Malicious .svg files with embedded JS are flooding @VirusTotal with almost zero AV detections - looks like a massive phishing campaign We just published a YARA rule to help you catch them YARA github.com/Neo23x0/signat…

🚨 ZDI-CAN-25373 Alert 🚨 APT groups (NK, Iran, Russia, China) abusing .lnk vuln in global gov, energy, finance & more. No MS patch yet! Sigma + details👇 🔗 linkedin.com/feed/update/ur…

"Cursor, please fix this small bug" Cursor:

Ever wondered what malware really looks like - literally? A dropper did the honors, pixel by pixel. This technique has been spotted in many types of malware stealers, such as SnakeKeylogger, VIPKeyLogger, MassLogger... Its dropper hides the second-stage payload in a bitmap

ATT&CK 📢 Shout-out to #HijackLibs's many contributors, including recent additions from @cyberraiju, @xorjosh, Faraday (all of Huntress), swachchhanda Poudel, 安坂星海 Azaka || VTuber, ice-wzl - thanks for sharing your findings with the cyber security community 🔥

New lolrmm.io entry for Aspia RMM tool inspired by ics-cert.kaspersky.com/publications/r… .. thank you Swachchhanda Poudel 🙏

Low detection rate on "WindowsSecurity.dll" - likely crafted for side-loading through WeChat in place of "xweb_elf.dll" virustotal.com/gui/file/89990… THOR APT Scanner #apihashing #rc4 #pebwalking

This week’s been wild with CVEs like #CVE202533053 & #CVE202533073 — juggling detections and TH strategies nonstop! 😅 No worries, though, I’ve got your back with solid detection tips and threat hunting advice to stay ahead. Stay tuned! 🔍💥

Here are some sigma rules to detect potential kerberos coercion relay attacks concerned with dns spn spoofing. github.com/SigmaHQ/sigma/…

🚨 New Detection Rule: CVE-2025-49144 - Notepad++ LPE via regsvr32 Hijack Here is a Sigma rule for detecting exploitation attempts of CVE-2025-49144 (CVSS 7.3), a local privilege escalation in Notepad++ (<= v8.8.1). lnkd.in/gv-23amj

Threat actors actively abuse "Robocopy" (a built-in Windows utility), to deliver malware from WebDAV. You can quickly detect this behavior by using SIGMA rule: github.com/SigmaHQ/sigma/… Malware Sample: bazaar.abuse.ch/sample/62fce3f…

DEATHCon online/remote ticket sale round 1 will start Monday 7th of July at 00:01 UTC! worldtimebuddy.com/?pl=1&lid=100,… Last year they sold out in 24h 😳 On-site tickets will be available on 7/7 at around 10am local time for each site. All details here: deathcon.io/tickets.html

DEATHCon 2025 merch is now available! deathcon.io/merch.html This year, 100% of the proceeds goes straight to KC7 - Cyber detective game Foundation to provide free, game-based cybersecurity education to everyone! We <3 U KC7

New Sigma release r2025-07-08 is available for download. 🌟43 New Rules 🛡️34 Rule updates 🔬27 Rule Fixes Explore the full release -> github.com/SigmaHQ/sigma/… This release introduces a bunch of new rules including detections for - Katz Stealer - MeshAgent usage -

Detection coverage update: Sigma rules for CVE-2025-53770 (“ToolShell”) My team member Swachchhanda Poudel contributed a set of Sigma rules that detect different stages of the recent SharePoint exploitation (CVE-2025-53770). The rules are now public: github.com/SigmaHQ/sigma/… They

Many people aren’t yet aware of Nextron Systems powerful Aurora capability. In this article, I dive deep into how Aurora reconstructs ETW for detection engineering and applies Sigma rules natively on them—all without relying on traditional Event Logs or Sysmon.

New blog post – Discovery of a stealthy Linux backdoor abusing PAM While hunting for unknown threats with YARA rules, we identified a previously undocumented PAM-based backdoor we named Plague. It grants persistent SSH access and evades detection entirely. - Masquerades as

WinRAR zero-day CVE-2025-8088 - our detections New YARA catching ADS-based path traversal in RAR archives dropping into Startup: github.com/Neo23x0/signat… by Arnim Rupp CVE-2025-6218) detects WinRAR/Rar.exe writing into Startup. Same effect here – so it also fires. We’ll promote