2026-01-01 (Thursday): #LummaStealer infection with follow-up malware. A #pcap of the infection traffic, the #Lumma #Stealer files, and a list of IOCs are available at www.malware-traffic-analysis.net/2026/01/01/i...

𝗝𝘂𝘀𝘁 𝗹𝗮𝘂𝗻𝗰𝗵𝗲𝗱 𝗮𝘄𝗲𝘀𝗼𝗺𝗲-𝗱𝗳𝗶𝗿-𝘀𝗸𝗶𝗹𝗹𝘀 𝘄𝗶𝘁𝗵 @fr0gger_ ! Designed to save time during investigations and everyday DFIR tasks Thomas has built an excellent malware triage skill, and I’ve added a couple of timeline analysis skills to help you get started.

I listen to a LOT of security related podcasts, and this is the only one that makes me truly think when listening to the topical subjects that are discussed each week. Excellent!

2025-12-29 (Monday): #ClickFix page leads to #NetSupportRAT infection. Details at www.malware-traffic-analysis.net/2025/12/29/i...

I added a python script to monitor a folder during dynamic analysis and dump changed files with timestamp github.com/struppigel/h...

🦔 📹New Video: RenPy game loads stealer, beginner friendly ➡️ strategies for finding malware in 2956 files ➡️ extracting and decompiling RenPy ➡️ remote access tool config extraction ➡️ unpacking native payload #MalwareAnalysisForHedgehogs #RenPy www.youtube.com/watch?v=Fmfg...

React2Shell blog update 🚨 compromised Next.js nodes are rapidly being enlisted into botnets; threat actor activity reaches ~80 source countries; and more. #React2Shell #Nextjs #GreyNoise #ThreatIntel

🦔📹 New Video: Modifying string decrypter for a ConfuserEx2 variant ➡️ Defeating antis with Harmony hooks ➡️ AsmResolver ➡️ .NET string deobfuscation #MalwareAnalysisForHedgehogs www.youtube.com/watch?v=sARn...

Full length reverse engineering with Invoke RE! Showcasing new iterations of the "Scavenger" malware, or what we saw as "ExoTickler" previously as a fake City Skylines 2 video game mod, now w/ more crypto/creds stealing and C2. Binary Ninja, x64dbg & more: youtu.be/wFBdeak0t70

🎁 I am running an exclusive 'Black Friday' promo on my book Visual Threat Intelligence with code 'CYBERVTI25'! The ebook is 50% off for the next 4 days, thousands of researchers already read it! The bundle also includes the high quality illustrations from […] [Original post on infosec.exchange]

🎙️ In the latest episode of Behind the Binary, Nino Isakovic joins us to talk about the art of deconstructing problems, building a robust RE toolkit, and his work on deobfuscating ScatterBrain! 👉 open.spotify.com/episode/2Iyy...

I am suggesting a new malware type: the browser remote access tool (BRAT) It's a form of browser hijacker that remotely controls your browser based on server commands. Typical form: press key combos for copy-pasting URLs, opening tabs, context menu, downloading files etc

Podcast thoughts on Anthropic's conflicting marketing messages about Claude Code automating Chinese APT attacks #threebuddyproblem @jags.bsky.social @craiu.bsky.social

Check Point looks at a very niche phishing group named Payroll Pirates that uses malvertising to target the users of payroll systems, credit unions, and trading platforms cyberint.com/blog/threat-...

2025-11-11 (Tuesday): Cryptocurrency #scam starts with an email. Potential victims must click through several web pages to finish the process. I recorded a video showing what I did after the last image in this post at youtu.be/yUV7OkQqSBk More info on this activity at github.com/PaloAltoNetw...

Yesterday folks got a phishing email for a fake DMCA report-- myself included. Caught me at a good time so I could record poking at the scam and the malware it leads to: ultimately infostealer malware (the usual) from a fake domain & clearly AI slop site: youtu.be/IzKjL16-sgY

We deployed MCP honeypots to understand how threat actors engage with AI middleware exposed to the internet. What we observed was unexpected. Full analysis ⬇️ #GreyNoise #AI #AISecurity #MCP #MCPSecurity #Cybersecurity #ThreatIntel

Here's the Wired story www.wired.com/story/peter-...

I’m convinced there’s no better time of the week than Saturday morning

Well done AI…

PDFs have been a constant struggle and I’ve found that this helps. Might be a little biased tho

🎙️ Ever wonder what it takes to secure a massive event like Black Hat? 🤔 Mark Overholser from Corelight joins us to pull back the curtain on how the Black Hat Network Operations Center (NOC) is built, monitored, and the craziest things that have shown up! Spotify: open.spotify.com/episode/2F4x...

Normally when we hear about a malware operation being disrupted, it's because it has been shut down by the cops. But in the case of Lumma Stealer, it appears to have been sabotaged by other cybercriminals. Read more on the Fortra blog: www.fortra.com/blog/cybercr...

⚠️ Attackers are moving beyond credentials. Our blog shows they’re increasingly weaponizing #OAuth applications to maintain persistent access in the cloud—even after #passwords are reset or #MFA is enforced. This persistence poses a growing risk to modern enterprises.

🔥 Live stream with Hahna Kane begins in ~1 hour, join us on YouTube! youtube.com/live/HG_JsFq...

Our DEF CON33 ICS Village talk is now on YouTube! @sam-hans0n.bsky.social and I share stories of malware we discovered while searching for ICS threats, and discuss our approach to assessing their reputation. Don't Cry Wolf: Evidence-Based Assessment of ICS Threats

Amid the security incident involving F5 BIG-IP announced today, GreyNoise is sharing recent insights into activity targeting BIG-IP to aid in defensive posturing. The anomalies reported in our blog may not necessarily relate to the 15 Oct incident. ⬇️

The Binary Ninja 5.2 dev release is showing some amazing work with their new Time Travel Debugging (TTD) interface. This makes a huge impact on analysis! (and fits well on my UW monitor)

Our new research is now live, and it's full of juicy insights. From a log poisoning vulnerability, to an RMM you've likely never heard of, and a list of victim locations that span the globe! 👀 👇

🔥 Live stream this Thursday at 12pm CDT! Peter Manev and Lukas Sismis are here to talk about the latest Suricata releases, which fix several high severity CVEs... Join us on YouTube - youtube.com/live/ID9q7E4...

2025-10-01 (Wed) I've posted #malware samples and a #pcap of the post-infection traffic from an infection by possible #Rhadamanthys malware at www.malware-traffic-analysis.net/2025/10/01/i... This is from a file disguised as a cracked version of software, and I usually see #LummaStealer from this.

🔥 The next episode of Behind the Binary is here! We're joined by renowned security researcher Hahna Kane Latonick for a deep dive into the powerful world where reverse engineering meets data science. 🎧 open.spotify.com/episode/2CFB...

2025-09-29 (Monday): Follow-up to my post last week. I've been seeing one or two of these emails almost every day. Details on the latest example at github.com/malware-traf...

🥷 FLARE-On 12 starts today - prepare yourself with this episode of Behind the Binary 👇 open.spotify.com/episode/4eS4...

🏗️ More assembly basics - in this short, we'll cover how to create a basic FOR loop in assembly! 🎯 youtube.com/shorts/eddBB...

Couple of openings here in our threat research org! Staff Security Research Engineer: proofpoint.wd5.myworkdayjobs.com/en-US/Proofp... Senior Threat Researcher (ecrime team): proofpoint.wd5.myworkdayjobs.com/ProofpointCa...

My colleague Banu wrote about the connection between AppSuite, OneStart and ManualFinder www.gdatasoftware.com/blog/2025/09...

Sad to hear Robert Redford passed away. Tonight is a good night to rewatch Sneakers. Robert Redford Sidney Poitier Dan Aykroyd Ben Kingsley And hacking…what more could you want?

Great blog on the Nx supply chain attack that show how threat actors embedded adversarial prompts in malicious NPM packages! Prompts are the new IoCs! 🤓 https://www.getsafety.com/blog-posts/analyzing-nx-ai-prompt

🦔 📹 New video: What breakpoints to set for unpacking malware? ➡️ Steps of unpacking stub ➡️ Breakpoint targets ➡️ VirtualAlloc from user to kernel mode #MalwareAnalysisForHedgehogs #Unpacking www.youtube.com/watch?v=fn8r...

🚀 Live stream this Thursday! Xusheng Li, developer at Vector 35 (Binary Ninja) joins the stream to show you how to max out your debugging experience with WinDbg. Note the time, we'll be streaming at 8pm CDT! 🎯 Join us on YouTube youtube.com/live/-eVyYB8...

🥳 IT BEGINS 🥳 The CactusCon 14 CFP is now OPEN! sessionize.com/cactuscon-14/ Theme is an oldie but a goodie, regardless as usual we are looking for those juicy technical talks that make CactusCon great. #cc14

🚀 Ready to learn about decentralized finance, web3 technology and how it is abused by threat actors? The latest episode of Behind the Binary is here! In this panel episode, guests Blas Kojusner, Joe Dobson and Robert Wallace will break it down 👇 open.spotify.com/episode/4MMp...

This blog post about impostor certificates by @SquiblydooBlog is a gem and very relevant right now. Or: How threat actors impersonate companies to obtain authenticode certificates for signing their malware. And why revokation is important. squiblydoo.blog/2024/05/13/i...

🧹 Whether you're reversing native code or crafting shellcode, spotting key patterns is crucial. This short dives into three essential instructions for zeroing memory: XOR, STOSD, and REPNE. 🛠️ youtube.com/shorts/GSExn...

Just read up on the IDA Domain API updates from Hex Rays. This on top of idalib is a nice step forward in usability. Def recommend checking out the All Things IDA video. Looking forward to seeing the use case spotlights that they’ll be publishing. youtu.be/IaOucXb033Q #idapro #reverseengineering

🥷 We all have to start somewhere - especially when reversing binaries. In this short we look at identifying main in binaries compiled in Visual Studio, helping to avoid getting lost in runtime code 🎯 youtube.com/shorts/t-maU...

A new episode of @intel471.bsky.social's Cybercrime Exposed podcast is out! DukeEugene is a Russian Android malware dev who has a big problem, and he puts everything on the line to solve it. Link to pod here: www.intel471.com/resources/po...

🚀 Next live stream this Thursday - x64dbg creator Duncan Ogilvie joins the stream to talk about the latest features! Join us on YouTube -> youtube.com/live/eODAI3Z...