New Research! https://t.co/PLEygl5W3h We have found an interesting campaign targeting an entity of Chinese telecom with VELETRIX implant. The implant uses anti-sandbox, shellcode obfuscation technique via IPV4 and execution via EnumCalendarInfo leading to Vshell implant.

New investigation reveals Intellexa is thriving despite US sanctions, with new ops in Pakistan & Kazakhstan Internal docs obtained by @InsideStoryGR/@haaretzcom & analyzed by @amnesty reveal new tools & access. THREAD https://t.co/MGoTBzoGqK

Read my small, yet latest research on abuse of simple loaders with Adaptix C2 beacon! Cheers!

People that are yelling “I care about privacy in every sentence they write” but are on a platform like X are just…

Everyone talks about ransomware. Almost nobody talks TO ransomware operators, so I did the job for you. [turn the subtitles on] https://t.co/O8I4pgoEkx

absolutely insane this works "ftp -s:lol.png" That tiny command can be used to to execute hidden code in that image I say image loosely because that is actually a working png/pdf polyglot file its both at the same time might have to go more in-depth with a video on this one

Hey Fam, Just released a small research on threat campaign known as Operation Hanoi Thief targeting Vietnamese IT professionals with Pseudo-Polyglot payload, a DLL implant known as LOTUSHARVEST and much more you can read it here: https://t.co/jHXZYQZgaC

New release: #TinyTracer v3.2 is out: https://t.co/qvbQqaUq16

Rare Earth Material Lure Delivering Shellcode Loader Quick notes on a fiber-based shellcode loader delivered using a Rare Earth Material lure #APT #shellcode https://t.co/WAsCgg2qbR

Interesting Sample from Belarus dd8890409f8345be6bdfed1fa28fc257e723fe3d1cd608175c0ef376ec06459a [Invitation Tanzania Independence Day Celebrations 2025 (09 December 2025).pdf.rar] @smica83 @malwrhunterteam @PrakkiSathwik @ElementalX2

Few thoughts on this 1. Anthropic sneaks into everyone’s claude chats??? 2. The blog looks exaggerated without any details on what the attack is, its not useful for anyone except for marketing. 3. It’s definitely not fully autonomous hack as it might sound, someone who is already

#APT36 #TransparentTribe #APT #Phishing Defence_Planning_Committee_Meeting_13_Nov_2025.desktop b551a014af52a03bae2e61863f926592 #SecureFileManager aryterrimerikeri[.space #Backdoor ELF Go 80614756f295e6c17050e5f2ad68010f #C2 echs[.]online 45.155.54.22:8888 #ReverseProxyServer

Rumors are spreading about a mayor #LawEnforcement operation against #Rhadamanthys #Stealer. @g0njxa and me have been monitoring the situation closely. -Rhada domains under active law enforcement control - Customers are adviced to delete all servers Image via club1337

ENKI identifies a new variant of Comebacker, attributed to the Lazarus Group, that targets the aerospace and defence sector via lure documents. ENKI assesses the campaign has been active since at least March 2025. https://t.co/Eo3Un6b56h

Interesting Note: The TA is probably a fan of an Ethiopian actress Hanan Tarq ( https://t.co/eBNo5bZXlg)

Thanks @malwrhunterteam for the sample the TA is based out of 🇪🇹 focused on monetizable and influence targets -Ethiopian e-commerce/marketplace sellers, TeleBirr/mobile-money accounts, local IT/repair shops, and media/content creators for phishing, fraud, and narrative operations

#Philippines Campaign PCG_124th_Anniversary_Event_Documents_Office_of_the_President_23102025-Archive.zip 8e130c2604516ccd4bcba72cc6549649 124th_Anniversary_of_the_Philippine_Coast_Guard_Event_Summary_and_Feedback_Request_Office_of_the_Appointments_Secretary_OP_23102025.pdf.lnk

🚨BREAKING: We uncovered LANDFALL — a commercial-grade Android spyware exploiting a now-patched Samsung zero-day (CVE-2025-21042) through weaponized DNG images sent via WhatsApp, enabling zero-click compromise of Samsung Galaxy devices. 1/ https://t.co/hfTFP1MMX2

🆕 Checkout the blog between @NVISOsecurity & @TeamCymru all about #VShell, which has been used a lot over the last year (over 1,500 servers!), primarily used for long-term espionage activities 🌍🇨🇳 Including NetFlow Analysis 👀 🔗 https://t.co/A1qvBuy4XZ

cc : @hasherezade @malwrhunterteam @jamieantisocial @smica83 @cyb3rops @JulianVoeg @Gi7w0rm @AShukuhi @Joseliyo_Jstnk @RexorVc0 @MichalKoczwara

New Research! https://t.co/MoiuLVziYm We found Silent Lynx APT, making sluggish changes to their arsenal, adding Silent Loader, SilentSweeper & LAPLAS implant. The campaigns are targeted towards multiple other countries. Contains a lot of pivoting and other necessary details.