🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

Three Buddy Problem Episode 28 - the first of 2025 is out! With Ryan Naraine and J. A. Guerrero-Saade we discuss the US Treasury/BeyondTrust hack, APT group naming bad examples of bad examples, a new variant of the Xdr33 CIA Hive malware discovered by Nextron Research ⚡️ and exclusive

New default question for every business meeting and interview.

The US DOJ indicted additional DPRK IT remote workers. While their strategies remain largely unchanged from our previous findings, here are the key points: 1️⃣ Five individuals, including North Korean nationals Jin Sung-Il and Pak Jin-Song, were indicted for their involvement in

In case you are a medical institution, it may be worth blocking this in your firewall or if you're using the CMS features, at least search internet traffic logs for the IP 202.114.4[.]119 #iocs

Avoid pivoting on Cloudflare’s edge IPs during threat intelligence research. Because they serve numerous unrelated domains, investigating them often leads to a bottomless rabbit hole with limited actionable insights.

Check out our latest report covering Ivanti CSA vulnerability with complete root cause analysis, detailed breakdown of ITW exploitation, overview of worldwide targets alongside comprehensive IoCs & detection rules 👇🏻 harfanglab.io/insidethelab/i…

Nice sharing from MSTIC! The domain in this phishing link (securedrive.fin-tech[.]com/docs/en/register) is tied to two IPs: - 115.92.4[.]123 (KR, LG Dacom) - 210.179.30[.]213 (KR, KT) 🔍 210.179.30[.]213 is also linked to: - accounts-porfile.serveirc[.]com -

Incremental improvements and consistent investment in hacking training. DPRK went from lame to damn good in just over a decade. Anyone can develop an indigenous offensive cyber capability. It just takes time and some resource investment.

I analyzed thousands of messages from 35+ suspected state-sponsored hacktivist groups using machine learning—uncovering hidden connections through writing styles, language and topics. After a year of research, here’s what we found and how we did it. 👇 research.checkpoint.com/2025/modern-ap… 1/

AI-generated timeline and hacking scenario of the Bybit incident. Still need to verify some details, but it’s looking solid.

x.com/i/article/1897…

I’ve always wondered who was really behind the Contagious Interview campaign and couldn’t agree with attributing it to Lazarus without solid proof. But yesterday, AhnLab dropped the most solid evidence linking it to Lazarus group. Big shoutout to AhnLab! asec.ahnlab.com/en/87299/

We published a new report, covering #Gamaredon's #PteroLNK malware, used in a recent campaign. The Russian APT group continues active operations against Ukrainian targets through April 2025 1/4

LinkedIn titles that make me pause - “Visionary” / “Thought Leader” 25 years in security: the folks I actually admire stay humble and focus on the work, not on polishing a personal brand. Not a single exception.

We’re seeing a clear trend: attackers are bypassing the endpoint entirely. Not just avoiding traditional EDR-monitored systems by pivoting to embedded and edge devices, but now also operating purely in the cloud. No shell, no malware, no persistence on the endpoint. Just an OAuth

Highly comprehensive report uncovering a sophisticated Lazarus attack targeting South Korean entities. Big kudos to hypen for the incredible work!

HEADS-UP! Professor Thomas Rid is a guest buddy on the pod this week. Currently cooking in the lab 😍🔥 Thomas Rid J. A. Guerrero-Saade Costin Raiu Listen, watch, subscribe! Apple: bit.ly/3budprob YouTube: bit.ly/TBP-YT Spotify: bit.ly/3DH5wEO

The AI industry is buzzing again with MCP(Model Context Protocol). I’d been putting off testing MCP for IDA Pro, but recently started applying it to real tasks. The result: MIND-BLOWING! 😱 ✅ What’s great: - It automates tedious, repetitive parts of malware analysis, saving a

From my research notes on the Contagious Interview campaign: here are the top 10 file paths used by JavaScript in compromised NPM packages. The technique hasn’t evolved much lately, but payloads are not limited to a single path.

Nice! New advisory on #APT28, with #YARA rules! Sadly though, the APT28_HEADLACE_SHORTCUT YARA rule FPs on clean files from Thunderbird, Firefox and MS Edge. Makes you wonder, don't people test their YARA rules for false positives before publishing?🧐