marktsec
@marktsec.bsky.social
💫Threat Intel💫 Automation💫 Threat Analysis 💫OSINT💫 Testing 💫Network Security💫
https://github.com/marktsec
https://github.com/marktsec
Palo Alto Scanning Surges ~500% in 48 Hours, Marking 90-Day High
www.greynoise.io/blog/palo-al...
www.greynoise.io/blog/palo-al...
Palo Alto Scanning Surges ~500% in 48 Hours, Marking 90-Day High
On October 3, 2025, GreyNoise observed a ~500% increase in IPs scanning Palo Alto Networks login portals, the highest level recorded in the past 90 days. The activity was highly targeted and involved ...
www.greynoise.io
November 22, 2025 at 3:31 PM
Palo Alto Scanning Surges ~500% in 48 Hours, Marking 90-Day High
www.greynoise.io/blog/palo-al...
www.greynoise.io/blog/palo-al...
🚨 Stealc v2.8.0 update observed:
• Updated Edge module to extract the new v20 key
• Expanded crypto-wallet targeting (incl. LTC/Dash Core, Trezor Suite, MEW Desktop, AtomicDEX & more)
• Improved C2 marker parsing + performance fixes
#ThreatIntel #InfoSec
• Updated Edge module to extract the new v20 key
• Expanded crypto-wallet targeting (incl. LTC/Dash Core, Trezor Suite, MEW Desktop, AtomicDEX & more)
• Improved C2 marker parsing + performance fixes
#ThreatIntel #InfoSec
November 21, 2025 at 7:50 PM
🚨 Stealc v2.8.0 update observed:
• Updated Edge module to extract the new v20 key
• Expanded crypto-wallet targeting (incl. LTC/Dash Core, Trezor Suite, MEW Desktop, AtomicDEX & more)
• Improved C2 marker parsing + performance fixes
#ThreatIntel #InfoSec
• Updated Edge module to extract the new v20 key
• Expanded crypto-wallet targeting (incl. LTC/Dash Core, Trezor Suite, MEW Desktop, AtomicDEX & more)
• Improved C2 marker parsing + performance fixes
#ThreatIntel #InfoSec
LSASS Dump – Windows Error Reporting
ipurple.team/2025/11/18/l...
ipurple.team/2025/11/18/l...
LSASS Dump – Windows Error Reporting
The Windows Error Reporting is a feature that is responsible for the collection of information about system and application crashes and reporting this information to Microsoft. Windows are shipped …
ipurple.team
November 21, 2025 at 8:58 AM
LSASS Dump – Windows Error Reporting
ipurple.team/2025/11/18/l...
ipurple.team/2025/11/18/l...
XFiles Spyware Update
November 20, 2025 at 5:43 AM
XFiles Spyware Update
License to Encrypt: “The Gentlemen” Make Their Move
www.cybereason.com/blog/the-gen...
www.cybereason.com/blog/the-gen...
License to Encrypt: “The Gentlemen” Make Their Move
In this Threat Analysis Report, Cybereason explores the new ransomware group, "The Gentlemen", and their latest TTPs.
www.cybereason.com
November 18, 2025 at 3:09 PM
License to Encrypt: “The Gentlemen” Make Their Move
www.cybereason.com/blog/the-gen...
www.cybereason.com/blog/the-gen...
Russian alleged cyber-hacker faces extradition to US after arrest in Thailand.
Denis Obrezko is allegedly part of the notorious group Void Blizzard
edition.cnn.com/2025/11/15/a...
Denis Obrezko is allegedly part of the notorious group Void Blizzard
edition.cnn.com/2025/11/15/a...
Russian alleged cyber-hacker faces extradition to US after arrest in Thailand | CNN
A Russian man wanted for extradition by the United States over cyber-crime allegations has been arrested on the Thai holiday island of Phuket, local police said Friday.
edition.cnn.com
November 18, 2025 at 5:47 AM
Russian alleged cyber-hacker faces extradition to US after arrest in Thailand.
Denis Obrezko is allegedly part of the notorious group Void Blizzard
edition.cnn.com/2025/11/15/a...
Denis Obrezko is allegedly part of the notorious group Void Blizzard
edition.cnn.com/2025/11/15/a...
Contagious Interview Actors Now Utilize JSON Storage Services for Malware Delivery
blog.nviso.eu/2025/11/13/c...
blog.nviso.eu/2025/11/13/c...
Contagious Interview Actors Now Utilize JSON Storage Services for Malware Delivery
NVISO reports a new development in the Contagious Interview campaign. The threat actors have recently resorted to utilizing JSON storage services like JSON Keeper, JSONsilo, and npoint.io to host a…
blog.nviso.eu
November 16, 2025 at 5:26 PM
Contagious Interview Actors Now Utilize JSON Storage Services for Malware Delivery
blog.nviso.eu/2025/11/13/c...
blog.nviso.eu/2025/11/13/c...
Unauthenticated Authentication Bypass in Fortinet FortiWeb (CVE-2025-64446)
November 16, 2025 at 12:09 PM
Unauthenticated Authentication Bypass in Fortinet FortiWeb (CVE-2025-64446)
Detection Artifact Generator for FortiWeb Authentication Bypass
github.com/watchtowrlab...
github.com/watchtowrlab...
GitHub - watchtowrlabs/watchTowr-vs-Fortiweb-AuthBypass
Contribute to watchtowrlabs/watchTowr-vs-Fortiweb-AuthBypass development by creating an account on GitHub.
github.com
November 14, 2025 at 6:59 AM
Detection Artifact Generator for FortiWeb Authentication Bypass
github.com/watchtowrlab...
github.com/watchtowrlab...
Operation Endgame - The actions targeted one of the biggest infostealer Rhadamanthys, the Remote Access Trojan VenomRAT, and the botnet Elysium.
November 13, 2025 at 12:47 PM
Operation Endgame - The actions targeted one of the biggest infostealer Rhadamanthys, the Remote Access Trojan VenomRAT, and the botnet Elysium.
Rhadamanthys infostealer disrupted as cybercriminals lose server access
www.bleepingcomputer.com/news/securit...
www.bleepingcomputer.com/news/securit...
Rhadamanthys infostealer disrupted as cybercriminals lose server access
The Rhadamanthys infostealer operation has been disrupted, with numerous "customers" of the malware-as-a-service reporting that they no longer have access to their servers.
www.bleepingcomputer.com
November 12, 2025 at 3:41 PM
Rhadamanthys infostealer disrupted as cybercriminals lose server access
www.bleepingcomputer.com/news/securit...
www.bleepingcomputer.com/news/securit...
Phishing kit targeting MS login pages
intelinsights.substack.com/p/intel-drop...
intelinsights.substack.com/p/intel-drop...
Intel Drops #4
Phishing kit targeting MS login pages
intelinsights.substack.com
November 10, 2025 at 2:02 PM
Phishing kit targeting MS login pages
intelinsights.substack.com/p/intel-drop...
intelinsights.substack.com/p/intel-drop...
November 9, 2025 at 11:55 AM
Phishing Campaigns “I Paid Twice” Targeting Booking.com Hotels and Customers
blog.sekoia.io/phishing-cam...
blog.sekoia.io/phishing-cam...
Booking.com
November 8, 2025 at 7:42 PM
Phishing Campaigns “I Paid Twice” Targeting Booking.com Hotels and Customers
blog.sekoia.io/phishing-cam...
blog.sekoia.io/phishing-cam...
Meta is earning a fortune on a deluge of fraudulent ads, documents show
www.reuters.com/investigatio...
www.reuters.com/investigatio...
Meta is earning a fortune on a deluge of fraudulent ads, documents show
Meta projected 10% of its 2024 revenue would come from ads for scams and banned goods, and it internally estimates that its platforms show users 15 billion scam ads a day, company documents show.
www.reuters.com
November 7, 2025 at 7:27 AM
Meta is earning a fortune on a deluge of fraudulent ads, documents show
www.reuters.com/investigatio...
www.reuters.com/investigatio...
Matanbuchus loader now ships as shellcode (BIN), supports in-memory .NET execution and payloads from ZIPs; sideload techniques refreshed. Operators added 2FA+CAPTCHA to the C2 and claim an unprecedented “white inject” #InfoSec #threatintel
November 6, 2025 at 5:51 PM
Matanbuchus loader now ships as shellcode (BIN), supports in-memory .NET execution and payloads from ZIPs; sideload techniques refreshed. Operators added 2FA+CAPTCHA to the C2 and claim an unprecedented “white inject” #InfoSec #threatintel
CLOP RANSOMWARE: DISSECTING NETWORK
theravenfile.com/2025/11/04/c...
theravenfile.com/2025/11/04/c...
CLOP RANSOMWARE: DISSECTING NETWORK
NOTE: This Research Investigates purely focuses on the Networks used by the Clop Ransomware Group during their infiltration at different victims. INTRODUCTION GETTING FOOTHOLD: CVE-2025–61882…
theravenfile.com
November 5, 2025 at 7:45 PM
CLOP RANSOMWARE: DISSECTING NETWORK
theravenfile.com/2025/11/04/c...
theravenfile.com/2025/11/04/c...
Alleged Jabber Zeus Coder ‘MrICQ’ in U.S. Custody
krebsonsecurity.com/2025/11/alle...
krebsonsecurity.com/2025/11/alle...
Alleged Jabber Zeus Coder ‘MrICQ’ in U.S. Custody
A Ukrainian man indicted in 2012 for conspiring with a prolific hacking group to steal tens of millions of dollars from U.S. businesses was arrested in Italy and is now in custody in the United States...
krebsonsecurity.com
November 3, 2025 at 3:11 PM
Alleged Jabber Zeus Coder ‘MrICQ’ in U.S. Custody
krebsonsecurity.com/2025/11/alle...
krebsonsecurity.com/2025/11/alle...
Kubernetes Penetration Testing: Methodology & Guide
deepstrike.io/blog/kuberne...
deepstrike.io/blog/kuberne...
Kubernetes Penetration Testing: Methodology & Guide
Kubernetes Penetration Testing guide: reconnaissance, API/etcd/kubelet checks, RBAC & secrets testing, tools, exploit chains, and remediation for pentesters.
deepstrike.io
November 2, 2025 at 4:45 AM
Kubernetes Penetration Testing: Methodology & Guide
deepstrike.io/blog/kuberne...
deepstrike.io/blog/kuberne...
🚨 New KATREUS Miner (Silent XMR Miner)
Advertised on underground forums with:
• Anti-kill, watchdog, persistence & injection modules
• AV evasion claims (C + ASM)
• Targets Windows 8.1 → Server 2025
• Seller offering only 5 “licenses”
#ThreatIntel #Cryptomining #InfoSec
Advertised on underground forums with:
• Anti-kill, watchdog, persistence & injection modules
• AV evasion claims (C + ASM)
• Targets Windows 8.1 → Server 2025
• Seller offering only 5 “licenses”
#ThreatIntel #Cryptomining #InfoSec
November 1, 2025 at 6:03 PM
🚨 New KATREUS Miner (Silent XMR Miner)
Advertised on underground forums with:
• Anti-kill, watchdog, persistence & injection modules
• AV evasion claims (C + ASM)
• Targets Windows 8.1 → Server 2025
• Seller offering only 5 “licenses”
#ThreatIntel #Cryptomining #InfoSec
Advertised on underground forums with:
• Anti-kill, watchdog, persistence & injection modules
• AV evasion claims (C + ASM)
• Targets Windows 8.1 → Server 2025
• Seller offering only 5 “licenses”
#ThreatIntel #Cryptomining #InfoSec
Nova ransomware is seeking for
1. Girls phone voice callers to call CEOs/AI voice-spoofers.
2. Social-media “black ad” operators.
3. Offering a paid “Premium” panel with auto-activation via invoice.
#Nova #Ransomware #ThreatIntel #InfoSec
1. Girls phone voice callers to call CEOs/AI voice-spoofers.
2. Social-media “black ad” operators.
3. Offering a paid “Premium” panel with auto-activation via invoice.
#Nova #Ransomware #ThreatIntel #InfoSec
November 1, 2025 at 5:54 PM
Nova ransomware is seeking for
1. Girls phone voice callers to call CEOs/AI voice-spoofers.
2. Social-media “black ad” operators.
3. Offering a paid “Premium” panel with auto-activation via invoice.
#Nova #Ransomware #ThreatIntel #InfoSec
1. Girls phone voice callers to call CEOs/AI voice-spoofers.
2. Social-media “black ad” operators.
3. Offering a paid “Premium” panel with auto-activation via invoice.
#Nova #Ransomware #ThreatIntel #InfoSec
Proofpoint releases innovative detections for threat hunting: PDF Object Hashing
www.proofpoint.com/us/blog/thre...
www.proofpoint.com/us/blog/thre...
Proofpoint releases innovative detections for threat hunting: PDF Object Hashing | Proofpoint US
Key findings Proofpoint created a new open-source tool for creating threat detection rules based on unique characteristics in PDFs called “PDF Object Hashing”. This technique can
www.proofpoint.com
October 31, 2025 at 12:48 PM
Proofpoint releases innovative detections for threat hunting: PDF Object Hashing
www.proofpoint.com/us/blog/thre...
www.proofpoint.com/us/blog/thre...
Aisuru Botnet Shifts from DDoS to Residential Proxies
krebsonsecurity.com/2025/10/aisu...
krebsonsecurity.com/2025/10/aisu...
Aisuru Botnet Shifts from DDoS to Residential Proxies
Aisuru, the botnet responsible for a series of record-smashing distributed denial-of-service (DDoS) attacks this year, recently was overhauled to support a more low-key, lucrative and sustainable busi...
krebsonsecurity.com
October 30, 2025 at 3:26 PM
Aisuru Botnet Shifts from DDoS to Residential Proxies
krebsonsecurity.com/2025/10/aisu...
krebsonsecurity.com/2025/10/aisu...
Reposted by marktsec
Ravin Academy, the private school that recruits and trains hackers for Iran's MOIS intelligence service , has been hacked and its data leaked
www.iranintl.com/202510230171
blog.narimangharib.com/posts/2025%2...
Public searchable database: ravin-academy.com
www.iranintl.com/202510230171
blog.narimangharib.com/posts/2025%2...
Public searchable database: ravin-academy.com
October 26, 2025 at 7:58 PM
Ravin Academy, the private school that recruits and trains hackers for Iran's MOIS intelligence service , has been hacked and its data leaked
www.iranintl.com/202510230171
blog.narimangharib.com/posts/2025%2...
Public searchable database: ravin-academy.com
www.iranintl.com/202510230171
blog.narimangharib.com/posts/2025%2...
Public searchable database: ravin-academy.com
BreachForums Reinstated
October 28, 2025 at 8:07 AM
BreachForums Reinstated