Marc Rivero | @seifreed
@seifreed.bsky.social
🌍 Geopolitics & Cyber Intel | 🧠 Reverse Engineering Pro | 🔎 Geostrategy Analyst | 💻 Combatting Cybercrime & APT | 🚀 All tweets are my own!
GOFFEE continues to attack organizations in Russia securelist.com/goffee-apt-n...
GOFFEE’s recent attacks: new tools and techniques
Kaspersky researchers analyze GOFFEE’s campaign in H2 2024: the updated infection scheme, new PowerModul implant, switch to a binary Mythic agent.
securelist.com
May 26, 2025 at 8:54 AM
GOFFEE continues to attack organizations in Russia securelist.com/goffee-apt-n...
Attackers distributing a miner and the ClipBanker Trojan via SourceForge securelist.com/miner-clipba...
A miner and the ClipBanker Trojan being distributed via SourceForge
Malicious actors are using SourceForge to distribute a miner and the ClipBanker Trojan while utilizing unconventional persistence techniques.
securelist.com
May 25, 2025 at 4:04 PM
Attackers distributing a miner and the ClipBanker Trojan via SourceForge securelist.com/miner-clipba...
How ToddyCat tried to hide behind AV software securelist.com/toddycat-apt...
APT group ToddyCat exploits a vulnerability in ESET for DLL proxying
While analyzing a malicious DLL library used in attacks by APT group ToddyCat, Kaspersky experts discovered the CVE 2024-11859 vulnerability in a component of ESET’s EPP solution.
securelist.com
May 25, 2025 at 8:54 AM
How ToddyCat tried to hide behind AV software securelist.com/toddycat-apt...
US Border Patrol Called Raid 300 Miles From Border ‘Targeted’. Open Source Evidence Suggests Otherwise www.bellingcat.com/news/2025/04...
US Border Patrol Called Raid 300 Miles From Border 'Targeted'. Open Source Evidence Suggests Otherwise - bellingcat
US Border Patrol travelled 300 Miles for a 'targeted' operation. Rights groups say it was anything but targeted.
www.bellingcat.com
May 24, 2025 at 4:05 PM
US Border Patrol Called Raid 300 Miles From Border ‘Targeted’. Open Source Evidence Suggests Otherwise www.bellingcat.com/news/2025/04...
What Audio Analysis Reveals About Aid Workers Killed in Gaza www.bellingcat.com/news/2025/04...
What Audio Analysis Reveals About Aid Workers Killed in Gaza - bellingcat
Hundreds of shots fired at aid convoy that resulted in deaths of multiple aid workers, audio analysis shows.
www.bellingcat.com
May 24, 2025 at 8:54 AM
What Audio Analysis Reveals About Aid Workers Killed in Gaza www.bellingcat.com/news/2025/04...
Analysis of Lazarus Group’s Attack on Windows Web Servers asec.ahnlab.com/en/86687/
Analysis of Lazarus Group’s Attack on Windows Web Servers - ASEC
AhnLab SEcurity intelligence Center (ASEC) has identified attack cases of the Lazarus group breaching a normal server and using it as a C2. Attacks that install a web shell and C2 script on South…
asec.ahnlab.com
May 23, 2025 at 4:08 PM
Analysis of Lazarus Group’s Attack on Windows Web Servers asec.ahnlab.com/en/86687/
ViperSoftX Malware Distributed by Arabic-Speaking Threat Actor asec.ahnlab.com/en/87398/
ViperSoftX Malware Distributed by Arabic-Speaking Threat Actor - ASEC
AhnLab SEcurity intelligence Center (ASEC) uncovered that attackers, suspected to be Arabic speakers, have been distributing ViperSoftX malware targeting Korean victims since April 1, 2025.…
asec.ahnlab.com
May 23, 2025 at 8:54 AM
ViperSoftX Malware Distributed by Arabic-Speaking Threat Actor asec.ahnlab.com/en/87398/
March 2025 APT Group Trends (South Korea) asec.ahnlab.com/en/87400/
March 2025 APT Group Trends (South Korea) - ASEC
Overview AhnLab is monitoring Advanced Persistent Threat (APT) attacks in South Korea using its own infrastructure. This report covers the classification, statistics, and features of the APT…
asec.ahnlab.com
May 22, 2025 at 4:06 PM
March 2025 APT Group Trends (South Korea) asec.ahnlab.com/en/87400/
March 2025 Threat Trend Report on Ransomware asec.ahnlab.com/en/87445/
March 2025 Threat Trend Report on Ransomware - ASEC
This report provides statistics on the number of new ransomware samples, number of targeted systems, and targeted companies collected in March 2025, as well as major Korean and international…
asec.ahnlab.com
May 22, 2025 at 8:55 AM
March 2025 Threat Trend Report on Ransomware asec.ahnlab.com/en/87445/
Ransom & Dark Web Issues Week 2, April 2025 asec.ahnlab.com/en/87409/
Ransom & Dark Web Issues Week 2, April 2025 - ASEC
ASEC Blog publishes Ransom & Dark Web Issues Week 2, April 2025 DragonForce’s Acquisition of RansomHub: A New Paradigm in the Ransomware Ecosystem Analysis of a Major Security…
asec.ahnlab.com
May 21, 2025 at 4:07 PM
Ransom & Dark Web Issues Week 2, April 2025 asec.ahnlab.com/en/87409/
March 2025 Infostealer Trend Report asec.ahnlab.com/en/87444/
March 2025 Infostealer Trend Report - ASEC
This report provides statistics, trends, and case information on the distribution quantity, distribution methods, and disguise techniques of Infostealer collected and analyzed during March 2025.…
asec.ahnlab.com
May 21, 2025 at 8:54 AM
March 2025 Infostealer Trend Report asec.ahnlab.com/en/87444/
Mobile Security & Malware Issue 2st Week of April, 2025 asec.ahnlab.com/en/87436/
Mobile Security & Malware Issue 2st Week of April, 2025 - ASEC
ASEC Blog publishes “Mobile Security & Malware Issue 2st Week of April, 2025”
asec.ahnlab.com
May 20, 2025 at 4:07 PM
Mobile Security & Malware Issue 2st Week of April, 2025 asec.ahnlab.com/en/87436/
Silent Ransom Group “Call-back” Phishing Campaign arcticwolf.com/resources/bl...
Silent Ransom Group "Call-back" Phishing Campaign - Arctic Wolf
Arctic Wolf has observed an uptick in activity from the Silent Ransom Group. The group has been targeting the legal industry using "call-back" phishing tactics. Find recommendations.
arcticwolf.com
May 20, 2025 at 8:54 AM
Silent Ransom Group “Call-back” Phishing Campaign arcticwolf.com/resources/bl...
Amazon EC2 instance metadata targeted in SSRF attacks | SC Media www.scworld.com/news/amazon-...
Amazon EC2 instance metadata targeted in SSRF attacks
EC2 instance metadata can include sensitive information such as IAM role credentials.
www.scworld.com
May 19, 2025 at 4:07 PM
Amazon EC2 instance metadata targeted in SSRF attacks | SC Media www.scworld.com/news/amazon-...
GoResolver: Using Control-flow Graph Similarity to Deobfuscate Golang Binaries, Automatically www.volexity.com/blog/2025/04...
GoResolver: Using Control-flow Graph Similarity to Deobfuscate Golang Binaries, Automatically
In the course of its investigations, Volexity frequently encounters malware samples written in Golang. Binaries written in Golang are often challenging to analyze because of the embedded libraries…
www.volexity.com
May 18, 2025 at 4:04 PM
GoResolver: Using Control-flow Graph Similarity to Deobfuscate Golang Binaries, Automatically www.volexity.com/blog/2025/04...
Max severity RCE flaw discovered in widely used Apache Parquet www.bleepingcomputer.com/news/securit...
Max severity RCE flaw discovered in widely used Apache Parquet
A maximum severity remote code execution (RCE) vulnerability has been discovered impacting all versions of Apache Parquet up to and including 1.15.0.
www.bleepingcomputer.com
May 18, 2025 at 8:54 AM
Max severity RCE flaw discovered in widely used Apache Parquet www.bleepingcomputer.com/news/securit...
Europcar GitLab breach exposes data of up to 200,000 customers www.bleepingcomputer.com/news/securit...
Europcar GitLab breach exposes data of up to 200,000 customers
A hacker breached the GitLab repositories of multinational car-rental company Europcar Mobility Group and stole source code for Android and iOS applications, as well as some personal information…
www.bleepingcomputer.com
May 17, 2025 at 4:04 PM
Europcar GitLab breach exposes data of up to 200,000 customers www.bleepingcomputer.com/news/securit...
Australian pension funds hit by wave of credential stuffing attacks www.bleepingcomputer.com/news/securit...
Australian pension funds hit by wave of credential stuffing attacks
Over the weekend, a massive wave of credential stuffing attacks hit multiple large Australian super funds, compromising thousands of members' accounts.
www.bleepingcomputer.com
May 17, 2025 at 8:54 AM
Australian pension funds hit by wave of credential stuffing attacks www.bleepingcomputer.com/news/securit...
PoisonSeed phishing campaign behind emails with wallet seed phrases www.bleepingcomputer.com/news/securit...
PoisonSeed phishing campaign behind emails with wallet seed phrases
A large-scale phishing campaign dubbed 'PoisonSeed' compromises corporate email marketing accounts to distribute emails containing crypto seed phrases used to drain cryptocurrency wallets.
www.bleepingcomputer.com
May 16, 2025 at 4:07 PM
PoisonSeed phishing campaign behind emails with wallet seed phrases www.bleepingcomputer.com/news/securit...
Port of Seattle says ransomware breach impacts 90,000 people www.bleepingcomputer.com/news/securit...
Port of Seattle says ransomware breach impacts 90,000 people
Port of Seattle, the U.S. government agency overseeing Seattle's seaport and airport, is notifying roughly 90,000 individuals of a data breach after their personal information was stolen in an…
www.bleepingcomputer.com
May 16, 2025 at 8:54 AM
Port of Seattle says ransomware breach impacts 90,000 people www.bleepingcomputer.com/news/securit...
WinRAR flaw bypasses Windows Mark of the Web security alerts www.bleepingcomputer.com/news/securit...
WinRAR flaw bypasses Windows Mark of the Web security alerts
A vulnerability in the WinRAR file archiver solution could be exploited to bypass the Mark of the Web (MotW) security warning and execute arbitrary code on a Windows machine.
www.bleepingcomputer.com
May 15, 2025 at 4:07 PM
WinRAR flaw bypasses Windows Mark of the Web security alerts www.bleepingcomputer.com/news/securit...
Coinbase to fix 2FA account activity entry freaking out users www.bleepingcomputer.com/news/securit...
Coinbase to fix 2FA account activity entry freaking out users
Coinbase is fixing an incorrect account activity message that freaks out customers and makes them think their credentials were compromised.
www.bleepingcomputer.com
May 15, 2025 at 8:54 AM
Coinbase to fix 2FA account activity entry freaking out users www.bleepingcomputer.com/news/securit...
Carding tool abusing WooCommerce API downloaded 34K times on PyPI www.bleepingcomputer.com/news/securit...
Carding tool abusing WooCommerce API downloaded 34K times on PyPI
A newly discovered malicious PyPi package named 'disgrasya' that abuses legitimate WooCommerce stores for validating stolen credit cards has been downloaded over 34,000 times from the open-source…
www.bleepingcomputer.com
May 14, 2025 at 4:07 PM
Carding tool abusing WooCommerce API downloaded 34K times on PyPI www.bleepingcomputer.com/news/securit...
OpenAI tests watermarking for ChatGPT-4o Image Generation model www.bleepingcomputer.com/news/artific...
OpenAI tests watermarking for ChatGPT-4o Image Generation model
OpenAI is reportedly testing a new "watermark" for the Image Generation model, which is a part of the ChatGPT 4o model.
www.bleepingcomputer.com
May 14, 2025 at 8:54 AM
OpenAI tests watermarking for ChatGPT-4o Image Generation model www.bleepingcomputer.com/news/artific...