🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

🚨This is a fake #DocuSign page that delivers a malicious payload🕵️ The site looks innocent at first glance, but after prompting for an email address, it redirects the user to a new domain that drops #ScreenConnect. (Note the ".exe" pretending to be a ".pdf" 📑)

I found a what I think novel approach which allowed me to list some of the content of #Lumma #Infostealer Command & Control servers with the help of left behind .DS_Store files. Blog, tool and Lumma files can be found here nexusfuzzy.medium.com/lumma-stealer-…

🚨 Supply Chain Alert: Our team uncovered a sophisticated infection chain: weaponized jQuery Migrate delivered via Parrot TDS. Silent execution, critical data at risk. Deep dive into the malware's technical analysis, TDS mechanism, & defense strategies: bit.ly/4jZUb1E

Cybercriminals frequently use ads directing to a malicious site to take advantage of our trust in sponsored search results for popular brands. In their latest scam, we found tech support scammers hijacking the results of legitimate sites. Here's how it works. 🧵

Check Point Research uncovered malicious Minecraft mods spread by the Stargazers Ghost Network on GitHub. They drop stealers in a multi-stage attack, only able to execute if Minecraft is installed. 🔗 research.checkpoint.com/2025/minecraft…

#ShadowVector targets Colombian users with court-themed SVG lures. Obfuscated payloads retrieved from public storage, using sideloading and driver-based privilege escalation for execution. Acronis report: acronis.com/en-us/cyber-pr…

🇨🇳 🤖 - New Recorded Future report! This research details how the People’s Liberation Army is rapidly experimenting with generative AI to augment — and potentially transform — its military intelligence capabilities. recordedfuture.com/research/artif…

Read about "Meowsterio" - The comeback of an OG traffer's group and it's own malware campaign targeting crypto users worldwide. Featuring the use of ClickOnce applications to bypass Windows SmartScreen without using EV certificates ⚙️ Read now 👇👇: g0njxa.medium.com/meowsterio-wea…

If you have a malware analysis blog, put the malware code into screenshots. Otherwise your site will be blocked by AV. Same is true for reports in documents. x.com/Gi7w0rm/status…

Cisco Talos recently identified PylangGhost, a Python-based version of GolangGhost RAT used exclusively by North Korea-aligned actor Famous Chollima. In recent campaigns the Python-based version was used for Windows systems, & the older version for MacOS. blog.talosintelligence.com/python-version…

Trend Micro's Sunil Bharti & Shubham Singh look into a recent attack campaign that took advantage of exposed misconfigured Docker Remote APIs and used the Tor network to deploy a stealthy cryptocurrency miner. trendmicro.com/en_us/research…

Huntress researchers Alden Schmidt, Stuart Ashenbrenner & Jonathan Semon share details of an intrusion that was conducted by the North Korean APT subgroup tracked as TA444 (aka BlueNoroff, Sapphire Sleet, COPERNICIUM, STARDUST CHOLLIMA, or CageyChameleon). huntress.com/blog/inside-bl…

Early Bird ticket prices for VB2025 are ending soon! If you’re planning to join us in Berlin this September, now’s the time to grab your ticket before prices go up. 🎟️ 🗓️ 24–26 September 2025 📍JW Marriott Hotel, Berlin 👉 tinyurl.com/zt2ma4 #vb2025 #cybersecurity

Securonix researchers look into a campaign that uses .lnk files to deliver remote payloads hosted on attacker-controlled Cloudflare Tunnel subdomains. This leads to a Python-based shellcode loader that executes Donut-packed payloads entirely in memory. securonix.com/blog/analyzing…

Red Canary researchers analyse a Mocha Manakin activity cluster that delivers NodeJS backdoor via Clickfix/fakeCAPTCHA. This leads to a number of payloads delivered following successful paste and run execution, including LummaC2, HijackLoader, Vidar & more redcanary.com/blog/threat-in…

Trend Micro uncovers an active campaign exploiting CVE-2025-3248 in Langflow versions before 1.3.0 that deploys the Flodrix botnet, enabling threat actors to achieve full system compromise, initiate DDoS attacks, and potentially exfiltrate sensitive data. trendmicro.com/en_us/research…