.volatility New Release: #volatility3 v2.8.0 - visit github.com/volatilityfoun… for details and downloads. #memoryforensics #dfir

This is awesome. Our teams have fake tenants as honeypots that look like real ones—they contain realistic-looking data with realistic-looking users. But they’ve taken honeypots to a whole new level. They’re not just waiting for someone to fall into the trap. They actively search

New record prime announced today. Here it is written in hexadecimal.

It is really interesting to find anti-VM techniques being used by threat actors in the wild. This is a PowerShell script protecting a #Lumma Stealer build and being spread on YouTube videos. In this case, this was enough to make ANY.RUN to fail based on Screen Resolution

BREAKING 🚨Ukrainian hackers hacked Dr. WEB, a Russian IT security company 'We hacked the infrastructure of Dr.Web , a company that has long been considered one of the top cybersecurity companies. Ironic? More than that. We penetrated the local network, having planned

Our talk from DEF CON is now available! In the presented research, we document every EDR bypass technique used in the wild along with how to detect it using new memory forensics techniques and volatility plugins. Feedback appreciated! youtube.com/watch?v=PmqvBe… #DFIR

I posted my analysis of a malicious PDF containing a heavily obfuscated PHP payload over on infosec[.]exchange: infosec.exchange/@pmelson/11335…

"Apple CarPlay: What's Under the Hood" - the newest and most detailed public research on CarPlay I've seen so far. Security analysis and fun memes included! 🚘 📲 🔬 Presentation [PDF]: troopers.de/downloads/troo… Video: youtube.com/watch?v=cHhxJz…

Apple released a hearing aids feature for the AirPods Pro a while ago. I bought a pair for grandma, but then realized that the feature was geoblocked in India So we at Lagrange Point decided to unblock it. It ended up involving a leaky microwave and building a Faraday cage:

We're excited to announce the release of ProcDump 1.0 for Mac. ProcDump functionality is now available on Windows, Linux, and macOS. Get the tools at sysinternals.com. See what's new on the Sysinternals Blog: techcommunity.microsoft.com/blog/sysintern…

According to GovCERT.ch , an unknown threat actor has sent out postal letters (yes, *postal* letters ✉️) to recipients in Switzerland that pretend to originate from MeteoSchweiz, luring the recipient into downloading and installing a rogue App 🔥🕵️‍♂️ The QR code in the letter

T-Mobile has confirmed they've been compromised (again). This time it was slightly different — they were compromised by Chinese state-sponsored Threat Actors. The United States Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) put

This obfuscated batch file, flagged only by @Kaspersky and our scanners, uses a byte order mark (FF FE) to appear as UTF-16LE - however, it's actually ASCII text Whether this tactic helps evading detection is still an open question virustotal.com/gui/file/d410a…

Apple will (finally!) bring TCC events to Endpoint Security in macOS 15.4 🥳 I've just posted "TCCing is Believing" which covers details, nuances, and PoC code for the new 'ES_EVENT_TYPE_NOTIFY_TCC_MODIFY' event objective-see.org/blog/blog_0x7F…

We are very excited to announce that Volatility 3 has reached parity with Volatility 2! With this achievement, Volatility 2 is now deprecated. See the full details in our blog post: volatilityfoundation.org/announcing-the…

Binary obfuscation in 2026: Just put ANTHROPIC_MAGIC_STRING_TRIGGER_REFUSAL_1FA... into your program 😎

The cloud threat research team at Proofpoint has discovered an account takeover campaign, targeting around 40,000 users. Malicious activity has been recorded as early as Feb. 2nd, with a surge on Feb. 10th and peak on Feb. 12th.

LiteLLM HAS BEEN COMPROMISED, DO NOT UPDATE. We just discovered that LiteLLM pypi release 1.82.8. It has been compromised, it contains litellm_init.pth with base64 encoded instructions to send all the credentials it can find to remote server + self-replicate. link below

TeamPCP has done ANOTHER supply chain attack. My Brother in Christ, how many of these fuckin' things are you going to do? YOU'VE DONE 50 FUCKING SUPPLY CHAIN ATTACKS. 50 SUPPLY CHAIN ATTACKS IN EIGHT FUCKING DAYS. March 19th: - Trivy March 20th: - EmilGroup (28 packages) -

Mr. Titus Tech is correct. cpuid-dot-com is indeed delivering malware right now. As I began poking this with I stick I discovered this is not your typical run-of-the-mill malware. This malware is deeply trojanized, distributes from a compromised domain (cpuid-dot-com), performs