Hmm search results on SoundCloud don’t show the numbers of plays or favorites anymore? 👎 😢 SoundCloud Support

Our blog with details on the exploitation of CVE-2024-3400 is up! An incredibly fast turn around from our detecting a breach to smashing threat actor capabilities. Huge shout out to our Volexity team and our awesome customers & a great response from the Palo Alto Networks team.

🧵Last week we (Volexity) identified and reported in-the wild (ITW) exploitation of CVE-2024-3400 affecting Palo Alto GlobalProtect 👇 volexity.com/blog/2024/04/1… #dfir #ThreatIntel #infosecurity

.Volexity shares new observations following its discovery of CVE-2024-3400 + #0day exploitation of the GlobalProtect feature in Palo Alto Networks firewalls and offers guidance for detecting compromise. More here: volexity.com/blog/2024/05/1… #dfir #threatintel #memoryforensics

Some interesting research from our team about malware using emojis as part of its C2. The malware was tailored by UTA0137 with unique customizations and the targeting is quite specific! It is a nice read — take a look.

Don’t miss Andrew Case’s talk at DEF CON on Aug 9! He will be presenting research by Volexity’s R&D team + Golden G. Richard III, "Defeating EDR Evading Malware with Memory Forensics", at 1:00PM in Track 4. More details here: defcon.org/html/defcon-32… #dfir #memoryforensics

.Volexity shares #threatintel on how #StormBamboo compromised an ISP to conduct DNS poisoning attacks on targeted organizations & abuse insecure HTTP software updates, delivering custom malware on both macOS + Windows. Read the full analysis: volexity.com/blog/2024/08/0… #dfir

We are hiring! Come join Volexity's Threat Detection team. This is a SOC-type role with purview across our customers to identify suspicious & malicious activity using our telemetry across network, EDR/AV, email, logs & more! Take a look! volexity.com/company/career…

.Volexity has published a blog post detailing variants of LIGHTSPY & DEEPDATA malware discovered in the summer of 2024, including exploitation of a vulnerability in FortiClient to extract credentials from memory. Read more here: volexity.com/blog/2024/11/1… #dfir #threatintel

Security firm @volexity, whose founder Steven Adair will speak about this at CYBERWARCON today, calls it a "nearest neighbor attack." Adair spotted it in 2022 while investigating how hackers linked to the group APT28 had breached a customer network seeking intel on Ukraine. 2/4

Steven Adair and I presented on this last month at #FTSCon (IYKYK). Steven is also presenting today CYBERWARCON. Really excited to finally share this research publicly! It's probably one of the more crazy/interesting IR engagements we've ever worked! #DFIR #ThreatIntel

🔥 Volexity founder Steven Adair joins the problem to discuss memory analysis and the technical challenges associated with memory dumping and forensics, Volexity’s “nearest neighbor” Wi-Fi hack discovery, gaps in EDR detection and telemetry, and some real-talk on the Volt Typhoon

It’s great to see NCSC UK drawing attention to the ongoing issues with network devices & appliances. Hopefully, vendors will heed the volatile data collection guidance: “Volatile data logging should support collection of… memory both at a kernel and individual process level.” 1/2

We have been tracking multiple Russian APT groups aggressively targeting organizations with Microsoft Device Code authentication phishing. The attackers got creative with tricking users into granting them access to their accounts. Have a look at our blog for all the details.

Today, Volexity released GoResolver, open-source tooling to assist reverse engineers with obfuscated Golang samples. Paul Rascagnères & Killian Raimbaud presented details at INCYBER Forum earlier today. Learn how GoResolver works + where to download it: volexity.com/blog/2025/04/0… #dfir

.Volexity #threatintel: Multiple Russian threat actors are using Signal, WhatsApp & a compromised Ukrainian gov email address to impersonate EU officials. These phishing attacks abuse 1st-party Microsoft Entra apps + OAuth to compromise targets. volexity.com/blog/2025/04/2… #dfir

Check out our latest blog covering activity from an APT group we track as UTA0338. We could tell they were using AI and LLMs & OpenAI helped confirm it in a report they released yesterday too! UTA0388 used ChatGPT to identify targets, write emails, and develop their malware!