I came across a Linux variant of the #Sarcoma ransomware that currently has a zero detection rate on VirusTotal hash: 7ea6af07ca9ed77934b2398e898afe4eaa13d29022fcf5da33254769ad284d75

We have some detection.

We’re excited to announce the launch of malops.io , a platform built by analysts, for analysts and it’s completely free. You can join and enjoin with our frist challenge about RokRat Loader.

🔥 Our new eBook is out: Modern Threat Hunting - 10 Practical Steps to Outsmart Adversaries hunt.io/learning/moder… IOC pivots, SSH key tracking, ASN abuse, C2 clustering, all backed by real examples and HuntSQL™ queries. Grab your free copy 👇 #ThreatHunting #CyberSecurity

🚀 Hunt 2.1 is live! hunt.io/blog/product-u… A major release focused on speed, context, and better coverage to help you hunt threats faster and with more clarity. What’s new: • AI file analysis tags exploits and targets • IOC Hunter feed is now supported in the Cyware

=^._.^= New blog post: Katz Stealer - a credential and data stealer with everything a modern infostealer needs: process hollowing, UAC bypass, headless browser injection, and a mild dislike for CIS locales We broke it down from gzip to clipboard exfil, mapped the infection

My team has been working on this all week Enjoy the report - and feel free to plug the included detection rules into your stack #YARA, #Sigma, #IOCs - it’s all there 🛠️

I am happy to share my technical analysis with my friend Jonathan Peters about new stealer called #Katz. we added: - Sigma rules - YARA signatures - Full IOC set Report here: nextron-systems.com/2025/05/23/kat…

MalasadaTech #upx packed binary >> final payload #katz stealer Gameel Ali 🤘 and Jonathan Peters shared details here: nextron-systems.com/2025/05/23/kat…

The Nextron Threat Research Team explore Katz Stealer's infection chain and the various techniques it employs to evade detection & exfiltrate sensitive data from popular web browsers, wallet apps, communication platforms, email apps, network & system data. nextron-systems.com/2025/05/23/kat…

New Sigma release r2025-05-21 is available for download. 🌟15 New Rules 🛡️47 Rule updates 🔬13 Rule Fixes Explore the full release -> github.com/SigmaHQ/sigma/… This release focused mainly on updates and tunings of older rules, with newer detections covering NimScan, AdFind,

Free malware analysis challenge about new stealer malware called #Katz Stealer. link: malops.io/challenges/9

Stealth in 100 Lines – PAM Backdoors in Linux by Pierre-Henri Pezier - Auth bypass + credential theft via pam_sm_authenticate hook - <100 LOC, 0-1 VT detections - Masquerades as legit PAM module - Detected by THOR using rules that flag control flow anomalies, suspicious

🚨 New research: Abusing Paste[.]ee to Deploy XWorm and AsyncRAT Across Global C2 Infrastructure hunt.io/blog/pasteee-x… A weird JS file led us to paste[.]ee abuse, obfuscated payloads, and active XWorm and AsyncRAT servers. Regex, IOCs, and infrastructure breakdown inside.

🚨 About CVE-2025-33053 - a crazy Windows execution flow vulnerability This flaw abuses how Windows resolves executable paths when trusted binaries spawn child processes without full paths. For example, a legitimate tool like iediagcmd.exe is launched from a .url file that

On malops.io, I shared two challenges focused on malware analysis. They are based on real samples to provide a practical experience and help participants understand what it's like to work as a real malware analyst.

We analyzed the top 500 most successful THOR rules – “successful” meaning: they detected samples that were either ignored or missed by nearly all AV engines on VirusTotal. Some rules detect clear malware. Others reveal dual-use tools, renamed hacktools, misused admin binaries,

New Sigma release r2025-07-08 is available for download. 🌟43 New Rules 🛡️34 Rule updates 🔬27 Rule Fixes Explore the full release -> github.com/SigmaHQ/sigma/… This release introduces a bunch of new rules including detections for - Katz Stealer - MeshAgent usage -

New Challenge on MalOps.io: PureLogs Stealer A fresh analysis challenge is now live. This time, you're looking at PureLogs, a .NET-based info-stealer that’s been seen in active campaigns. Your job is to analysis it to answer our questions created by: M4lcode

🎯 After 3 Real-World Malware Challenges. The Global Leaderboard Is Live! 🌍💥 We’ve just wrapped up three challenges based on real malware samples on Malops.io and it's time to recognize the top analysts from around the globe! 💻⚔️