#ItsNewFeatureTuesday! (That’s a thing, right?) 😎 You can now share searches with 3rd parties without them needing to authenticate to view the results! It’s a neat feature that will save time and hassle. Here's how it works ⤵️ 1) User (authenticated!) searches on

⚡️ Zscaler ThreatLabz has identified a new Rhadamanthys version that is being distributed through CoffeeLoader with a new configuration structure. The changes include the addition of FastLZ compression for C2 URLs and a new Base64 custom character set. Sample hash:

👮🛑Operation Endgame has once again simultaneously targeted multiple malware threat groups. One of the targets of the operation was DanaBot, which ThreatLabz has been tracking over the past 7 years. The group’s activity has included both criminal, and perhaps most interestingly,

🔥 Operation Endgame is BACK! This time targeting #BumbleBee, #Latrodectus, #DanaBot, #WarmCookie, #Qakbot and #Trickbot! Once again this is a HUGE win, with a truly international effort! 💪 As with phase one of #OperationEndgame, Spamhaus are providing remediation support -

medium.com/walmartglobalt…

NEW: We've anatomized the entire Unit 29155 hacking team, including its founder, who was previously indicted in the U.S. for cyber crimes unrelated to espionage. Here be sex, lies, and server logs, all of which we obtained. Plus a Bulgarian journalist recruited to peddle

It’s June 1st and this guy pays you to deliver a truckload of toys to a parking lot next to Olenya Air Base.

I haven't been publishing much lately, but not because I haven't been doing research -- in fact, I've done more than ever in the past five years. My ~200KLOC backlog will soon begin trickling out into the IDA/Hex-Rays ecosystem.

My short impulse talk from Cycon has been published: youtu.be/qllU_B_Rmis?si…

A programming flaw in DanaBot's C2 server code introduced "DanaBleed", a memory leak exposing sensitive internal data between 2022 to 2025. Zscaler ThreatLabz has published a technical analysis that explores how the leak occurred, its impact, and the insights it revealed into

medium.com/walmartglobalt… Kudos to GitHub they were taking stuff down very fast

There's a #MassLogger malware campaign using an allegedly compromised email account🪝of an employee at the Ministry of Agriculture, Water Management and Forestry of Bosnia and Herzegovina 🇧🇦, used to exfiltrate data from compromised devices through SMTP 🔥 Corresponding malware

Check Point Research uncovered malicious Minecraft mods spread by the Stargazers Ghost Network on GitHub. They drop stealers in a multi-stage attack, only able to execute if Minecraft is installed. 🔗 research.checkpoint.com/2025/minecraft…

Feel very sad about Mikayla Raines. She dedicated her life to helping animals and deserved much better in return.

Her husband is now left to tend to the 500 foxes they recently rescued from a cruel and horrible fur farm. If you'd like to donate to help ease some of the burden, you can do so here. God bless her family and esp her daughter. saveafox.org/donate

Today, Microsoft Threat Intelligence Center (#MSTIC) is excited to announce the release of #RIFT, a tool designed to assist software/malware analysts automate the identification of attacker-written code within Rust binaries. Blog: microsoft.com/en-us/security… Tool:

56 year old publicly traded SaaS CEOs realizing they gotta start making brainrot TikTok’s to acquire customers

when you realize that nothing can stop what’s coming

Fun crossover blog about TA829 (RomCom) & TransferLoader with my ecrime pals it’s got everything: 🛰️ Popped routers for sending phish 📊 ACH on attribution 👾 custom protocols 👽 cool malware 🕵️ crime 🎯 espionage ❔many unanswered questions proofpoint.com/us/blog/threat…

medium.com/walmartglobalt…