Guess who's back? 🎶 Gootloader's back. Again. New evasion tricks. New persistence chain. Same legal-themed lures. Big props to @RussianPanda9xx & @HuntressLabs for catching this one early. Details: gootloader.wordpress.com/202…… #gootloader #malware #JavaScript #powershell

🚨 Trojanized CPU-Z → STXRAT → PureLogs Stealer → PureHVNC → 54hrs of exfil through a hidden QEMU VM. We caught everything after. First documented full post-exploitation chain for this campaign. IOCs & hunting artifacts link in thread #ThreatIntel #DFIR #Malware

Before I was arrested in 2009, I was at the height of my little cybercriminal "empire". I was standing at a crossroads. Part of me wanted an exit and a chance to redirect my skills toward something constructive. Another part of me feared that if I walked away, all the risks I had taken as a hacker would have meant nothing. 11 years in prison for hacking taught me that the reputation I thought I had built in that world, the ideals I believed in, and the status I thought mattered turned out to be far more futile than I could have imagined at the time. When everything collapsed, I realized that none of that mattered. I learned that most of what passes for loyalty and respect in cybercrime is conditional. Today, there's no reason to turn to cybercrime in order to feel accepted or to enjoy camaraderie and acceptance among peers, or to pursue a sense of justice and vindication. Cybercrime isn't the solution, or the stepping stone. All the hackers in my crew from back in the day have respectable cybersecurity careers today, because sooner or later everyone learns the same lesson. Cybercrime has limits, and it does not put food on the table without tremendous risk. #realtalk #hacking #hacktivism #truecrime

Anyone have a good way to monitor new @GoogleAds for a specific domain?

Nice write up. #gootloader is known to push Oyster

Jordanian Man Extradited from Georgia Admits Selling Unauthorized Access to Computer Networks of 50 Companies justice.gov/usao-nj/pr/jorda…

⚠️ GootLoader now uses 500–1,000 ZIP files glued together! The broken ZIP won’t open in WinRAR or 7-Zip, but Windows Explorer still opens it and runs the JavaScript malware. Each download is different, so file hashes don’t match. 🔗 Learn how this ZIP trick bypasses defenses → thehackernews.com/2026/01/go…

Gootloader now uses 1,000-part ZIP archives for stealthy delivery - @billtoulas bleepingcomputer.com/news/se… bleepingcomputer.com/news/se…

Great write-up on the #gootloader zip! Hopefully with these details @MicrosoftSec will take this seriously and fix their ZIP unarchiver. Great Yara rule. #100daysofyara

Right before the holidays, I broke the news that DHS had effectively forced out the staffer running CISA's ransomware warning program: cybersecuritydive.com/news/c… People who worked w/ him are really worried. And we may be starting to see the impact... linkedin.com/feed/update/urn…

New Year’s wish: #Gootloader hangs up the keyboard so we can all stop running this endless game of cyber cat and mouse. Let the mouse rest. Let the cat rest. Let me rest.

You may not know Dave Stern, but you should. The Pre-Ransomware Notification Initiative (PRNI) effort by CISA prevented an estimated $9 billion in damages by working with industry to notify companies of ransomware attacks before attackers lock systems. It is disheartening to see Dave leave CISA, but this is an incredible legacy to leave behind and a model we should look to replicate in the future. cybersecuritydive.com/news/c…

CertCentral is now TheCertGraveyard[.]org & CertGraveyard[.]org. The CertCentral API returns an error directing to use the new domains. Please give me a like or a share to get the word out. Also use the site to report and investigate certificates used to sign malware. :)

Don’t know why everyone is worrying about RAM prices. You can just @DownloadMoreRam for free