@volexity.com’s detection & response efforts combined network visibility, host-based analysis, #threatintelligence & #memoryforensics, enabling us to discover these complex #0days being exploited in the wild. Read our blog post for the original research mentioned: www.volexity.com/blog/2022/06...

After a lull in activity targeting Europe from mid-2023 to mid-2025, the China-aligned espionage actor #TA416 (RedDelta, Vertigo Panda, Red Lich) has resumed targeting European government and diplomatic entities, with a recent expansion to the Middle East. brnw.ch/21x1f0j

#ESETresearch is hiring! Passionate about geopolitics, cyberespionage and cyber threat intelligence? We have a new opening for a strategic threat intelligence analyst at our Montréal office. Come join the team! eset.wd3.myworkdayjobs.com/ESET_Externa...

Online training! CTI-focused detection engineering & threat hunting (CTI+DE&TH), 07-10 April 2026. The course focuses on an applied perspective to CTI driving ops-focused outcomes by feeding into the DE&TH cycle. Register your interest today, more details in link: forms.gle/xZ29xPdpQvM4...

#BREAKING #ESETresearch identified the wiper #DynoWiper used in an attempted disruptive cyberattack against the Polish energy sector on Dec 29, 2025. At this point, no successful disruption is known, but the malware’s design clearly indicates destructive intent. 1/5

Exclusive: A cyberattack targeting Poland's energy infrastructure in December used wiper malware that would have erased grid computers and rendered them inoperable had it not been thwarted, a researcher at @ESET told me. The researcher calls the attack "unprecedented" for Poland and "substantial"

me when pivoting, also me when pivoting

Ooops 😅 #VTi

EFF teamed up with AV Comparatives to see how well anti-virus apps detect stalkerware on Android phones. www.eff.org/deeplinks/20...

@stevenadair.bsky.social is back again! Founder + President of Volexity leading a team of experts that deal w/ complex cyber intrusions from nation-state level intruders. His talk will cover a Chinese APT actor that Volexity tracks as UTA0388. Check out the official agenda: cyberwarcon.com

This was an interesting one to work on! tldr: Chinese aligned actor uses LLM to empower their malware development, target gathering, and phishing operation. Goes wrong and starts randomly including pornographic material and other random files/info. www.volexity.com/blog/2025/10...

@volexity.com has released updates to its #opensource GoResolver project and more! This work was part of a project for one of our #summerinternship students. Read more details about Volexity’s updated GoResolver projects + other #golang tools in our special blog post!

This training course will be led by Andrew Case @attrc.bsky.social, Michael Ligh & Dave Lassalle. This is a great opportunity to gain valuable knowledge about #Volatility3 + learn all about #memoryforensics from Volatility core developers! Seats are filling up quickly so don't wait!

New by me - although Citrix say there is no evidence of exploitation of CitrixBleed 2 vulnerability, they are wrong - it has been under active exploitation since mid June by an IP associated to a ransomware group, with multiple IP addresses now involved. doublepulsar.com/citrixbleed-...

@volexity.com #threatintel: Multiple Russian threat actors are using Signal, WhatsApp & a compromised Ukrainian gov email address to impersonate EU officials. These phishing attacks abuse 1st-party Microsoft Entra apps + OAuth to compromise targets. www.volexity.com/blog/2025/04...

#dfir

The NCSC and partners have revealed new details about how malicious cyber actors are using two forms of spyware to target individuals in Uyghur, Tibetan and Taiwanese communities as well as civil society groups. www.ncsc.gov.uk/news/ncsc-pa...

tired of looking at email headers as disgusting plaintext? only want things of value to stand out? look no further than this VSCode extension built by @jacoblatonis.me marketplace.visualstudio.com/items?itemNa...

"It is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware." With the amount of Next.js-based sites around, especially on infosec sites, I'd say this looks like a problem. CVSS: 9.1 github.com/vercel/next....

We have been tracking multiple Russian APT groups aggressively targeting organizations with Microsoft Device Code authentication phishing. The attackers got creative with tricking users into granting them access to their accounts. Have a look at our blog for all the details!

@volexity.com recently identified multiple Russian threat actors targeting users via #socialengineering + #spearphishing campaigns with Microsoft 365 Device Code authentication (a well-known technique) with alarming success: www.volexity.com/blog/2025/02... #dfir #threatintel #m365security

CTI is the cause of my brainrot but I really cooked on this #salttyphoon #telecomhack

@volexity.bsky.social has published a blog post detailing variants of LIGHTSPY & DEEPDATA malware discovered in the summer of 2024, including exploitation of a vulnerability in FortiClient to extract credentials from memory. Read more here: www.volexity.com/blog/2024/11...

www.volexity.com/blog/2024/11... Key: - Unpatched credential disclosure 0day in VPN client that's actively exploited in the wild - Volexity assesses with medium confidence that BrazenBamboo is a private enterprise that produces capabilities for governmental operators concerned with domestic targets