♣️Venom Spider Uses Server-Side Polymorphism to Weave a Web Around Victims
💀Blog : https://arcticwolf.com/resources/blog/venom-spider-uses-server-side-polymorphism-to-weave-a-web-around-victims
⭐️@APTANALYSIS

♣️Inferno Drainer Reloaded: Deep Dive into the Return of the Most Sophisticated Crypto Drainer
🤩Blog : https://research.checkpoint.com/2025/inferno-drainer-reloaded-deep-dive-into-the-return-of-the-most-sophisticated-crypto-drainer
♣️Retail Under Fire: Inside the DragonForce Ransomware Attacks on Industry Giants
🤩Blog : https://www.picussecurity.com/resource/blog/dragonforce-ransomware-attacks-retail-giants
⭐️@APTANALYSIS

♣️Bit ByBit - emulation of the DPRK's largest cryptocurrency heist
🚬Blog : https://www.elastic.co/security-labs/bit-bybit
⭐️@APTANALYSIS

♣️Agenda Ransomware Group Adds SmokeLoader and NETXLOADER to Their Arsenal
🤍Blog : https://www.trendmicro.com/en_us/research/25/e/agenda-ransomware-group-adds-smokeloader-and-netxloader-to-their.html
⭐️@APTANALYSIS

♣️Finding Malware: Unveiling LUMMAC.V2 with Google Security Operations
🎱Blog : https://www.googlecloudcommunity.com/gc/Community-Blog/Finding-Malware-Unveiling-LUMMAC-V2-with-Google-Security/ba-p/899110?linkId=14295943
⭐️@APTANALYSIS

♣️Diving into the MS-RPC protocol and how to automate vulnerability research using a fuzzing approach
🔍Blog : https://www.incendium.rocks/posts/Automating-MS-RPC-Vulnerability-Research/
⭐️@APTANALYSIS

♣️CVE-2025-32756 : Write-Up of a Buffer Overflow in Various Fortinet Products
💀Blog : https://horizon3.ai/attack-research/attack-blogs/cve-2025-32756-low-rise-jeans-are-back-and-so-are-buffer-overflows
⭐️@APTANALYSIS

♣️FreeDrain Unmasked | Uncovering an Industrial-Scale Crypto Theft Network
🤩Blog :https://www.sentinelone.com/labs/freedrain-unmasked-uncovering-an-industrial-scale-crypto-theft-network/
⭐️@APTANALYSIS

♣️Pure Crypter Malware Analysis: 99 Problems but Detection Ain’t One
💀Blog : https://www.esentire.com/blog/pure-crypter-malware-analysis-99-problems-but-detection-aint-one
⭐️@APTANALYSIS

♣️New Noodlophile Stealer Distributes Via Fake AI Video Generation Platforms
🔘Blog : https://www.morphisec.com/blog/new-noodlophile-stealer-fake-ai-video-generation-platforms
⭐️@APTANALYSIS

♣️Lumma Stealer, coming and going
#️⃣Blog : https://news.sophos.com/en-us/2025/05/09/lumma-stealer-coming-and-going/
⭐️@APTANALYSIS

♣️Unveiling Swan Vector APT Targeting Taiwan and Japan with varied DLL Implants
🔴Blog : https://www.seqrite.com/blog/swan-vector-apt-targeting-taiwan-japan-dll-implants/
⭐️@APTANALYSIS

♣️Evolution of Tycoon 2FA Defense Evasion Mechanisms: Analysis and Timeline
🔴Blog : https://any.run/cybersecurity-blog/tycoon2fa-evasion-analysis/
⭐️@APTANALYSIS

♣️Analysis of APT37 Attack Case Disguised as a Think Tank for National Security Strategy in South Korea (Operation. ToyBox Story)
📨Blog : https://www.genians.co.kr/blog/threat_intelligence/toybox-story
⭐️@APTANALYSIS

♣️Dont drop password managers (but password managers shouldnt drop malware)
⭐️@APTANALYSIS

♣️Horabot Unleashed: A Stealthy Phishing Threat
📨Blog : https://www.fortinet.com/blog/threat-research/horabot-unleashed-a-stealthy-phishing-threat
♣️Excel(ent) Obfuscation: Regex Gone Rogue
📨Blog : https://www.deepinstinct.com/blog/excellent-obfuscation-regex-gone-rogue
♣️DarkCloud Stealer: Comprehensive Analysis of a New Attack Chain That Employs AutoIt
📨Blog : https://unit42.paloaltonetworks.com/darkcloud-stealer-and-obfuscated-autoit-scripting/
♣️A python in disguise: unpacking PyInstaller malware on macOS
📨Blog : https://www.jamf.com/blog/pyinstaller-malware-jamf-threat-labs/
♣️Technical Analysis of TransferLoader
📨Blog : https://www.zscaler.com/blogs/security-research/technical-analysis-transferloader
♣️Fileless Execution: PowerShell Based Shellcode Loader Executes Remcos RAT
📨Blog : https://blog.qualys.com/vulnerabilities-threat-research/2025/05/15/fileless-execution-powershell-based-shellcode-loader-executes-remcos-rat
♣️Albabat 2.0.0 Decoded: A Config-Driven Design
📨Blog : https://blog.pulsedive.com/albabat-2-0-0-decoded-a-config-driven-design
♣️Operation RoundPress
📨Blog : https://www.welivesecurity.com/en/eset-research/operation-roundpress/
⭐️@APTANALYSIS

♣️Another Confluence Bites the Dust: Falling to ELPACO-team Ransomware
❤️Blog : https://thedfirreport.com/2025/05/19/another-confluence-bites-the-dust-falling-to-elpaco-team-ransomware
♣️BlackCat Ransomware: Tactics, Techniques & Mitigation Strategies
❤️Blog : https://www.group-ib.com/blog/blackcat/
♣️Analysis of Hannibal Stealer (newer version of Sharp Stealer)
❤️Blog : https://medium.com/@shubhandrew/analysis-of-hannibal-stealer-newer-version-of-sharp-stealer-155f0d6b093e
♣️Earth Ammit Disrupts Drone Supply Chains Through Coordinated Multi-Wave Attacks in Taiwan
❤️Blog : https://www.trendmicro.com/en_us/research/25/e/earth-ammit.html
♣️The Sting of Fake Kling: Facebook Malvertising Lures Victims to Fake AI Generation Website
❤️Blog : https://research.checkpoint.com/2025/impersonated-kling-ai-site-installs-malware/
♣️Sophisticated NPM Attack Leveraging Unicode Steganography and Google Calendar C2
❤️Blog : https://www.veracode.com/resources/sophisticated-npm-attack-leveraging-unicode-steganography-and-google-calendar-c2
♣️Dero miner zombies biting through Docker APIs to build a cryptojacking horde
❤️Blog : https://securelist.com/dero-miner-infects-containers-through-docker-api/116546/
♣️Cato CTRL™ Threat Research: Suspected Russian Threat Actors Leverage Tigris, Oracle Cloud Infrastructure, and Scaleway to Target Privileged Users with Lumma Stealer
❤️Blog : https://www.catonetworks.com/blog/cato-ctrl-suspected-russian-threat-actors/
⭐️@APTANALYSIS

♣️Open-source toolset of an Ivanti CSA attacker
🤖Blog : https://www.synacktiv.com/en/publications/open-source-toolset-of-an-ivanti-csa-attacker
♣️From banks to battalions: SideWinder’s attacks on South Asia’s public sector
🤖Blog : https://www.acronis.com/en-us/cyber-protection-center/posts/from-banks-to-battalions-sidewinders-attacks-on-south-asias-public-sector/
♣️Russian GRU Targeting Western Logistics Entities and Technology Companies
🤖Blog : https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-141a
♣️De- obfuscating ALCATRAZ
🤖Blog : https://www.elastic.co/security-labs/deobfuscating-alcatraz
♣️Fake CAPTCHA Attacks Deploy Infostealers and RATs in a Multistage Payload Chain
🤖Blog : https://www.trendmicro.com/en_us/research/25/e/unmasking-fake-captcha-cases.html
♣️VPO or LLM - Silent Werewolf uses new downloaders in attacks on Russian and Moldovan organizations
🤖Blog : https://bi.zone/expertise/blog/silent-werewolf-ispolzuet-novye-zagruzchiki-v-atakakh-na-rossiyskie-i-moldavskie-organizatsii/
♣️BadSuccessor: Abusing dMSA to Escalate Privileges in Active Directory
🤖Blog : https://www.akamai.com/blog/security-research/2025/may/abusing-dmsa-for-privilege-escalation-in-active-directory
♣️China-Nexus Threat Actor Actively Exploiting Ivanti Endpoint Manager Mobile (CVE-2025-4428) Vulnerability
🤖Blog : https://blog.eclecticiq.com/china-nexus-threat-actor-actively-exploiting-ivanti-endpoint-manager-mobile-cve-2025-4428-vulnerability
⭐️@APTANALYSIS

♣️findings on the workings of Danabot, an infostealer recently disrupted in a multinational law enforcement operation
👁Blog : https://www.welivesecurity.com/en/eset-research/danabot-analyzing-fallen-empire
♣️GhostSpy Web-Based Android RAT : Advanced Persistent RAT with Stealthy Remote Control and Uninstall Resistance
👁Blog : https://www.cyfirma.com/research/ghostspy-web-based-android-rat-advanced-persistent-rat-with-stealthy-remote-control-and-uninstall-resistance
♣️Detailed technical analysis of the Obstine Mogwai toolkit
👁Part1 : https://rt-solar.ru/solar-4rays/blog/5441
👁Part2 : https://rt-solar.ru/solar-4rays/blog/5544
♣️NSIS Abuse and sRDI Shellcode: Anatomy of the Winos 4.0 Campaign
👁Blog : https://www.rapid7.com/blog/post/2025/05/22/nsis-abuse-and-srdi-shellcode-anatomy-of-the-winos-4-0-campaign/
♣️Dissecting the macOS 'AppleProcessHub' Stealer: Technical Analysis of a Multi-Stage Attack
👁Blog : https://www.kandji.io/blog/macos-appleprocesshub-stealer
♣️ESET takes part in global operation to disrupt Lumma Stealer
👁Blog : https://www.welivesecurity.com/en/eset-research/eset-takes-part-global-operation-disrupt-lumma-stealer/
♣️Copyright Phishing Lures Leading to Rhadamanthys Stealer Now Targeting Europe
👁Blog : https://www.cybereason.com/blog/rhadamanthys-stealer-europe
♣️Text-to-Malware: How Cybercriminals Weaponize Fake AI-Themed Websites
👁Blog : https://cloud.google.com/blog/topics/threat-intelligence/cybercriminals-weaponize-fake-ai-websites/
⭐️@APTANALYSIS

♣️Infostealer Malware FormBook Spread via Phishing Campaign
🐦part1 : https://www.fortinet.com/blog/threat-research/infostealer-malware-formbook-spread-via-phishing-campaign-part-i
🐦part2 : https://www.fortinet.com/blog/threat-research/infostealer-malware-formbook-spread-via-phishing-campaign
♣️PureHVNC RAT Using Fake High-level Job Offers from Fashion and Beauty Brands
🐦Blog : https://www.netskope.com/blog/purehvnc-rat-using-fake-high-level-job-offers-from-fashion-and-beauty-brands
♣️Dissecting the macOS 'AppleProcessHub' Stealer: Technical Analysis of a Multi-Stage Attack
🐦Blog : https://www.kandji.io/blog/macos-appleprocesshub-stealer
♣️PhaaS the Secrets: The Hidden Ties Between Tycoon2FA and Dadsec's Operations
🐦Blog : https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phaas-the-secrets-the-hidden-ties-between-tycoon2fa-and-dadsecs-operations/
♣️Cybercriminals camouflaging threats as AI tool installers
🐦Blog : https://blog.talosintelligence.com/fake-ai-tool-installers/
♣️Chasing Eddies: New Rust- based InfoStealer used in CAPTCHA campaigns
🐦Blog : https://www.elastic.co/security-labs/eddiestealer
⭐️@APTANALYSIS