🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

Thanks for the report Arctic Wolf! Further connected infrastructure based on upstream traffic patterns: 2.56.127.158 - cypowertech[.]org 94.131.108.94 - techzcore[.]org (recent & potentially live campaign) All four IPs in the attached image were suspended THE.Hosting 🐉🤝🤖

What % of the 128 do we estimate these being DPRK 🇰🇵 IT workers 😆

Resharing this useful catalog of various EDR products "shell" and response functionalities by Chris Beckett related to the Thread discussion below 👇 github.com/cbecks2/edr-ar…

EDR-on-EDR Violence 1/🧵 Will called out that EDR products were being abused by threat actors. Ezra Woods & I realized a free trial of an attacker controlled EDR can be used to kill the existing EDR. spencer mRr3b00t JS0N Haddix github.com/CroodSolutions…

Detections engineers, threat hunters, you should be putting controls in place for ‘Bring-Your-Own-EDR (BYOEDR)’ style attacks

Meet us at BSides Bournemouth on August 16 where our own Jake S will deliver an interactive workshop called 'Captain Hook’s urlscan Bootcamp'. Learn how to hunt phishing on urlscan.io: urlscan.io/blog/2025/07/2…

🧵3/ A more detailed write-up w/ Ezra Woods on BYOEDR, as Will aptly named this vector. medium.com/@mikemanrod/ed…

New Nodejs Bot source code advertised on the cybercrime underground 🕵🏻‍♂️ ☣️ Advertised Malware Capabilities: - Screenshot - Reverse shell (PS + AMSI bypass) - Reverse socks (WebSocket / SSH) - Reverse SSH - Run binary (EXE from disk / memory / ZIP / MSI) - Keylogger - UAC bypass

Microsoft Threat Intelligence has uncovered a cyberespionage campaign by the Russian state actor we track as Secret Blizzard targeting embassies in Moscow using an adversary-in-the-middle (AiTM) position to deploy their custom ApolloShadow malware. msft.it/6019sJm1F

Was enlightened today that TEAM CYMRU has a nice whois server that anyone can use. Use the following Bash and replace xyz with any ASN you want and you can dump what CIDR ranges it has: whois -h whois.cymru.com " -v dump ASxyz"

Another new Nodejs Bot source code advertised on the cybercrime underground 🕵🏻‍♂️ ☣️ Advertised Malware Capabilities: - Web3 Blockchain C2 via Ethereum smart contracts to store and update the C2 address - Reverse proxy (SOCKS5) - Uses .MSI & .ps1 builders - Dockerized backend