Today was not a security or cyber incident. Our customers remain fully protected. We understand the gravity of the situation and are deeply sorry for the inconvenience and disruption. We are working with all impacted customers to ensure that systems are back up and they can

To the engineers at CS and at the impacted organizations, thank you for the herculean work you're all doing.

This is crazy. Wild it’s been exploitable so long. 🤞 a patch comes soon 🤞 Catch Joe Desimone at #BHUSA to get the skinny.

Brand new research on this newly discovered family. YARA, detection logic, rules included.

Another banger. Second part of the series. Dense, but I’ve not seen all this assembled together in the past.

#ElasticSecurityLabs is introducing HexForge, our tool that enhances #IDAPro with manipulation capabilities built into the hex and disassembly views. HexForge makes it easy to copy and patch binary data and currently supports RC4, AES, ChaCha20, and XOR: go.es.io/4cTCME2

Cool research by DefSecSentinel great walkthrough of these Python "coding challenges" that the DPRK is continuing to float around. elastic.co/security-labs/…

Lets do an Elastic Behavior breakdown on this malicious #Python package, targeting #macOS, to include how we can detect and prevent threats like this featuring a sneak peek at one of the new data sources coming to our Elastic macOS agent very soon. Here is the link to the

This is tremendously exciting. Bug bounty for rules - the commitment to openness and improvement continues. Iron sharpens iron.

adapter.radiws[.]com app.radiys[.]com support.anyconnact[.]com cloud.online-wsus[.]net probably related with Elastic report on #REF7707 infrastructure, naming convention also matches found with Validin pivoting on indicators report: elastic.co/security-labs/…

Elastic Security Labs researchers look into the REF7707 campaign targeting the foreign ministry of a South American country. The intrusion set utilized by REF7707 includes novel malware families such as FINALDRAFT, GUIDLOADER and PATHLOADER. elastic.co/security-labs/…

92 new OPEN, 106 new PRO (92 + 14) SocGholish, Lumma Stealer, REF7707, TA2726, NetSupport RAT, TA4903, TA399.... community.emergingthreats.net/t/ruleset-upda…

The significant thing to note with the ABYSSWORKER intrusion is that this isn't just BYOD; it's BYO(Malicious)D, something that's not super common. Solid research and analysis by Cyril F.

Sometimes naming intrusions and families can be tough - but sometimes TAs do all the hard work. Sorry Shelby's, but SolidSnake and Seth had to put you to the canvas. #shelbyc2 #shelbyloader #ref8685

Huh? That’s weird… what is that? It kind of looks like it’s a… new #cybersecurity report? 🤔 We’re excited about this one. Look out for more this week.

some detection/hunt rules to get started for SAP vuln CVE-2025-31324 : - JSP/JAVA/Class creation in the SAP IRJ dir. - Suspicious child processes indicating execution. github.com/elastic/detect…

As defenders it’s always interesting to see how TAs view the landscape vs. the commercial checkboxes. Iron sharpens iron, good red teams make good blue teams.

YAAAHHHSSSS

Excited to publish this in a few days…