8 new OPEN, 25 new PRO (8 + 17) TA569, XWorm, ZPHP Thanks @aryakaNetworks community.emergingthreats.net/t/ruleset-upda…

16 new OPEN, 41 new PRO (16 + 25) TA569, TA569, Lumma Stealer, XWorm community.emergingthreats.net/t/ruleset-upda…

Our friends at Aryaka Networks shared their great work with us enabling 11 rules on #Kimsuky activity - relevant rules moved to #ETOpen today! aryaka.com/blog/kimsuky-a…

36 new OPEN, 40 new PRO (36 + 4) Kimsuky, Lumma Stealer, XWorm, TA569, CVEs (Bloomberg Comdb2, Niagara, SonicWall), RMM Domains community.emergingthreats.net/t/ruleset-upda…

13 new OPEN, 31 new PRO (13 + 18) PaperCut MF/NG RCE CVE, D-Link Buffer Overflow CVE, Win32/Lumma Stealer, Win32/XWorm, Storm-2603, TA569, RMM Domains community.emergingthreats.net/t/ruleset-upda…

The ET Labs team has an intern! And as such, it's #IDS #Suricata #DetectionExercise time. Join our own Tony Robinson on #Discourse as he walks through writing some needed #CVE coverage: community.emergingthreats.net/t/detection-ex…

22 new OPEN, 28 new PRO (22 + 6) Thanks Malwarebytes Lumma Stealer, Ilevia EVE X1 Server Command Injection, Stealerium CnC, TA569 Gholoader, Vidar Stealer, zgRAT, and more :) community.emergingthreats.net/t/ruleset-upda…

4 new OPEN, 100 new PRO (4 + 96) ABB Cylon Aspect Guest login Privilege Escalation, UNK_MachoMan, XWorm community.emergingthreats.net/t/ruleset-upda…

Being a threat researcher is like being a detective: gather clues, analyze evidence, and consult experts to solve cyber puzzles. 🔍 So sip tea as the Only Malware in the Building team discusses a new wave of social engineering attacks tied to North Korea. brnw.ch/21wUIB6

15 new OPEN, 28 new PRO (15 + 13) Gholoader, ABB Cylon Aspect, Lumma Stealer, ClickFix, pgAdmin Command Injection, XWorm, SonicWall Buffer Overflow, and MORE! community.emergingthreats.net/t/ruleset-upda…

If your agent gets flooded - detect the flooding. If code gets obfuscated - detect the obfuscation. If ETW gets silenced - detect the silence. If the EDR gets killed - detect the killing. If logs get cleared - detect the clearing. The act of hiding is often more suspicious than

42 new OPEN, 45 new PRO (42 + 3) Thanks Dee TA569 Middleware Server, Gholoader, Lumma Stealer, ABB Cylon Aspect, ABB Cylon FLXeon, TinyLoader, Phantom Stealer community.emergingthreats.net/t/ruleset-upda…

11 new OPEN, 14 new PRO (11 + 3) ABB Cylon Flxeon, Gholoader, TA569 Middleware, XWorm community.emergingthreats.net/t/ruleset-upda…

9 new OPEN, 118 new PRO (9 + 109) CVE-2025-8088, Lumma, UNK_ContagiousInterview Thanks @monitorsg community.emergingthreats.net/t/ruleset-upda…

31 new OPEN, 60 new PRO (31 + 29) ReverseLoader, Lumma, CVE-2025-53778 community.emergingthreats.net/t/ruleset-upda…

7 new OPEN, 7 new PRO (7 + 0) CastleLoader, CVE-2025-8355, CVE-2025-8356 community.emergingthreats.net/t/ruleset-upda…

3 new OPEN, 25 new PRO (3 + 22) Vidar, XWorm, TA425/Patchwork Thanks @aryakanetworks community.emergingthreats.net/t/ruleset-upda…

17 new OPEN, 22 new PRO (17 + 5) Gholoader, Fortinet CVE-2025-25256 community.emergingthreats.net/t/ruleset-upda…