Author | Lightnews

marktsec @marktsec.bsky.social · 10h

Proofpoint releases innovative detections for threat hunting: PDF Object Hashing
www.proofpoint.com/us/blog/thre...

Proofpoint releases innovative detections for threat hunting: PDF Object Hashing | Proofpoint US

Key findings Proofpoint created a new open-source tool for creating threat detection rules based on unique characteristics in PDFs called “PDF Object Hashing”. This technique can

www.proofpoint.com

1

marktsec @marktsec.bsky.social · 1d

Aisuru Botnet Shifts from DDoS to Residential Proxies
krebsonsecurity.com/2025/10/aisu...

Aisuru Botnet Shifts from DDoS to Residential Proxies

Aisuru, the botnet responsible for a series of record-smashing distributed denial-of-service (DDoS) attacks this year, recently was overhauled to support a more low-key, lucrative and sustainable busi...

krebsonsecurity.com

Reposted by marktsec

Catalin Cimpanu @campuscodi.risky.biz · 5d

Ravin Academy, the private school that recruits and trains hackers for Iran's MOIS intelligence service , has been hacked and its data leaked

www.iranintl.com/202510230171

blog.narimangharib.com/posts/2025%2...

Public searchable database: ravin-academy.com

1 18 28

marktsec @marktsec.bsky.social · 3d

BreachForums Reinstated

1

marktsec @marktsec.bsky.social · 4d

Tykit Analysis: New Phishing Kit Stealing Hundreds of Microsoft Accounts in Finance
anyrun.substack.com/p/tykit-anal...

Tykit Analysis: New Phishing Kit Stealing Hundreds of Microsoft Accounts in Finance

Not long ago we reported a spike in phishing attacks that use an SVG file as the delivery vector.

anyrun.substack.com

marktsec @marktsec.bsky.social · 4d

Mem3nt0 mori – The Hacking Team is back!
securelist.com/forumtroll-a...

Mem3nt0 mori – The Hacking Team is back!

Kaspersky researchers discovered previously unidentified commercial Dante spyware developed by Memento Labs (formerly Hacking Team) and linked it to the ForumTroll APT attacks.

securelist.com

marktsec @marktsec.bsky.social · 6d

New LockBit 5.0 Targets Windows, Linux, ESXi
www.trendmicro.com/en_us/resear...

New LockBit 5.0 Targets Windows, Linux, ESXi

Trend™ Research analyzed source binaries from the latest activity from notorious LockBit ransomware with their 5.0 version that exhibits advanced obfuscation, anti-analysis techniques, and seamless cr...

www.trendmicro.com

1 2

marktsec @marktsec.bsky.social · 7d

What's New in Impacket's 0.13 Release?
www.coresecurity.com/blog/whats-n...

What's New in Impacket's 0.13 Release? | Core Security

Impacket 0.13 includes new attack paths and relay tricks, channel binding updates, MSSQL workflow upgrades, SMB Improvements, and examples enhancements.

www.coresecurity.com

marktsec @marktsec.bsky.social · 7d

Spectre RAT v10 new capabilities: autorun, VNC, DLL sideloading, clipper, keylogger, Telegram notifications, anti-VM. Hunt for unexpected autorun registry changes, anomalous DLL loads and suspicious outbound connections.
#infosec #ThreatIntel

marktsec @marktsec.bsky.social · 8d

🚨 Ransomware mimic pay2key v0.16.1 Selling fully autonomous ransomware: buyers control ALL encryption keys, custom affiliate programs, and guaranteed product updates. Mimic variant, evasive, and tailored for affiliates. #ransomware #infosec #threatintel

1 1

marktsec @marktsec.bsky.social · 8d

Trust Issues – Abusing Trust accounts & Trusted CA's
lorenzomeacci.com/trust-issues...

Trust Issues – Abusing Trust accounts & Trusted CA's | Lorenzo Meacci

Hi all. In this post I will share research I have conducted over the past few weeks on trust attacks in both One-Way Outbound and Bidirectional Trust scenarios. I present several attack chains that ca...

lorenzomeacci.com

marktsec @marktsec.bsky.social · 8d

🚨 Darkweb alert: Blockchain-powered botnets now feature encrypted smart contracts, anti-VM, autorun, and parent process ID spoofing for advanced malware delivery. No domains, no servers, no takedowns. Source code + panel available
#infosec #threatintel

marktsec @marktsec.bsky.social · 11d

GlassWorm: First Self-Propagating Worm Using Invisible Code Hits OpenVSX Marketplace
www.koi.ai/blog/glasswo...

GlassWorm: First Self-Propagating Worm Using Invisible Code Hits OpenVSX Marketplace | Koi Blog

www.koi.ai

marktsec @marktsec.bsky.social · 12d

Odyssey Stealer and AMOS Campaign Targets macOS Developers Through Fake Tools
hunt.io/blog/macos-o...

Odyssey Stealer & AMOS Hit macOS Developers with Fake Homebrew Sites

A large-scale macOS malware campaign mimics trusted dev tools to spread Odyssey Stealer and AMOS via fake Homebrew sites. Learn more.

hunt.io

marktsec @marktsec.bsky.social · 13d

"The Gentlemen" Win/Linux/ESXi lockers major update.
Adds persistent self-restart (schtasks + registry), a silent mode that preserves filenames/timestamps, built-in network/domain spread (WMI/SC/PowerShell/etc.),
#ransomware #infosec #ThreatIntel

1

marktsec @marktsec.bsky.social · 15d

Qilin Ransomware and the Ghost Bulletproof Hosting Conglomerate
www.resecurity.com/blog/article...

Resecurity | Qilin Ransomware and the Ghost Bulletproof Hosting Conglomerate

www.resecurity.com

1 2

marktsec @marktsec.bsky.social · 17d

Mapping latest Lumma infrastructure
intelinsights.substack.com/p/mapping-la...

Mapping latest Lumma infrastructure

C2, distribution & ASN clustering

intelinsights.substack.com

marktsec @marktsec.bsky.social · 18d

Yet Another DCOM Object for Command Execution Part 1
sud0ru.ghost.io/yet-another-...

Yet Another DCOM Object for Command Execution Part 1

If you’re a penetration tester, you know that lateral movement is becoming increasingly difficult, especially in well defended environments. One technique for command execution has been the use of DCO...

sud0ru.ghost.io

marktsec @marktsec.bsky.social · 19d

MCP Malware Wave Continues: A Remote Shell in Disguise
www.koi.ai/blog/mcp-mal...

MCP Malware Wave Continues: A Remote Shell in Disguise | Koi Blog

www.koi.ai

1 1

marktsec @marktsec.bsky.social · 21d

⚠️ ALERT: DragonForce Ransomware announces an open partner program — no vetting, free partner services (file analysis, decryption, call service, storage) and a registration onion link in the post.
#Ransomware #ThreatIntel #infosec

marktsec @marktsec.bsky.social · 21d

VIDAR Stealer v2.0 being promoted. Vendor claims rewrite to C (C99), custom CRT, NT-API usage, automatic morphing per build, multithreaded collection & upload, and runtime obfuscation. Potential for improved stealth and faster exfil.
#ThreatIntel #infosec #infostealer #vidar

marktsec @marktsec.bsky.social · 23d

Shuyal Stealer: Advanced Infostealer Targeting 19 Browsers
www.pointwild.com/threat-intel...

Shuyal Stealer: Advanced Infostealer Targeting 19 Browsers | Point Wild

Introduction: Infection Flowchart: Technical Analysis: MD5: 9523086ab1c3ab505f3dfd170672af1e SHA-256: 8bbeafcc91a43936ae8a91de31795842cd93d2d8be3f72ce5c6ed27a08cdc092 Compiler: 64 bit C++ compiler exe...

www.pointwild.com

marktsec @marktsec.bsky.social · 27d

NOVA “Locker WIN” update — now advanced Rust. Changes: spawns 10 workers for multi-run encryption, skips already-encrypted files, self-deletes, clears device logs, drops .me ransom note, and claims to bypass AI-security endpoints.
#ransomware #threatintel #infosec

marktsec @marktsec.bsky.social · 27d

AresLoader, a resident Windows loader advertised on darknet. Written in C; uses HTTPS + JWT, runs EXE payloads, Flask admin with IP whitelist, 2FA & RBAC. Targets corporate workstations/servers.
#Infosec #ThreatIntel