wishing to continue writing about virus programming in the good old days, the GitHub repository is github.com/wolfcod/malwar…

We are thrilled to announce the winners of the 2024 Hex-Rays Plugin Contest! 🥇1st Place: hrtng 🥈2nd Place: aiDAPal 🥉3rd Place: idalib Rust bindings Check out our reviews of the winners and other notable submissions here: eu1.hubs.ly/H0gRDRn0 Huge thank you to all

✈️ IDA 9.1 has landed! Expanded Decompilation Support, Faster Syncs, Beefed Up Debugging, and More. Check out the release summary here: eu1.hubs.ly/H0h881m0

The malicious JS deployed by Lazarus in the ByBit hack, 0/61 on VT.

Someone has done an excellent job collecting RATs and documenting them by version. They also included images. A+ work. This is amazing (we're going to ingest this eventually) github.com/Cryakl/Ultimat…

Holy cow, this dude is cookin'. How do we hire this guy? github.com/Cryakl/Ransomw…

I updated PyClassInformer to add several new features such as auto-renaming virtual methods, detecting user-defined classes, detecting possible constructors and destructors, tree-based widget to display class-related information and so on. github.com/herosi/PyClass…

☕ ThreatLabz has discovered a new sophisticated malware threat that we have named CoffeeLoader. The malware is a loader that implements numerous stealthy techniques to evade antivirus and EDRs via call stack spoofing, sleep obfuscation, and Windows fibers. The malware is also

How to use knowledge about .NET structures and streams for writing better .NET Yara signatures. E.g. IL code patterns, method signature definitions, GUIDs, compressed length. #100DaysOfYara #GDATATechblog G DATA Global #GDATA gdatasoftware.com/blog/2025/04/3…

Autopsy of a Failed Stealer: StealC v2 When Your $3000 Malware Budget Goes to Marketing Instead of Actually Enabling the Encryption Function I did some analysis on the updated #StealC v2. The blog comes with config extractor, hunting queries and Yara rule. Let me know your

ThreatLabz has uncovered a new malware loader that we have named TransferLoader. Active since Feb 2025, TransferLoader uses advanced evasion techniques and control flow obfuscation along with a backdoor component that utilizes the InterPlanetary File System peer-to-peer platform

👮🛑Operation Endgame has once again simultaneously targeted multiple malware threat groups. One of the targets of the operation was DanaBot, which ThreatLabz has been tracking over the past 7 years. The group’s activity has included both criminal, and perhaps most interestingly,

🔥 TitanHide has been updated to support the latest VMProtect 3.9.4 changes! The service name is now used as the device name as well, so the check for \\.\TitanHide will fail if you name the service differently 🧠

Interested in learning how to build a lab VM for malware analysis and reversing? You can download a 40+ page chapter on this topic, taken from my book Evasive Malware. Get the PDF from my blog, here: 🤓 evasivemalware.com/EvasiveMalware… CC No Starch Press

We just presented our new Binary Ninja plugin for deobfuscation of Mixed Boolean Arithmetic expressions at REcon25. Check it out!

We're excited to announce a major new release of x64dbg! The main new feature is support for bitfields, enums and anonymous types, which allows all types in the Windows SDK to be represented and displayed 🔥

ThreatLabz has observed Bumblebee distributing DonutLoader embedded with StealC v2. Bumblebee config: github.com/ThreatLabz/ioc… StealC config: C2: http://nispgael[.]biz/7321a45c92764723.php Botnet ID: winmtr RC4 key: 140877183e614f06 Expiration date: 10/08/2025

Zscaler ThreatLabz revisits Raspberry Robin in our latest analysis. Recent updates include enhanced obfuscation, a shift to ChaCha-20 encryption, a randomized RC4 key seed per campaign, and a new privilege escalation exploit (CVE-2024-38196). Check out our analysis:

Comprehensive analysis of HijackLoader by Ryan Weil trellix.com/blogs/research…

Thanks to the awesome work by our team we can finally announce our official urlscan cli tool: urlscan.io/blog/2025/09/0… - Submit scans, run searches, find domains, get creative. Feel free to share your use-cases with us on X! Download on Github or homebrew.