♣️Cybereason Research List (2024-2025)
🎣THREAT ALERT: DarkGate Loader
➡️Blog : https://www.cybereason.com/blog/threat-alert-darkgate-loader
🎣THREAT ALERT: Ivanti Connect Secure VPN Zero-Day Exploitation
➡️Blog : https://www.cybereason.com/blog/threat-alert-ivanti-connect-secure-vpn-zero-day-exploitation
🎣From Cracked to Hacked: Malware Spread via YouTube Videos
➡️Blog : https://www.cybereason.com/blog/from-cracked-to-hacked-malware-spread-via-youtube-videos
🎣Unboxing Snake - Python Infostealer Lurking Through Messaging Services
➡️Blog : https://www.cybereason.com/blog/unboxing-snake-python-infostealer-lurking-through-messaging-service
🎣Beware of the Messengers, Exploiting ActiveMQ Vulnerability
➡️Blog : https://www.cybereason.com/blog/beware-of-the-messengers-exploiting-activemq-vulnerability
🎣Threat Alert: The Anydesk Breach Aftermath
➡️Blog : https://www.cybereason.com/blog/threat-alert-the-anydesk-breach-aftermath
🎣Behind Closed Doors: The Rise of Hidden Malicious Remote Access
➡️Blog : https://www.cybereason.com/blog/behind-closed-doors-the-rise-of-hidden-malicious-remote-access
🎣THREAT ALERT: The XZ Backdoor - Supply Chaining Into Your SSH
➡️Blog : https://www.cybereason.com/blog/threat-alert-the-xz-backdoor
🎣I am Goot (Loader)
➡️Blog : https://www.cybereason.com/blog/i-am-goot-loader
🎣Hardening of HardBit
➡️Blog : https://www.cybereason.com/blog/hardening-of-hardbit
🎣Cuckoo Spear – the latest Nation-state Threat Actor targeting Japanese companies
➡️Blog : https://www.cybereason.com/blog/cuckoo-spear
🎣Capability vs. Usability
➡️Blog : https://www.cybereason.com/blog/capability-vs-usability
🎣CUCKOO SPEAR Part 1: Analyzing NOOPDOOR from an IR Perspective
➡️Blog : https://www.cybereason.com/blog/cuckoo-spear-analyzing-noopdoor
🎣CUCKOO SPEAR Part 2: Threat Actor Arsenal
➡️Blog : https://www.cybereason.com/blog/cuckoo-spear-pt2-threat-actor-arsenal
🎣The Great Debate: On-Premise vs. Cloud based EDR
➡️Blog : https://www.cybereason.com/blog/on-premise-vs-cloud-based-edr
🎣THREAT ANALYSIS: Beast Ransomware
➡️Blog : https://www.cybereason.com/blog/threat-analysis-beast-ransomware
🎣Stellar Discovery of A New Cluster of Andromeda/Gamarue C2
➡️Blog :https://www.cybereason.com/blog/new-cluster-andromeda-gamrue-c2
🎣Your Data Is Under New Lummanagement: The Rise of LummaStealer
➡️Blog : https://www.cybereason.com/blog/threat-analysis-rise-of-lummastealer
🎣Phorpiex - Downloader Delivering Ransomware
➡️Blog :https://www.cybereason.com/blog/threat-analysis-phorpiex-downloader
⭐️@APTANALYSIS

♣️Accidentally uncovering a seven years old vulnerability in the Linux kernel
🌙Blog : https://allelesecurity.com/accidentally-uncovering-a-seven-years-old-vulnerability-in-the-linux-kernel/
⭐️@APTANALYSIS

♣️Stealers on the Rise: A Closer Look at a Growing macOS Threat
🍭Blog : https://unit42.paloaltonetworks.com/macos-stealers-growing
⭐️@APTANALYSIS

♣️Analyzing a Fully Undetectable (FUD) macOS Backdoor
🔴Blog : https://denwp.com/fully-undetectable-fud-macos-backdoor
⭐️@APTANALYSIS

♣️From Credit Card Skimming to Exploiting Zero-Days
📺Blog : https://intezer.com/blog/research/xe-group-exploiting-zero-days/
⭐️@APTANALYSIS

♣️The Anatomy of Abyss Locker Ransomware Attack
😈Blog : https://www.sygnia.co/blog/abyss-locker-ransomware-attack-analysis
⭐️@APTANALYSIS

♣️LegionLoader exposed ...
💀Blog : https://tehtris.com/en/blog/legionloader-exposed
⭐️@APTANALYSIS

♣️Unmasking : Technological Advancement and Evolution of MuddyWater in 2024
🖐Blog : https://www.gov.il/BlobFolder/reports/maddy_water_2024/en/ALERT_CERT_IL_W_1858.pdf
⭐️@APTANALYSIS

♣️ASyncRAT [IR/Malware Analysis]
🧪Blog : https://ventdrop.github.io/posts/asyncrat
⭐️@APTANALYSIS

♣️AiTM/ MFA phishing attacks in combination with “new” Microsoft protections (2025 edition)
🎣Blog : https://jeffreyappel.nl/aitm-mfa-phishing-attacks-in-combination-with-new-microsoft-protections-2023-edt
⭐️@APTANALYSIS

♣️Bitcoin to the moon: Trump endorsing, scammers exploiting
👁Blog : https://www.cloudflare.com/en-au/threat-intelligence/research/report/bitcoin-to-the-moon-trump-endorsing-scammers-exploiting/
♣️Analyzing ELF/Sshdinjector.A!tr with a Human and Artificial Analyst
📺Blog : https://www.fortinet.com/blog/threat-research/analyzing-elf-sshdinjector-with-a-human-and-artificial-analyst
♣️GetSmoked: UAC-0006 Returns With SmokeLoader Targeting Ukraine's Largest State-Owned Bank
👁 Blog : https://www.cloudsek.com/blog/getsmoked-uac-0006-returns-with-smokeloader-targeting-ukraines-largest-state-owned-bank
♣️Dual Injection Undermines Chromes App-Bound Encryption
📺Blog : https://cyble.com/blog/dual-injection-undermines-chromes-encryption/
⭐️@APTANALYSIS

♣️ALPHV Ransomware : Analyzing the BlackCat After Change Healthcare Attack
🐈‍⬛Blog : https://www.picussecurity.com/resource/blog/alphv-ransomware
⭐️@APTANALYSIS

♣️Funksec Ransomware Teams Up with Another Ransomware Group to Double Down on Targets
🐦Blog : https://www.sonicwall.com/blog/funksec-ransomware-teams-up-with-another-ransomware-group-to-double-down-on-targets
⭐️@APTANALYSIS

♣️CVE-2023-6080: A Case Study on Third-Party Installer Abuse
👁Blog : https://cloud.google.com/blog/topics/threat-intelligence/cve-2023-6080-third-party-installer-abuse
♣️Silent Lynx APT Targets Various Entities Across Kyrgyzstan & Neighbouring Nations
👁Blog : https://www.seqrite.com/blog/silent-lynx-apt-targeting-central-asian-entities/
♣️Scalable Vector Graphics files pose a novel phishing threat
👁‍🗨Blog : https://news.sophos.com/en-us/2025/02/05/svg-phishing/
⭐️@APTANALYSIS

♣️NowSecure Uncovers Multiple Security and Privacy Flaws in DeepSeek iOS Mobile App
🐦Blog : https://www.nowsecure.com/blog/2025/02/06/nowsecure-uncovers-multiple-security-and-privacy-flaws-in-deepseek-ios-mobile-app/
♣️Malicious NPM packages target marked-js library
😶Blog : https://sourcecodered.com/npm-packages-target-marked-js
⭐️@APTANALYSIS

♣️Hidden in Plain Sight: PDF Mishing Attack
😈Blog : https://zimpstage.wpengine.com/blog/hidden-in-plain-sight-pdf-mishing-attack/
♣️ROPing our way to RCE
😈Blog : https://modzero.com/en/blog/roping-our-way-to-rce/
♣️Beyond the Chatbot: Meta Phishing with Fake Live Support
😈Blog : https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/beyond-the-chatbot-meta-phishing-with-fake-live-support/
♣️Lynx Ransomware: Exposing How INC Ransomware Rebrands Itself
😈Blog : https://www.picussecurity.com/resource/blog/lynx-ransomware
♣️Premium Panel : phishing tool used in longstanding campaigns worldwide
😈Blog : https://www.intrinsec.com/wp-content/uploads/2025/01/TLP-CLEAR-Live-Control-Panel-Premium-EN.pdf
♣️FinStealer
😈Blog : https://www.cyfirma.com/research/finstealer/
♣️SiphonDNS: covert data exfiltration via DNS
😈Blog :https://ttp.report/evasion/2025/02/03/siphondns-covert-dns-exfiltration.html
⭐️@APTANALYSIS

♣️Do the CONTEC CMS8000 Patient Monitors Contain a Chinese Backdoor? The Reality is More Complicated…(claroty-t82)
👁Blog : https://claroty.com/team82/research/are-contec-cms8000-patient-monitors-infected-with-a-chinese-backdoor-the-reality-is-more-complicated
⭐️@APTANALYSIS

♣️Exploitable Episode One - Breaking IoT
🦖Blog : https://blog.doyensec.com/2025/02/11/exploitable-iot.html
⭐️@APTANALYSIS

♣️Build Your Own Offensive Security Lab A Step-by-Step Guide with Ludus
✝️Blog : https://xphantom.nl/posts/Offensive-Security-Lab
⭐️@APTANALYSIS