A new #SpyNote report is out! 🚨 Dive into the tactics of this Android RAT campaign, from dynamic payload decryption to new obfuscation methods. Learn how threat actors are using deceptive Google Play Store clones to target users:.

Recent DTI research tracked a trojan using hosted PowerShell scripts, uncovering bulletproof hosting services and how #LummaStealer remains a threat. Read the full report: #Cybersecurity #ThreatIntel #Malware #BlueTeam.

Join millions who have switched to Grok.

DPRK IT workers infiltrate global remote companies via forged identities, siphoning millions to fund North Korea's weapons. A critical insider threat risking IP theft & espionage. Get essential intel:. #threatintelligence #cybersecurity #infosec

ICYMI: Skeleton Spider (FIN6) is using trusted cloud services like AWS to deliver malware via fake resumes & job lures. Social engineering meets stealthy infrastructure. Learn more here:

"In a twist on typical hiring-related social engineering attacks, the FIN6 hacking group impersonates job seekers to target recruiters, using convincing resumes and phishing sites to deliver malware." Read more from @BleepinComputer here:

"The financially motivated threat actor known as FIN6 has been observed leveraging fake resumes hosted on Amazon Web Services (AWS) infrastructure to deliver a malware family called More_eggs." Read more from @TheHackersNews here:

RT @BleepinComputer: FIN6 hackers pose as job seekers to backdoor recruiters’ devices - @billtoulas. .

FIN6 (Skeleton Spider) is using AWS & fake resumes to deliver malware via trusted job platforms. ⚠️ Realistic lures.🕵️‍♂️ Cloud-hosted phishing.🥚 More_eggs backdoor. Read the full analysis here:

RT @TheHackersNews: 🚨 Watch your clipboard!. A fake DocuSign site tricks users into running malware with a sneaky PowerShell script—copied….

Key tactics include:. 🔹 Clipboard poisoning via fake CAPTCHA pages.🔹Multi-stage PowerShell downloaders.🔹Spoofed Gitcodes and Docusign domains.🔹Infrastructure overlap with known threat groups like SocGholish, FIN7 and STORM-0408.

DomainTools Investigations’ (DTI) latest analysis uncovers a technically sophisticated malware campaign that uses fake CAPTCHAs and spoofed document verification pages to trick users into self-infecting their machines with the NetSupport RAT.

🎵 Newsletter No. 5 is here!. Daniel Schwalbe, CISO @DomainTools, shares the latest on:. 🔹 VenomRAT via fake sites.🔹 Malicious Chrome extensions.🔹 Exploiting viral media events. Read the full scoop 👉

RT @DomainTools: What do cats have to do with Lumma C2 malware?. Some domains linked to the infostealer use a landing page titled “About Ca….

ICYMI!. Ian Campbell's latest Recommended Reading list is out. This edition features @MaltegoHQ's Human Element Podcast hosted by @bapril! . Learn more and see Ian's other Recommended picks here:

"The attackers used websites that mimicked popular brands to trick users into installing the apps that had been laced with malware designed to steal passwords and digital wallets." Read more from @Forbes here:

RT @TheHackersNews: 🚨 Hackers built a fake Bitdefender site to push Venom RAT—stealing passwords, crypto, and control. Behind it? A stealt….

RT @securityaffairs: @DomainTools Crooks use a fake #antivirus site to spread #Venom #RAT and a mix of malware.#sec….

A spoofed antivirus download page is delivering VenomRAT, StormKitty, and SilentTrinity—a powerful combo for credential theft, persistence, and long-term access. Full breakdown: #CyberSecurity #ThreatIntel #MalwareAnalysis #Infosec

ICYMI: Malware is hiding in Chrome extensions. DTI uncovered a campaign using dual-function extensions—posing as VPNs, crypto tools, or media editors—to exfiltrate data while appearing legit. 📘 Full analysis: #CyberSecurity #Malware #ChromeExtensions.

RT @pcworld: Warning! Malicious Chrome extensions found mimicking legit tools.