commonly abuses RPC for remote tasks, services, and WMI execution.
6. Credential theft includes DCSync replication abuse and remote registry-based secrets dumping.
7. Privilege escalation can involve authentication coercion through legitimate RPC interfaces.
8. Discovery tooling like SharpHound enumerates users, sessions, and shares via RPC calls.
9. Defender uses Windows Filtering Platform integration to audit remote RPC even with encrypted transports.
10. Telemetry targets inbound server-side remote RPC only; local and outbound RPC are excluded.

TAKEAWAYS:

1. OpNum-level visibility improves detection precision beyond interface-only monitoring.
2. Audit-only WFP filters provide scalable RPC telemetry without disrupting normal traffic.
3. Hunting data enables investigations of remote registry saves, service creation, and session discovery.
4. Built-in detections cover Impacket activity, secrets theft indicators, and coercion attempts.
5. Workstation RPC monitoring is GA, while server coverage is gradually rolling out.

Source: The Hacker News

Author: info@thehackernews.com (The Hacker News)

URL: https://thehackernews.com/2026/06/new-chatgpt-lockdown-mode-limits-tools.html

ONE SENTENCE SUMMARY:

OpenAI’s ChatGPT Lockdown Mode reduces prompt-injection data exfiltration risk by restricting networked tools, while adding session management controls.

MAIN POINTS:

1. Introduces optional Lockdown Mode for eligible personal accounts to mitigate prompt-injection exfiltration.
2. Targets users handling sensitive data needing stronger protection guarantees.
3. Available across Free, Go, Plus, Pro, and self-serve Business plans.
4. Limits tools connecting to web or external services to reduce outbound data leakage.
5. Builds on sandboxing and controls against URL-based exfiltration techniques.
6. Focuses on removing exfiltration pathways, not preventing prompt injections outright.
7. Leaves memory, file uploads, and conversation sharing behavior unchanged.
8. Disables or restricts browsing, images, deep research, agent mode, canvas networking, and downloads.
9. Mutually exclusive with Developer Mode; enabling one automatically disables the other.
10. Adds session review/logout feature with device, app, location, timing, and trust indicators.

TAKEAWAYS:

1. Activate Lockdown Mode when sensitive data exposure would be high impact.
2. Expect reduced functionality as a tradeoff for fewer outbound exfiltration routes.
3. Recognize residual risk from apps, capability combinations, or novel techniques.
4. Understand prompt injections can still manipulate outputs even without data theft.
5. Use new session-management tooling to detect and respond to account compromise quickly.

Source: Cyber Security News

Author: Guru Baran

URL: https://cybersecuritynews.com/hexstrike-ai-red-team-tool/

ONE SENTENCE SUMMARY:

HexStrike AI v6.0 is an MCP-based framework enabling autonomous pentesting and BOAZ evasion payloads via 127 tools.

MAIN POINTS:

1. Forked HexStrike AI v6.0 introduces MCP-driven cybersecurity automation for red team operations.
2. FastMCP server bridges LLMs with a curated offensive security toolchain.
3. Intelligent Decision Engine selects tools and executes multi-phase assessments with minimal guidance.
4. Supports Claude Desktop, Cursor, VS Code Copilot, Roo Code, partial 5ire, others.
5. Integrates BOAZ multilayer AV/EDR evasion via five dedicated MCP tools.
6. BOAZ includes 77+ process-injection loaders across syscall, stealth, memory guard, threadless, VEH/VCH, userland.
7. Provides 12 encoding schemes including AES, ChaCha20, RC4, XOR, UUID, Base45/64/58.
8. Implements bypass techniques: API unhooking, ETW patching, LLVM obfuscation with Akira/Pluto.
9. Ships 127 tools; 53 auto-installed, 74 manual due to licensing/dependencies/platform constraints.
10. Full setup needs ~24GB and 60–90 minutes, dominated by LLVM obfuscator builds.

TAKEAWAYS:

1. AI agents can compress days of manual pentest orchestration into minutes of automated workflows.
2. BOAZ integration turns scanning into an end-to-end stealth payload pipeline.
3. Operational readiness depends on significant installation effort and selective manual tool provisioning.
4. Documentation restricts use to authorized engagements, bug bounties, CTFs, and approved red teams.
5. LLM orchestration frameworks create dual-use risk by scaling offensive actions with reduced oversight.

Source: Tenable Blog

Author: Vlad Korsunsky

URL: https://www.tenable.com/blog/anthropic-claude-mythos-tenable-joins-project-glasswing

ONE SENTENCE SUMMARY:

Tenable joins Anthropic’s Project Glasswing to benchmark Claude Mythos Preview, enhancing exposure management while studying frontier AI risks, controls, and governance.

MAIN POINTS:

1. Project Glasswing collaboration evaluates Claude Mythos Preview for cybersecurity defender advantage.
2. Advanced reasoning is benchmarked for attack path analysis, exposure prioritization, and remediation.
3. Tenable aims to reduce overload from escalating findings and expanding attack surfaces.
4. Frontier AI could accelerate offensive capabilities, pressuring defensive operations soon.
5. Research will explore Mythos Preview for reinforcing analysis and strengthening Tenable’s internal security.
6. Mythos will be compared with other models to challenge assumptions and uncover risk patterns.
7. Defender differentiation depends on contextualized insights, not exclusive access to one AI model.
8. Exposure management platforms may ingest frontier-model telemetry as a new security signal source.
9. Organizations inherit risk from third-party AI they didn’t build, expanding the AI attack surface.
10. Tenable One already integrates Claude Compliance API and Claude-powered workflows via Tenable Hexa AI.

TAKEAWAYS:

1. Benchmarking frontier reasoning can materially improve prioritization and remediation decisions.
2. Preparing for widely available attacker-grade AI requires faster, coordinated enterprise remediation.
3. Combining AI signals with asset intelligence and attack paths drives better risk reduction.
4. Understanding model behaviors informs practical controls, governance, and internal security practices.
5. Partnerships like Glasswing accelerate responsible translation of AI advances into customer value.

Source: Help Net Security

Author: Anamarija Pogorelec

URL: https://www.helpnetsecurity.com/2026/06/01/microsoft-defender-exposure-score-update/

ONE SENTENCE SUMMARY:

Microsoft Defender Vulnerability Management updates exposure scoring using exploitability signals and asset context to better prioritize remediation actions.

MAIN POINTS:

1. Updated exposure score shifts focus from vulnerability severity to remediation prioritization.
2. Model combines vulnerability risk, exploitability signals, and asset context for representativeness.
3. EPSS is used to estimate 30-day exploitation likelihood for CVEs.
4. Normalized CVE data from multiple sources improves scoring consistency.
5. Device exposure reflects all vulnerabilities on a device, weighted by risk and context.
6. Remediation activities more directly reduce device exposure scores under the new model.
7. Asset context includes internet-facing status and criticality to influence prioritization.
8. Identical vulnerabilities can warrant different responses depending on affected asset exposure and business value.
9. Organization-level score is derived from individual asset scores for better environment-wide representation.
10. Asset-CVE-level remediation impact calculations improve prediction and tracking of score changes.

TAKEAWAYS:

1. Prioritization improves by emphasizing “where to fix first” rather than only “how severe.”
2. Exploitability-driven scoring helps surface vulnerabilities more likely to be exploited soon.
3. Context-aware weighting concentrates attention on high-risk, internet-exposed, or critical devices.
4. Score shifts after enabling the model require treating results as a new, non-comparable baseline.
5. Daily score updates and 24-hour remediation lag affect how quickly improvements appear in reporting.

Source: Cyber Security News

Author: Guru Baran

URL: https://cybersecuritynews.com/pentest-swarm-ai-tool/

ONE SENTENCE SUMMARY:

Pentest Swarm AI is an AGPL open-source stigmergic swarm pentesting platform coordinating tools via a shared blackboard, producing scoped reports.

MAIN POINTS:

1. Introduces an autonomous pentesting platform using swarm intelligence, not fixed multi-agent pipelines.
2. Provides coordinated access to offensive tools like nmap, nuclei, and ProjectDiscovery suite.
3. Implements stigmergy with a PostgreSQL/pgvector blackboard and pheromone-weighted findings.
4. Enables emergent attack chaining where findings automatically trigger other agents’ actions.
5. Achieves decentralization through per-agent trigger predicates, avoiding orchestrator rewrites.
6. Ships stable with multiple ProjectDiscovery tools plus fully parsed nmap XML scope validation.
7. Plans Wave 2 adapters for sqlmap, Burp MCP bridge, Metasploit, and ZAP.
8. Supports Claude, Ollama air-gapped deployments, and any OpenAI-compatible model.
9. Generates reports in Markdown, HTML, JSON, and SARIF via a dedicated report agent.
10. Enforces defense-in-depth scoping, deduplication, and CVSS v3.1 scoring for safe automation.

TAKEAWAYS:

1. Stigmergic blackboard coordination replaces centralized planners, improving adaptability and parallel discovery.
2. Emergent behaviors can form exploit chains dynamically from recon and classification signals.
3. Strict scope enforcement at tool and executor layers reduces risk in CI/CD and bug bounties.
4. Model flexibility allows cost-privacy tradeoffs, including no-GPU cloud usage or offline Ollama deployments.
5. AGPL-3.0 licensing incentivizes community contribution by requiring SaaS forks to release improvements.