As we navigate towards the midway-point of 2022, and despite current uncertainty over the company’s ownership, there is no doubt that Twitter remains cybersecurity’s favorite social media sharing platform. Whether you’re looking for the latest news on ransomware attacks and cybercrime, APTs and cyber war, digital forensics and incident response, malware outbreaks or reverse engineering, Twitter has it all and more.
Infosec is all about sharing knowledge, and on Twitter you’ll find our industry’s finest and brightest doing just that. So who should you be following in 2022 to stay up with current events, expand your knowledge and learn about new skills and resources? We’ve hand-picked 22 essential cybersecurity accounts for you to follow in 2022. While some you will find on our lists from previous years, there’s plenty of new, interesting and influential tweeters to discover on this year’s roster, too. Let’s check it out!
1. @KimZetter | Kim Zetter
Kim Zetter is a San Francisco-based journalist who has been writing about cybersecurity, national security and election security for over a decade. Author of a bestselling and authoritative book on Stuxnet, @KimZetter is an account where you will find the best in cybersecurity-related journalism.
“[Journalists] are not neutral chroniclers of this descent into authoritarianism… we have skin in the game. For journalism to survive, democracy must survive — the two need each other.” https://t.co/MG3yM0Zzjj
— Kim Zetter (@KimZetter) May 19, 2022
2. @maddiestone | Maddie Stone
Reverse engineer and zero-day exploit expert, Maddie Stone works as a security researcher at Google Project Zero and is a regular con speaker. Her twitter account @maddiestone is essential for anyone wanting to keep up with the latest bugs and zero-day discoveries.
✨ New RCA for CVE-2022-22675 by @natashenka!
CVE-2022-22675 is an iOS/macOS in-the-wild 0-day in AppleAVD that was patched in March #itw0dayshttps://t.co/5xNZhGHdQK
— Maddie Stone (@maddiestone) May 17, 2022
3. @cyb3rops | Florian Roth
Florian Roth is a detection engineer who is probably best known for his YARA and IOC THOR APT scanner. Florian also has a vast collection of free tools and detection utilities available on github. Florian’s feed @cyb3rops contains an unmissable mix of original and curated content focusing on the latest threats and threat detection.
If someone exploits the vulnerable F5 boxes on the mgmt port from the Internet to run ‘rm -rf /*’
Is it mostly likely
A. a threat actor trying to cause havoc
B. school kid using curl
C. unsolicited help with the decommissioning so that real TAs can’t use them to ransom the org— Florian Roth ⚡️ (@cyb3rops) May 11, 2022
4. @campuscodi | Catalin Cimpanu
Catalin has featured on our list in the past, and even though he now describes himself as an “Ex-cybersecurity reporter” after having moved to work on newsletters for podcasting outlet RiskyBiz, his Twitter feed @campuscodi is still a goldmine of curated cybersecurity news and intel that’s not to be missed.
Stack Overflow under attack: what we learned about handling DDoS attackshttps://t.co/H9bWuwqgxK pic.twitter.com/A2gFgd22Ae
— Catalin Cimpanu (@campuscodi) May 22, 2022
5. @cglyer | Christopher Glyer
Christopher is a Microsoft Threat Intelligence Center crimeware researcher, former incident responder and security architect. Follow @cglyer to stay on top of the latest malware outbreaks and developing news around ransomware and cybercrime.
The cybercrime economy has industrialized over the last 4 years since human operated ransomware burst onto the scene
Come for the @MsftSecIntel compendium of the ransomware ecosystem…stay for the hardening recommendations to help reduce your riskhttps://t.co/5OkI3b7TG3
— Christopher Glyer (@cglyer) May 11, 2022
6. @billyleonard | billy leonard
Billy Leonard is Global Head of Analysis of State Sponsored Hacking and Threats at Google Threat Analysis Group (TAG). While that sure is a lot of nouns, it all translates into @billyleonard being a Twitter account worth following if you are interested in shares of IoCs and other valuable info pertaining to the latest threat actor activity.
Updates from @Google TAG on ongoing threats in Eastern Europe from APT28 and Turla 🇷🇺, Ghostwriter🇧🇾, and Curious Gorge 🇨🇳:https://t.co/AEXIGmUVRg
A few highlights … maybe a 🧵 if you will:
— billy leonard (@billyleonard) May 3, 2022
7. @Kostastsale | Kostas
Speaking of detections, DFIRReport analyst @Kostastsale is a must-follow for anyone wanting to stay ahead of recent threat reports, detection tips and other DFIR related news. Kostas also has a collection of useful repos on Github covering YARA rules, MITRE ATT&CK navigator and Threat Intelligence playbooks.
As a defender, I read reports to stay up to date with recent threats reported by others in the industry. It also helps me generate ideas for future research, threat hunting, detection, or a deeper dive into TA’s infra.
This is what I am looking for when I read them🧵
1/11— Kostas (@Kostastsale) May 16, 2022
8. @vxunderground | vx-underground
A relatively new infosec account on Twitter, vx-underground has quickly amassed a large following of cybersecurity professionals due to a combination of entertaining yet informative tweets with breaking news and access for researchers to the latest malware samples. Malware hunters, reverse engineers and detection engineers alike will find @vxunderground a valuable addition to their daily digest.
We’ve updated the vx-underground malware sample collection. New additions:
– Nerbian RAT
– KurayStealer
– Chaos Ransomware
– CVE-2022-22954
– CrateDepression
– XorDdos
– PymafkaEnjoy the rest of your weekend.
Download: https://t.co/L3GdoH9kLl pic.twitter.com/xdHSLZVdSP
— vx-underground (@vxunderground) May 22, 2022
9. @likethecoins | Katie Nickels
Katie is Director of Intel at RedCanary, as well as a SANS Certified Instructor for FOR578: Cyber Threat Intelligence, and Senior Fellow at the Atlantic Council’s Cyber Statecraft Initiative. Katie does great work in promoting the work of others and is a great source of information for those making their way in the infosec industry, follow her at @likethecoins.
“This is the stuff that will impact people’s lives” -Eleanor Fairford from @NCSC discussing the huge impact of ransomware vs. quiet espionage activity #RansomwareTaskForce (side note: Eleanor is rocking some gold sneakers and I am here for it.) https://t.co/Q0v2qnWBpo
— Katie Nickels (@likethecoins) May 20, 2022
10. @RidT | Thomas Rid
Professor of Strategic Studies and founding director of the Alperovitch Institute for Cybersecurity Studies at Johns Hopkins University’s School of Advanced International Studies, Thomas is one of the world’s foremost experts on politcally motivated cyber attacks, disinformation and cybernetics. @RidT is an essential follow for all those interested in the juncture between cyber, politics and information.
Remarkable that the UK’s and the Estonian statements are the most professionally worded ones: because more specific, as they mention GRU, and because they use proper estimative language. https://t.co/pWj0AuQ6jshttps://t.co/aWkzlGjmJx
— Thomas Rid (@RidT) May 10, 2022
11. @theJoshMeister | Josh Long
Josh Long has been on Twitter in the macOS/OSX security space longer than pretty much anyone else, and his following of almost 130K is testament to that. As a journalist specializing in cybersecurity issues relating to Apple, Mac and digital privacy, @theJoshMeister is a must-follow for all things related to security and the Cupertino giant.
Today marks 1 entire month since #Apple released #macOS Monterey patches for 2 “actively exploited” #zeroday vulnerabilities—while leaving Big Sur & Catalina vulnerable.
If you value #security & privacy, don’t wait on @Apple. Upgrade your #Mac to Monterey.https://t.co/HzbyX9UAFs
— Josh Long (the JoshMeister) (@theJoshMeister) April 30, 2022
12. @ryanaraine | Ryan Naraine
Another veteran of last year’s list, @ryanaraine remains an essential account to follow if you are interested in hackers and the business of cybersecurity. Ryan not only retweets the best of cybersecurity and infosec news from around the Twittersphere, he also offers thoughtful and insightful observations through regular podcasts.
“If an attacker can place a relaying device within BLE signal range of a mobile phone or key fob authorized to access a Tesla Model 3 or Model Y, they can conduct a relay attack to unlock and operate the vehicle…”
New NCC Group research: https://t.co/rJPREkhq7L
— Ryan Naraine (@ryanaraine) May 16, 2022
13. @craiu | Costin Raiu
Costin Raiu is one of those infosec people from whom there is always something to learn, and if you’re not following @craiu yet, then now is the time to become one of his 37K followers! The self-described “antihacker from another planet” is director of Global Research and Analysis at Kaspersky and serves as a superb source of all things cybersecurity.
Doing code similarity at scale and with great precision is hard. Here’s a blog I wrote on this topic: Looking at Big Threats Using Code Similarity. Part 1 – https://t.co/sZvMiFhODI
— Costin Raiu (@craiu) May 5, 2022
14. @AricToler | Aric Toler
Aric Toler is Director of Training & Research at Bellingcat, where he initially began as a volunteer way back in 2014. Bellingcat is a Netherlands-based investigative journalism charity specializing in OSINT, and Aric’s Twitter account is a great place to keep up with both his and their essential output.
How it started / How it’s going https://t.co/07BsVaJ98x pic.twitter.com/O6I0oZc48H
— Aric Toler (@AricToler) May 21, 2022
15. @evacide | Eva Galperin
Eva Galperin is EFF‘s Director of Cybersecurity and co-founder of The Coalition Against Stalkerware. Always relevant and often humorous, @evacide is an infosec account not to be missed for all things related to digital privacy.
Did you know that driverless cars record their surroundings continuously and that the car companies make this data available to the police? Well, now you do. https://t.co/5GKORpzTlv
— Eva (@evacide) May 11, 2022
16. @4n6lady | Shannon Brazil
Shannon is Associate Director at Arete Incident Response and an OSINT enthusiast. Her twitter feed is followed by 35,000 others for its engaging mix of personal and techy content with an emphasis on DFIR.
IMO: You shouldn’t be creeped out about someone conducting an OSINT report on you. You should probably ask for a copy to see how much information they were able to find by just Googling you. And then purge.
— 4n6lady (@4n6lady) May 18, 2022
17. @zackwhittaker | Zack Whittaker
As security editor at TechCrunch and author of the popular this.weekinsecurity
newsletter, Zack is one of the first sources to look to for breaking cyber and infosec news. @zackwhittaker’s feed is a fantastic way to keep up with everything that’s going on in the cyber world that could affect your organization, whether it’s in the U.S. or abroad.
The latest ~this week in security~ just dropped:
• Conti calls for Costa Rica overthrow
• Cytrox spyware exploits Android zero-days
• 1.8M Texas residents’ data exposed
• ICE contractor spilled data
• DOJ’s new CFAA policy📨 https://t.co/NWlA7Y2TvAhttps://t.co/P8c1sLzRmg
— Zack Whittaker (@zackwhittaker) May 22, 2022
18. paπcake | @trufae
OK, let’s talk about reverse engineering, starting off with the underrated but hugely capable radare2 software, developed and maintained by paπcake, whose feed is worth following not only for news and updates regarding r2 and @radareorg, but for reverse engineering in general.
R2-5.7 will be out next week, and i’ve managed to pack several important changes. Stay tuned for the release notes!
— paπcake 🌱 🏴 (@trufae) May 22, 2022
19. @Fox0x01 Azeria | Maria Markstedter
ARM is becoming increasingly important for reverse engineers due its overwhelming use in Linux, iOS and now Apple’s M1 Macs. One of the best resources on the net for knowledge around ARM is Azeria Labs, aka Maria Markstedter. @Fox0x01 is an expert in ARM-based systems and is a thought leader in cybersecurity.
I’m incredibly excited to announce that I’ll be giving my first public training since the start of the pandemic! 👩🏼💻
Dates: Oct. 3rd – 5th
Arm Reverse Engineering and Exploitation (3 days) @ @objective_see in Barcelona, Spain.Registration starts May 9th:https://t.co/ieTzRfdiKg pic.twitter.com/sMNmTeZ6TV
— Azeria (@Fox0x01) May 3, 2022
20. @HostileSpectrum | HostileSpectrum
Current events as they are, many of us in cybersecurity and elsewhere are taking a keen interest in the situation in Ukraine, how it’s developing, and what the wider lessons and ramifications might be. Follow @HostileSpectrum for great commentary on cyber war and the situation in Ukraine.
Russian sanctions against dead individuals are almost certainly deliberate. They preserve options for future association to new targets, especially for manufactured pretexts to reject new diplomatic, economic, travel activities on a whim regardless of basis.
— HostileSpectrum (@HostileSpectrum) May 21, 2022
21. @GossiTheDog | Kevin Beaumont
Hugely popular and tells-it-like-it-is cybersecurity writer Kevin Beaumont says he keeps his employer’s identity secret to spare them the complaints from irate organizations. For the rest of us, @GossiTheDog is often the first to break news and always has insightful takes worth reading.
Defender for Endpoint itself uses obfuscated PowerShell scripts. https://t.co/Gw0QemAwe0
— Kevin Beaumont (@GossiTheDog) May 20, 2022
22. @juanandres_gs | J. A. Guerrero-Saade
Juan Andrés Guerrero-Saade, more popularly known as JAG-S, is Principal Threat Reseacher at SentinelLabs. JAG-S twitter feed is the first place to look for his unique insight into cyber war, espionage and nation-state threat actors as well as relevant retweets and commentary on what’s happening at the forefront of cybersecurity research and intelligence.
Today we are releasing research into a campaign we call #CrateDepression– a supply chain attack where the attacker(s) sought to exclusively infect Gitlab CI pipelines, signaling a risk of further larger-scale supply-chain attacks.https://t.co/lcCx60i88I pic.twitter.com/v3htNiKFal
— J. A. Guerrero-Saade (@juanandres_gs) May 19, 2022
Conclusion
The beauty of Twitter is its diversity and accessibility, and so naturally there’s far more out there than just these 22 accounts to keep you informed and engaged. Think we’ve missed someone essential? Ping us on Twitter and let us know (though you might find them on one of our earlier lists here, here and here). And of course, don’t forget to follow SentinelOne and SentinelLabs on Twitter, too, to keep up with the latest cybersecurity news and threat intelligence.