Insikt Group releases a deep dive into the Lumma infostealer, active since 2022, and the affiliates behind it. The analysis highlights new, previously undocumented tools and evidence that affiliates run multiple schemes simultaneously. recordedfuture.com/research/behin…

Highly recommend this report on TAG-144. It breaks down the group's operations into five distinct clusters and reveals some serious tradecraft! From using compromised government emails to hiding payloads in JPGs. A deep dive into a very sophisticated threat.

⚠️ Cyber researchers just exposed 5 attack clusters tied to hacking group Blind Eagle—targeting Colombia’s government, banks, and critical sectors since 2024. They’re using cracked RATs, fake bank portals, and even Discord & Google Drive to deliver malware. Details →

This report on Stark Industries is a fantastic case study in the cat-and-mouse game between hosting providers and law enforcement. The new "Threat Activity Enabler" (TAE) terminology is spot-on and highlights the critical role these providers play in the cybercrime ecosystem.

SecInterviewHub Triage Literally, tria.ge Used it forever and all vx-underground samples went there for awhile

Already seeing some updates in RIPE in response to our report.... 👀 #StarkIndustries #AS44477

Recorded Future: Stark Industries, along with its CEO and owner, was formally sanctioned by the Council of the European Union on May 20, 2025, for enabling Russian state-sponsored cyber operations | recordedfuture.com/research/one-s… Recorded Future

Thanks to the awesome work by our team we can finally announce our official urlscan cli tool: urlscan.io/blog/2025/09/0… - Submit scans, run searches, find domains, get creative. Feel free to share your use-cases with us on X! Download on Github or homebrew.

⚡️ New report out today from our team at Recorded Future: “Russian Influence Assets Converge on Moldovan Elections” Ahead of the upcoming parliamentary elections, we touch on multiple Russia-based/linked influence operations we assess are attempting to destabilize Moldova,

A significant amount of #CastleLoader C2 infrastructure identified by Julian-Ferdinand and Jerri P in their latest report was tied to #ThreatActivityEnabler 🇬🇧 FEMO IT SOLUTIONS #AS214351 utilising 🇩🇪 aurologic GmbH #AS30823 as their sole upstream provider. One to watch out for!

Check out the latest @recordedfuture report from Julian-Ferdinand , Marius, and me on TAG-150, where we break down CastleLoader and CastleRAT (Python + C variants). Recent TTP: C2 deaddrops on Steam Community pages, marking a new infrastructure tactic 🔗recordedfuture.com/research/from-…

Insikt Group identifies a new threat actor, TAG-150, active since at least March 2025. Its multi-layered infrastructure is used to deploy likely self-developed malware families, including CastleLoader, CastleBot, and the newly documented CastleRAT. recordedfuture.com/research/from-…

🌟New report out today!🌟 Blurring the Lines: Intrusion Shows Connection With Three Major Ransomware Gangs Analysis and reporting completed by Renzon, EncapsulateJay, Roman Konicek, & Adam Rowe Audio: Available on Spotify, Apple, YouTube and more! Report:⬇️

Great blog from briankrebs referencing our recent report on #StarkIndustries. Makes a very good point to highlight the links to MIR Hosting again. Where there are Dutch prefixes under these providers, there is usually always MIR upstream. krebsonsecurity.com/2025/09/bullet…

🚨🇨🇳💰 New Threat Insight blog on TA415 (APT41) economy and trade-themed spearphishing against US govt, think tanks & academia. The campaigns used U.S.-China economic lures and spoofed the Chair of the House Select Committee on CCP competition + the US-China Business Council.

LABScon 2025 Chi-en (Ashley) Shen (@ashl3y-shen.bsky.social) Cisco Talos Intelligence Group Vitaly Kamluk Gabe Alex Delamotte SentinelLabs Danny 🌻 Black Lotus Labs Fresh SentinelLabs and Recorded Future collab from Aleksandar Milenkoski and Julian-Ferdinand: Chinese APT hitting Taliban in Afghanistan. Don't sleep on this weeks Bagram AFB news! 🇺🇸🇦🇫 🇨🇳 Outstanding research, watch for more public detail to come on this soon. #LABScon25

The UK has sanctioned Aeza International, citing its involvement in destabilising Ukraine by providing internet services to Russian disinformation campaigns. This follows OFAC sanctions in July. gov.uk/government/new…

Already decided what's for dinner today? Fancy some fish? 🎣 If so, 14B Turner Street in 🇬🇧 Manchester might be the place to go. Its ground floor seems to host an Italian restaurant, according to Google Street View, which certainly has fish on the menu. 🍽️ Craving a more

Lawrence_Sec Nothing to see here...bgp.tools/as/214943#pref…

Great work by my colleague, Lawrence_Sec ! He dives deep into the systemic flaw where "neutral" internet governance lets sanctioned ISPs evade restrictions and continue supporting #cyberattacks and #disinformation. A must-read on the infrastructure gap. 👇