RIFT Update ⚡ Automate rustc_hashes.json updates with new Linux & Windows scripts! Easier than ever. 👉 https://t.co/ebU50hwvgt #CyberSec #MalwareResearch #RIFT

Danabot has resurfaced with version 669 after nearly a 6 month hiatus following the Operation Endgame law enforcement actions in May. The current C2s are the following: 62.60.226[.]146:443 62.60.226[.]154:443 80.64.19[.]39:443

The ZeroAccess Developer and His Windows Kernel-Mode Debugger: https://t.co/dXsMTmo2t4

CyberChef in IDA Pro will enable a lot of new creative data extraction/manipulation workflows! 🚀 #idapro #cyberchef #idachef #cyberpro

Zscaler ThreatLabz has discovered a new malware family that we named YiBackdoor which shares significant code overlaps with IcedID and Latrodectus. YiBackdoor enables threat actors to collect system information, take screenshots, execute arbitrary commands, and deploy plugins on

ThreatLabz has identified two new SmokeLoader versions that are being used by multiple threat groups. These versions, which we refer to as version 2025 alpha and version 2025, fix significant bugs that previously caused significant performance degradation on an infected system.

XyliBox: BestAV (Fake Antispyware affiliate) exposed https://t.co/8ndTLparlv

Excited to share our latest research on APT37(a.k.a ScarCruft, Ruby Sleet, and Velvet Chollima)’s new infection chain and C2 operation: 1⃣ Initial Access: Leveraging LNK and CHM files to deliver Rust-based and PowerShell-based malware. 2⃣ Post-Recon: Deployment of FadeStealer

Thanks to the awesome work by our team we can finally announce our official urlscan cli tool: https://t.co/CpiL9jUdDv - Submit scans, run searches, find domains, get creative. Feel free to share your use-cases with us on X! Download on Github or homebrew.

Comprehensive analysis of HijackLoader by Ryan Weil https://t.co/IMJqd6AYiM

Zscaler ThreatLabz revisits Raspberry Robin in our latest analysis. Recent updates include enhanced obfuscation, a shift to ChaCha-20 encryption, a randomized RC4 key seed per campaign, and a new privilege escalation exploit (CVE-2024-38196). Check out our analysis:

ThreatLabz has observed Bumblebee distributing DonutLoader embedded with StealC v2. Bumblebee config: https://t.co/jREIIzNNOg StealC config: C2: http://nispgael[.]biz/7321a45c92764723.php Botnet ID: winmtr RC4 key: 140877183e614f06 Expiration date: 10/08/2025

We're excited to announce a major new release of x64dbg! The main new feature is support for bitfields, enums and anonymous types, which allows all types in the Windows SDK to be represented and displayed 🔥

We just presented our new Binary Ninja plugin for deobfuscation of Mixed Boolean Arithmetic expressions at REcon25. Check it out!

Interested in learning how to build a lab VM for malware analysis and reversing? You can download a 40+ page chapter on this topic, taken from my book Evasive Malware. Get the PDF from my blog, here: 🤓 https://t.co/6yK5UGyQpb CC @nostarch

🔥 TitanHide has been updated to support the latest VMProtect 3.9.4 changes! The service name is now used as the device name as well, so the check for \\.\TitanHide will fail if you name the service differently 🧠

👮🛑Operation Endgame has once again simultaneously targeted multiple malware threat groups. One of the targets of the operation was DanaBot, which ThreatLabz has been tracking over the past 7 years. The group’s activity has included both criminal, and perhaps most interestingly,

ThreatLabz has uncovered a new malware loader that we have named TransferLoader. Active since Feb 2025, TransferLoader uses advanced evasion techniques and control flow obfuscation along with a backdoor component that utilizes the InterPlanetary File System peer-to-peer platform

Autopsy of a Failed Stealer: StealC v2 When Your $3000 Malware Budget Goes to Marketing Instead of Actually Enabling the Encryption Function I did some analysis on the updated #StealC v2. The blog comes with config extractor, hunting queries and Yara rule. Let me know your

How to use knowledge about .NET structures and streams for writing better .NET Yara signatures. E.g. IL code patterns, method signature definitions, GUIDs, compressed length. #100DaysOfYara #GDATATechblog @GDATA #GDATA https://t.co/PNyR5ZFcBk