♣️Threat Intelligence Report: APT35 Internal Leak of Hacking Campaigns Against Lebanon, Kuwait, Turkey, Saudi Arabia, Korea, and Domestic Iranian Targets
🐈‍⬛Blog : https://dti.domaintools.com/threat-intelligence-report-apt35-internal-leak-of-hacking-campaigns-against-lebanon-kuwait-turkey-saudi-arabia-korea-and-domestic-iranian-targets
⭐️@APTANALYSIS

♣️Onion Overloading via Tor2web
🧅Blog : https://medium.com/@aryanchehreghani/onion-overloading-via-tor2web-77c73fe71dc0
⭐️@APTANALYSIS

♣️MongoDB Unauthenticated Attacker Sensitive Memory Leak
⏳Blog : https://www.ox.security/blog/attackers-could-exploit-zlib-to-exfiltrate-data-cve-2025-14847/
⭐️@APTANALYSIS

♣️Attackers exploit vulnerability CVE-2005–55182 in attacks on Russian companies
🌐Blog : https://bi.zone/expertise/blog/zloumyshlenniki-ekspluatiruyut-uyazvimost-cve-2025-55182-v-atakakh-na-rossiyskie-kompanii
♣️MongoBleed: CVE-2025-14847 Memory Corruption in MongoDB. Your Database Talks Back
🌐Blog : https://phoenix.security/mongobleed-vulnerability-cve-2025-14847
♣️The Story of a Perfect Exploit Chain: Six Bugs That Looked Harmless Until They Became Pre-Auth RCE in a Security Appliance
🌐Blog : https://mehmetince.net/the-story-of-a-perfect-exploit-chain-six-bugs-that-looked-harmless-until-they-became-pre-auth-rce-in-a-security-appliance
♣️Livewire: remote command execution through unmarshaling
🌐Blog : https://www.synacktiv.com/en/publications/livewire-remote-command-execution-through-unmarshalinghttps://www.synacktiv.com/en/publications/livewire-remote-command-execution-through-unmarshaling
⭐️@APTANALYSIS

♣️When Malware Talks Back
🌐Blog : https://www.pointwild.com/threat-intelligence/when-malware-talks-back
⭐️@APTANALYSIS

♣️Deep Dive into New XWorm Campaign Utilizing Multiple-Themed Phishing Emails
👮‍♀Blog : https://www.fortinet.com/blog/threat-research/deep-dive-into-new-xworm-campaign-utilizing-multiple-themed-phishing-emails
⭐️@APTANALYSIS

♣️Detecting Russian Threats to Critical Energy Infrastructure
🔬Blog : https://www.truesec.com/hub/blog/detecting-russian-threats-to-critical-energy-infrastructure
⭐️@APTANALYSIS

♣️Inside Gunra RaaS: From Affiliate Recruitment on the Dark Web to Full Technical Dissection of their Locker
🍎Blog : https://www.cloudsek.com/blog/inside-gunra-raas-from-affiliate-recruitment-on-the-dark-web-to-full-technical-dissection-of-their-locker
⭐️@APTANALYSIS

♣️Tenant from Hell: Prometei's Unauthorized Stay in Your Windows Server
🖥Blog : https://www.esentire.com/blog/tenant-from-hell-prometeis-unauthorized-stay-in-your-windows-server
⭐️@APTANALYSIS

💀Hot headlines over the past week
♣️How ClickFix Opens the Door to Stealthy StealC Information Stealer
💿Blog : https://www.levelblue.com/blogs/spiderlabs-blog/how-clickfix-opens-the-door-to-stealthy-stealc-information-stealer
♣️Odyssey Stealer: Inside a macOS Crypto-Stealing Operation
⏳Blog : https://censys.com/blog/odyssey-stealer-macos-crypto-stealing-operation
♣️Lotus Blossom (G0030) and the Notepad++ Supply-Chain Espionage Campaign
🟥Blog : https://dti.domaintools.com/research/lotus-blossom-and-the-notepad-supply-chain-espionage-campaign
♣️LummaStealer Is Getting a Second Life Alongside CastleLoader
🌎Blog : https://www.bitdefender.com/en-us/blog/labs/lummastealer-second-life-castleloader
♣️LockBit strikes with new 5.0 version, targeting Windows, Linux and ESXI systems
🔮Blog : https://www.acronis.com/en/tru/posts/lockbit-strikes-with-new-50-version-targeting-windows-linux-and-esxi-systems
⭐️@APTANALYSIS

♣️INJ3CTOR3’s Self-Healing FreePBX Toll Fraud Campaign
👶Blog : https://cyble.com/blog/jomangy-inj3ctor3s-self-healing-freepbx-toll-fraud-campaign
⭐️@APTANALYSIS

🌟Stealer & Ransom Analysis Collection
♣️Phantom Stealer Analysis: Inside the Two-Layer Attack Chain Hidden Behind a Windows DLL
⚫Blog : https://darkatlas.io/blog/phantom-stealer-analysis-inside-the-two-layer-attack-chain-hidden-behind-a-windows-dll
♣️Amatera Stealer 4.0.2 Beta: What's New in This Variant
⚫Blog : https://www.esentire.com/blog/amatera-stealer-4-0-2-beta-whats-new-in-this-variant
♣️crpx0 Ransomware Operations | Double Extortion, Crypto Theft, and Network Footprint
⚫Blog : https://www.aryaka.com/docs/reports/crpx0-ransomware-operations-report.pdf
⭐️@APTANALYSIS

💀Monthly collection
♣️Inside SHADOW-WATER-063’s Banana RAT: From Build Server to Banking Fraud
💀Blog : https://www.trendmicro.com/en_us/research/26/e/banana-rat.html
♣️Microsoft’s MSHTA Legacy Tool Still Powers Malware Campaigns on Windows
💀Blog : https://www.bitdefender.com/en-us/blog/labs/microsofts-mshta-legacy-malware-windows
♣️Coruna Respawned: Compromised art-template npm Package Leads to iOS Browser Exploit Kit
💀Blog : https://socket.dev/blog/coruna-respawned-compromised-art-template-npm-package
♣️Gamaredon’s infection chain: Spoofed emails, GammaDrop and GammaLoad
💀Blog : https://harfanglab.io/insidethelab/gamaredon-gammadrop-gammaload
⭐️@APTANALYSIS

🌕APTANALYSIS : Threat Review May 24 to June 10
⭐️@APTANALYSIS

♣️Analyzing Void Dokkaebi’s Cython-Compiled InvisibleFerret Malware
😈Blog : https://www.trendmicro.com/en_us/research/26/e/analyzing-void-dokkaebi-invisibleferret-malware.html
♣️Tracking Iranian APT Screening Serpens’ 2026 Espionage Campaigns
😈Blog : https://unit42.paloaltonetworks.com/tracking-iran-apt-screening-serpens
♣️Behind .payload: In-Depth Technical Analysis of Payload Ransomware
💀Blog : https://darkatlas.io/blog/behind-payload-in-depth-technical-analysis-of-payload-ransomware
♣️Phishing Campaign Deploys JavaScript-Driven PureLogs Variant to Steal Sensitive Data
💀Blog : https://www.fortinet.com/blog/threat-research/phishing-campaign-deploys-javascript-driven-purelogs-variant-to-steal-sensitive-data
♣️RemotePE: The Lazarus RAT that lives in memory
✨Blog : https://blog.fox-it.com/2026/05/22/remotepe-the-lazarus-rat-that-lives-in-memory
♣️Fluffy Wolf tested new products on Russian companies
💀Blog : https://bi.zone/expertise/blog/fluffy-wolf-ispytal-novinki-na-rossiyskikh-kompaniyakh
♣️forge-jsxy: 22 Versions of an Actively Developed npm RAT
🌀Blog : https://safedep.io/malicious-forge-jsxy-npm-rat-evolution
♣️From poisoned search results to GPU mining: A cryptojacking campaign abusing ScreenConnect and Microsoft .NET utilities
💀Blog : https://www.microsoft.com/en-us/security/blog/2026/05/26/poisoned-search-results-gpu-mining-cryptojacking-campaign-abusing-screenconnect-microsoft-net-utilities
♣️The Gentlemen ransomware: Dissecting a self-propagating Go encryptor
😈Blog : https://www.microsoft.com/en-us/security/blog/2026/05/28/the-gentlemen-ransomware-dissecting-a-self-propagating-go-encryptor
♣️ShinyHunters: Silent Malware as a Service (MaaS)
😈Blog : https://ransom-isac.org/blog/shinyhunters-silent-maas
♣️Commit to Compromise: A New Threat Actor Targeting the Cryptocurrency Industry's Software Development Infrastructure
😈Blog : https://www.wiz.io/blog/threat-actors-target-crypto-orgs
♣️Universities and energy attacks an unknown group, an active minimum since 2024
😈Blog : https://securelist.ru/unknown-group-targets-maritime-universities/115765
♣️Operation XENOFISCAL: SideCopy deploying persistent XenoRAT targeting the MoF, Afghanistan
😈Blog : https://www.seqrite.com/blog/operation-xenofiscal-sidecopy-deploying-persistent-xenorat-targeting-the-mof-afghanistan
♣️Operation Dragon Weave : Uncovering a China-Linked Campaign Targeting Czech Republic and Taiwan Using Azure Cloud C2
😈Blog : https://www.seqrite.com/blog/operation-dragon-weave-uncovering-a-china-linked-campaign-targeting-czech-republic-and-taiwan-using-azure-cloud-c2
♣️Meet DriveSurge: A New Threat Actor Using ClickFix and Fake Update Drive-By Attacks in Thousands of Compromised Sites
❌Blog : https://www.silentpush.com/blog/drivesurge
♣️Inside MicrosoftSystem64: A Supply Chain RAT Exfiltrating to HuggingFace
😈Blog : https://safedep.io/microsoftsystem64-binary-payload-analysis
♣️FSB’s matryoshka – Gamaredon’s gifts that keeps unpacking – GammaPhish and GammaWorm
🐈‍⬛Blog 1/3 : https://blog.sekoia.io/fsbs-matryoshka-1-3-gamaredons-gifts-that-keeps-unpacking-gammaphish-and-gammaworm
🐈‍⬛Blog 2/3 : https://blog.sekoia.io/fsbs-matryoshka-2-3-gamaredons-gifts-that-keeps-unpacking-gammaload
🐈‍⬛Blog 3/3 : https://blog.sekoia.io/fsbs-matryoshka-3-3-gamaredons-gifts-that-keeps-unpacking-gammasteel
♣️From Fake Purchase Orders to Remote Access: Analyzing the JS.MonoGlyphRAT Threat to US Enterprises
😐Blog : https://any.run/cybersecurity-blog/monoglyphrat-attacks-us-enterprise
♣️Detecting Nimbus Manticore and their sideloading infection chains
👁‍🗨Blog : https://www.nextron-systems.com/2026/06/01/detecting-nimbus-manticore-and-their-sideloading-infection-chains
♣️MUSTANG PANDA x PLUGX - Analysis of the January 2026 sample: a multi-layer execution chain
👁Blog : https://bluecyber.hashnode.dev/mustang-panda-x-plugx-analysis-of-the-january-2026-sample-a-multi-layer-execution-chain
♣️PHANTOMPULSE: anatomy of a hijackable blockchain-C2 RAT
🐺Blog : https://www.elastic.co/security-labs/blockchain-c2-phantompulse-rat-sinkhole
♣️TA4922: The Suspected Chinese Crime Group is Going Global
😈Blog : https://www.proofpoint.com/us/blog/threat-insight/ta4922-suspected-chinese-crime-group-going-global
♣️Inside the Cross-Platform Propagation of a New Gafgyt Variant C0XMO
🔪Blog : https://www.fortinet.com/blog/threat-research/inside-cross-platform-propagation-of-new-gafgyt-variant-c0xmo
♣️Impersonation, Click Hijacking, and TDS: Inside a Malware Distribution Ecosystem
🐱Blog : https://research.checkpoint.com/2026/impersonation-click-hijacking-and-tds-inside-a-malware-distribution-ecosystem
♣️KeyCat Stealer Uncovered: Inside a $40 Multi-Platform Infostealer with Telegram C2 and Active Staging Infrastructure
😈Blog : https://flare.io/learn/resources/blog/keycat-stealer-multi-platform-infostealer
♣️From Malspam to Fileless .NET Loader
😈Blog : https://www.huntress.com/blog/malspam-to-loader-delivery-chain-analysis
♣️ReliaQuest's Agentic AI Uncovers New China-Linked Cluster OP-512
😈Blog : https://reliaquest.com/blog/threat-spotlight-reliaquests-agentic-ai-uncovers-new-china-linked-cluster-op-512
♣️Bait for the commander: we study the attacks of the cyberspy group SiribClone on the Russian military
😶Blog : https://www.f6.ru/blog/siribclone
♣️Operation TaxShadow : Multi-Region Tax Phishing & In-Memory Malware Campaign
😈Blog : https://www.cyfirma.com/research/operation-taxshadow-multi-region-tax-phishing-in-memory-malware-campaign
♣️Don't Fear the Repo: UNK_DeadDrop Phishing Campaign Targets Developers to Steal Cryptocurrency
😈Blog : https://www.proofpoint.com/us/blog/threat-insight/dont-fear-repo-unkdeaddrop-phishing-campaign-targets-developers-steal
♣️AI brands as bait: How threat actors are using the AI hype in social engineering
😈Blog : https://www.microsoft.com/en-us/security/blog/2026/06/08/ai-brands-as-bait-how-threat-actors-are-using-the-ai-hype-in-social-engineering
⭐️@APTANALYSIS