🎯I would help #malware analysts to bypass anti-analysis measures by concealing their processes, like x64dbg or procmon ⚔️Excited to introduce hollowise! check this out: github.com/reecdeep/hollowis… #CyberSecurity #CyberSec #informationsecurity #infosec

#Malware Malteiro / Mispadu 🇧🇷 🆕 La red desplegó en marzo una nueva funcionalidad que busca dentro del equipo infectado documentos de identificación (imagenes o pdf) y documentos con credenciales (txt)🚨 🇲🇽 alrededor de 2mil IDs extraídos, 🇦🇷 sigue muy atrás cerca de 50 IDs

🔐 Il CERT-AgID analizza i rischi del Model Context Protocol (MCP): con l'IA agentica, il problema non è più cosa risponde un LLM, ma cosa fa. 👉Scopri il nuovo paper agid.gov.it/it/notizie/llm-e… #CERTAgID #AI #Cybersecurity

28k infected and growing

🚨 Uncovering a Multi-Stage Phishing Kit Targeting Italy’s Infrastructure Phishing has evolved, becoming industrialized, automated, and powered by underground ecosystems that mirror legitimate SaaS businesses. Our latest investigation exposes a professional phishing framework impersonating Aruba S.p.A., Italy’s major IT and web services provider. The key findings: 🔹 Multi-stage kit automating every phase of the attack from CAPTCHA evasion to OTP interception 🔹 Pre-filled login URLs designed to increase credibility and lower suspicion 🔹 Fake payment pages harvesting full credit card and 3D Secure/OTP data 🔹 Telegram bots used for real-time exfiltration and backup data logging 🔹 Evidence of Phishing-as-a-Service (PhaaS) scaling fraud through automation and community support Phishing may be one of the oldest cyber threats, but today, it operates like a fully industrialized ecosystem. 🧩 Read the full technical analysis here: link.group-ib.com/3K0HgjZ #ThreatIntelligence #CyberSecurity #Phishing #CyberCrime #Infosec #CyberThreats #DigitalFraud #ThreatHunting #FightAgainstCybercrime

HTA file deobfuscation from the "fake DMCA report" phishing campaign. Key features shown in the screenshots @_JohnHammond @vxunderground @ShadowOpCode x.com/_JohnHammond/status/19…

🚨 #LOLBin abuse remains one of the hardest techniques for SOC teams to detect. Attackers hijack trusted Windows tools to execute malicious activities while blending into legitimate processes. 👨‍💻 See example of a typical attack: app.any.run/tasks/02dd6096-b… 📖 Read the breakdown of new #malware tactics: any.run/cybersecurity-blog/n… #CybersecurityAwarenessMonth

🥷New #italy #Banking #scam #Website found! 👍legit: bancaifis.com 🚫scam: bankaifis.]com @dynadot please can you revoke the domain bankaifis.]com? @malwrhunterteam @JAMESWT_WT @James_inthe_box @illegalFawn @guelfoweb

Group-IB Threat Intelligence uncovered a global espionage operation by #MuddyWater (TA450). MuddyWater targeted international organizations and more than 100 governments worldwide to gather foreign intelligence using the Phoenix v4 malware #phishingawareness

Group-IB uncovered a sophisticated Singapore-targeted scam campaign abusing verified Google Ads, 52 redirect domains, and 119 fake news sites to drive victims toward a Mauritius-registered trading platform. The operation blended malvertising, #deepfakes, and localized deception to mimic legitimate media and regulators. #ThreatIntel

🚨 AI-powered ‘MalTerminal’ Malware Uses OpenAI GPT-4 to Generate Ransomware Code Read more: cybersecuritynews.com/first-… AI-powered malware, known as 'MalTerminal', uses OpenAI’s GPT-4 model to dynamically generate malicious code, including ransomware and reverse shells, marking a significant shift in how threats are developed and deployed. MalTerminal functions as a malware generator. Upon execution, the tool prompts its operator to choose between creating ‘Ransomware’ or a ‘Reverse Shell’. It then sends a request to the GPT-4 API to generate the corresponding malicious Python code at runtime. #cybersecuritynews #malware

The Russian intelligence service has launched a phishing campaign targeting MI6 (Secret Intelligence Service) informants. A fake “Contact MI6” form went live earlier today. It was immediately detected by Malfors. mi6govukbfxe5pzxqw3otzd2t4nhi7v6x4dljwba3jmsczozcolx2vqd[.]top

After almost a year after the announcement, Vidar Stealer releases a major update to Vidar 2.0 - "The revival of the legend!" (as of Vidar version 16) ALL previous Update Logs of Vidar Stealer can be found in this Github repo I created for public access: github.com/g0njxa/VidarSteal… Full original statement below 👇 English Original 🔥 VIDAR STEALER v2.0 — The Revival of a Legend! 🔥 Friends, we are finally ready to tell you what we’ve been working on for the past few months. Read the details! After a long and difficult period, we’ve completely overhauled the product. Not just an update — this is a new era. 💡 What changed under the hood: *️⃣ We rewrote the entire software from C to C — this delivered a colossal increase in stability and speed. *️⃣ Implemented unique appBound methods that aren’t found in the public domain. *️⃣ Added an automatic morpher, so every build is now unique. *️⃣ Built-in hidden error reporting system — we can debug in real time without user intervention. 🚀 What this gives users: *️⃣ A completely new product, undetectable by antiviruses. *️⃣ Multithreaded operation and upload capabilities. *️⃣ High processing speed and anti-bot protections. *️⃣ Stable data collection without crashes or errors. *️⃣ Ability to switch between two different in-memory injection systems online without a rebuild — one can replace the other when needed. ❗️ The unique multithreading system allows extremely efficient use of multi-core processors. It performs data-collection tasks in parallel threads, greatly speeding up the process. Most importantly — we implemented multithreaded file uploads, which accelerates not only log collection and processing but also their transfer. Price remains the same — $300 since 2018. We strive to keep it unchanged for as long as possible while maintaining the highest level of product and service quality. 🧠 What’s in development right now: A new modern project design that will be available to everyone soon. Migration to a new server — powerful, fast, and reliable: -> AMD EPYC 9654 (3.7GHz, 96 Cores) ×2 -> DDR5 4800MHz 64GB SAMSUNG ECC RDIMM ×24 -> Kingston SEDC3000ME 15.36TB ×6 -> Samsung 980 PRO M.2 500GB ×2 🔥 A bit about us and our journey: We’ve been with you since 2018. We’ve always prioritized quality and stability. Yes, there was a difficult period — complex development, reworks… But we didn’t give up. We found the strength to rewrite, improve, and relaunch under new market conditions. Now VIDAR v2.0 is a new breath, new power, and a new level of technology. The project literally rose like a phoenix. All previous updates were just warm-ups compared to what we’ve done now. 💬 We thank everyone who stayed with us and supported us along the way. You’ll soon see how big a step forward this is. VIDAR v2.0 is here. And this is only the beginning. ⚡️ ❗️ Technology stack ✅ Pure C (C99) — no C runtime, STL, or exceptions ✅ Custom minimalist CRT — complete independence from system libraries ✅ NT API — direct access to Windows kernel, bypassing antivirus hooks 🖥 Performance: ⚡️ 30–50% performance thanks to NT API 📦 −60% binary size (no runtime dependencies) 🎯 Adaptive algorithms for fast and slow PCs Compatibility: 🌐 Windows XP → Windows 11 (32/64 bit) ❌ No runtime DLL dependencies ✅ Works on any system “out of the box” Architecture: 🧩 Modular structure — easy to extend and maintain 🔒 Runtime obfuscation OLLVM — protection against reverse engineering 🛡 Minimal attack surface — fewer interceptions by antiviruses

start ms-cxh:localonly has been recently removed in the recent Windows 11 Beta Update, BypassNRO still works! 🎉 ⚠️ DISCONNECT from the internet first! ⚠️ Shift F10 reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE /v BypassNRO /t REG_DWORD /d 1 /f shutdown /r /t 0

My recent writeup on updates in #Rhadamanthys stealer, along with some scripts that may be helpful in analysis. Check it out!

‼️🚨 Red Hat breached: Crimson Collective stole 28k private repositories, including credentials, CI/CD secrets, pipeline configs, VPN profiles, and infrastructure blueprints. Our analysis of obtained data: 👇

🚩 Google Project Zero Details ASLR Bypass on Apple Devices cybersecuritynews.com/aslr-b… A researcher from Project Zero has unveiled a clever serialization attack that leaks memory addresses on macOS and iOS, undermining Apple’s ASLR. The exploit leverages how NSDictionary serialization and re-serialization handles the NSNull singleton and uses hash table bucket placement to infer address bits. No memory corruption or timing side channels are needed. Apple patched this issue via updates released on March 31, 2025. #AppleSecurity #ASLR #iOS #macOS #ProjectZero #CyberSecurity

#Malware #Grandoreiro 🇧🇷 Activos modificando diseños 1er stage Sites 1er stage p://173.249.]58.7/ p://213.199.]36.218/ p://164.68.]106.78/ 343 Links @MediaFire pastebin.com/raw/icLFVkhd Imagens - Loader contador "HLsystem" - Site descarga "pdf" (.iso > .vbs) - "Captcha" pdf

Since early 2025, #MuddyWater (aka TA450/Seedworm) has shifted tactics. Once known for widespread RMM-based intrusions, the Iranian state-backed #APT has scaled down mass campaigns in favor of more targeted spearphishing and custom backdoors such as #Phoenix, and StealthCache.

dropped #dll sideloaded by auditpol contains an encrypted aes payload which is injected into #nslookup. payload refers to #panamera agent which shows #rat capabilities... it sends victim's info to c2 and waits for payload to injected into #notepad ...

Scattered Lapsus$ Hunters has provided the following message on breachforums[.]hn. They have essentially retired.