🚨 BIG NEWS: THE SYS INITIATIVE 🚨. For years, cyber criminals have hidden in the shadows of forums. They operated behind fake names, encrypted channels, and closed communities. Reputation and trust were their most valuable currencies. Now is the time to shift from defense to

🔥 RussianMarket is OPEN for business… and we have a front-row seat. This notorious marketplace active since 2014 and run by LARVA-456 (aka Professor) fuels cybercrime with stolen data. We’ve mapped the inner workings, tracking the sellers, buyers & data flows in order to

RT @TheHackersNews: 🚨 Android malware is getting brutal:. 🔸AntiDot hijacks 3,775+ phones via fake Google updates.🔸 GodFather runs real bank….

🚨 AntiDot is a stealthy Android botnet sold as a "3-in-1" MaaS toolkit. 📱 3,750+ infected devices.🎯 250+ campaigns.🛰️ 10+ active C2s undetected by most vendors. 🔗 Report: 📁 IOCs: #ThreatIntel #AndroidMalware

🚨 Malware-signing-as-a-service is on the rise. Ransomware groups are automating Azure’s trusted code signing to legitimize malware with 3-day ephemeral certs. Full report available to registered users on our CATALYST platform: #threatintel #malware

MISP or OpenCTI? 🔐 Both are great for threat intel. CRADLE 🚀 extends them, bringing knowledge to the top of the Pyramid of Pain 🔺. Check out the latest release: #threatintel #misp #opencti #ioc #malware.

📌 In case you missed it: we exposed how the ransomware enterprise operates 💻💣. They're still active, with new ransomware variants but old habits 🔄. TTPs are hard to change. Stay ahead & read the full report 👉 #threatintel #malware #IOC

Attackers recently exploited FortiGate to deploy Qilin ransomware, one of the most active campaigns. Patching fixes vulnerabilities but not stolen data. BLINDSPOT 🔍 contains stolen data from this and many other campaigns. See what attackers know 👉

🕵️Wanted: Dark Web Whistleblowers. Explore how mindset, manipulation, and strategy are reshaping the fight against cybercrime:. 🔗

RT @BleepinComputer: Critical Fortinet flaws now exploited in Qilin ransomware attacks - @serghei. .

🚨 Threat actors are actively exploiting Fortigate vulnerabilities (CVE-2024-21762, CVE-2024-55591, and others) to deploy Qilin ransomware. The attack is fully automated, with only victim selection done manually. Details in our flash alert on CATALYST:

📌KARAKURT is no longer active, but their methods still echo in the Wizard Spider ecosystem. Their victim system had backdoors for re-infection and used stolen ntds.dit files to map Active Directory environments. Paying ransom invites more. 🔗

Ready for Day 2 of Infosecurity Europe! Visit us at stand #E25. We've got great coffee and plenty of researchers eager to discuss our latest innovations. #InfosecurityEurope #PRODAFT #E25

We're excited to be exhibiting at Infosecurity Europe. Visit us at Booth #E25 !. We're also hosting a TLP:RED briefing room featuring a live feed from threat actors' infrastructure. If you're interested, please email us to book a slot. Availability is limited and filling up fast

🚨 macOS under attack: Odyssey Stealer is the latest evolution in macOS malware, targeting devs, admins & execs with advanced infostealing tactics. Built on AMOS and Poseidon, it's a growing threat in 2025. 🔗 IOCs 👉 #ThreatIntel #Malware

🇨🇳 Chinese-speaking threat actors are on the rise 🌐 Private phishing and DDoS platforms are getting more advanced, with more services than ever. Here's a peek at the latest underground tool 👇 . Stay ahead of threats with CATALYST: . #ThreatIntelligence

🕵️ Arcane Mantis (aka Vice Society, Rhysida) seems to be shifting tactics in 2025, moving away from Gootloader and returning to early methods like using compromised credentials 🔐. 🧾 New IOCs, including malvertising domains 🎯, on GitHub:. 🔗

🎁 Another unexpected gift for the threat intelligence community. In March 2025, the VanHelsing ransomware group first emerged. Now, in a surprising turn of events, the group’s administrator has leaked the entire source code on the RAMP forum. The leak includes Tor keys,

It’s official: DanaBot is more than obsolete, it’s out ✅. Infrastructure tied to Trickbot, Qakbot, Bumblebee, Lactrodectus and others was dismantled too 💥. Operation Endgame is tearing down the ransomware delivery chain 🧩.

🚨 Savage Ladybug (FIN7) is still abusing Google ads to spoof Anydesk, 7-Zip, Slack & more, delivering MSIX files with embedded PS1 to deploy NetSupport RAT. Recent IOCs 👉 . #ThreatIntel #Malware

RT @TheHackersNews: 🚨 New favorite toy of ransomware gangs? A stealthy malware called Skitnet—now seen in live attacks. First sold on dark….