From London 🇬🇧 to Putrajaya 🇲🇾 We had the opportunity to present some of our latest investigations at CYDES25, where we saw strong interest from both public and private sector attendees. One highlight was our deep dive into LARVA-210 (a threat actor leveraging fake

🇷🇺 Russian-speaking threat group Hopeful Mantis, managing by LARVA-200 (farnetwork/efwnet), is now operating Sinobi ransomware, alongside INC Ransom & Lynx, following their previous operation of Nokoyawa. It’s crucial to understand the connections. #threatintel #ransomware

CoreSecThree spotted! 🔍 Exploiting Cloudflare Workers to deliver ClickFix & operate through a network of 5000+ compromised websites. Now a cybercrime "as-a-service." 🤯 Get IOCs: github.com/prodaft/malwar… Report (subscriber only): catalyst.prodaft.com/public/report/…

🚨Matanbuchus 3.0 is here! Threat actors are already buzzing about this completely rewritten loader. DNS/HTTPS C2, in-memory execution, reverse shell/WMI, morphing builds & a multitenant panel. Priced at $10K–$15K/month. Stay informed. #threatintelligence #cybersecurity

➡️ Fresh IOCs on Matanbuchus 3.0: github.com/prodaft/malwar… #malware #threatintel #IOC

🚨 AI is supercharging phishing! Cybercriminals now use LLMs to auto-generate realistic sites, lowering the barrier to attack. They define detailed personas & use AI to build convincing pages. Are we ready to fight AI-powered phishing? #phishing #threatintel #LLMs #AI

Spoiler: DDoSing is bad, kids.

🚨 LARVA-208 is back! Now targeting Web3 developers via fake AI platforms with job offers & portfolio reviews. Malware disguised as a Realtek HD Audio Driver is deployed during interviews. 📄 Read the full report: catalyst.prodaft.com/public/report/… 🔍 IOCs: github.com/prodaft/malwar…

🚨 Web3 devs targeted with fake AI job interviews — to steal your crypto. Hackers lure victims with sites like “Norlax AI,” then drop malware disguised as a Realtek audio driver. One click = stolen wallets, credentials, and project data. Read → thehackernews.com/2025/07/encryp…

Starting from Monday, we will no longer be accepting any accounts of XSS[.]is. Thank you for consistently providing accounts over the past months. We appreciate your business ! #SYSInitiative #SYS #PRODAFT #XMR

Did you play Chemia on Steam? 🎮 Then you should be worried. LARVA-208’s modification of the game to distribute Fickle Stealer, HijackLoader and Vidar demonstrates a concerning trend. ➡️Check the IOCs now: github.com/prodaft/malwar… #threatintel #cybersecurity #malware #IOC

Catch the unknowns. 🕵️‍♂️ Understand the attackers. Be ready. 🛡️ CATALYST delivers fresh IOCs & never-before-seen TTPs, linked to threat clusters. Level up your threat intel! 👉 Try it: catalyst.prodaft.com/welcome #ThreatIntel #Malware #IOCs #TTPs

🚨 CastleLoader: An emerging loader malware using phishing & fake GitHub repos to deploy RATs & stealers. Now targeting enterprise users via fake Zscaler Client & more. 📄 Read the report: catalyst.prodaft.com/public/report/… 🔍IOCs: github.com/prodaft/malwar… #ThreatIntel #Malware

🚨 New malware CastleLoader is hijacking systems through fake GitHub repos and phishing sites—469 confirmed infections. It spreads stealers and RATs, uses PowerShell, and mimics trusted dev tools. It’s stealthy. It’s spreading. Here’s how it works ↓ thehackernews.com/2025/07/castle…

Hacker sneaks infostealer malware into early access Steam game - Bill Toulas bleepingcomputer.com/news/security/… bleepingcomputer.com/news/security/…

Ransomware group’s internal news exposes management’s plans and decisions. Highlights from Qilin: 🔒 Mandated 50% minimum ransom price 📰 Journalists engaged for the blog 🚫 Restrictions on BRICS attacks ⚖️Lawyer service and more… #Ransomware #Cybersecurity #ThreatIntel

Seriously? 🤯 Supernatural Cockroach (a.k.a. National Hazard Agency) exploiting basic default credentials on Fortinet, Palo Alto, Cisco & others…and deploying ransomware. Are we still seeing this in 2025? 📄Report (subscribed users only): catalyst.prodaft.com/public/report/…

⚠️ Did you know? While St. Paul announced their cyberattack now, BLINDSPOT detected Neferious Mantis (a.k.a. Interlock) precursor activity 10 days ago! 🕵️‍♀️ Gain a crucial advantage & avoid being a victim. Public news: 🔗 fox9.com/news/gov-walz-… #threatintel #ransomware

🇮🇷 Iran-nexus espionage group Subtle Snail (UNC1549, TA455) linked to Charming Kitten is ramping up European ops, infecting telecom organizations and exfiltrating sensitive documents. They've impacted 10 organizations in the last week. Victim notification is ongoing. Do not skip