🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

This is the second Red-bellied Woodpecker that I’ve seen that can catch peanuts midair. It’s so impressive! I believe this is the mate of the male Red-bellied Woodpecker that will hand-feed.

"查阅6.6\.zip": 42c7f4f0aef68e7de2b06dd7c8409b9248550419c2330a8097cc35c006722f2c 23.235.165[.]126

"Koinly.dmg": feb8c3319f279e7ef9e97256c1efbf1651eb65393362434218b2b9ad7ec19369 🤷‍♂️

"memfd:a (deleted)": 1b56142f8457af1b488607dc9c004a0e2fc6bb097e472f6c4a3ce83ad513e12e 13.213.71[.]156

"Atualizacao-Plugin-06-2025-1748972931.js" seen from Brazil: 3bbc57b4a9220df17c25e107579ec6ade2542c1e516f55aa68c646d73d302dcc From: https://javasplugin[.]com/plugin-atualizacao/ 5.189.168[.]52 Germán Fernández

"Deetalk.apk": 9c8edea3d74fb845215b63bc796ac2d4c1d880d38bb3c93f3aea441cd71635d4

"cb59.apk": 61729bab8a31bb183fdeff0914324286b90f5a37adb55349796f2926df274150 188.127.251[.]70

"pic_73.apk": 0407cf4b13eebae155632a3b439fe58544aff02638151c5522c8c12cb961a58c 5.252.155[.]145

"agent.exe" / "svchost.exe" seen from Turkey: 6416beda6b4273788d3b2197534573a0dfd43a8fde07038ec0776e1b4eccae84 195.154.176[.]101

🚨 new C2 communication of #SVCStealer (1st screen) and #stealer version changing (3.3 -> 4.4) with sending uuid in uid (2nd screen) ⬇️ C2: 62.60.226[.]191:27015, 80 app.any.run/tasks/f99aab90… tria.ge/250604-e7e91sd…

1/ This script manipulates Windows PrintTicket/DevMode conversion via ActiveX + XML, embeds fake namespaces, and downloads + executes remote code via MSXML2.ServerXMLHTTP and Function(), well done way for initial access or persistence 2º stage: hxxp://paste.ee/d/U5rjHHR7/0

Seen from 🇷🇺 "Вложение без имени 00003.doc": 6ce99690955241a306fba345da4c2cc0c747d803eedfe8819bccde848839a781 👁️ Comms to: http://gemme-cotti[.]ru/zibaba.hta http://lieri[.]ru:8443/ http://mytho[.]su/bg.rtf http://emec[.]su/bg.rtf #CobaltStrike C2: http://cba.abc92[.]ru:8443/

When we talk backdoors, we think C2 comms, auth bypasses, persistence. But some leave subtle traces. 🔍 Tools like THOR APT Scanner pick up on weak signals traditional AV/EDR often miss. Sample One of our detection signatures flagged an unusual Linux x64 sample - a stealthy

My work can now be seen (and purchased) in the new Fine Art Box Gallery in Amsterdam at the Kalverstraat 84. I'll be there on June 14 and June 29, from 12 to 6 PM. Who's coming to say Hi?

♦️ Meta ad leads to a website that impersonates "TradingView" and downloads an MSI signed by "LLC Torgovyi Dom Energia" (now revoked). ⚠️ Final URL is different from the one shown in the ad. https://apps-download-pc[.]com/ (malicious site is only displayed if you come from

🚩 Website impersonating AnyDesk on anydeske[.]icu, downloads a .NET loader which then launches a stealer, both unknown to me 🤔 Nexts stages: - https://pastebin[.]com/raw/YwvHhwUk - https://pastebin[.]com/raw/WrgrtxSu - http://45.145.7[.]134/hook/upgrade.php -

1/ 🚨🇨🇱 Alerta por comportamiento anómalo en el registro de dominios .CL . H/T CronUp Ciberseguridad 👁️ Se trata de una serie de dominios sospechosos compuestos de 5 letras aleatorias, registrados con poca diferencia de tiempo, utilizando el mismo agente registrador y la misma