Today marks my first day to work as a SOC analyst. Perhaps one thing I have learned over the years is to be persistent, never stop grinding, and chasing down your dream. Here is my timeline for me to achieve my dream.

I love reporting the same malware, day after day. Week after week. This is why I built the Cert Graveyard. I can look back and see the other 30 times I've reported the same exact malware. It also helps build detections. Easy to find and compare samples.

Researchers have found two new vulnerabilities in React Server Components while attempting to exploit the patches last week. These are new issues, separate from the critical CVE last week. The patch for React2Shell remains effective for the Remote Code Execution exploit.

Ransomware groups stopped fighting your EDR… they are just logging into your hypervisor 💀

TRU is tracking active exploitation of #React2Shell and released an advisory with observables/indicators. Observed activity includes system reconnaissance and attempts to exfiltrate AWS credentials. https://t.co/zpcQfKNiKE

With all the talk about the Next.js PoC, many people missed that the React2Shell vulnerability (CVE-2025-55182) affects the underlying RSC implementation itself. This means other popular frameworks that rely on RSC are also vulnerable. We are still analyzing the impact and ease

Baoloader/TamperedChef paper by @SerkanSirmaci https://t.co/7fiO4VB7Vy

This pretty much sums up the situation: an in-memory (!) JavaScript-based (!) webshell gets implanted into a vulnerable React server with a single(!) POST request and leaves zero(!) trace in logs or on disk. Someone used that POC, successfully injected the shell and still

Announcing the rebrand of TRACLabs → LummaLabs. This is where I'll be publishing my personal research. And as promised, at 200 followers, new blog is live. Took more than 24 hours but I have a job, ok, leave me alone 😭 Weyhro C2: because ransomware wasn't paying the bills

There is critical vulnerability in React Server Components disclosed as CVE-2025-55182 that impacts React 19 and frameworks that use it. A fix has been published in React versions 19.0.1, 19.1.2, and 19.2.1. We recommend upgrading immediately. https://t.co/kue7kd0XEX

🚩 7-Zip RCE Vulnerability Exploited in the Wild https://t.co/xww051lZKn Security researchers are warning that a remote-code-execution flaw (CVE-2025-11001) in 7-Zip is now being actively exploited. The bug stems from incorrect processing of symbolic links inside ZIP

Featuring one of the most cool interviews with a MacOS infostealer developer, because “macOS is the safest system and has no viruses.” Collaboration with @osint_barbie 🍎🤩 No more spoilers today, read now a interview with Phexia: https://t.co/3GFnN3n4Jg

Everyone talks about ransomware. Almost nobody talks TO ransomware operators, so I did the job for you. [turn the subtitles on] https://t.co/O8I4pgoEkx

WTF, wow, @washi_dev and @elektrokilldev are cooking 💙💙💙🙏🙌 Lot of improvements in #dnSpyEx #dnSpy. The newly added feature showing searchable string references in module is insane good and cool 👍💪 Its soooo cooool 😍 #dotnet #reversing https://t.co/cr3O3f9IZc

🦔📹 New Video: Modifying @vinopaljiri's string decrypter for a ConfuserEx2 variant ➡️ Defeating antis with Harmony hooks ➡️ AsmResolver ➡️ .NET string deobfuscation #MalwareAnalysisForHedgehogs https://t.co/G1mOunwcEq

Spoiler alert! New video is coming soon :3 cc @EdwardCrowderX @bohansec

If you’re trying to use Wazuh for threat hunting or incident response, stop wasting your time. Wazuh is fine for compliance and system visibility, but that’s where it ends. If you want to actually see what’s happening on an endpoint and run proper investigations to play around

We’ve identified an interesting malware family 🔍, which we’ve named #GrokPy due to its use of a Grok LLM model 🤖 to solve and subsequently bypass CAPTCHAs 🔥 The malware gets dropped by #Amadey and: 🪝 collects information about the infected device, such as screen

Scattered Spider / SLSH just launched a new Telegram channel — and the activity shows a clear escalation in both tone and targeting. Early observations from the new channel: •They’re bragging about 300+ victims individually, claiming higher earnings than Qilin & Cl0p combined.

🚀 𝗧𝗵𝗲 𝗘𝗗𝗥 𝗖𝗼𝗺𝗽𝗮𝗿𝗶𝘀𝗼𝗻 𝗦𝗲𝗿𝘃𝗶𝗰𝗲 𝗶𝘀 𝗼𝗳𝗳𝗶𝗰𝗶𝗮𝗹𝗹𝘆 𝗹𝗶𝘃𝗲! This is the evolution of the EDR Telemetry Project, expanding everything people valued there into a full, feature-level comparison across multiple EDR products. What it delivers: •

Rhadamanthys loader deobfuscation https://t.co/rDvK0uqgiV