Bybit Hack Forensics Report As promised, here are the preliminary reports of the hack conducted by Sygnia and Verichains Screenshotted the conclusion and here is the link to the full report: docsend.com/view/s/rmdi832…

x.com/i/article/1897…

#Lazarus IOC goingladies[.com getstockprice[.com trashcrease[.com anglerstatic[.com 70.34.245.118 178.128.77.132 131.226.2.43 23.236.169.233 185.194.178.88 45.86.202.224

🚨 Mandiant has detected threat actors leveraging x86-64 compiled macOS malware, likely due to broader compatibility and relaxed execution policies. Understand how to investigate these intrusions → bit.ly/4haFZ4j

Tempted to Classifying APT Actors: Practical Challenges of Attribution in the Case of #Lazarus’s Subgroup blogs.jpcert.or.jp/en/2025/03/cla…

Update⚠️ More IOCs From Contagious to #ClickFake Interview: #Lazarus leveraging the ClickFix tactic blog.sekoia.io/clickfake-inte…

23pds (山哥) To follow up: At this time, our investigation has found no evidence of code modifications, unauthorized access to production systems, exposure of customer data, or access to personal information. grafana.com/blog/2025/04/2…

Just got this security warning. Ledger's Discord admin account was hacked. The scammer falsely claimed a security flaw and urged users to enter their recovery phrases on a phishing site. Lessons: 1. Never give up your private key recovery phrases no matter who is doing the

#Kimsuky began targeting government entities in Ukraine proofpoint.com/us/blog/threat…

#IOS iMessage Vulnerability(Nickname) IOCs The vulnerability impacts iOS "Share Name and Photo" feature in iMessage #mvt Forensics (p4) process "imagent" crash logs consistently show failures in objc_retain() github.com/blackorbird/AP…

🎉周五来咯 ！来点特别的 抽3位粉丝送出 Matrixport 夹娃娃机 or 限量周边 🎁 参与方法超简单： 1️⃣：关注 Matrixport Official & 矩阵之门Matrixport官方华语 2️⃣：RT + 评论区tag 3位朋友

#BlueNoroff prompted the victim to run a script masquerading as a Zoom audio repair tool. fieldeffect.com/blog/zoom-doom…

ToolShell Mass Exploitation (CVE-2025-53770) Stealing machine keys to maintain persistent access SharePoint -> The exchange server is the next target research.eye.security/sharepoint-und…

wiz.io/blog/north-kor…

#Kimsuky Timeline Analysis ref: GitHub C2 Espionage Campaign trellix.com/blogs/research…

#IOS CVE-2025-43300 DNG File POC: github.com/b1n4r1b01/n-da… Article: msuiche.com/posts/detectin…

Zscaler ThreatLabz has uncovered NodeCordRAT exploiting supply chain vulnerabilities via NPM. Hidden in three separate NPM packages, NodeCordRAT steals browser credentials, files containing API secrets, and cryptocurrency wallet data. The C2 communication occurs via Discord.

Hunting Lazarus: Inside the Contagious Interview C2 Infrastructure #iocs redasgard.com/blog/hunting-l…

A 0-click exploit chain for the Pixel 9 Part 1: Decoding Dolby Google Project Zero published the first part of a three-part series detailing a fully remote 0-click exploit chain targeting the Google Pixel 9 (running Android as of early 2026). The research was conducted to

Fake 7-Zip Site 7zip[.]com Serves Malware: Turns Home PCs Into Proxy Nodes The top-level domain 7zip[.]com, registered back in 1999, is now distributing Trojan-infected 7-Zip installers. While the software appears to work normally for file extraction, it silently drops