The call for papers for VB2025 Berlin is now open! Submit your proposals for papers before 4 April for a chance to share your research and be part of one of the longest-running security conferences in the world. VB2025: 24-26 September, Berlin, Germany.

Members of the TEHTRIS Threat Intelligence team look into LegionLoader (aka Satacom, CurlyGate & RobotDropper), an active downloader that has been operating in the shadows but which has gained significant traction in recent months.

Having previously analysed cases of attacks by the Kimsuky group that utilized the PebbleDash backdoor and a custom-made RDP Wrapper, a new blog post from AhnLab's ASEC team covers additional malware used by Kimsuky in attacks of the same type.

Microsoft researchers observed limited activity by an unattributed threat actor using a publicly available static machine key to inject malicious code and deliver the Godzilla post-exploitation framework.

RT @d4rksystem: I recently added some new additions to #VMWareCloak! Go check it out if you want harden your #malware analysis VM's or if…

RT @abuse_ch: A new version of #Latrodectus is out 📣🔥 Version: 1.9 Campaign: Mimikast The corresponding botnet C2s have been caught earli…

RT @lauriewired: Ghidra 11.3 is OUT! PyGhidra is the new feature to be excited about. It’s a Python library providing direct access to t…

Bitdefender Labs warns of an active campaign by the North Korea-linked Lazarus Group, targeting organizations by capturing credentials and delivering malware through fake LinkedIn job offers.

Sygnia researchers break down the attack flow of an Abyss Locker ransomware intrusion, highlight common TTPs, and provide actionable recommendations on how to defend against these techniques.

Sophos researcher Andrew Brandt writes about Scalable Vector Graphics (SVG) files used in phishing & malware. The attacks, which begin with email messages that have .svg attachments, started in late 2024 and have ramped up significantly since mid-January.

Zimperium’s zLabs researchers discovered a mobile malware campaign primarily targeting users of Indian banks. The malware is distributed through WhatsApp as APK files masquerading as legitimate government or banking applications.

RT @malware_traffic: 2025-02-05 (Wednesday): #ClearFake / #ClickFix style fake CAPTCHA leads to possible #Vidar. Vidar C2 using eteherea…

RT @silentpush: 🚨 NEW THREAT BLOG 🚨 Threat actors still leveraging legit RMM tool ScreenConnect for persistence in cyberattacks... Read:…

RT @MsftSecIntel: Attackers target cloud environments because of its complex architecture, scalability, and the growing adaptability of clo…

RT @fr0gger_: New LLM honeypot just dropped from @splunk ➡️

RT @anyrun_app: (2/2🧵) Before displaying the motivational message to the victim, ‘Please pay it as soon as possible to avoid late payment f…

Forcepoint X-Labs researchers analyse an AsyncRAT malware campaign that leverages malicious payloads delivered through suspicious TryCloudflare quick tunnels and Python packages.

Elastic Security Labs has published the third part of its Linux Persistence Detection Engineering series, which discusses some additional, creative and/or complex persistence mechanisms.

Morphisec's Shmuel Uzan explores the broader execution course and updated delivery technique of ValleyRAT, a multi-stage malware attributed to the Silver Fox APT.

Trend Micro's ZDI team describe how the CVE-2025-0411 vulnerability in 7-Zip was actively exploited to target Ukrainian organizations in a SmokeLoader campaign involving homoglyph attacks.

RT @NCSC: 🚨The UK and international allies have today issued new guidelines to help manufacturers of edge devices – like routers, smart app…