♣️Another Confluence Bites the Dust: Falling to ELPACO-team Ransomware
❤️Blog : https://thedfirreport.com/2025/05/19/another-confluence-bites-the-dust-falling-to-elpaco-team-ransomware
♣️BlackCat Ransomware: Tactics, Techniques & Mitigation Strategies
❤️Blog : https://www.group-ib.com/blog/blackcat/
♣️Analysis of Hannibal Stealer (newer version of Sharp Stealer)
❤️Blog : https://medium.com/@shubhandrew/analysis-of-hannibal-stealer-newer-version-of-sharp-stealer-155f0d6b093e
♣️Earth Ammit Disrupts Drone Supply Chains Through Coordinated Multi-Wave Attacks in Taiwan
❤️Blog : https://www.trendmicro.com/en_us/research/25/e/earth-ammit.html
♣️The Sting of Fake Kling: Facebook Malvertising Lures Victims to Fake AI Generation Website
❤️Blog : https://research.checkpoint.com/2025/impersonated-kling-ai-site-installs-malware/
♣️Sophisticated NPM Attack Leveraging Unicode Steganography and Google Calendar C2
❤️Blog : https://www.veracode.com/resources/sophisticated-npm-attack-leveraging-unicode-steganography-and-google-calendar-c2
♣️Dero miner zombies biting through Docker APIs to build a cryptojacking horde
❤️Blog : https://securelist.com/dero-miner-infects-containers-through-docker-api/116546/
♣️Cato CTRL™ Threat Research: Suspected Russian Threat Actors Leverage Tigris, Oracle Cloud Infrastructure, and Scaleway to Target Privileged Users with Lumma Stealer
❤️Blog : https://www.catonetworks.com/blog/cato-ctrl-suspected-russian-threat-actors/
⭐️@APTANALYSIS

♣️Open-source toolset of an Ivanti CSA attacker
🤖Blog : https://www.synacktiv.com/en/publications/open-source-toolset-of-an-ivanti-csa-attacker
♣️From banks to battalions: SideWinder’s attacks on South Asia’s public sector
🤖Blog : https://www.acronis.com/en-us/cyber-protection-center/posts/from-banks-to-battalions-sidewinders-attacks-on-south-asias-public-sector/
♣️Russian GRU Targeting Western Logistics Entities and Technology Companies
🤖Blog : https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-141a
♣️De- obfuscating ALCATRAZ
🤖Blog : https://www.elastic.co/security-labs/deobfuscating-alcatraz
♣️Fake CAPTCHA Attacks Deploy Infostealers and RATs in a Multistage Payload Chain
🤖Blog : https://www.trendmicro.com/en_us/research/25/e/unmasking-fake-captcha-cases.html
♣️VPO or LLM - Silent Werewolf uses new downloaders in attacks on Russian and Moldovan organizations
🤖Blog : https://bi.zone/expertise/blog/silent-werewolf-ispolzuet-novye-zagruzchiki-v-atakakh-na-rossiyskie-i-moldavskie-organizatsii/
♣️BadSuccessor: Abusing dMSA to Escalate Privileges in Active Directory
🤖Blog : https://www.akamai.com/blog/security-research/2025/may/abusing-dmsa-for-privilege-escalation-in-active-directory
♣️China-Nexus Threat Actor Actively Exploiting Ivanti Endpoint Manager Mobile (CVE-2025-4428) Vulnerability
🤖Blog : https://blog.eclecticiq.com/china-nexus-threat-actor-actively-exploiting-ivanti-endpoint-manager-mobile-cve-2025-4428-vulnerability
⭐️@APTANALYSIS

♣️findings on the workings of Danabot, an infostealer recently disrupted in a multinational law enforcement operation
👁Blog : https://www.welivesecurity.com/en/eset-research/danabot-analyzing-fallen-empire
♣️GhostSpy Web-Based Android RAT : Advanced Persistent RAT with Stealthy Remote Control and Uninstall Resistance
👁Blog : https://www.cyfirma.com/research/ghostspy-web-based-android-rat-advanced-persistent-rat-with-stealthy-remote-control-and-uninstall-resistance
♣️Detailed technical analysis of the Obstine Mogwai toolkit
👁Part1 : https://rt-solar.ru/solar-4rays/blog/5441
👁Part2 : https://rt-solar.ru/solar-4rays/blog/5544
♣️NSIS Abuse and sRDI Shellcode: Anatomy of the Winos 4.0 Campaign
👁Blog : https://www.rapid7.com/blog/post/2025/05/22/nsis-abuse-and-srdi-shellcode-anatomy-of-the-winos-4-0-campaign/
♣️Dissecting the macOS 'AppleProcessHub' Stealer: Technical Analysis of a Multi-Stage Attack
👁Blog : https://www.kandji.io/blog/macos-appleprocesshub-stealer
♣️ESET takes part in global operation to disrupt Lumma Stealer
👁Blog : https://www.welivesecurity.com/en/eset-research/eset-takes-part-global-operation-disrupt-lumma-stealer/
♣️Copyright Phishing Lures Leading to Rhadamanthys Stealer Now Targeting Europe
👁Blog : https://www.cybereason.com/blog/rhadamanthys-stealer-europe
♣️Text-to-Malware: How Cybercriminals Weaponize Fake AI-Themed Websites
👁Blog : https://cloud.google.com/blog/topics/threat-intelligence/cybercriminals-weaponize-fake-ai-websites/
⭐️@APTANALYSIS

♣️Infostealer Malware FormBook Spread via Phishing Campaign
🐦part1 : https://www.fortinet.com/blog/threat-research/infostealer-malware-formbook-spread-via-phishing-campaign-part-i
🐦part2 : https://www.fortinet.com/blog/threat-research/infostealer-malware-formbook-spread-via-phishing-campaign
♣️PureHVNC RAT Using Fake High-level Job Offers from Fashion and Beauty Brands
🐦Blog : https://www.netskope.com/blog/purehvnc-rat-using-fake-high-level-job-offers-from-fashion-and-beauty-brands
♣️Dissecting the macOS 'AppleProcessHub' Stealer: Technical Analysis of a Multi-Stage Attack
🐦Blog : https://www.kandji.io/blog/macos-appleprocesshub-stealer
♣️PhaaS the Secrets: The Hidden Ties Between Tycoon2FA and Dadsec's Operations
🐦Blog : https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/phaas-the-secrets-the-hidden-ties-between-tycoon2fa-and-dadsecs-operations/
♣️Cybercriminals camouflaging threats as AI tool installers
🐦Blog : https://blog.talosintelligence.com/fake-ai-tool-installers/
♣️Chasing Eddies: New Rust- based InfoStealer used in CAPTCHA campaigns
🐦Blog : https://www.elastic.co/security-labs/eddiestealer
⭐️@APTANALYSIS

♣️OtterCookie Analysis of Lazarus Group Malware Targeting Finance and Tech Professionals *&* Cyber Attacks on Government Agencies: Detect and Investigate with ANY.RUN for Fast Response
🧟‍♂️Blog : OtterCookie & Government Agencies
♣️Attacker exploits misconfigured AI tool to run AI-generated payload
😈Blog : https://sysdig.com/blog/attacker-exploits-misconfigured-ai-tool-to-run-ai-generated-payload
♣️In-depth Analysis of a 2025 ViperSoftX Variant
🧟‍♂️Blog : https://labs.k7computing.com/index.php/in-depth-analysis-of-a-2025-vipersoftx-variant
♣️LOLCLOUD - Azure Arc - C2aaS
🌙Blog : https://blog.zsec.uk/azure-arc-c2aas
♣️APT-C-53 (Gamaredon) organization uses military intelligence-related documents to analyze attacks for decoys
😈Blog : https://mp.weixin.qq.com
♣️Doppelganger: An Advanced LSASS Dumper with Process Cloning
🐱Blog : https://labs.yarix.com/2025/06/doppelganger-an-advanced-lsass-dumper-with-process-cloning
♣️BPFDoor - Part 1,2 - The past & The Present
😈Blog : PART [1] - PART [2]
♣️The strange tale of ischhfd83: When cybercriminals eat their own
😈Blog : https://news.sophos.com/en-us/2025/06/04/the-strange-tale-of-ischhfd83-when-cybercriminals-eat-their-own
♣️How Threat Actors Exploit Human Trust: A Breakdown of the 'Prove You Are Human' Malware Scheme
🚬Blog : https://dti.domaintools.com/how-threat-actors-exploit-human-trust
♣️Fingerprints of the past: F6 investigated new and previously unknown activities of the group PhantomCore
👁Blog : https://www.f6.ru/blog/traces-of-phantomcore
⭐️@APTANALYSIS

♣️The Bitter End: Unraveling Eight Years of Espionage Antics—Part One
🩸Blog : https://www.proofpoint.com/us/blog/threat-insight/bitter-end-unraveling-eight-years-espionage-antics-part-one
♣️DuplexSpy RAT: Stealthy Windows Malware Enabling Full Remote Control and Surveillance
🐍Blog : https://www.cyfirma.com/research/duplexspy-rat-stealthy-windows-malware-enabling-full-remote-control-and-surveillance/
♣️TTPs of Cyber Partisans activity aimed at espionage and disruption
😈Blog : https://ics-cert.kaspersky.com/publications/reports/2025/06/05/ttps-of-cyber-partisans-activity-aimed-at-espionage-and-disruption/
♣️Operation Phantom Enigma
👁Blog : https://global.ptsecurity.com/analytics/pt-esc-threat-intelligence/operation-phantom-enigma
♣️BladedFeline: Whispering in the dark
🐈‍⬛Blog : https://www.welivesecurity.com/en/eset-research/bladedfeline-whispering-dark
♣️A SoraAI clickbait
📺Blog : https://labs.k7computing.com/index.php/a-soraai-clickbait
♣️Operation DRAGONCLONE: Chinese Telecommunication industry targeted via VELETRIX & VShell malware.
🚬Blog : https://www.seqrite.com/blog/operation-dragonclone-chinese-telecom-veletrix-vshell-malware
♣️Blitz Malware: A Tale of Game Cheats and Code Repositories
🔪Blog : https://unit42.paloaltonetworks.com/blitz-malware-2025
⭐️@APTANALYSIS

♣️DarkEngine: CyberCX Uncovers Highly Orchestrated WordPress Phishing Campaign
⭐️@APTANALYSIS

♣️CVE-2025-33053, Stealth Falcon and Horus: A Saga of Middle Eastern Cyber Espionage
🎩Blog : https://research.checkpoint.com/2025/stealth-falcon-zero-day
⭐️@APTANALYSIS

♣️FortMajeure: Authentication Bypass in FortiWeb (CVE-2025-52970)
😈Blog : https://pwner.gg/blog/2025-08-13-fortiweb-cve-2025-52970
⭐️@APTANALYSIS

♣️CVE-2025-50154 : Zero Click, One NTLM: Microsoft Security Patch Bypass
🐱Blog : https://cymulate.com/blog/zero-click-one-ntlm-microsoft-security-patch-bypass-cve-2025-50154/
⭐️@APTANALYSIS

♣️Turning Camera Surveillance on its Axis
🌟Blog : https://claroty.com/team82/research/turning-camera-surveillance-on-its-axis
⭐️@APTANALYSIS

♣️AlphabeticalPolyShellGen: Generate an Alphabetical Polymorphic Shellcode
😈Repo : https://github.com/Maldev-Academy/AlphabeticalPolyShellGen
⭐️@APTANALYSIS

♣️Fortinet FortiSIEM Pre-Auth Command Injection (CVE-2025-25256)
🐺Blog : https://labs.watchtowr.com/should-security-solutions-be-secure-maybe-were-all-wrong-fortinet-fortisiem-pre-auth-command-injection-cve-2025-25256
⭐️@APTANALYSIS