@volexity.com Volcano Server & Volcano One v26.04.27 adds memory analysis for arm64 Windows, memory-only .NET assemblies, SRUM database, Linux systemd units, history & timers from RAM. #memoryforensics #memoryanalysis #dfir

Memory-only malware leaves no trace on the file system and is commonly used by threat actors ranging from criminal organizations to ransomware operators to APT groups. In our Volatility 3 training, students gain deep hands on experience analyzing such threats: memoryanalysis.net/courses-malw...

github.com/VirusTotal/y... - congrats to all involved! These new features are really great!

High five to everyone who has suffered from anxiety, burnout, and depression without even once stealing 0-days from their employer and selling them to the Russians. www.zetter-zeroday.com/trenchant-ex...

The complete and utter failure of the metaverse is a reminder [...] that quite often these oligarchs quite simply cannot relate to real people, don’t know how or why people use their products, and very often have no idea what they’re doing www.404media.co/rip-metavers...

📣 #PIVOTcon26 Agenda is here 🤟 We are thrilled to announce the lineup for this year's edition! 2⃣ days and 19 talks from leading #ThreatResearch experts. The agenda link is in the first comment👇, and the talks and speakers are in the thread.🧵 #CTI #ThreatIntel 1/15

@volexity.com recently released GoResolver v1.4, bringing significant updates to our #opensource tool for recovering symbol data from obfuscated Go binaries. This release is available on GitHub: github.com/volexity/GoR... [1/8]

This is a bad take. You can’t counter far right narratives on a platform that is designed to amplify only those narratives. Politicians should set the example. And journalist should get off of it too.

SOS returns to Brussels on October 22, 2026! As the geopolitical landscape rifts, hybrid threats continue to adapt & evolve. We provide a forum for observers of state-aligned sabotage, espionage, and more to share research with an action-oriented community. Stay tuned for more announcements!

We’re just normal men

Reminder that the #PIVOTcon2026 CFP closes this Friday, February 6. Get those papers in. We want to see you at @pivotcon.bsky.social in Malaga! 😎

You say "Security Feature Bypass"... I say.... "Remote Code Execution": msrc.microsoft.com/update-guide...

For folks looking for Notepad++ IoCs, @rapid7.com just dropped a write-up. www.rapid7.com/blog/post/tr...

#apt #unk via VT BULLETEN_H.doc 7c396677848776f9824ebe408bbba943 1291.doc d47261e52335b516a777da368208ee91 Courses.doc 2f7b4dca1c79e525aef8da537294a6c4 Consultation_Topics_Ukraine(Final).doc 95e59536455a089ced64f5af2539a449 freefoodaid[.]com wellnessmedcare[.]org

I promise you. I absolutely guarantee. You are not ready for what happens when you click this link. ovu.moe

github.com/VirusTotal/y... - 1.11.0 is out! Lots of new features, modules and bug fixes. Read the release notes and congrats to Victor and the contributors!

Microsoft is so fucking stupid. Microsoft renamed Microsoft Office to Microsoft 365 Copilot App I'm not joking

Volexity Volcano Server & Volcano One v25.12.18 adds 300+ YARA rules, full parsing of Windows prefetch and Linux cron jobs, inline syscall hooking detection, and 5-level page table support. [1/3]

Narrator Voice: And so thousands of infosec people looking for relevance and attention logged into VirusTotal looking for samples uploaded from Venezuela in the last year.

finally, we're living through precedented times

Some phishers have taken inspiration from Russian cyber-espionage group UTA0355 and are using a technique that tricks users into sharing their OAuth material in a web page (UAT0355 did it via email replies) pushsecurity.com/blog/consent...

A study in the evolution of SVR cyberespionage tradecraft

@volexity.com tracks a variety of threat actors abusing Device Code & OAuth authentication workflows to phish credentials, which continue to see success due to creative social engineering. Our latest blog post details Russian threat actor UTA0355’s campaigns impersonating European security events.

On the plus side, everytime there's a Cloudflare outage 1000s of threat actors around the world have their malware C2 go down for a few hours.

Weekly summary is out.. ctoatncsc.substack.com/p/cto-at-ncs...

🎵🎶All I want for Christmas is… electrons 🎶🎵

Yara-x 1.10.0 released today! It can now automatically fix some warnings, and some improvements in code generation. This is another great step forward for the project. github.com/VirusTotal/y...

Really digging this year’s CYBERWARCON logo

#PIVOTcon26 registration is now OPEN 🤟📷 #ThreatResearch #ThreatIntel 📷https://pivotcon.org Please read carefully the whole 🧵 for the rules about invite -> registration (1/6)🌐

Enhance your CyberChef experience with GeoCities mode!

Remember NFTs? 😂😂😂😂😂😂😂

This is so good. bahahaha: www.youtube.com/watch?v=dr9M...

At @ncsc.gov.uk we have just launched the CyberUK tech talks call for papers across three topics - Cyber applications of AI - What works: approaches that reduce cyber harm - The evolving threat www.cyberuk.uk/2026/call-fo...

my response to this is the loudest OK BRO you've ever heard in your life

New Iran drop from me tracking an attribution nightmare - UNK_SmudgedSerpent! A little Charming, a little Muddy, and a lot C5. Targeting policy experts with benign conversation starters, health-themed infra, OnlyOffice spoofs, and RMMs. Check out the full story www.proofpoint.com/us/blog/thre...

Meet our speaker Patrick Whitsell! Patrick has expertise in monitoring and defending against cyber espionage threat actors. His talk, "Cyber(trade)war: Paradigm Shift in Economic Espionage", will cover the shift in PRC state-sponsored cyber espionage. Learn more! www.cyberwarcon.com

i heard my kids singing about "APT"s and i was sorely disappointed www.youtube.com/watch?v=ekr2...

Thanks to @xorhex for an interesting discussion that is worth sharing here. I knew I read this somewhere but here's a fun thing you can do in YARA-X: 2 of ($a*, $b*, 3 of ($c*)) This is documented but not widely known: virustotal.github.io/yara-x/docs/...

We’re just normal men

This was an interesting one to work on! tldr: Chinese aligned actor uses LLM to empower their malware development, target gathering, and phishing operation. Goes wrong and starts randomly including pornographic material and other random files/info. www.volexity.com/blog/2025/10...

APT meets GPT: @volexity.com #threatintel is tracking #threatactor UTA0388's spear phishing campaigns against targets in North America, Europe & Asia, appearing to use LLMs to assist their ops. Letting #AI run your espionage operations? What could go wrong?

We would like to thank @volexity.com for sponsoring the #FTSCon 2025 Evening Reception, which will be at VUE Rooftop DC this year! If you haven’t registered for FTSCon yet, there’s still time! Registration closes Sunday Oct 12; learn more + register here: volatilityfoundation.org/from-the-sou...

⏰ The inaugural SOS conference is 30 days away! Have you gotten your ticket yet?!? Listen to expert discussions on state-sponsored operations covering espionage, sabotage, and attribution of Russia, China, Iran, and more. Registration is still open! stateofstatecraft.com/agenda

www.zscaler.com/blogs/securi... - Nice writeup by zscaler on some COLDRIVER malware. I'm talking about this stuff at #FTSCon in a few weeks and will have lots more details there.

First public report at Recorded Future by yours truly is out! RedNovember (formerly TAG-100, a.k.a. Storm-2077) is a Chinese state-sponsored threat group focused on intelligence collection, especially on flashpoint issues of strategic interest to China. www.recordedfuture.com/research/red...

Couple of openings here in our threat research org! Staff Security Research Engineer: proofpoint.wd5.myworkdayjobs.com/en-US/Proofp... Senior Threat Researcher (ecrime team): proofpoint.wd5.myworkdayjobs.com/ProofpointCa...

In Swedish, a word for what you eat to bridge the gap between meals (or while waiting for the main course to cook) is stödmacka. It means "support sandwich." A similar word in Norwegian is ventepølse, or "waiting sausage."