piggo
LightNews LightNews
pigondrugs.bsky.social
piggo
@pigondrugs.bsky.social
24 followers 6 following 600 posts
I sheer alpacas and try to defend the internet from malware
Posts Media Videos Starter Packs
pigondrugs.bsky.social
piggo @pigondrugs.bsky.social · 13h
~Socket~
A cluster of 131 cloned Chrome extensions are being used as spamware to automate bulk messaging on WhatsApp.
-
IOCs: zapvende. com, lobovendedor. com. br, youseller. com. br
-
#ChromeExtension #Spamware #ThreatIntel #WhatsApp
131 Spamware Chrome Extensions Target WhatsApp
socket.dev
pigondrugs.bsky.social
piggo @pigondrugs.bsky.social · 13h
~Microsoft~
Microsoft's 2025 Digital Defense Report finds over half of all cyberattacks are now driven by extortion and ransomware for financial gain.
-
IOCs: (None identified)
-
#Cybercrime #Ransomware #ThreatIntel
Microsoft Report: Extortion & Ransomware Drive Attacks
blogs.microsoft.com
pigondrugs.bsky.social
piggo @pigondrugs.bsky.social · 13h
~Microsoft~
Microsoft has been recognized as a Leader in the 2025 Gartner® Magic Quadrant™ for its SIEM solution, Microsoft Sentinel.
-
IOCs: (None identified)
-
#Gartner #Microsoft #SIEM #ThreatIntel
Microsoft Named a 2025 Gartner SIEM Leader
www.microsoft.com
pigondrugs.bsky.social
piggo @pigondrugs.bsky.social · 13h
~Microsoft~
Threat actors are actively targeting Azure Blob Storage using a full attack chain from reconnaissance and initial access to data exfiltration and impact.
-
IOCs: (None identified)
-
#Azure #CloudSecurity #ThreatIntel
Threats Targeting Azure Blob Storage
www.microsoft.com
1
pigondrugs.bsky.social
piggo @pigondrugs.bsky.social · 13h
~Mandiant~
Russian state-actor COLDRIVER deploys new NOROBOT & MAYBEROBOT malware after their LOSTKEYS tool was publicly disclosed.
-
IOCs: 85. 239. 52. 32, system-healthadv. com, southprovesolutions. com
-
#COLDRIVER #Malware #ThreatIntel
COLDRIVER's New Malware
cloud.google.com
pigondrugs.bsky.social
piggo @pigondrugs.bsky.social · 13h
~Cisa~
CISA adds five actively exploited vulnerabilities affecting Apple, Microsoft, Oracle, and Kentico products to its KEV catalog.
-
IOCs: CVE-2025-33073, CVE-2025-61884, CVE-2022-48503
-
#CISA #PatchNow #ThreatIntel #Vulnerability
CISA Adds 5 Vulns to KEV Catalog
www.cisa.gov
pigondrugs.bsky.social
piggo @pigondrugs.bsky.social · 3d
~Socket~
ENISA's 2025 report finds AI is fundamentally reshaping the threat landscape, automating phishing and creating new supply chain risks.
-
IOCs: Lumma Stealer, WormGPT, Rafel RAT
-
#AI #ENISA #SupplyChain #ThreatIntel
ENISA 2025: AI Reshapes Cyber Attacks
socket.dev
pigondrugs.bsky.social
piggo @pigondrugs.bsky.social · 3d
~Sophos~
Threat actors exploit legacy vulnerabilities and stolen credentials where MFA is absent, fueling a volatile ransomware landscape.
-
IOCs: Qilin, Akira
-
#MFA #Ransomware #ThreatIntel
Threat Intel Report: Ransomware, Stolen Credentials & Legacy Vulns
news.sophos.com
pigondrugs.bsky.social
piggo @pigondrugs.bsky.social · 4d
~Zscaler~
Nation-state actor UNC5221 breached F5, exfiltrating BIG-IP source code and internal zero-day vulnerability documentation.
-
IOCs: BRICKSTORM, UNC5221
-
#F5 #ThreatIntel #UNC5221
F5 Discloses Major Security Breach
www.zscaler.com
pigondrugs.bsky.social
piggo @pigondrugs.bsky.social · 4d
~Socket~
Vite+ is a new commercial, Rust-based toolchain designed to consolidate the JavaScript development ecosystem.
-
IOCs: (None identified)
-
#JavaScript #ThreatIntel #Vite
Vite+ Unveils Unified JS Toolchain
socket.dev
1
pigondrugs.bsky.social
piggo @pigondrugs.bsky.social · 4d
~Cisa~
CISA has released 13 new advisories detailing vulnerabilities in various ICS products from Rockwell, Siemens, and others.
-
IOCs: (None identified)
-
#CISA #ICS #ThreatIntel
CISA Releases 13 ICS Advisories
www.cisa.gov
1
pigondrugs.bsky.social
piggo @pigondrugs.bsky.social · 4d
~Mandiant~
UNC5142 distributes infostealers (VIDAR, ATOMIC) from compromised WordPress sites using a blockchain technique to store malicious code.
-
IOCs: ratatui[. ]today, browser-storage[. ]com, 80. 64. 30[. ]238
-
...
UNC5142 Uses EtherHiding to Distribute Malware
cloud.google.com
1
pigondrugs.bsky.social
piggo @pigondrugs.bsky.social · 4d
~Mandiant~
DPRK actor UNC5342 is using the EtherHiding technique to deliver JADESNOW & INVISIBLEFERRET malware via public blockchains.
-
...
DPRK Adopts EtherHiding Malware Delivery
cloud.google.com
pigondrugs.bsky.social
piggo @pigondrugs.bsky.social · 4d
~Cofense~
Phishing campaign distributes a malicious 'Mac Spoofer' Chrome extension to steal user credentials from login forms.
-
IOCs: hibarriotech. com, reader. hibarriotech. com, 194. 146. 41. 102
-
#Malware #Phishing #ThreatIntel
Malicious 'Mac Spoofer' Browser Extension
https://cofense.com/blog/privacy”-and-prizes”-rewards-from-a-malicious-browser-extension
pigondrugs.bsky.social
piggo @pigondrugs.bsky.social · 4d
~Checkpoint~
A vulnerability in a new Rust-based Windows kernel component (win32kbase_rs.sys) allows local users to cause a system crash (BSOD) via a malformed metafile.
-
IOCs: (None identified)
-
#DoS #Rust #ThreatIntel #Windows
Rust Vulnerability in Windows GDI Kernel
research.checkpoint.com
1
pigondrugs.bsky.social
piggo @pigondrugs.bsky.social · 4d
~Trendmicro~
A doxxing campaign against alleged Lumma Stealer (Water Kurita) operators has caused a sharp decline in activity, with customers migrating to alternatives like Vidar and StealC.
-
IOCs: (None identified)
-
...
Lumma Stealer Doxxing Leads to Decline
www.trendmicro.com
pigondrugs.bsky.social
piggo @pigondrugs.bsky.social · 5d
~Zscaler~
Threat actors are increasingly exploiting non-web protocols like DNS, RDP, and SMB for covert C2, data theft, and ransomware attacks.
-
IOCs: (None identified)
-
#DNS #RDP #ThreatIntel
Attacks on Non-Web Protocols Increasing
www.zscaler.com
2
pigondrugs.bsky.social
piggo @pigondrugs.bsky.social · 5d
~Sophos~
Microsoft released a record 170 patches, fixing 8 critical issues and 3 zero-days under active exploitation.
-
IOCs: CVE-2025-24990, CVE-2025-47827, CVE-2025-59230
-
#Microsoft #PatchTuesday #ThreatIntel
Microsoft's Record October Patch Tuesday
news.sophos.com
pigondrugs.bsky.social
piggo @pigondrugs.bsky.social · 5d
~Sophos~
A nation-state actor breached F5, exfiltrating source code and undisclosed vulnerability data.
-
IOCs: (None identified)
-
#Breach #F5 #ThreatIntel
F5 Network Compromised
news.sophos.com
pigondrugs.bsky.social
piggo @pigondrugs.bsky.social · 5d
~Cisa~
CISA added an actively exploited Adobe Experience Manager RCE vulnerability (CVE-2025-54253) to its KEV catalog.
-
IOCs: CVE-2025-54253
-
#Adobe #CVE202554253 #ThreatIntel
CISA Adds Adobe RCE to KEV Catalog
www.cisa.gov
pigondrugs.bsky.social
piggo @pigondrugs.bsky.social · 5d
~Trendmicro~
Attackers exploit Cisco SNMP vulnerability CVE-2025-20352 to deploy rootkits, enabling RCE and persistent access.
-
IOCs: CVE-2025-20352
-
#CVE202520352 #Cisco #ThreatIntel
Cisco SNMP Vuln Exploited for Rootkits
www.trendmicro.com
pigondrugs.bsky.social
piggo @pigondrugs.bsky.social · 5d
~Socket~
A credential management failure at RubyGems resulted in a former maintainer retaining AWS root access, sparking a major community dispute over the incident's handling.
-
IOCs: (None identified)
-
#CloudSecurity #RubyGems #ThreatIntel
RubyGems Credential Incident Sparks Community Backlash
socket.dev
pigondrugs.bsky.social
piggo @pigondrugs.bsky.social · 5d
~Paloalto~
PhantomVAI Loader uses phishing and steganography to deliver multiple infostealers like Katz Stealer, AsyncRAT, and XWorm.
-
IOCs: (None identified)
-
#Infostealer #Malware #PhantomVAI #ThreatIntel
PhantomVAI Loader Delivers Infostealers
unit42.paloaltonetworks.com
pigondrugs.bsky.social
piggo @pigondrugs.bsky.social · 5d
~Cisa~
CISA directs federal agencies to patch F5 devices against an imminent threat from a nation-state actor.
-
IOCs: (None identified)
-
#CISA #F5 #ThreatIntel #Vulnerability
CISA Emergency Directive for F5 Devices
www.cisa.gov
pigondrugs.bsky.social
piggo @pigondrugs.bsky.social · 6d
~Socket~
Threat actors are using Discord webhooks for C2 and data exfiltration in malicious packages on npm, PyPI, and RubyGems.
-
...
Malicious Packages Use Discord for C2
socket.dev