3 years already... Remember @Ledtech3.

Every December I point to one small charity that’s worth supporting. In the past that was a UNICEF water project or a security researcher from Gambia who couldn’t even afford a computer. This year the choice is obvious. I’ve been following a small volunteer group in eastern

🚀 Exciting Update from CATALYST! We're making it easier than ever to stay ahead of evolving cyber threats. With our new easy subscription model, you can now access TLP:AMBER reports directly on the CATALYST platform, simply complete your payment and start exploring. 🔐 What

Proud to participate in #OperationEndgame /w @Europol. The next phase represents a significant step toward dismantling cyber crime infrastructure worldwide. https://t.co/La2GyeZgb8

3 years already... Remember @VK_Intel.

🚨 FIN7 (Savage Ladybug) still using the same Windows SSH backdoor with only small changes since 2022. install.bat + OpenSSH toolset → reverse SSH/SFTP for stealth & exfil. 📂Check recent IOCs: https://t.co/22WtpSC8H8 #CyberSecurity #ThreatIntelligence #Malware #IOC

💬 Privacy claims from ransomware groups are fiction. Files are never deleted. "Private" chats are visible to members, state sponsored actors, and third party providers. 💸 Don’t pay ransom. 🛡️ Protect, contain, investigate. #cybersecurity #ransomware

🔐 Patch ≠ Proof of Safety. Patching exposed appliances is essential, but not the finish line. Threat actors exploit, dump creds, stash them, then come back after triaging huge queues. Even after fixing, valid accounts/tokens keep the door unlocked. #threatintelligence

🕵️ Phantom Mantis (ArmCorp), led by LARVA-368 (hastalamuerte), tested Qilin, Embargo, LockBit, Medusa and BlackLock, then built their own RaaS: The Gentlemen. 🇷🇺🏴‍☠️ Takeaway: monitor threat groups, not just RaaS names. Granular intelligence wins. 🔍🧠🎯 #threatintelligence

Threat intelligence isn’t just “news.” 🧠 It keeps you updated and one step ahead. So when Qilin-affiliated actors execute ransomware with EDR active 📸, remember: security solutions are essential, but they need proper Threat Intelligence. Stay ready. 🔐 #ThreatIntelligence

🐌 Subtle Snail (UNC1549), an Iran-nexus espionage group 🇮🇷, is targeting European 🇪🇺 telecom, aerospace, and defense organizations. The group uses LinkedIn HR lures and Azure-based C2. Read the full report 👉 https://t.co/NnfwLC8r4d #ThreatIntel #Malware #APT #IOC

🚀 We've shared an IDA Pro decryption script for Matanbuchus 3.0, capable of decrypting ChaCha20 strings & resolving APIs/modules/syscalls using MurmurHash3. Fresh IOCs also available! 👉Check it out: https://t.co/vJNEf4Mt4X #threatintel #malware #IOC

🇮🇷 Iran-nexus espionage group Subtle Snail (UNC1549, TA455) linked to Charming Kitten is ramping up European ops, infecting telecom organizations and exfiltrating sensitive documents. They've impacted 10 organizations in the last week. Victim notification is ongoing. Do not skip

Seriously? 🤯 Supernatural Cockroach (a.k.a. National Hazard Agency) exploiting basic default credentials on Fortinet, Palo Alto, Cisco & others…and deploying ransomware. Are we still seeing this in 2025? 📄Report (subscribed users only): https://t.co/a5Byzgibfj

The XSS forum community is actively discussing the situation. However, it appears that moderators are removing all content where the admin (LARVA-27) is being discussed. This was confirmed in a Telegram chat by moderator LARVA-466 (Rehub). The goal is to suppress any narrative

🚨 Suspected admin of https://t.co/iAJ89D7nkV, a top Russian-speaking cybercrime forum, was arrested in Ukraine. The suspect, active for nearly 20 years, allegedly made €7M facilitating cybercrime. 🇫🇷🇺🇦🇪🇺 Operation led by France with Europol support. https://t.co/JQEfYiYBjF

Starting from Monday, we will no longer be accepting any accounts of XSS[.]is. Thank you for consistently providing accounts over the past months. We appreciate your business ! #SYSInitiative #SYS #PRODAFT #XMR

🚨 LARVA-208 is back! Now targeting Web3 developers via fake AI platforms with job offers & portfolio reviews. Malware disguised as a Realtek HD Audio Driver is deployed during interviews. 📄 Read the full report: https://t.co/WTudtPG9FR 🔍 IOCs: https://t.co/asnM3WeW6J

➡️ Fresh IOCs on Matanbuchus 3.0: https://t.co/vJNEf4Mt4X #malware #threatintel #IOC

🇷🇺 Russian-speaking threat group Hopeful Mantis, managing by LARVA-200 (farnetwork/efwnet), is now operating Sinobi ransomware, alongside INC Ransom & Lynx, following their previous operation of Nokoyawa. It’s crucial to understand the connections. #threatintel #ransomware