New post! Crimes against NTDLL - Implementing Early Cascade Injection in Rust: fluxsec.red/implementing-e… Original research by Outflank

Very detailed blog post z🔥

His name is Bao Phuc Cao. He is a biomedicine student at Melbourne University. Despite filming hundreds of women in public toilets he has walked free from court without a conviction. The courts won’t do their job so let’s make him famous.

[RELEASE] Better late than never! Part 3 is out! Fantastic unwind information and where to find them. We went digging through .pdata, RTF Lookups, and a few ntdll internals that probably weren't meant to be touched. BYOUD dropping alongside. Enjoy 😉 klezvirus.github.io/posts/Byoud/

FancyBear Exposed: Major OPSEC Blunder Inside Russian Espionage Ops - Ctrl-Alt-Intel ctrlaltintel.com/threat%20resea…

Boggy Serpens, an Iranian state-sponsored threat group, now uses AI-assisted malware development and advanced evasion techniques. Our research details their evolving cyberespionage tactics. Read the full analysis to understand their techniques: bit.ly/4cNmLTZ

New blog post: Building a Pipeline for Agentic Malware Analysis Agentic RE + malware analysis with custom skills, MCP tooling, and persistent case state to automate intial triage Link: synthesis.to/2026/03/18/age… Github: github.com/mrphrazer/agen…

Elastic Security Labs has been observing malicious campaigns delivering a multi-stage infection involving a previously undocumented loader. The SILENTCONNECT loader delivers ScreenConnect - a RMM tool used to control victim machines - as its final payload. elastic.co/security-labs/…

🔎New #ABE #bypass spotted ITW #VoidStealer is the first #infostealer to weaponize a debugger-based technique that extracts the v20_master_key straight from browser memory, requiring neither privilege escalation nor code injection, making it significantly stealthier than

📌 Looking Back: Iranian APT Infrastructure in Focus hunt.io/blog/iranian-a… Two weeks ago, we analyzed infrastructure linked to several Iranian-aligned threat groups. Pivoting across IPs, hashes, ASNs, and TLS certificates revealed clusters tied to actors like MuddyWater and

FOX-IT & NCC Group report an SEO poisoning campaign active since Oct 2025, using fake download sites for 25+ popular apps to push malicious installers. Victims get ScreenConnect for initial access, then AsyncRAT with a crypto clipper, plugins & geo-fencing nccgroup.com/research/async…

New Post: corelan.be/index.php/2026… #corelan

Generative AI Addiction Syndrome is probably a new addiction in 2026

Releasing KslKatz. Combining KslDump and GhostKatz to dump LSASS using no-fix KslD.sys memory read to bypass PPL. Extracts MSV1_0 NT hashes and WDigest cleartext passwords (if enabled) from LSASS using a Microsoft-signed driver. github.com/S1lkys/KslKatz

valueable blog post 🔥

Very good report

We released a new public tool, 3LayersPersistence, that demonstrates 3 different persistence layers implemented in one executable. github.com/Maldev-Academy… The implementation uses WMI event subscriptions, DLL sideloading, and COM hijacking in a single workflow, with the

What a time we are living in 😭

Cool project github.com/Whispergate/In…

👌 good quality blogs keep coming out from Kapla