Fosstodon

Opalsec :verified:I find the ShinyHunters (UNC6040/UNC6240) Salesforce Campaign really interesting, because it highlights the impact of two key threat vectors/types that - in my conversations , at least - aren't being accounted for by traditional TI teams.1. Data Theft & Extorsion Actors 2. Actors capitalising on 3rd Party Platform ApplicationsCurious to know - do your orgs track and threat model opportunistic Data Theft and Extorsion Actors, or just focus on the APTs and ransomware groups of the world?The largest ransom payment in history was $75 million to the Dark Angels Ransomware group in 2024, purportedly by pharma giant Cencora. With 27TB of corporate data stolen from the org and no mention of ransomware being deployed, the eye-watering payment was to prevent leaking/sale of the stolen data which included customer "names, addresses, dates of birth, diagnoses, prescriptions and medications."<a href="https://www.bloomberg.com/news/articles/2024-09-18/gang-got-75-million-for-cencora-hack-in-largest-known-ransom" rel="nofollow noopener" translate="no" target="_blank">https://www.bloomberg.com/news/articles/2024-09-18/gang-got-75-million-for-cencora-hack-in-largest-known-ransom</a>The group weren't well known prior to the attack, and the absence of ransomware being deployed highlights the need to prioritise the identification and protection of sensitive data and customer PII - agnostic of whatever group might seek to target it.Also, we're all aware of Malicious OAuth applications in o365, but are your orgs aware of; monitoring, and locking down 3rd party platform integrations?For those unaware of the campaign, here's the AI-generated TLDR of a Google report in the activity: <a href="Https://cloud.google.com/blog/topics/threat-intelligence/voice-phishing-data-extortion" rel="nofollow noopener" translate="no" target="_blank">Https://cloud.google.com/blog/topics/threat-intelligence/voice-phishing-data-extortion</a>Threat Summary: UNC6040/ShinyHunters Voice Phishing and Data Extortion CampaignKey Points & Technical Summary:A financially motivated threat cluster, tracked by Google as UNC6040, has been conducting a widespread campaign targeting organizations' Salesforce CRM instances. The campaign's primary objective is large-scale data theft for the purpose of extortion, which is carried out by a related cluster, UNC6240. This group often uses the moniker ShinyHunters in their communications with victims.The core of the attack vector is a sophisticated voice phishing (vishing) campaign. The threat actors impersonate corporate IT support personnel in phone calls to employees of the targeted organization. The primary technical steps of the attack are as follows: * Social Engineering: The actor guides the targeted employee to Salesforce's connected app setup page. * Malicious App Authorization: The employee is convinced to authorize a malicious version of the "Data Loader" application. This is done by having the employee enter a connection code provided by the attacker, which links the attacker-controlled application to the victim's Salesforce environment. * Data Exfiltration: Once the malicious app is authorized, UNC6040 gains significant API access, allowing them to query and exfiltrate sensitive data from the Salesforce instance. While initially leveraging modified versions of the Salesforce Data Loader, the group has evolved its tooling to include custom Python-based scripts for data extraction. * Anonymization: The attackers utilize services like Mullvad VPN and TOR exit nodes to initiate the vishing calls and for data exfiltration, complicating attribution and tracking efforts. * Extortion: Following the data theft, UNC6240 initiates contact with the victim organization, demanding a ransom payment in Bitcoin, typically within a 72-hour timeframe, to prevent the public release of the stolen data. The group is also reportedly preparing to launch a dedicated data leak site to increase pressure on victims.Additional Context & Related ActivityActivity Cluster:The activity is attributed to the cluster pair UNC6040 (initial access and data theft) and UNC6240 (extortion). This group leverages the reputation of the well-known ShinyHunters extortion group to intimidate victims. The cluster is financially motivated and has demonstrated a growing sophistication in its social engineering tactics and technical tooling.Other Compromises & Targets:This campaign has impacted numerous high-profile organizations across various sectors. Besides Google, other publicly confirmed victims of this campaign include: * Cisco * Chanel * AdidasThe targeting appears to be opportunistic, focusing on multinational corporations that are heavy users of Salesforce CRM. There has been an initial focus on English-speaking employees.Techniques & TTPs:Beyond the core vishing-to-malicious-app-authorization chain, other observed Tactics, Techniques, and Procedures (TTPs) include: * Credential Targeting: In some cases, the actors have targeted Okta credentials, likely obtained through prior infostealer malware infections or separate phishing campaigns. * Lateral Movement: Using compromised credentials, the actors have been observed moving laterally within victim networks to access and exfiltrate data from other systems, including Microsoft 365. * Reconnaissance: The group conducts thorough reconnaissance to craft convincing narratives, identifying internal application names and IT support procedures to make their vishing calls more credible.Timeline: * June 4, 2025: Google's Threat Intelligence Group (GTIG) first publishes a warning about the rise in vishing and extortion activity targeting Salesforce customers, designating the threat actor as UNC6040. * June 2025: Google becomes a victim of the same campaign, with one of its own corporate Salesforce instances being breached. The compromised data was related to small and medium-sized business contacts. * July 24, 2025: Cisco identifies a similar breach of its CRM system resulting from a vishing attack. * Early August 2025: Google, Cisco, and other victims publicly disclose the breaches. Google updates its original blog post to include the fact that it was also a victim. Extortion demands from UNC6240/ShinyHunters follow these disclosures.<a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://infosec.exchange/tags/ThreatIntelligence" class="mention hashtag" rel="nofollow noopener" target="_blank">#ThreatIntelligence</a> <a href="https://infosec.exchange/tags/ShinyHunters" class="mention hashtag" rel="nofollow noopener" target="_blank">#ShinyHunters</a> <a href="https://infosec.exchange/tags/DataExtortion" class="mention hashtag" rel="nofollow noopener" target="_blank">#DataExtortion</a> <a href="https://infosec.exchange/tags/SalesforceSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#SalesforceSecurity</a> <a href="https://infosec.exchange/tags/Vishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#Vishing</a> <a href="https://infosec.exchange/tags/ThirdPartyRisk" class="mention hashtag" rel="nofollow noopener" target="_blank">#ThirdPartyRisk</a> <a href="https://infosec.exchange/tags/ThreatModeling" class="mention hashtag" rel="nofollow noopener" target="_blank">#ThreatModeling</a> <a href="https://infosec.exchange/tags/IncidentResponse" class="mention hashtag" rel="nofollow noopener" target="_blank">#IncidentResponse</a> <a href="https://infosec.exchange/tags/UNC6040" class="mention hashtag" rel="nofollow noopener" target="_blank">#UNC6040</a> <a href="https://infosec.exchange/tags/UNC6240" class="mention hashtag" rel="nofollow noopener" target="_blank">#UNC6240</a> <a href="https://infosec.exchange/tags/Ransomware" class="mention hashtag" rel="nofollow noopener" target="_blank">#Ransomware</a> <a href="https://infosec.exchange/tags/Salesforce" class="mention hashtag" rel="nofollow noopener" target="_blank">#Salesforce</a> <a href="https://infosec.exchange/tags/InformationSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#InformationSecurity</a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#Infosec</a> <a href="https://infosec.exchange/tags/Cybersec" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cybersec</a> <a href="https://infosec.exchange/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener" target="_blank">#ThreatIntel</a> <a href="https://infosec.exchange/tags/Cisco" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cisco</a> <a href="https://infosec.exchange/tags/Google" class="mention hashtag" rel="nofollow noopener" target="_blank">#Google</a> <a href="https://infosec.exchange/tags/CyberAttack" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberAttack</a>

Tanya Janca | SheHacksPurple :verified: :verified:With 25+ presentations to choose from, I cover everything from <a href="https://infosec.exchange/tags/securecoding" class="mention hashtag" rel="nofollow noopener" target="_blank">#securecoding</a> and <a href="https://infosec.exchange/tags/threatmodeling" class="mention hashtag" rel="nofollow noopener" target="_blank">#threatmodeling</a> to AI risks and <a href="https://infosec.exchange/tags/AppSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#AppSec</a>—always with humor, clarity, and actionable takeaways.💡 These aren’t just talks—they’re lessons your team will remember.<a href="https://twp.ai/9PUvTW" rel="nofollow noopener" translate="no" target="_blank">https://twp.ai/9PUvTW</a>2/3

WieErWill"Security by Design" heißt: nicht nachrüsten, sondern vorplanen. Threat Modeling ist kein Extra - es gehört zum Fundament robuster Software.📖 Gelernt aus "Threat Modeling" von Adam Shostack<a href="https://chaos.social/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#Security</a> <a href="https://chaos.social/tags/ThreatModeling" class="mention hashtag" rel="nofollow noopener" target="_blank">#ThreatModeling</a> <a href="https://chaos.social/tags/SoftwareDesign" class="mention hashtag" rel="nofollow noopener" target="_blank">#SoftwareDesign</a>

Marco Ciappelli🎙️✨:verified: :donor:🎯 FINAL Pre-Event Interview Alert! Next Stop: Las Vegas!This is it—our last <a href="https://infosec.exchange/tags/BlackHat" class="mention hashtag" rel="nofollow noopener" target="_blank">#BlackHat</a> USA 2025 conversation before we hit the road to Vegas (and who knows, maybe we'll broadcast from a desert pit stop along the way! 🚗)But what a way to close out our pre-event coverage...When Constitutional Law Meets <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cybersecurity</a>: A Critical Conversation We All Need to HearWhat happens when we stop seeing government surveillance as a necessary evil and start recognizing it as a primary threat to privacy?Jennifer Granick, ACLU's Surveillance and Cybersecurity Counsel, challenges us to rethink everything we assume about digital <a href="https://infosec.exchange/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#privacy</a> in her upcoming <a href="https://infosec.exchange/tags/BlackHatUSA" class="mention hashtag" rel="nofollow noopener" target="_blank">#BlackHatUSA</a> 2025 keynote.In this preview conversation with Marco Ciappelli, Jennifer makes a compelling case:✅ The Fourth Amendment hasn't kept pace with technology ✅ Legal reform is too slow—so technologists must lead ✅ Privacy isn't just a legal problem—it's a design challenge ✅ We need a new <a href="https://infosec.exchange/tags/threatmodel" class="mention hashtag" rel="nofollow noopener" target="_blank">#threatmodel</a> that puts unchecked surveillance at the centerFrom defending hackers since <a href="https://infosec.exchange/tags/DEFCON" class="mention hashtag" rel="nofollow noopener" target="_blank">#DEFCON</a> 3 to fighting surveillance overreach at the ACLU, Jennifer brings decades of frontline experience to this critical discussion.The key takeaway? While lawmakers debate, engineers and designers hold the power to protect civil liberties through encryption, data minimization, and privacy-first architecture.This isn't just another privacy talk—it's a call to action for every technologist, policymaker, and privacy advocate.🎥 Watch: <a href="https://youtu.be/dPCvsBqu6Uc" rel="nofollow noopener" translate="no" target="_blank">https://youtu.be/dPCvsBqu6Uc</a>🎧 Listen: <a href="https://itspmagazine.simplecast.com/episodes/from-hacker-defense-to-civil-liberties-threat-modeling-meets-constitutional-law-a-black-hat-usa-2025-keynote-conversation-with-jennifer-granick-on-location-coverage-with-sean-martin-and-marco-ciappelli" rel="nofollow noopener" translate="no" target="_blank">https://itspmagazine.simplecast.com/episodes/from-hacker-defense-to-civil-liberties-threat-modeling-meets-constitutional-law-a-black-hat-usa-2025-keynote-conversation-with-jennifer-granick-on-location-coverage-with-sean-martin-and-marco-ciappelli</a>📍 Follow our complete Black Hat USA 2025 coverage: <a href="https://www.itspmagazine.com/bhusa25" rel="nofollow noopener" translate="no" target="_blank">https://www.itspmagazine.com/bhusa25</a>See you in Vegas! 🎰 Feeling lucky, Sean Martin, CISSP?<a href="https://infosec.exchange/tags/BlackHatUSA" class="mention hashtag" rel="nofollow noopener" target="_blank">#BlackHatUSA</a> <a href="https://infosec.exchange/tags/Privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#Privacy</a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cybersecurity</a> <a href="https://infosec.exchange/tags/CivilLiberties" class="mention hashtag" rel="nofollow noopener" target="_blank">#CivilLiberties</a> <a href="https://infosec.exchange/tags/Surveillance" class="mention hashtag" rel="nofollow noopener" target="_blank">#Surveillance</a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfoSec</a> <a href="https://infosec.exchange/tags/BHUSA25" class="mention hashtag" rel="nofollow noopener" target="_blank">#BHUSA25</a> <a href="https://infosec.exchange/tags/ThreatModeling" class="mention hashtag" rel="nofollow noopener" target="_blank">#ThreatModeling</a> <a href="https://infosec.exchange/tags/ACLU" class="mention hashtag" rel="nofollow noopener" target="_blank">#ACLU</a> <a href="https://infosec.exchange/tags/PrivacyByDesign" class="mention hashtag" rel="nofollow noopener" target="_blank">#PrivacyByDesign</a>

Jay Thoden van Velzen ☁️🛡️:lolsob:The 'R' in STRIDE threat modeling was always a bit undervalued. Important, yes, but as long as you logged all the things and had a transaction record you' were good.But in agentic AI, (non-)repudiation becomes far more important. Not only to trace what agents do, but also to ensure that agents act according to the wishes, expectations and instructions of their human operators, and that buyers and sellers agree on what happened.From being important, but not particularly complex, Repudiation is now a full first class citizen among Spoofing, Tampering, Information Disclosure, Denial of Service and Elevation of Privileges<a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/threatmodeling" class="mention hashtag" rel="nofollow noopener" target="_blank">#threatmodeling</a> <a href="https://infosec.exchange/tags/agenticai" class="mention hashtag" rel="nofollow noopener" target="_blank">#agenticai</a>

DeepSec Conference ☑DeepSec 2025 Training: Becoming the Godfather of Threat Modeling – Mike van der BijlIn the world of cybersecurity, there is always a threat lurking. Waiting in the shadows for the perfect moment to strike. You can sit back and relax and hope for the best and react when it’s to<a href="https://blog.deepsec.net/deepsec-2025-training-becoming-the-godfather-of-threat-modeling-mike-van-der-bijl/" rel="nofollow noopener" translate="no" target="_blank">https://blog.deepsec.net/deepsec-2025-training-becoming-the-godfather-of-threat-modeling-mike-van-der-bijl/</a><a href="https://social.tchncs.de/tags/Conference" class="mention hashtag" rel="nofollow noopener" target="_blank">#Conference</a> <a href="https://social.tchncs.de/tags/Agile" class="mention hashtag" rel="nofollow noopener" target="_blank">#Agile</a> <a href="https://social.tchncs.de/tags/CICDPipelines" class="mention hashtag" rel="nofollow noopener" target="_blank">#CICDPipelines</a> <a href="https://social.tchncs.de/tags/crossfunctional" class="mention hashtag" rel="nofollow noopener" target="_blank">#crossfunctional</a> <a href="https://social.tchncs.de/tags/DeepSec2025" class="mention hashtag" rel="nofollow noopener" target="_blank">#DeepSec2025</a> <a href="https://social.tchncs.de/tags/DevOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#DevOps</a> <a href="https://social.tchncs.de/tags/ThreatModeling" class="mention hashtag" rel="nofollow noopener" target="_blank">#ThreatModeling</a> <a href="https://social.tchncs.de/tags/Training" class="mention hashtag" rel="nofollow noopener" target="_blank">#Training</a>

Tanya Janca | SheHacksPurple :verified: :verified:I interviewed Kim Wuyts for a <a href="https://infosec.exchange/tags/Semgrep" class="mention hashtag" rel="nofollow noopener" target="_blank">#Semgrep</a> fireside chat called Privacy by Design: Making Threat Modeling Work for Data Protection, and it was super fun!Watch us here: <a href="https://twp.ai/4ipiK6" rel="nofollow noopener" translate="no" target="_blank">https://twp.ai/4ipiK6</a>@KimWuyts <a href="https://infosec.exchange/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#privacy</a> <a href="https://infosec.exchange/tags/threatmodeling" class="mention hashtag" rel="nofollow noopener" target="_blank">#threatmodeling</a>

OWASP FoundationLevel up your skills with one of our 2-Day Training Sessions at OWASP Global AppSec USA 2025!🚨 REGISTER: <a href="https://owasp.glueup.com/event/131624/register/" rel="nofollow noopener" translate="no" target="_blank">https://owasp.glueup.com/event/131624/register/</a>Choose from two powerhouse training sessions, Nov 4–5 in Washington, D.C.:Whiteboard Hacking with Robert Hurlbut: Hands-on threat modeling led by industry prosAttacking AI with Jason Haddix: Explore the offensive side of AI security<a href="https://infosec.exchange/tags/OWASP" class="mention hashtag" rel="nofollow noopener" target="_blank">#OWASP</a> <a href="https://infosec.exchange/tags/CyberSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSec</a> <a href="https://infosec.exchange/tags/AppSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#AppSec</a> <a href="https://infosec.exchange/tags/DevSecOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#DevSecOps</a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#Infosec</a> <a href="https://infosec.exchange/tags/ThreatModeling" class="mention hashtag" rel="nofollow noopener" target="_blank">#ThreatModeling</a> <a href="https://infosec.exchange/tags/AISecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#AISecurity</a> <a href="https://infosec.exchange/tags/WashingtonDC" class="mention hashtag" rel="nofollow noopener" target="_blank">#WashingtonDC</a>

OWASP FoundationOWASP Global AppSec USA 2025 is coming to Washington, D.C. Nov 3–7!Join 800+ security pros for hands-on trainings, top-tier keynotes, CTFs, and real-world insights across 6 dynamic tracks.Connect, learn, and level up in the heart of AppSec innovation.Training: Nov 3–5 | Conference: Nov 6–7📍 Register now: <a href="https://owasp.glueup.com/event/131624/register/" rel="nofollow noopener" translate="no" target="_blank">https://owasp.glueup.com/event/131624/register/</a><a href="https://infosec.exchange/tags/OWASP" class="mention hashtag" rel="nofollow noopener" target="_blank">#OWASP</a> <a href="https://infosec.exchange/tags/CyberSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSec</a> <a href="https://infosec.exchange/tags/AppSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#AppSec</a> <a href="https://infosec.exchange/tags/DevSecOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#DevSecOps</a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#Infosec</a> <a href="https://infosec.exchange/tags/ThreatModeling" class="mention hashtag" rel="nofollow noopener" target="_blank">#ThreatModeling</a> <a href="https://infosec.exchange/tags/AISecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#AISecurity</a> <a href="https://infosec.exchange/tags/WashingtonDC" class="mention hashtag" rel="nofollow noopener" target="_blank">#WashingtonDC</a>

OWASP FoundationWe’re thrilled to welcome two of the industry’s most respected voices to the keynote lineup this November in Washington, D.C.:📍 Daniel Miessler – AI & Security Researcher, Entrepreneur, and Founder of Unsupervised Learning.📍 Adam Shostack – Renowned threat modeling expert, consultant, and author at Shostack & Associates.🎟️ Register now: <a href="https://owasp.glueup.com/event/131624/register/" rel="nofollow noopener" translate="no" target="_blank">https://owasp.glueup.com/event/131624/register/</a><a href="https://infosec.exchange/tags/OWASP" class="mention hashtag" rel="nofollow noopener" target="_blank">#OWASP</a> <a href="https://infosec.exchange/tags/CyberSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSec</a> <a href="https://infosec.exchange/tags/AppSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#AppSec</a> <a href="https://infosec.exchange/tags/DevSecOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#DevSecOps</a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#Infosec</a> <a href="https://infosec.exchange/tags/ThreatModeling" class="mention hashtag" rel="nofollow noopener" target="_blank">#ThreatModeling</a> <a href="https://infosec.exchange/tags/AISecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#AISecurity</a> <a href="https://infosec.exchange/tags/WashingtonDC" class="mention hashtag" rel="nofollow noopener" target="_blank">#WashingtonDC</a>

DCNTTMDC's Next Top Threat Model is back for <a href="https://defcon.social/@defcon" class="u-url mention" rel="nofollow noopener" target="_blank">@defcon</a> 33!! Visit <a href="https://threatmodel.us" rel="nofollow noopener" translate="no" target="_blank">https://threatmodel.us</a> for more details.<a href="https://defcon.social/tags/DEFCON" class="mention hashtag" rel="nofollow noopener" target="_blank">#DEFCON</a> <a href="https://defcon.social/tags/DEFCON33" class="mention hashtag" rel="nofollow noopener" target="_blank">#DEFCON33</a> <a href="https://defcon.social/tags/appsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#appsec</a> <a href="https://defcon.social/tags/threatmodeling" class="mention hashtag" rel="nofollow noopener" target="_blank">#threatmodeling</a> <a href="https://defcon.social/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#security</a>

OWASP Foundation🚨 Only have one day to train? Make it count.Join us on at OWASP Global AppSec USA 2025 in Washington, D.C. for a full day of expert-led, hands-on security training.🎯 Whether you're a builder, breaker, defender, or manager, there's a course to help you go deeper.🔗 Register: <a href="https://owasp.glueup.com/event/131624/register/" rel="nofollow noopener" translate="no" target="_blank">https://owasp.glueup.com/event/131624/register/</a><a href="https://infosec.exchange/tags/OWASP" class="mention hashtag" rel="nofollow noopener" target="_blank">#OWASP</a> <a href="https://infosec.exchange/tags/AppSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#AppSec</a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://infosec.exchange/tags/InfosecTraining" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfosecTraining</a> <a href="https://infosec.exchange/tags/AIsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#AIsecurity</a> <a href="https://infosec.exchange/tags/ThreatModeling" class="mention hashtag" rel="nofollow noopener" target="_blank">#ThreatModeling</a> <a href="https://infosec.exchange/tags/DevSecOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#DevSecOps</a> <a href="https://infosec.exchange/tags/OWASP2025" class="mention hashtag" rel="nofollow noopener" target="_blank">#OWASP2025</a> <a href="https://infosec.exchange/tags/WashingtonDC" class="mention hashtag" rel="nofollow noopener" target="_blank">#WashingtonDC</a> <a href="https://infosec.exchange/tags/SecurityTraining" class="mention hashtag" rel="nofollow noopener" target="_blank">#SecurityTraining</a> <a href="https://infosec.exchange/tags/PrivacySecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#PrivacySecurity</a>

Tanya Janca | SheHacksPurple :verified: :verified:With 25+ presentations to choose from, I cover everything from <a href="https://infosec.exchange/tags/securecoding" class="mention hashtag" rel="nofollow noopener" target="_blank">#securecoding</a> and <a href="https://infosec.exchange/tags/threatmodeling" class="mention hashtag" rel="nofollow noopener" target="_blank">#threatmodeling</a> to AI risks and <a href="https://infosec.exchange/tags/AppSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#AppSec</a>—always with humor, clarity, and actionable takeaways.💡 These aren’t just talks—they’re lessons your team will remember.<a href="https://twp.ai/9PTSLx" rel="nofollow noopener" translate="no" target="_blank">https://twp.ai/9PTSLx</a>2/3

Tanya Janca | SheHacksPurple :verified: :verified:I interviewed Kim Wuyts for a <a href="https://infosec.exchange/tags/Semgrep" class="mention hashtag" rel="nofollow noopener" target="_blank">#Semgrep</a> fireside chat called Privacy by Design: Making Threat Modeling Work for Data Protection, and it was super fun!Watch us here: <a href="https://twp.ai/4inxqU" rel="nofollow noopener" translate="no" target="_blank">https://twp.ai/4inxqU</a>@KimWuyts <a href="https://infosec.exchange/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#privacy</a> <a href="https://infosec.exchange/tags/threatmodeling" class="mention hashtag" rel="nofollow noopener" target="_blank">#threatmodeling</a>

OWASP FoundationJoin renowned expert Adam Shostack for a 3-day Threat Modeling Intensive, Nov 3–5, at OWASP Global AppSec USA 2025.You’ll sharpen core threat modeling skills, then dive into how AI can support (and sometimes confuse) the process. Learn to evaluate what AI tools get right—and wrong—and how to integrate them responsibly into your security workflows.👉 REGISTER: <a href="https://owasp.glueup.com/event/131624/register/" rel="nofollow noopener" translate="no" target="_blank">https://owasp.glueup.com/event/131624/register/</a><a href="https://infosec.exchange/tags/OWASPAppSecUSA2025" class="mention hashtag" rel="nofollow noopener" target="_blank">#OWASPAppSecUSA2025</a> <a href="https://infosec.exchange/tags/ThreatModeling" class="mention hashtag" rel="nofollow noopener" target="_blank">#ThreatModeling</a> <a href="https://infosec.exchange/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#AI</a> <a href="https://infosec.exchange/tags/CyberSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSec</a> <a href="https://infosec.exchange/tags/AppSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#AppSec</a> <a href="https://infosec.exchange/tags/WashingtonDC" class="mention hashtag" rel="nofollow noopener" target="_blank">#WashingtonDC</a>

OWASP FoundationJoin Robert Hurlbut for AI Whiteboard Hacking, a 2-day hands-on threat modeling training, happening Nov 4–5 at OWASP Global AppSec USA 2025.📍 Register: <a href="https://owasp.glueup.com/event/131624/register/" rel="nofollow noopener" translate="no" target="_blank">https://owasp.glueup.com/event/131624/register/</a>Explore real-world AI threats like prompt injection and data poisoning and learn how to design secure AI systems using the proven DICE methodology.<a href="https://infosec.exchange/tags/ThreatModeling" class="mention hashtag" rel="nofollow noopener" target="_blank">#ThreatModeling</a> <a href="https://infosec.exchange/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#AI</a> <a href="https://infosec.exchange/tags/AppSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#AppSec</a> <a href="https://infosec.exchange/tags/CyberSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSec</a> <a href="https://infosec.exchange/tags/AIsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#AIsecurity</a> <a href="https://infosec.exchange/tags/WashingtonDC" class="mention hashtag" rel="nofollow noopener" target="_blank">#WashingtonDC</a>

Tanya Janca | SheHacksPurple :verified: :verified:With 25+ presentations to choose from, I cover everything from <a href="https://infosec.exchange/tags/securecoding" class="mention hashtag" rel="nofollow noopener" target="_blank">#securecoding</a> and <a href="https://infosec.exchange/tags/threatmodeling" class="mention hashtag" rel="nofollow noopener" target="_blank">#threatmodeling</a> to AI risks and <a href="https://infosec.exchange/tags/AppSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#AppSec</a>—always with humor, clarity, and actionable takeaways.💡 These aren’t just talks—they’re lessons your team will remember.<a href="https://twp.ai/9PTsIv" rel="nofollow noopener" translate="no" target="_blank">https://twp.ai/9PTsIv</a>2/3

Tanya Janca | SheHacksPurple :verified: :verified:I interviewed Kim Wuyts for a <a href="https://infosec.exchange/tags/Semgrep" class="mention hashtag" rel="nofollow noopener" target="_blank">#Semgrep</a> fireside chat called Privacy by Design: Making Threat Modeling Work for Data Protection, and it was super fun!Watch us here: <a href="https://twp.ai/4io15f" rel="nofollow noopener" translate="no" target="_blank">https://twp.ai/4io15f</a>@KimWuyts <a href="https://infosec.exchange/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#privacy</a> <a href="https://infosec.exchange/tags/threatmodeling" class="mention hashtag" rel="nofollow noopener" target="_blank">#threatmodeling</a>

OWASP Germany Chapter :verified:OWASP <a href="https://infosec.exchange/tags/Hamburg" class="mention hashtag" rel="nofollow noopener" target="_blank">#Hamburg</a> sports a double <a href="https://infosec.exchange/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#AI</a> Feature for its 15 year anniversary 🎂🎉 on July 16th* Niklas Bunzel: AI Security & Privacy: From Prompt Injection to Multimodal Evasion (on site) *: Susanna Cox: Threat Modeling AI: Beyond the Hype and Theater to Proactive Security (remote)Details: <a href="https://www.meetup.com/owasp-hamburg-stammtisch/events/308558262/" rel="nofollow noopener" translate="no" target="_blank">https://www.meetup.com/owasp-hamburg-stammtisch/events/308558262/</a><a href="https://infosec.exchange/tags/AiResearch" class="mention hashtag" rel="nofollow noopener" target="_blank">#AiResearch</a> <a href="https://infosec.exchange/tags/threatmodeling" class="mention hashtag" rel="nofollow noopener" target="_blank">#threatmodeling</a>

Michael JenkinsWe should probably all think about the intersection of <a href="https://floss.social/tags/facialrecognition" class="mention hashtag" rel="nofollow noopener" target="_blank">#facialrecognition</a>, <a href="https://floss.social/tags/datingapps" class="mention hashtag" rel="nofollow noopener" target="_blank">#datingapps</a>, and our current <a href="https://floss.social/tags/threatmodeling" class="mention hashtag" rel="nofollow noopener" target="_blank">#threatmodeling</a> and make some hard choices. Serious question, are there <a href="https://floss.social/tags/fediverse" class="mention hashtag" rel="nofollow noopener" target="_blank">#fediverse</a> dating apps?<a href="https://www.cbsnews.com/news/california-tinder-dating-app-facial-recognition/" rel="nofollow noopener" translate="no" target="_blank">https://www.cbsnews.com/news/california-tinder-dating-app-facial-recognition/</a>

Recent searches

Search options

Administered by:

Server stats:

#threatmodeling