Virus Bulletin
@virusbtn.bsky.social
Security information portal, testing and certification body.
Organisers of the annual Virus Bulletin conference.
Organisers of the annual Virus Bulletin conference.
Pinned
Virus Bulletin
@virusbtn.bsky.social
· Oct 1
We are thrilled to officially announce that VB2026 will take place in the vibrant city of Seville, Spain, from 30 September to 2 October 2026.
More details coming soon on the venue, call for papers, sponsorship opportunities, and how to join us.
Can't wait to see you there!
More details coming soon on the venue, call for papers, sponsorship opportunities, and how to join us.
Can't wait to see you there!
Trend Micro researchers share their findings on the Shai-hulud 2.0 campaign and reveal new functions that weren’t observed in its first variant, such as backdoor capabilities. www.trendmicro.com/en_us/resear...
November 28, 2025 at 9:41 AM
Trend Micro researchers share their findings on the Shai-hulud 2.0 campaign and reveal new functions that weren’t observed in its first variant, such as backdoor capabilities. www.trendmicro.com/en_us/resear...
Reposted by Virus Bulletin
#PIVOTcon26 #CfP is open and you can submit your proposals till 6 FEB 2026
CfP rules and submissions here: pretalx.com/pivotcon26/cfp
#ThreatIntel #ThreatResearch #CTI
CfP rules and submissions here: pretalx.com/pivotcon26/cfp
#ThreatIntel #ThreatResearch #CTI
a little boy is driving a toy car down a street .
ALT: a little boy is driving a toy car down a street .
media.tenor.com
November 27, 2025 at 2:06 PM
#PIVOTcon26 #CfP is open and you can submit your proposals till 6 FEB 2026
CfP rules and submissions here: pretalx.com/pivotcon26/cfp
#ThreatIntel #ThreatResearch #CTI
CfP rules and submissions here: pretalx.com/pivotcon26/cfp
#ThreatIntel #ThreatResearch #CTI
WithSecure researchers analyse TangleCrypt. The packer was found on two executables used in a recent ransomware attack; their payloads were both identified as an EDR killer known as STONESTOP that leverages the malicious ABYSSWORKER driver. labs.withsecure.com/publications...
November 28, 2025 at 9:35 AM
WithSecure researchers analyse TangleCrypt. The packer was found on two executables used in a recent ransomware attack; their payloads were both identified as an EDR killer known as STONESTOP that leverages the malicious ABYSSWORKER driver. labs.withsecure.com/publications...
Cleafy Threat Intelligence team has identified & analysed Albiriox, a newly emerging Android malware family promoted as a malware-as-a-service within underground cybercrime forums. Evidence suggests the operation is managed by Russian-speaking threat actors. www.cleafy.com/cleafy-labs/...
November 28, 2025 at 9:32 AM
Cleafy Threat Intelligence team has identified & analysed Albiriox, a newly emerging Android malware family promoted as a malware-as-a-service within underground cybercrime forums. Evidence suggests the operation is managed by Russian-speaking threat actors. www.cleafy.com/cleafy-labs/...
ReversingLabs researchers have discovered vulnerable code in legacy Python packages that could make possible an attack on the Python Package Index (PyPI) via a domain compromise. www.reversinglabs.com/blog/bootstr...
November 27, 2025 at 12:17 PM
ReversingLabs researchers have discovered vulnerable code in legacy Python packages that could make possible an attack on the Python Package Index (PyPI) via a domain compromise. www.reversinglabs.com/blog/bootstr...
Reposted by Virus Bulletin
📢 Announcing hacklore.org 📢
It’s time to retire outdated cyber advice! More than 80 cybersecurity veterans have signed an open letter urging a shift from folklore to guidance that actually helps people avoid the most common attacks. 🔐
Blog: medium.com/@boblord/let...
Site: www.hacklore.org
It’s time to retire outdated cyber advice! More than 80 cybersecurity veterans have signed an open letter urging a shift from folklore to guidance that actually helps people avoid the most common attacks. 🔐
Blog: medium.com/@boblord/let...
Site: www.hacklore.org
Stop Hacklore!
hacklore.org
November 24, 2025 at 3:05 PM
📢 Announcing hacklore.org 📢
It’s time to retire outdated cyber advice! More than 80 cybersecurity veterans have signed an open letter urging a shift from folklore to guidance that actually helps people avoid the most common attacks. 🔐
Blog: medium.com/@boblord/let...
Site: www.hacklore.org
It’s time to retire outdated cyber advice! More than 80 cybersecurity veterans have signed an open letter urging a shift from folklore to guidance that actually helps people avoid the most common attacks. 🔐
Blog: medium.com/@boblord/let...
Site: www.hacklore.org
FortiGuard Labs observed malware named “ShadowV2” spreading via IoT vulnerabilities at the end of October during a global disruption of AWS connections. This activity was likely a test run conducted in preparation for future attacks. www.fortinet.com/blog/threat-...
November 27, 2025 at 12:12 PM
FortiGuard Labs observed malware named “ShadowV2” spreading via IoT vulnerabilities at the end of October during a global disruption of AWS connections. This activity was likely a test run conducted in preparation for future attacks. www.fortinet.com/blog/threat-...
Bitdefender Labs has identified malware campaigns exploiting the popularity of EA's Battlefield 6 first-person shooter, distributed via supposedly pirated versions, game installers and fake game trainers across torrent websites & other easily found domains. www.bitdefender.com/en-us/blog/l...
November 26, 2025 at 10:17 AM
Bitdefender Labs has identified malware campaigns exploiting the popularity of EA's Battlefield 6 first-person shooter, distributed via supposedly pirated versions, game installers and fake game trainers across torrent websites & other easily found domains. www.bitdefender.com/en-us/blog/l...
Jamf Threat Labs warn that fake job assessments that ask you to run terminal commands could be a social engineering scheme to deploy the FlexibleFerret malware (a malware family attributed to DPRK-aligned operators) and steal your credentials. www.jamf.com/blog/flexibl...
November 26, 2025 at 10:05 AM
Jamf Threat Labs warn that fake job assessments that ask you to run terminal commands could be a social engineering scheme to deploy the FlexibleFerret malware (a malware family attributed to DPRK-aligned operators) and steal your credentials. www.jamf.com/blog/flexibl...
Zscaler researchers analyse a recent multi-stage attack that started from exploitation of a Windows MMC vulnerability and is attributed to the Water Gamayun APT group. www.zscaler.com/blogs/securi...
November 26, 2025 at 9:56 AM
Zscaler researchers analyse a recent multi-stage attack that started from exploitation of a Windows MMC vulnerability and is attributed to the Water Gamayun APT group. www.zscaler.com/blogs/securi...
Reposted by Virus Bulletin
Some recent security conference videos:
Troopers - www.youtube.com/playlist?lis...
Hexacon - www.youtube.com/playlist?lis...
Bsides Canberra - www.youtube.com/playlist?lis...
NYMJCSC - www.youtube.com/playlist?lis...
VirusBulletin - www.youtube.com/playlist?lis...
Troopers - www.youtube.com/playlist?lis...
Hexacon - www.youtube.com/playlist?lis...
Bsides Canberra - www.youtube.com/playlist?lis...
NYMJCSC - www.youtube.com/playlist?lis...
VirusBulletin - www.youtube.com/playlist?lis...
TROOPERS25 - YouTube
www.youtube.com
November 25, 2025 at 1:25 PM
Some recent security conference videos:
Troopers - www.youtube.com/playlist?lis...
Hexacon - www.youtube.com/playlist?lis...
Bsides Canberra - www.youtube.com/playlist?lis...
NYMJCSC - www.youtube.com/playlist?lis...
VirusBulletin - www.youtube.com/playlist?lis...
Troopers - www.youtube.com/playlist?lis...
Hexacon - www.youtube.com/playlist?lis...
Bsides Canberra - www.youtube.com/playlist?lis...
NYMJCSC - www.youtube.com/playlist?lis...
VirusBulletin - www.youtube.com/playlist?lis...
Reposted by Virus Bulletin
my VB2025 talk, "Rogue hirer, rogue hiree: workplace cyber threats to individuals and businesses", is now online. paper here: www.virusbulletin.com/uploads/pdf/...
Rogue hirer, rogue hiree: workplace cyber threats to individuals and businesses — Chris Boyd
YouTube video by Virus Bulletin
www.youtube.com
November 24, 2025 at 12:28 PM
my VB2025 talk, "Rogue hirer, rogue hiree: workplace cyber threats to individuals and businesses", is now online. paper here: www.virusbulletin.com/uploads/pdf/...
Reposted by Virus Bulletin
Check out our @cyberalliance.bsky.social @virusbtn.bsky.social TIPS Summit recordings!
TIPS is a mini-summit within the VB Conference that unites analysts, researchers, operators, and developers to address the key challenges and successes in threat intelligence.
www.youtube.com/playlist?lis...
TIPS is a mini-summit within the VB Conference that unites analysts, researchers, operators, and developers to address the key challenges and successes in threat intelligence.
www.youtube.com/playlist?lis...
VB2025 Threat Intelligence Practitioners' Summit - YouTube
VB2025 Threat Intelligence Practitioners' Summit, co-hosted with the Cyber Threat Alliance.
www.youtube.com
November 24, 2025 at 3:39 PM
Check out our @cyberalliance.bsky.social @virusbtn.bsky.social TIPS Summit recordings!
TIPS is a mini-summit within the VB Conference that unites analysts, researchers, operators, and developers to address the key challenges and successes in threat intelligence.
www.youtube.com/playlist?lis...
TIPS is a mini-summit within the VB Conference that unites analysts, researchers, operators, and developers to address the key challenges and successes in threat intelligence.
www.youtube.com/playlist?lis...
Reposted by Virus Bulletin
#ESETresearch discovered unique toolset, QuietEnvelope, targeting the MailGates email protection system of Taiwanesw co OpenFind. The toolset was uploaded in an archive, named spam_log.7z, to VirusTotal from Taiwan. It contains Perl scripts, 3 stealthy backdoors, argument runner, and misc files. 1/8
November 24, 2025 at 5:57 PM
#ESETresearch discovered unique toolset, QuietEnvelope, targeting the MailGates email protection system of Taiwanesw co OpenFind. The toolset was uploaded in an archive, named spam_log.7z, to VirusTotal from Taiwan. It contains Perl scripts, 3 stealthy backdoors, argument runner, and misc files. 1/8
Wiz researchers detected malicious npm packages linked to the recent Shai-Hulud-style campaign in which popular projects from Zapier, ENS Domains, PostHog, and Postman were trojanized. www.wiz.io/blog/shai-hu...
November 25, 2025 at 1:45 PM
Wiz researchers detected malicious npm packages linked to the recent Shai-Hulud-style campaign in which popular projects from Zapier, ENS Domains, PostHog, and Postman were trojanized. www.wiz.io/blog/shai-hu...
Morphisec's Shmuel Uzan looks into a StealC V2 campaign targeting Blender users via malicious .blend 3D model files implanted on platforms like CGTrader. www.morphisec.com/blog/morphis...
November 25, 2025 at 1:43 PM
Morphisec's Shmuel Uzan looks into a StealC V2 campaign targeting Blender users via malicious .blend 3D model files implanted on platforms like CGTrader. www.morphisec.com/blog/morphis...
Huntress researchers Anna Pham (@RussianPanda9xx) & Ben Folland detail a multi-stage malware execution chain, originating from a ClickFix lure, that leads to the delivery of infostealing malware, including LummaC2 & Rhadamanthys. www.huntress.com/blog/clickfi...
November 25, 2025 at 1:38 PM
Huntress researchers Anna Pham (@RussianPanda9xx) & Ben Folland detail a multi-stage malware execution chain, originating from a ClickFix lure, that leads to the delivery of infostealing malware, including LummaC2 & Rhadamanthys. www.huntress.com/blog/clickfi...
The ENKI WhiteHat team looks at the evolution of KimJongRAT, a modular malware family attributed to Kimsuky that exfiltrates sensitive victim data, including system configuration and browser artifacts. www.enki.co.kr/en/media-cen...
November 24, 2025 at 9:15 AM
The ENKI WhiteHat team looks at the evolution of KimJongRAT, a modular malware family attributed to Kimsuky that exfiltrates sensitive victim data, including system configuration and browser artifacts. www.enki.co.kr/en/media-cen...
Sophos researcher Colin Cowie describes a persistent, multi-stage malware distribution campaign targeting WhatsApp users in Brazil. STAC3150 delivers archive attachments containing a downloader script that retrieves multiple second-stage payloads, including Astaroth. news.sophos.com/en-us/2025/1...
November 24, 2025 at 9:13 AM
Sophos researcher Colin Cowie describes a persistent, multi-stage malware distribution campaign targeting WhatsApp users in Brazil. STAC3150 delivers archive attachments containing a downloader script that retrieves multiple second-stage payloads, including Astaroth. news.sophos.com/en-us/2025/1...
Domaintools researchers present a report on APT35 (also referenced as “Charming Kitten”) based on leaked internal documents. The report reveals a regimented, quota-driven cyber operations unit operating inside a bureaucratic military chain of command. dti.domaintools.com/threat-intel...
November 24, 2025 at 9:10 AM
Domaintools researchers present a report on APT35 (also referenced as “Charming Kitten”) based on leaked internal documents. The report reveals a regimented, quota-driven cyber operations unit operating inside a bureaucratic military chain of command. dti.domaintools.com/threat-intel...
K7 Labs analyse a campaign ongoing in Brazil, spreading malware via WhatsApp web from the victim’s machine to their contacts by using the open-source WhatsApp automation script from GitHub whilst also loading a banking trojan into memory. labs.k7computing.com/index.php/br...
November 24, 2025 at 9:06 AM
K7 Labs analyse a campaign ongoing in Brazil, spreading malware via WhatsApp web from the victim’s machine to their contacts by using the open-source WhatsApp automation script from GitHub whilst also loading a banking trojan into memory. labs.k7computing.com/index.php/br...
K7's Praveen Babu analyses a Python-based malware sample that uses multi-stage obfuscation. labs.k7computing.com/index.php/ma...
November 21, 2025 at 9:53 AM
K7's Praveen Babu analyses a Python-based malware sample that uses multi-stage obfuscation. labs.k7computing.com/index.php/ma...
The Acronis TRU team look into a TamperedChef malvertising/SEO campaign delivering installers disguised as common applications to trick users into installing them, which establish persistence & deliver obfuscated JavaScript payloads for remote access & control. www.acronis.com/en/tru/posts...
November 21, 2025 at 9:52 AM
The Acronis TRU team look into a TamperedChef malvertising/SEO campaign delivering installers disguised as common applications to trick users into installing them, which establish persistence & deliver obfuscated JavaScript payloads for remote access & control. www.acronis.com/en/tru/posts...
Orange researchers investigated an intrusion targeting an Asian subsidiary of a large European manufacturing organization. The infection chain was initiated by a targeted WhatsApp Web message containing a job-related lure, sent to a project engineer. www.orangecyberdefense.com/global/blog/...
November 21, 2025 at 9:48 AM
Orange researchers investigated an intrusion targeting an Asian subsidiary of a large European manufacturing organization. The infection chain was initiated by a targeted WhatsApp Web message containing a job-related lure, sent to a project engineer. www.orangecyberdefense.com/global/blog/...