♣️Warlock: From SharePoint Vulnerability Exploit to Enterprise Ransomware
🌟Blog : https://www.trendmicro.com/en_us/research/25/h/warlock-ransomware.html
♣️Investigation Report: APT36 Malware Campaign Using Desktop Entry Files and Google Drive Payload Delivery
🌟Blog : https://www.cloudsek.com/blog/investigation-report-apt36-malware-campaign-using-desktop-entry-files-and-google-drive-payload-delivery
♣️APT MuddyWater Deploys Multi-Stage Phishing to Target CFOs
🌟Blog : https://hunt.io/blog/apt-muddywater-deploys-multi-stage-phishing-to-target-cfos
♣️Phantom Pains: A Massive Cyber Espionage Campaign and Possible Split of the PhantomCore APT Group
🌟Blog : https://www.ptsecurity.com/ru-ru/research/pt-esc-threat-intelligence/phantom-pains-a-large-scale-cyber-espionage-campaign-and-a-possible-split-of-the-apt-group-phantomcore/#id1
♣️Think before you Click(Fix): Analyzing the ClickFix social engineering technique
🌟Blog : https://www.microsoft.com/en-us/security/blog/2025/08/21/think-before-you-clickfix-analyzing-the-clickfix-social-engineering-technique/
♣️A Cereal Offender: Analyzing the CORNFLAKE.V3 Backdoor
🌟Blog : https://cloud.google.com/blog/topics/threat-intelligence/analyzing-cornflake-v3-backdoor/
♣️Examining the tactics of BQTLOCK Ransomware & its variants
🌟Blog : https://labs.k7computing.com/index.php/examining-the-tactics-of-bqtlock-ransomware-its-variants/
⭐️@APTANALYSIS

♣️Operating Outside the Box: NTLM Relaying Low-Privilege HTTP Auth to LDAP
Blog : https://specterops.io/blog/2025/08/22/operating-outside-the-box-ntlm-relaying-low-privilege-http-auth-to-ldap
⭐️@APTANALYSIS

♣️Blurring the Lines: Intrusion Shows Connection With Three Major Ransomware Gangs
Blog :https://thedfirreport.com/2025/09/08/blurring-the-lines-intrusion-shows-connection-with-three-major-ransomware-gangs/
⭐️@APTANALYSIS

♣️Threat Intelligence Report: APT35 Internal Leak of Hacking Campaigns Against Lebanon, Kuwait, Turkey, Saudi Arabia, Korea, and Domestic Iranian Targets
🐈‍⬛Blog : https://dti.domaintools.com/threat-intelligence-report-apt35-internal-leak-of-hacking-campaigns-against-lebanon-kuwait-turkey-saudi-arabia-korea-and-domestic-iranian-targets
⭐️@APTANALYSIS

♣️Onion Overloading via Tor2web
🧅Blog : https://medium.com/@aryanchehreghani/onion-overloading-via-tor2web-77c73fe71dc0
⭐️@APTANALYSIS

♣️MongoDB Unauthenticated Attacker Sensitive Memory Leak
⏳Blog : https://www.ox.security/blog/attackers-could-exploit-zlib-to-exfiltrate-data-cve-2025-14847/
⭐️@APTANALYSIS

♣️Attackers exploit vulnerability CVE-2005–55182 in attacks on Russian companies
🌐Blog : https://bi.zone/expertise/blog/zloumyshlenniki-ekspluatiruyut-uyazvimost-cve-2025-55182-v-atakakh-na-rossiyskie-kompanii
♣️MongoBleed: CVE-2025-14847 Memory Corruption in MongoDB. Your Database Talks Back
🌐Blog : https://phoenix.security/mongobleed-vulnerability-cve-2025-14847
♣️The Story of a Perfect Exploit Chain: Six Bugs That Looked Harmless Until They Became Pre-Auth RCE in a Security Appliance
🌐Blog : https://mehmetince.net/the-story-of-a-perfect-exploit-chain-six-bugs-that-looked-harmless-until-they-became-pre-auth-rce-in-a-security-appliance
♣️Livewire: remote command execution through unmarshaling
🌐Blog : https://www.synacktiv.com/en/publications/livewire-remote-command-execution-through-unmarshalinghttps://www.synacktiv.com/en/publications/livewire-remote-command-execution-through-unmarshaling
⭐️@APTANALYSIS

♣️When Malware Talks Back
🌐Blog : https://www.pointwild.com/threat-intelligence/when-malware-talks-back
⭐️@APTANALYSIS

♣️Deep Dive into New XWorm Campaign Utilizing Multiple-Themed Phishing Emails
👮‍♀Blog : https://www.fortinet.com/blog/threat-research/deep-dive-into-new-xworm-campaign-utilizing-multiple-themed-phishing-emails
⭐️@APTANALYSIS

♣️Detecting Russian Threats to Critical Energy Infrastructure
🔬Blog : https://www.truesec.com/hub/blog/detecting-russian-threats-to-critical-energy-infrastructure
⭐️@APTANALYSIS

♣️Inside Gunra RaaS: From Affiliate Recruitment on the Dark Web to Full Technical Dissection of their Locker
🍎Blog : https://www.cloudsek.com/blog/inside-gunra-raas-from-affiliate-recruitment-on-the-dark-web-to-full-technical-dissection-of-their-locker
⭐️@APTANALYSIS

♣️Tenant from Hell: Prometei's Unauthorized Stay in Your Windows Server
🖥Blog : https://www.esentire.com/blog/tenant-from-hell-prometeis-unauthorized-stay-in-your-windows-server
⭐️@APTANALYSIS

💀Hot headlines over the past week
♣️How ClickFix Opens the Door to Stealthy StealC Information Stealer
💿Blog : https://www.levelblue.com/blogs/spiderlabs-blog/how-clickfix-opens-the-door-to-stealthy-stealc-information-stealer
♣️Odyssey Stealer: Inside a macOS Crypto-Stealing Operation
⏳Blog : https://censys.com/blog/odyssey-stealer-macos-crypto-stealing-operation
♣️Lotus Blossom (G0030) and the Notepad++ Supply-Chain Espionage Campaign
🟥Blog : https://dti.domaintools.com/research/lotus-blossom-and-the-notepad-supply-chain-espionage-campaign
♣️LummaStealer Is Getting a Second Life Alongside CastleLoader
🌎Blog : https://www.bitdefender.com/en-us/blog/labs/lummastealer-second-life-castleloader
♣️LockBit strikes with new 5.0 version, targeting Windows, Linux and ESXI systems
🔮Blog : https://www.acronis.com/en/tru/posts/lockbit-strikes-with-new-50-version-targeting-windows-linux-and-esxi-systems
⭐️@APTANALYSIS