🚨 New Blog: *Kimsuky: A Gift That Keeps on Giving* 🎁 Explore Kimsuky APT's multi-stage infection chain using LNK files, VBS scripts, and C2 communication. See how this DPRK threat actor evolves. 🔗 somedieyoungzz.github.io/pos… #Kimsuky #APT #Malware #DPRK

New supply chain threat uncovered CloudSEK TRIAD found an npm campaign using crypto-javascri, a typosquatted package impersonating crypto-js. It steals npm/GitHub credentials, hijacks maintainer accounts, and uses Tor-based C2 to stay harder to disrupt. cloudsek.com/blog/inside-a-t…

Our first Blog post is live, Introduction to RustPack 🔥 msecops.de/blog/posts/rustpa… More to follow in the future for sure!

🚨 New Research Alert: Inside the RedSun Windows 0day A closer look at why this vulnerability exists and how Defender’s own logic enables the system compromise. Read more: cloudsek.com/blog/redsun-win… h/t @WeirdQuadratic 🐐 #Windows #RedSun #0Day

Here's the exploit in action, using the RedSun PoC (note this is demostrated in virtual machines and this is purely for educational purposes, please don't repilcate the exploit on any systems you are not permited to do so)

CloudSEK Triad has published a detailed investigation into the RAMP cybercrime forum, covering its operations and working from 2021 through its seizure by the FBI in January 2026. Read the full report: cloudsek.com/blog/the-rise-a…

Sergey Mineev was the greatest APT hunter of all time. He sought no glory, he just loved the hunt. And his discoveries repeatedly redefined our collective knowledge of global cyberespionage.

🚨Recent MuddyWater APT campaign, linked to Iranian intelligence, exposed by Ctrl-Alt-Intel 😬 - 10 CVEs used - Custom-developed C2s - EtherHiding malware - Sensitive data stolen ctrlaltintel.com/threat re… Super fun collab-ing with @ice_wzl_cyber to get this published 🔥

Excited to share my latest research on APT37 (aka ScarCruft) and their evolving campaign targeting so-called "isolated" networks through a carefully orchestrated multi-stage infection chain. Key findings: ▶️Ruby-based loader: APT37 is deploying full Ruby runtimes with trojanized script to blend execution within legitimate environments. ▶️USB dead-drop technique: A refined removable media workflow bridges air-gapped segments, leveraging hidden directories to stage tasking and exfiltrate data. ▶️Cloud C2 evolution: The group has expanded its cloud abuse playbook, incorporating Zoho WorkDrive as an operational command-and-control channel. In this research, I detail the full intrusion lifecycle from the initial LNK lure to the deployment of the surveillance backdoors with technical breakdowns. Blog: zscaler.com/blogs/security-r…

Chinese SEO's are apparently also scared of "Silver Fox", which is supposed to be a Chinese APT: 防止银狐等病毒群发诈骗领导和同事 ( "Prevent silver fox and other viruses from sending out mass fraud to defraud leaders and colleagues" ).

⚠️⚠️RAMP FORUM SEIZED !!!⚠️⚠️

A cybersecurity beginner trying to choose a career path

The average “cyber threat intel” blogger

[1/3] I retro hunted and identified more relevant samples on VT: - e7b2cc236af9edbe44307d293a7d7fcbb199a286f7eec864f363fcb725c7ef70 -4b795cf2352971f470db2e451ae62dc8c859ed7c4148be48c66a723062fed7a8 -4e1873f43c7c72625e627faa349e454ab81c15fc36d9c7dec1a422b4042b9407

CloudSEK’s TRIAD recently identified a spearphishing campaign attributed to the Muddy Water APT group targeting multiple sectors across the Middle East @cloudsek cloudsek.com/blog/reborn-in-…

Suspected APT(?) targets Portuguese speaking individuals at Macao 🇲🇴 abuses DLL Sideloading but forgets to deliver loader DLL, ends up pasting the shellcode alone with decoy, idk? 😂🤷‍♂️