Now learning from Alexander Adamov about “Turla and Sandworm come filelessly” at #VB2023

FBI disrupts Blackcat ransomware operation, creates decryption tool - Lawrence Abrams bleepingcomputer.com/news/security/… bleepingcomputer.com/news/security/…

No Name Special with Alexander Adamov on the state of malware! Infostealers, wipers, ransomware, supply chain, russian APTs and more. A very practical discussion [in Ukrainian]. Thanks Alexander Adamov ! youtu.be/bYCL0rmFwP4?si…

Prolific Russian influence actors tracked by Microsoft as Storm-1679 and Storm-1099 have pivoted their operations since June 2023 to focus on the Olympics. Learn more from this report published by Microsoft Threat Analysis Center (MTAC): msft.it/6015YmuFv

This is a really cool book. I am sure it will help to many malware analysts, and be a guiding light and an inspiration for people who want to learn more. I feel honoured that I could have my small contribution in the project. Thank you for the gift, Kyle Cucci !

I analyzed thousands of messages from 35+ suspected state-sponsored hacktivist groups using machine learning—uncovering hidden connections through writing styles, language and topics. After a year of research, here’s what we found and how we did it. 👇 research.checkpoint.com/2025/modern-ap… 1/

A security firm providing services to threat actors? 🥴 BGP routing suggests that Kaspersky is providing internet connectivity to a large Russian cyber crime outfit called "Prospero" 👀. According to Intrinsec, both, Securehost and BEARHOST are hosting their infrastructure on

The malicious JS deployed by Lazarus in the ByBit hack, 0/61 on VT.

Interesting

Kyiv’s central railway station is packed after a massive cyberattack took down its online systems. The railway’s app is down, so people are stuck waiting in long lines to buy tickets offline.

Thread Execution Hijacking is one of the well-known methods that can be used to run implanted code. In this blog we introduce a new injection method, that is based on this classic technique, but much stealthier - Waiting Thread Hijacking. Read More : research.checkpoint.com/2025/waiting-t…

#APT29 (#CozyBear) is back — this time with a twist of 🍷 📨 Fake diplomat wine event invites 🎯 Targeting government entities across Europe 🧬 New custom loader we’re calling #Grapeloader along with a new variant of #Wineloader Read more --> research.checkpoint.com/2025/apt29-phi…

Centralized resource for listing and organizing known injection techniques and POCs: //#ProcessInjection

The AI industry is buzzing again with MCP(Model Context Protocol). I’d been putting off testing MCP for IDA Pro, but recently started applying it to real tasks. The result: MIND-BLOWING! 😱 ✅ What’s great: - It automates tedious, repetitive parts of malware analysis, saving a

2022 – it took me a week coding Python tools to analyze the Conti leak. 2023 – I spent 4 days analyzing and making sense of the Vulkan files with Python. 2024 – I spent 2 days building an OCR + RAG pipeline for the ISOON leak. February 2025 – In one day, I built a more

An initial access subgroup within the Russian state actor Seashell Blizzard has expanded the threat actor's scope of operations beyond Eastern Europe to include targets in the United States and United Kingdom. msft.it/6013SZS5D

Russian state actors Aqua Blizzard and Secret Blizzard are now collaborating to target Ukrainian military systems. Meanwhile, DarkGate resurges through the ClickFix technique. Learn more from the latest Microsoft Threat Intelligence Podcast episode: msft.it/6019SiD7U

This week's show is live on all platforms, featuring Mikko Hypponen filling in for Juanito @mikko Costin Raiu J. A. Guerrero-Saade securityconversations.com/episode/mikko-…

Injecting to a remote process with reduced process access (PROCESS_CREATE_THREAD and PROCESS_QUERY_LIMITED_INFORMATION only). No ROP gadgets needed. Just clever use of Native API calls. Post by Thanos (trickster0). Good job, sir! trickster0.github.io/posts/Primitiv… #redteam #maldev

🇮🇷🇮🇱 In their latest phishing campaigns, Iranian APT Educated Manticore poses as cybersecurity researchers and executives to target top tech academics in Israel: 🔗 Fake Google Meet meetings 🌐 Phishing kits as Single Page App with React 👉 Details: research.checkpoint.com/2025/iranian-e…