🚨 Failed ATM heist via 4G Raspberry Pi The UNC2891 (LightBasin) group planted a 4G‑equipped Raspberry Pi on a bank’s ATM network, enabling stealthy lateral movement and a TinyShell C2 channel. Though intended to spoof ATM withdrawals, the attempt failed, highlighting hybrid

miners when an APT loader lands on the server:

Google (Google) shares initial results from running their AI-based "Deep Sleep" vulnerability finding system powered by Gemini at scale. 20 vulnerabilities across imagemagick, ffmpeg, redis, QuickJS, and more. goo.gle/bigsleep

I'm sharing my note, containing little tips and checklist on how we can attribute a piece of malware or a campaign to certain threat groups. Although it does not cover all methodologies but I think it's good for beginners to learn this topic. 👍🏻 fareedfauzi.github.io/cheatsheets/th…

We recently analyzed GodRAT, a new malware strain derived from Gh0stRAT, actively targeting financial organizations. More details here - securelist.com/godrat/117119/

🚨Alert: Internet Archive abused as hosting service for stealthy malware delivery 🔍This delivery chain is another example of legitimate and trusted services being abused for malware delivery: it starts with a JScript loader launching a PowerShell script which then downloads a

iOS 18.6.2 is out, patching an ImageIO bug that “may have been exploited” in sophisticated targeted attacks - update now 👉

The NSA, the UK’s NCSC, and several international partners have attributed the Salt Typhoon hacking campaigns to three China-based technology companies. - Sichuan Juxinhe Network Technology Co. Ltd - Beijing Huanyu Tianqiong Information Technology Co. - Sichuan Zhixin Ruijie

Insikt Group identifies a new threat actor, TAG-150, active since at least March 2025. Its multi-layered infrastructure is used to deploy likely self-developed malware families, including CastleLoader, CastleBot, and the newly documented CastleRAT. recordedfuture.com/research/from-…

Silent Push has identified dozens of previously unreported domains, all aiming to obtain long-term, stealthy access to targeted organizations, used by the Chinese APT group, Salt Typhoon | silentpush.com/blog/salt-typh… Silent Push

🚨 Scattered Spider’s New Playbook — Insider Recruitment & Access Marketplace The group has moved from chaotic data leaks to an organized cybercrime model. They’re now: 🔸 Recruiting employees and insiders in telecom, SaaS, gaming, and hosting firms (US/UK/AU/CA/FR). 🔸

🚀 Introducing #r2morph , a metamorphic binary transformation engine built on radare + #r2pipe. It applies semantic mutations (NOPs, instruction swaps, dead code, opaque predicates…) without breaking functionality. 🧠 Perfect for research on evasion, obfuscation & malware

NEW from Apple: We’re doubling our top award to $2 million for exploit chains that can achieve similar goals as sophisticated mercenary spyware attacks." security.apple.com/blog/apple-sec…

Operation Triangulation + #DanderSpritz Come back … #iphone -> Windows mp.weixin.qq.com/s/XPjT0BVOJPJx…

CNCERT confirms Operation Triangulation attacks on Chinese orgs and connects it to NewDSZ - the implant we discovered and analyzed in 2023 mp.weixin.qq.com/s/XPjT0BVOJPJx…

The HackingTeam is back! New name, new malware, new exploits securelist.com/forumtroll-apt…

Omar Amin and Sojun Ryu of Kaspersky GReAT dissect BlueNoroff's elaborate scam in their #TheSAS2025 talk. The scheme combines sophisticated social engineering with many clever tactics to trick victims into installing infostealers. The attack flow blends legitimate services like

It was truly an honor to be part of #TheSAS2025 as a speaker! I and Omar (Omar) shared some juicy insights from our extensive research on #BlueNoroff's #GhostCall and #GhostHire campaign, part of #SnatchCrypto. You can find our research below. ✅ securelist.com/bluenoroff-apt…

couldn't ask for a better partner in crime at #TheSAS2025 stage. Check out our full research, uncovering #GhostCall and #GhostHire of #Bluenoroff here: securelist.com/bluenoroff-apt…

Google Threat Intelligence Group confirms first operational use of “just in time” AI in malware families such as PROMPTFLUX and PROMPTSTEAL, where LLMs generate malicious scripts and obfuscate code on the fly. cloud.google.com/blog/topics/th…