Huntress

Your kid's first-day-of-school photo is a data goldmine for the wrong people. Name. Grade. Height. Weight. Favorite food. Parents post it every year, and attackers read it like a profile. Caitlin Sarian breaks down the details we're all giving away without realizing it, and how to share online without handing over the information that matters.

This candidate showed up to a Huntress job interview, but he didn't match his LinkedIn photo. Turns out he used a stranger's profile to apply. It's catfishing used as a job application strategy, and if the recruiter doesn't do their research, it works. Even wilder? The person whose creds were ripped off had no idea. Truman Kain and Caitlin Sarian broke this down in the latest episode of _declassified. Has your company ever caught something like this?

🔴 We're LIVE. _declassified Episode 2: Unfriendly Followers: The Black Market For Your Identity Truman Kain and Caitlin Sarian are breaking down exactly how attackers use your social profiles as intel and what you can do about it. Tune in: https://okt.to/j6t2bY

The ChatGPT conversation was real, but the advice inside it was from a hacker. Here's how the attack works. You search something normal like "how to free up disk space on Mac." Google surfaces a ChatGPT conversation with step-by-step instructions. It's on the actual ChatGPT website and looks completely legit. The instructions tell you to open Terminal, paste a command, and enter your password. You do it. Because why wouldn't you? And just like that, you've handed over access to your machine. The attacker created a shared conversation designed to rank in Google and target the exact workflow you'd trust. One rule that will save you: If any website tells you to paste something into Terminal, close the tab.

The next attack on your organization might start with a profile update. Open-source intelligence gathering, or OSINT, is how social engineers turn your public information into an attack path. There’s no need to breach an entire organization when one person’s digital footprint will do. Tomorrow, we’re pulling back the curtain on the black market for your identity. 🗓️ May 20 | 12:00 PM EDT | 5:00 PM BST Last chance to register for _declassified Episode 2: https://okt.to/V058iY

One million people now know what a threat actually looks like. That’s one million people who can spot a phish, recognize a sus link, and trust their gut when something feels off. Good security shouldn’t come with a bank-breaking price tag. 10,000 partners and 250,000 customers are proof that's possible. Thanks for building with us. Now let's wreck some hackers! 💪

Here's the checklist we go through to make sure we've got our $h!t together. Most incidents start when the basics get overlooked: Weak identity hygiene. Overprivileged access. Exposed remote access. Unpatched endpoints. Huntress sees the same controls abused over and over across millions of endpoints. So we built a spring cleaning checklist around the stuff attackers actually go after: → Replace SMS & OTP with passkeys. → Close exposed RDP ports. → Lock down MFA resets. → Flag suspicious sign-ins with ITDR. → Train users beyond "don't click links." → Practice your incident response before you need it. See how you can stop cybersecurity oversights from becoming incidents: https://okt.to/XQnqKH

DPRK. Crypto theft. Deepfakes. Not a Hollywood plot. This is what cybercrime looks like in 2026. Nation-state threat actors aren't just blasting phishing emails and hoping someone clicks. They're building: - Convincing social engineering workflows - Fake plugins to establish trust - Deepfake "executives" to close the deal But these techniques aren't limited to nation-state groups. Variations of the same trust-based tactics are showing up everywhere, targeting everyday people through social media, job offers, and online relationships. On the next Huntress _declassified, we're breaking down how attackers weaponize trust, social engineering, and even your social profiles to build a path in. Save your spot for Episode 2 on Wednesday, May 20: https://okt.to/ZFBLDW

Your team's LinkedIn posts may be a cybercriminal's next target... Job titles. Reporting structure. Photos showing employee badges. It's all public. And it's all useful to a social engineer. This week, Jai M.'s sitting down with Truman Kain and Caitlin Sarian, a.k.a. Cybersecurity Girl and former Global Lead of Cybersecurity Advocacy at TikTok, to show exactly how attackers build your file. Save your seat for _declassified Episode 2: https://okt.to/eax6iy

The EvilTokens investigation had a lot of moving parts. Casey S. is unpacking all of it at SLEUTHCON, June 5. Back in March, Railway showed up on our radar. It's a phishing-as-a-service operation built to steal tokens and get past MFA. Piecing together the full story wasn't something any one team could do alone. A big part of what Casey is bringing to Sleuthcon is the cross-industry collaboration that made this investigation possible. Casey is a Staff Threat Intelligence Analyst on our Adversary Tactics team with a focus on identity-based attacks. This one's been squarely in his lane. If you're heading to Sleuthcon on June 5, let us know.