🚨Recent MuddyWater APT campaign, linked to Iranian intelligence, exposed by Ctrl-Alt-Intel 😬 - 10 CVEs used - Custom-developed C2s - EtherHiding malware - Sensitive data stolen ctrlaltintel.com/threat re… Super fun collab-ing with @ice_wzl_cyber to get this published 🔥

Despite Putin’s best efforts to evade sanctions, we will not let him get away with it.

83 Chinese nationals who rented a hotel in District 7, HCMC, to operate a scam centre, have been arrested. I heard a large number of scammers fled Cambodia and moved to Vietnam and Sri Lanka.

Three legitimate RMM tools. One operator box. Zero exploits. We pulled apart an active phishing campaign and mapped the operator’s infrastructure, including a single server running three commercial RMM consoles side by side. Full breakdown: haveibeensquatted.com/blog/t…

Incredible reporting on logistics sector targeting (likely linked to cargo theft gangs) @beensquatted haveibeensquatted.com/blog/t… http://23[.]94[.]252[.]241/share/new_agreement_timo_MAY27.exe 3 RMMs deployed from the initial dropper 🤯

ShinyHunters, (or a group impersonating them) exposed several directories revealing ongoing targeting of PeopleSoft (Enterprise Resource Planning software) environments. Also visible were staging materials, including MeshCentral agents, and a defacement and credential spray script. 🧵 #shinyhunters

github.com/portbuster1337/Ar… star plz

Campaign which targeting Vietnamese retail investors and VPS Securities clients. IP: 103.90.222.9 AS 135905 Pivoted domains suggest the threat actor is operating within or abusing Vietnamese domestic CDN infrastructure. @smica83 @skocherhan @malwrhunterteam @AndreGironda

OSINT geolocation challenge, @BSidesPyongyang edition (2 very different locations)

'masterpdf. com_cv_nguyen_van_thinh.png.lnk' seen from Viet Nam @abuse_ch bazaar.abuse.ch/sample/dec8d… FUD Domain: faq.pineappleviewer(.)info

🚨 Workshop Spotlight # 14 👉 "Offensive Threat Intel: Tracking & Disrupting Adversaries for Fun" by Josh Allman (@xorJosh) & Ben Folland (@polygonben), of CtrlAltIntel 📝 Description You don't need access to private telemetry or a job at a major security firm to hunt down threat actors in the wild and impose costs. Josh and Ben are proof. A couple of friends having fun built CtrlAltIntel and ended up making an impact on a global scale, supporting governments, military organizations, law enforcement, and more, all from analyzing public data. This workshop walks through how they did it, and how you can too. You'll learn their methodology for tracking adversaries using platforms like Hunt.io, Censys, and Shodan, complete with specific queries and real-world examples. Then, get in the driver's seat: - In The Hunt, you'll practice querying and pivoting from a single data point to identify and report active threat actor infrastructure. - In Mining Gold from Open Directories, you'll work with safe data from their previous hunts and run your own analysis. Their goal is simple: inspire you to give this a go and start taking down cybercriminals yourself. 🎟️ Only at ContinuumCon 2026 Work through it live, or revisit the lab on your own time. Own it forever. The workshop doesn't end when the conference does. Got your ticket yet? 👉 continuumcon.com/ Hosted by @_JohnHammond , @JustHackingHQ , @AnthonyBendas , and @Level_Effect !

Our statement on the UK government’s demand that all content on all devices sold or used in the country be scanned, on the presumption of nudity, using a dystopian combination of age verification and content scanning. This proposal will not safeguard children. It endangers us all. signal.org/blog/pdfs/2026-06…

Another #Gamaredon related one from Ukraine @abuse_ch 'Відомость про самовільне залишення військової частини 3018-4726.rar' bazaar.abuse.ch/sample/58375… @500mk500 @goldenjackel12 @polygonben @IdaNotPro

'Повідомлення 4726-49.rar' seen from Ukraine looks like #Gamaredon @abuse_ch bazaar.abuse.ch/sample/cbe89… @500mk500 @goldenjackel12 @polygonben @IdaNotPro

One of the malicous commits uses 82.221.101[.]203 , which ties this acitvity to DPRK according to SafeDep - "noon-contracts npm Package: DeFi Supply Chain RAT" safedep.io/malicious-noon-co…

#APT #Gamaredon Відомость про самовільне залишення військової частини 3018-4908.rar a113090d748d0dac7d488c97f1305af2 Повідомлення 4908-451.rar 473c65b922d3308a98c6b76c7d99a196 uploaded from #UKRAINE #exploit CVE-2025-8088 @smica83 @polygonben @IdaNotPro

RT @BushidoToken: Shade Infostealer Dashboard Uncovered 🧐 [now offline] Exfils passwords, cookies, credit cards & crypto wallets, plus it…