#Lazarus Operation DreamJob targets the UAV sector DroneEXEHijackingLoader.dll /ScoringMathTea RAT https://t.co/prl2AcvWPR

New blog from WKL: WinDbg Time Travel Debugging vs. Intel Processor Trace CPU instruction tracing is insanely powerful for RE + threat hunting but still underused. @AlanSguigna breaks down the tradeoffs, strengths, and when to use each. https://t.co/3rK2vii1Hl

Elastic Security Labs publishes nightMARE, a Python library (v0.16) for malware analysis and for building configuration extractors. https://t.co/Cdofl8Lazn

Silly EDR Bypasses and Where To Find Them https://t.co/4qWVI275Ch

Just published a deep dive into APT27 (Emissary Panda/Iron Tiger/Lucky Mouse), a Chinese state-sponsored cyber-espionage group active since 2010, known for spear-phishing, watering-hole attacks and exploitation of internet-facing applications. https://t.co/xNurajdGrq

#Lazarus BeaverTail variant distributed via malicious repositories and ClickFix lure https://t.co/30pFWWT0JU

🚨Lazarus escalated activities in 2025 with companies already suffering billions in losses. This APT’s attacks are evolving and getting harder to detect. Read actionable report on its current campaigns to be ready for the next attack ⬇️ https://t.co/FVg6k6kwUn

🧪 Under the Pure Curtain: From RAT to Builder to Coder A deep dive into the Pure malware ecosystem — from IR engagement with ClickFix campaign to Rust loader and PureHVNC RAT deployment. https://t.co/piMQvv4kf8

Myth Stealer http[://213.136.81.217[:8080 kedi[.mythstealer.win 4c6f0497d3903bb7a51466a78aa288bc564b7403ed2dc0682aee37c4e6648e01 more sample in VT communicating files

APT37 Targets Windows with Rust Backdoor and Python Loader C2 Server https://t.co/IzjOmDFn5t

Zscaler ThreatLabz identifies a campaign active since early May 2025 targeting Chinese-speaking users that delivers ValleyRAT, FatalRAT, & the newly named kkRAT. The blog details the attack chain and kkRAT’s features, network protocol, commands, & plugins. https://t.co/4sTYeQE3xo

New blog is out on #NightshadeC2! Newly discovered botnet with capabilities like reverse shell, password/cookie theft, remote control, and more. Loader relies on UAC Prompt Bombing to force victims into excluding payload in Windows Defender! https://t.co/NI9PuLDycB

ESET researchers have identified a new threat actor: GhostRedirector targets Windows servers with a passive C++ backdoor (Rungan) and a malicious IIS module (Gamshen) that manipulates Google search results. https://t.co/sGqad38ArV

Since April 2025, Gunra ransomware has targeted enterprises across Brazil, Japan, Canada, the United States, and other regions, affecting sectors such as healthcare, manufacturing, transportation, IT, and agriculture. Strengthen defenses with full insights: ⬇️

Newly discovered Charon ransomware leverages elliptic curve cryptography and a modified ChaCha20 cipher, partially encrypting files for speed. Trend Vision One™ provides detection queries to help teams sweep for IOCs: ⬇️

A new ransomware strain named #Yurei has emerged. It is believed to be a variant of PrincessLocker and is written in Go. sample: https://t.co/hy0X8J3dHO sample: https://t.co/kIeMfqN35H sample: https://t.co/ooueAbFwEz rule: https://t.co/bElzz5X7tI

The #GPUGate malware, distributed via GitHub and Google Ads, uses GPU encryption. Targets users in Western Europe. #GPUGate @AWNetworks https://t.co/GnwddGlP2A

Did you know? The PrincessLocker ransomware family has spawned multiple variants over time. Here are some of its known offshoots - Banderas - EByte - SatanLock - GoConti - HexaLocker - JustIce - Kalingrad - CrazyHunter - CYB3R-L0CK3R

Bitdefender’s Jade Brown profiles SafePay, a non-RaaS ransomware group with hundreds of victims. TTPs include credential compromise, VPN exploitation, IT-staff impersonation, PsExec for lateral movement, and data exfiltration via WinRAR and FileZilla. https://t.co/YCUBdsYFCU

Insikt Group identifies a new threat actor, TAG-150, active since at least March 2025. Its multi-layered infrastructure is used to deploy likely self-developed malware families, including CastleLoader, CastleBot, and the newly documented CastleRAT. https://t.co/nLLnO7TxuG