www.indigoint.io
#NationalSecurity #CyberCommand #OperationalIntel #Leadership #SecurityOperations

🎥 I’ll also have companion videos dropping on TikTok and YouTube coming soon.
#threatintelligence #cybersecurity #purpleteam

🔹 Deven Chhajed on SoupDealer, a stealthy Java-based loader built to outmaneuver EDR.

Their work shows how much impactful research happens outside vendor reports — and why we need to pay attention.

📖 Read the full digest and past issues on my Substack & Medium via linktr.ee/itsmalware.

📖 You can find my Substack and Medium write-ups here: linktr.ee/itsmalware

🎥 By the end of the week, I’ll also be publishing companion videos on TikTok and YouTube.

#threatintelligence #dprk #threathunting

From Belarus-linked Ghostwriter activity against Ukraine and Poland, to Scaly Wolf’s modular backdoors, and a DPRK operation using GitHub as covert C2, the reporting shows how state-backed actors keep innovating just enough to stay ahead while leaning on repeatable tradecraft.

You can find the new releases on the Notion Marketplace, and check my Linktree for past write-ups, previous templates, and other resources.
linktr.ee/itsmalware

We're also getting close to releasing the entire Threat-Intelligence Program Template, which will tie all of these tools together into a complete, end-to-end workflow.

We’re aiming to drop more templates next week, for analysts without a big team or enterprise tooling.
Prefer reading? Watching? Skimming?
You can now get the digest on Medium, Substack, or YouTube!
linktr.ee/itsmalware
If this helped, share it. A lot of us are out here flying solo.

To hiring managers: There’s no excuse for paying someone with a TS/SCI and niche tradecraft under $100K in the DC area. Period. When I’m able to build a team, I won’t cut wages to “match the market.”

To cybersecurity media: if you’re referencing analyst-driven work, attribution should be obvious and upfront. If your readers have to dig, reverse-search, or guess the source, you’re skirting dangerously close to plagiarism. Respect the work. Credit the original.

it’s happening in the wild, and adversaries are adapting faster than our controls.
📬 Full digest (TTPs, mitigations, and context): linktr.ee/itsmalware
#ThreatIntel #CVE202553770 #SharePoint #LinuxMalware #LLM #PromptInjection #BlueTeam #PurpleTeam #GovCyber #IndigoINT #CTI #AIThreats

Weaponized LLM summarizers (like Gemini) are being hijacked to trick users into calling fake Google support. These are live, exploitable behaviors, not hypothetical.
🧠 We believe it’s time the community formally recognize a new threat category: LLM-Enabled Attacks.
This is no longer fringe research

A stealth Linux payload hidden in a polyglot image. Memory-only execution, rootkit persistence, dynamic proxy discovery—modular enough to look LLM-authored.
🔹 Prompt Injection in the Real World

Attackers are stealing machine keys, forging tokens, and maintaining long-term, unauthenticated access. This one’s already hitting gov networks. If your blue and purple teams haven’t been alerted, stop scrolling.
🔹 Koske Malware – AI-Assisted Cryptominer

❗ But protections must include key rotation, AMSI, Defender AV, and hardened monitoring.

We’re covering the full threat chain and mitigation breakdown in next week’s drop. Stay sharp.

#ThreatIntel #CyberSecurity #SharePoint #CVE202553770 #ZeroDay #PurpleTeam #BlueTeam #GovCyber #IndigoINT

Attackers are using it to steal machine keys and gain persistent, unauthenticated access—even after reboots and web shell cleanup. We’ve already seen this abused across federal and global orgs.
✅ Emergency patches are out.

❤️🔥 In the dark, we are all the same.❤️🔥

— Yasmine | IndigoINT

#ThreatIntelligence #CyberSecurity #CTI #BlueTeam #Infosec #NotionForAnalysts #NeurodivergentFriendly #MalwareAnalysis #CyberThreatIntel #IntelOps #MalwareTikTok #NotionTemplates