Unmasking the China-nexus #Storm2603 toolset that pre-dated the ToolShell wave. 📅Active since at least Apr 2025. 🔑Multiple ransomware deployed together: LockBit + Warlock. 💥Custom backdoors: ak47dns & ak47http. Read more --> research.checkpoint.com/2025/before-to…

New blog post – Discovery of a stealthy Linux backdoor abusing PAM While hunting for unknown threats with YARA rules, we identified a previously undocumented PAM-based backdoor we named Plague. It grants persistent SSH access and evades detection entirely. - Masquerades as

The periodic table of Windows event IDs. #ThreatHunting #DFIR

New challenge coins celebrating 20 years of Trend Zero Day Initiative ! Want one? Find me at hacker summer camp!

WARP is here in Binary Ninja 5.1! It’s our new signature‑matching system that’s not just faster and smarter, but actually easier to use too. Build and share libraries easily, pull in type info, even prep for cross‑tool compatibility. WARP is the future. Go try it.

🚨 You won't want to miss tomorrow's opening #BHUSA Keynote “Three Decades in Cybersecurity: Lessons Learned and What Comes Next” by @mikko. A deep dive into 30 years of #cybersecurity and the road ahead. 🗓️ Aug 6 | ⏰ 9:00–10:00 AM📍Michelob ULTRA Arena 🔗

Exploiting a Windows NTFS implementation vulnerability for escalation of priveleges by immortalp0ny swarm.ptsecurity.com/buried-in-the-… #Windows #infosec

x.com/i/article/1952…

One of the coolest new things in Binary Ninja 5.1? Pseudo Objective‑C. Huge shoutout to Mark Rowe, who actually wrote this before joining the team (talk about an overkill job application). If you’re digging into iOS, Swift, or kernelcaches, this one’s a game‑changer.

🔎 Coming soon to IDA 9.2: a built-in microcode viewer to explore decompiler internals at any maturity level. eu1.hubs.ly/H0mdGbM0

Our latest post details how we exploited Retbleed (a CPU vulnerability) to compromise a machine from a sandboxed process and VM! Curious? 👇 bughunters.google.com/blog/624373010…

From Bitmaps to Payloads - Technical analysis of a steganographic loader (Crypter and Tools) used by likely-TA558 to deliver various malware in Italy and Colombia github.com/ShadowOpCode/F…

Our slide is online: i.blackhat.com/BH-USA-25/Pres… Glad to share our pre-auth DoS & RCE bug hunting research at #BHUSA! Thanks Black Hat for the pre-recording, as we couldn’t attend in person this time for personal reasons. Questions? DM us VictorV wei zhiniang peng

This Three Buddy Problem podcast episode is one of the best analyses I’ve listened to so far. Their assessment of Predatory Sparrow and the ambiguities of assessing cyber campaigns in a messy conflict is something worth your time: podcasts.apple.com/gb/podcast/thr…

[New Blog 📚] Echo Chambers  - Feedback Loops in Detection Engineering You ship a detection, get feedback. Is that feedback accurate? Is it diverse enough? or are you just stuck in an echo chamber of feedback loops? Read more in this short blog - nasbench.medium.com/echo-chambers-…

PDQ SmartDeploy versions prior to 3.0.2046 used static, hardcoded encryption keys for cred storage. Low-privileged users could potentially access admin creds from registry or deployment files. Garrett unpacks his testing in his latest blog post. ghst.ly/4mjyuvw

Xbow raised $117M to build AI hacker agents, in Alias Robotics open-sourced it and made it completely free. Github: github.com/aliasrobotics/… Paper: arxiv.org/abs/2504.06017