My first blog with Proofpoint is live! And we love a good crossover. State-sponsored actors try their hand at ClickFix - the hottest thing in cybercrime. Meet the North Koreans, Iranians, and Russians who are upping their social engineering game proofpoint.com/us/blog/threat…

Saher's first blog on the scourge that is ClickFix usage in the espionage space!! Had to sneak in UNK_RemoteRogue's RDP shenanigans as well - a thus far unattributed group we assess to be Russia-aligned, using a pretty fun set of email tactics

🚨 Heads up! 🚨 APT41 is getting creative, using Google Calendar 🗓️ as their latest C2 trick. Google Threat Intelligence Group just pulled back the curtain 🎭 on the TOUGHPROGRESS malware campaign and how we shut it down 💪. Dive into the details here: 🚀cloud.google.com/blog/topics/th…

Got this pretty sweet looking job offer in my DMs. I've always wanted to be a webshell engineer.

Here it goes theins.press/en/inv/281731

More CVE-2024-42009 exploitation from invoice[@]b-s-r[.]eu from May 29, 2025 Same subject and payload that CERT Polska found, but sent via TOR node instead of freemail provider

Red team? trellix.com/blogs/research…

Fun crossover blog about TA829 (RomCom) & TransferLoader with my ecrime pals it’s got everything: 🛰️ Popped routers for sending phish 📊 ACH on attribution 👾 custom protocols 👽 cool malware 🕵️ crime 🎯 espionage ❔many unanswered questions proofpoint.com/us/blog/threat…

Fun blog from Greg Lesnewich and team. Come for the great title, stay for the excellent analysis highlighting some strange overlaps and unanswered questions.

🚨🆕🐟🍟 New blog from me and the amazing Threat Insight team covering recent activity by multiple China-aligned threat actors targeting semiconductor companies in Taiwan over the past few months: proofpoint.com/us/blog/threat…

An important question Microsoft is asking. Perhaps a better question is why companies known to be contributing vulns to China’s CNNVD database are permitted to participate in MAPP at all? bloomberg.com/news/articles/…

The @Proofpoint threat research team published new research identifying a new cyber-espionage campaign by #TA415 (#APT41), a China-aligned threat actor, exploiting growing uncertainty in U.S.-China economic relations. ⤵️ brnw.ch/21wVTgw

🚨 NEW RESEARCH — I reveal "BIETA," a likely front for the 1st Research Institute of China's Ministry of State Security (MSS). Engaged in steganography and security product R&D, BIETA likely enables state security COVCOM and cyber capabilities recordedfuture.com/research/bieta…

Proofpoint threat researchers have designed an open-source tool—named PDF Object Hashing—to track and detect the unique characteristics of PDFs used by threat actors... similar to a digital fingerprint. 🫆 We use this tool internally to help track multiple threat actors with

#PIVOTcon26 registration is now OPEN 🤟📷 #ThreatResearch #ThreatIntel 📷pivotcon.org Please read carefully the whole 🧵 for the rules about invite -> registration (1/6)🌐