🔥Telegram İfşa

#ESETresearch has discovered #HybridPetya ransomware on VirusTotal: a UEFI-compatible copycat of the infamous Petya/NotPetya malware. HybridPetya is capable of bypassing UEFI Secure Boot on outdated systems. Martin Smolar welivesecurity.com/en/eset-resear… 1/8

#HybridPetya Related Samples 👇 bazaar.abuse.ch/browse/tag/Hyb…

Updated #PEsieve / #HollowsHunter / #MalUnpack: github.com/hasherezade/pe… / github.com/hasherezade/ho… / github.com/hasherezade/ma… - check them out 💙

🕵️macOS threats are leveling up! The rebranded MacSync Stealer (formerly mac.c by “mentalpositive”) has moved to a stealthy, Go-based backdoor, quieter than AMOS, enabling full remote control beyond mere data theft. See details on hands-on-keyboard remote control on macOS

🚨 Phantom Stealer samples distributed using a basic Dotnet Loader 🔎 What we’re seeing: - Dotnet loader binaries internally named “output.exe”. - They contain a class named “StandaloneLoader”. - All of them show the same behavior: First they load an assembly internally referred

The sample was seen from Italy and India... 🤔

#ESETresearch has discovered the first known cases of collaboration between Gamaredon and Turla, in Ukraine. Both groups are affiliated with the FSB, Russia’s main domestic intelligence and security agency. welivesecurity.com/en/eset-resear… 1/3

Okay, I'm done looking at the malware. I enjoyed reversing it and looking at it. I've got stuff I gotta do now though. Interesting technique by "David" to hire someone from Telegram to make the video game. I never considered this as a TTP. +1 cat picture for the clever idea. -1

We looked at #BlockBlasters malware last week and had it reported to Steam some time ago. Here are some findings. 🧵 (article is in publishing)

🔐 #GUNRA #RANSOMWARE - WHAT YOU DON'T KNOW! Just dove into a deep analysis of Gunra Group! 📖 Check out the full breakdown: theravenfile.com/2025/09/23/gun… #Cybersecurity #Ransomware #ThreatIntel #Gunra #InfoSec #DarkWeb #OSINT #CyberSec #Hack #DataBreach #Malware #Conti #Ransom #TOR

#ESETresearch has uncovered the North Korea-aligned threat actor, DeceptiveDevelopment, targeting freelance developers with trojanized coding challenges and fake job interviews.  welivesecurity.com/en/eset-resear… 1/6

My recent writeup on updates in #Rhadamanthys stealer, along with some scripts that may be helpful in analysis. Check it out!

📜 𝐇𝐞𝐫𝐨𝐝𝐨𝐭𝐮𝐬: 𝐓𝐡𝐞 𝐌𝐚𝐥𝐰𝐚𝐫𝐞 𝐓𝐡𝐚𝐭 𝐖𝐚𝐧𝐭𝐬 𝐭𝐨 𝐁𝐞 𝐇𝐮𝐦𝐚𝐧 Unlike traditional banking Trojans, Herodotus doesn’t just steal credentials – 𝐢𝐭 𝐩𝐫𝐞𝐭𝐞𝐧𝐝𝐬 𝐭𝐨 𝐛𝐞 𝐡𝐮𝐦𝐚𝐧. 👉 Read the full blog here: hubs.ly/Q03QmJjP0

#PureLogsStealer 👇 ⛔️C2: 176.65.139[.]19:5888 👇 Samples Collection updated/tagged ✅bazaar.abuse.ch/browse/tag/176…

Our NVISO #IncidentResponse Team has been tracking #VShell campaigns worldwide! More than 1,500 active VShell servers were uncovered, each capable of giving attackers remote control over compromised networks. Read the report here 👇 nviso.eu/blog/nviso-ana…

So, it turns out it was reported here over a month ago and I’m sharing this because actors are already abusing it. #Fortinet #FortiWeb #0day x.com/defusedcyber/s…

The SHA1-Hulud npm mess keeps growing, so we added additional detections for it today - new YARA rules by my colleague Marius Benthin in our public signature-base - cover bun_environment.js / setup_bun.js and the malicious preinstall script variants from the Wiz / Aikido

A new wiper attack has been identified by ClearSky Cyber Security affecting Ukraine. We named this wiper "GamaWiper" (VBS-based wiper). The intrusion chain begins with the exploitation of a vulnerable WinRAR version (CVE-2025-80880). We assess with moderate confidence that this