#TgToxic, an Android trojan, is now targeting banks in Europe and Latin America. Cybernews highlights Intel 471’s findings on how attackers use a domain generation algorithm (DGA) to evade takedowns. Read more: hubs.ly/Q038r0-T0 #threatintel #cybersecurity #threathunting

Our latest blog dives into a new variant of #Vo1d #botnet. C2 sinkhole data reveals it has infected 1.6M Android TVs across 200+ countries. Now leveraging RSA , its network can remains secure even if researchers register DGA C2s blog.xlab.qianxin.com/long-live-the-…

A botnet malware is rapidly spreading across 226 countries, infecting over 1.5 million Android TV devices. RSA and XXTEA encryption make it harder to detect and trace the botnet’s activity. Read the full analysis here: thehackernews.com/2025/03/vo1d-b…

⚠️ Your Device Might Be Part of the Largest CTV Botnet Ever! Cybercriminals are exploiting cheap Android devices to build a massive botnet for: 🔹 Ad fraud & fake clicks 🔹 Residential proxy abuse 🔹 DDoS attacks & account takeovers 🔹 Hidden malware pre-installed in devices

Just built an MCP for Ghidra. Now basically any LLM (Claude, Gemini, local...) can Reverse Engineer malware for you. With the right prompting, it automates a *ton* of tedious tasks. One-shot markups of entire binaries with just a click. Open source, on Github now.

🚨🇵🇹Alleged Data Breach of Worten[.]pt Exposes 9.6 Million Customer Records darkwebinformer.com/alleged-data-b…

☕ ThreatLabz has discovered a new sophisticated malware threat that we have named CoffeeLoader. The malware is a loader that implements numerous stealthy techniques to evade antivirus and EDRs via call stack spoofing, sleep obfuscation, and Windows fibers. The malware is also

Automated AI Malware Reverse Engineering with MCPs for IDA and Ghidra Full VIBE RE livestream 🏝️

We're proud to announce our support for CAPE Sandbox , a fully open-source malware sandbox developed and maintained by a dedicated group of volunteers. After almost a year of downtime, we are extremely happy that we were able to help CAPE get back online again! 🥳 👉

📢#BSidesLisbon community In 2025, we are expanding to two!full!days!of talks, networking, and real-world insights from real practitioners! 👉 Call for Papers (CFP) will open soon 👉 Tickets will go live in the coming weeks 👉 Interested in sponsoring? Reach out to us ✉️

If you’ve been laid off from a cyber intel position, please reach out if you’d like to come to SLEUTHCON.

🚨 Europol and Microsoft have come together to disrupt Lumma Stealer — the world’s largest infostealer. Together with partners, we’ve cut off cybercriminals from over 394 000 infected devices and seized 1,300+ domains. Read more ⤵️ europol.europa.eu/media-press/ne…

🚨 Lumma Stealer is down. Bitsight TRACE joined a coordinated op led by Digital Crimes Unit to dismantle the malware’s infrastructure:   ✅ 1,000+ domains seized ✅ 90+ Telegram & Steam profiles shut down ✅ LummaC2 disrupted Big win for cyber defenders.   🔗 ow.ly/5Mgo50VWGPH

BLOG POST: We are once again proud to have been involved in #OperationEndgame, this time helping to disrupt #DanaBot. We also got to collaborate closely with our buddies at Black Lotus Labs. You can read about our shared input in our co-authored blog! team-cymru.com/post/inside-da…

💥 Ransomware kill chain broken – Operation Endgame strikes again 🔸 300 servers taken down 🔸 650 domains neutralised 🔸 €3.5M crypto seized 🔸 20 international arrest warrants Europol & partners deliver another blow to global cybercrime. More ⤵️ europol.europa.eu/media-press/ne…

Payload statistics from May 2025 📊 We observed 772 tasks distributed by threat actors across the tracked botnets. This resulted in 2040 unique payloads. Top families: 1. #GCleaner 2. #LummaStealer 3. #NirSoftNirCmd 4. #Amadey 5. #Xworm Unpacking & detection: UNPACME

#XLAB's Analysis Report on the RapperBot Botnet with Over 50,000 Bots blog.xlab.qianxin.com/rapperbot-en/

Bitsight's TRACE team look into recent campaigns by ToxicPanda, an Android banking trojan designed to steal banking & digital wallet logins, overlay PIN & pattern codes, and perform unauthorized transactions. Its main targets are currently Portugal & Spain bitsight.com/blog/toxicpand…

So… I was hacked. Pwned. Big time. And I’m not kidding. It turned out to be the very same malware used in massive DDoS campaigns against DeepSeek and Twitter (erm… X). It was RapperBot... I was angry with me and with the malware. Honestly, more with me than with the malware.

🚨 The BSidesLisbon 2025 speaker lineup is now live! We’ve got insights, hardware, AI, hacks, rants, and a whole lot of 🔥 Come see who made it to the stage and start planning your schedule! 🎟️ bsideslisbon.org/2025/speakers/