Tom
@nyx-o.bsky.social
Malware Researcher - Security enthusiast - curiosity is not a crime. Locking up knowledge and culture however is.
Reposted by Tom
HyperDbg v0.17 is out! ✨🥂
This update brings major improvements to the script engine, including multidimensional arrays, compound & multiple assignments, plus key interpretation bug fixes.
Check it out:
github.com/HyperDbg/Hyp...
This update brings major improvements to the script engine, including multidimensional arrays, compound & multiple assignments, plus key interpretation bug fixes.
Check it out:
github.com/HyperDbg/Hyp...
Release v0.17 · HyperDbg/HyperDbg
HyperDbg v0.17 is released!
If you’re enjoying HyperDbg, don’t forget to give a star 🌟 on GitHub!
Please visit Build & Install to configure the environment for running HyperDbg. Check out the Quick...
github.com
November 10, 2025 at 2:07 PM
HyperDbg v0.17 is out! ✨🥂
This update brings major improvements to the script engine, including multidimensional arrays, compound & multiple assignments, plus key interpretation bug fixes.
Check it out:
github.com/HyperDbg/Hyp...
This update brings major improvements to the script engine, including multidimensional arrays, compound & multiple assignments, plus key interpretation bug fixes.
Check it out:
github.com/HyperDbg/Hyp...
Reposted by Tom
New: Apple banned an app that simply archived videos of ICE abuses. Rather than other apps that record ICE official's real-time location, Eyes Up is to "preserve evidence until it can be used in court." Videos from TikTok etc. Every submission manually reviewed
www.404media.co/apple-banned...
www.404media.co/apple-banned...
Apple Banned an App That Simply Archived Videos of ICE Abuses
Eyes Up's purpose is to "preserve evidence until it can be used in court." But it has been swept up in Apple's crackdown on ICE-spotting apps.
www.404media.co
October 8, 2025 at 7:13 PM
New: Apple banned an app that simply archived videos of ICE abuses. Rather than other apps that record ICE official's real-time location, Eyes Up is to "preserve evidence until it can be used in court." Videos from TikTok etc. Every submission manually reviewed
www.404media.co/apple-banned...
www.404media.co/apple-banned...
Reposted by Tom
Discussing math with ChatGPT on long car drives is fun, but man, even GPT-5 is still confidently wrong on relatively simple geometric questions.
It's also very very bad at contradicting anything the user says.
It's still a great rubber duck, but at least these models under common compute ...
It's also very very bad at contradicting anything the user says.
It's still a great rubber duck, but at least these models under common compute ...
August 8, 2025 at 1:42 PM
Discussing math with ChatGPT on long car drives is fun, but man, even GPT-5 is still confidently wrong on relatively simple geometric questions.
It's also very very bad at contradicting anything the user says.
It's still a great rubber duck, but at least these models under common compute ...
It's also very very bad at contradicting anything the user says.
It's still a great rubber duck, but at least these models under common compute ...
Reposted by Tom
#ESETresearch has discovered a zero-day vulnerability in WinRAR, exploited in the wild by Russia-aligned #RomCom @dmnsch @cherepanov74 www.welivesecurity.com/en/eset-rese...
1/7
1/7
August 11, 2025 at 9:09 AM
#ESETresearch has discovered a zero-day vulnerability in WinRAR, exploited in the wild by Russia-aligned #RomCom @dmnsch @cherepanov74 www.welivesecurity.com/en/eset-rese...
1/7
1/7
Reposted by Tom
#BREAKING #ESETResearch has been monitoring the recently discovered #ToolShell zero-day vulnerabilities in #SharePoint Server: CVE-2025-53770 and CVE-2025-53771. SharePoint Online in Microsoft 365 is not impacted. www.welivesecurity.com/en/eset-rese... 1/5
https://welivesecurity.com/en/eset-resear…
July 24, 2025 at 9:11 AM
#BREAKING #ESETResearch has been monitoring the recently discovered #ToolShell zero-day vulnerabilities in #SharePoint Server: CVE-2025-53770 and CVE-2025-53771. SharePoint Online in Microsoft 365 is not impacted. www.welivesecurity.com/en/eset-rese... 1/5
Reposted by Tom
At CYBERWARCON 2024, Matthieu Faou exposed Operation Texonto, a Russia-aligned information operation.
Watch his full talk here >> www.youtube.com/watch?v=X5lL...
Read the research here >> www.welivesecurity.com/en/eset-rese...
#CYBERWARCON #ThreatIntel #InformationOperations #Disinformation
Watch his full talk here >> www.youtube.com/watch?v=X5lL...
Read the research here >> www.welivesecurity.com/en/eset-rese...
#CYBERWARCON #ThreatIntel #InformationOperations #Disinformation
July 9, 2025 at 4:53 PM
At CYBERWARCON 2024, Matthieu Faou exposed Operation Texonto, a Russia-aligned information operation.
Watch his full talk here >> www.youtube.com/watch?v=X5lL...
Read the research here >> www.welivesecurity.com/en/eset-rese...
#CYBERWARCON #ThreatIntel #InformationOperations #Disinformation
Watch his full talk here >> www.youtube.com/watch?v=X5lL...
Read the research here >> www.welivesecurity.com/en/eset-rese...
#CYBERWARCON #ThreatIntel #InformationOperations #Disinformation
Reposted by Tom
#ESETresearch has conducted a comprehensive technical analysis of new malicious tools and significant updates observed in 2024 in the arsenal of the Russia-aligned #Gamaredon #APTgroup targeting Ukraine🇺🇦. www.welivesecurity.com/en/eset-rese... 1/9
Gamaredon in 2024: Cranking out spearphishing campaigns against Ukraine with an evolved toolset
ESET Research analyzes Gamaredon’s updated cyberespionage toolset, new stealth-focused techniques, and aggressive spearphishing operations observed throughout 2024.
www.welivesecurity.com
July 2, 2025 at 10:49 AM
#ESETresearch has conducted a comprehensive technical analysis of new malicious tools and significant updates observed in 2024 in the arsenal of the Russia-aligned #Gamaredon #APTgroup targeting Ukraine🇺🇦. www.welivesecurity.com/en/eset-rese... 1/9
Reposted by Tom
I imagined the Chatsubo in 1984. 41 years later I opened its door. Neuromancer is in production.
July 1, 2025 at 7:14 PM
I imagined the Chatsubo in 1984. 41 years later I opened its door. Neuromancer is in production.
Reposted by Tom
ESET’s Matthieu Faou exposed “Operation Texonto”, a pro-Russian disinformation operation aimed at Ukrainian speakers. He shared the full breakdown at #CYBERWARCON.
Watch his talk >> www.youtube.com/watch?v=X5lL...
Read the research >> www.welivesecurity.com/en/eset-rese...
#IO #Cybersecurity
Watch his talk >> www.youtube.com/watch?v=X5lL...
Read the research >> www.welivesecurity.com/en/eset-rese...
#IO #Cybersecurity
Operation Texonto: Information operation targeting Ukrainian speakers in the context of the war
ESET Research discovers Operation Texonto, a disinformation/psychological operations (PSYOPs) campaign that uses spam emails to demoralize Ukrainian citizens with disinformation messages about war-rel...
www.welivesecurity.com
June 25, 2025 at 5:40 PM
ESET’s Matthieu Faou exposed “Operation Texonto”, a pro-Russian disinformation operation aimed at Ukrainian speakers. He shared the full breakdown at #CYBERWARCON.
Watch his talk >> www.youtube.com/watch?v=X5lL...
Read the research >> www.welivesecurity.com/en/eset-rese...
#IO #Cybersecurity
Watch his talk >> www.youtube.com/watch?v=X5lL...
Read the research >> www.welivesecurity.com/en/eset-rese...
#IO #Cybersecurity
Reposted by Tom
The #FBI and #DCIS disrupted #Danabot. #ESET was one of several companies that cooperated in this effort. www.welivesecurity.com/en/eset-rese... 1/6
www.welivesecurity.com
May 22, 2025 at 8:06 PM
The #FBI and #DCIS disrupted #Danabot. #ESET was one of several companies that cooperated in this effort. www.welivesecurity.com/en/eset-rese... 1/6
Reposted by Tom
#ESETresearch, in collaboration with #Microsoft, BitSight, Lumen, Cloudflare, CleanDNS, and GMO Registry, has helped disrupt #LummaStealer – a notorious malware-as-a-service infostealer. @jakubtomanek.bsky.social www.welivesecurity.com/en/eset-rese... 1/5
ESET takes part in global operation to disrupt Lumma Stealer
Our intense monitoring of tens of thousands of malicious samples helped this global disruption operation
www.welivesecurity.com
May 21, 2025 at 4:16 PM
#ESETresearch, in collaboration with #Microsoft, BitSight, Lumen, Cloudflare, CleanDNS, and GMO Registry, has helped disrupt #LummaStealer – a notorious malware-as-a-service infostealer. @jakubtomanek.bsky.social www.welivesecurity.com/en/eset-rese... 1/5
Reposted by Tom
#ESETresearch publishes its investigation of Operation RoundPress, which uses XSS vulnerabilities to target high-value webmail servers. We attribute the operation to Sednit with medium confidence. www.welivesecurity.com/en/eset-rese... 1/5
Operation RoundPress targeting high-value webmail servers
ESET researchers uncover a Russia-aligned espionage operation that they named RoundPress and that targets webmail servers via XSS vulnerabilities.
www.welivesecurity.com
May 15, 2025 at 7:36 AM
#ESETresearch publishes its investigation of Operation RoundPress, which uses XSS vulnerabilities to target high-value webmail servers. We attribute the operation to Sednit with medium confidence. www.welivesecurity.com/en/eset-rese... 1/5
Reposted by Tom
NEW: Researchers are outing North Korean IT workers at a massive scale
Today cybersecurity firm DTEX is publishing the identities of two North Koreans who ran worker scams from Laos and publishing more than 1,000 email addresses linked to other IT worker schemes
www.wired.com/story/north-...
Today cybersecurity firm DTEX is publishing the identities of two North Koreans who ran worker scams from Laos and publishing more than 1,000 email addresses linked to other IT worker schemes
www.wired.com/story/north-...
North Korean IT Workers Are Being Exposed on a Massive Scale
Security researchers are publishing 1,000 email addresses they claim are linked to North Korean IT worker scams that infiltrated Western companies—along with photos of men allegedly involved in the sc...
www.wired.com
May 14, 2025 at 11:29 AM
NEW: Researchers are outing North Korean IT workers at a massive scale
Today cybersecurity firm DTEX is publishing the identities of two North Koreans who ran worker scams from Laos and publishing more than 1,000 email addresses linked to other IT worker schemes
www.wired.com/story/north-...
Today cybersecurity firm DTEX is publishing the identities of two North Koreans who ran worker scams from Laos and publishing more than 1,000 email addresses linked to other IT worker schemes
www.wired.com/story/north-...
Reposted by Tom
In a stunning defeat for the #spyware industry, an Oakland jury has directed Pegasus maker NSO Group to pay Meta's WhatsApp $167 million in punitive damages for routing its attacks through the company's servers. GIFT LINK wapo.st/4jLGYKz
Spyware maker NSO ordered to pay $167 million for hacking WhatsApp
Jury hits NSO with punitive damages after first public legal reckoning for Israel-based maker of spy software banned from use in U.S.
wapo.st
May 6, 2025 at 9:09 PM
In a stunning defeat for the #spyware industry, an Oakland jury has directed Pegasus maker NSO Group to pay Meta's WhatsApp $167 million in punitive damages for routing its attacks through the company's servers. GIFT LINK wapo.st/4jLGYKz
Reposted by Tom
🎯New Proofpoint research: Around the World in 90 Days: State-Sponsored Actors Try ClickFix 🎯
www.proofpoint.com/us/blog/thre...
In 2024 we released two blogs on cybercrime actors using ClickFix in their attack chains:
www.proofpoint.com/us/blog/thre...
www.proofpoint.com/us/blog/thre...
www.proofpoint.com/us/blog/thre...
In 2024 we released two blogs on cybercrime actors using ClickFix in their attack chains:
www.proofpoint.com/us/blog/thre...
www.proofpoint.com/us/blog/thre...
Around the World in 90 Days: State-Sponsored Actors Try ClickFix | Proofpoint US
Key Findings While primarily a technique affiliated with cybercriminal actors, Proofpoint researchers discovered state-sponsored actors in multiple campaigns using the ClickFix social
www.proofpoint.com
April 17, 2025 at 7:00 PM
🎯New Proofpoint research: Around the World in 90 Days: State-Sponsored Actors Try ClickFix 🎯
www.proofpoint.com/us/blog/thre...
In 2024 we released two blogs on cybercrime actors using ClickFix in their attack chains:
www.proofpoint.com/us/blog/thre...
www.proofpoint.com/us/blog/thre...
www.proofpoint.com/us/blog/thre...
In 2024 we released two blogs on cybercrime actors using ClickFix in their attack chains:
www.proofpoint.com/us/blog/thre...
www.proofpoint.com/us/blog/thre...
Reposted by Tom
#ESETresearch discovered previously unknown links between the #RansomHub, #Medusa, #BianLian, and #Play ransomware gangs, and leveraged #EDRKillShifter to learn more about RansomHub’s affiliates. @SCrow357 www.welivesecurity.com/en/eset-rese... 1/7
March 26, 2025 at 4:02 PM
#ESETresearch discovered previously unknown links between the #RansomHub, #Medusa, #BianLian, and #Play ransomware gangs, and leveraged #EDRKillShifter to learn more about RansomHub’s affiliates. @SCrow357 www.welivesecurity.com/en/eset-rese... 1/7
Reposted by Tom
In July 2024, #ESETresearch discovered that the China-aligned #FamousSparrow APT group, thought at the time to have been inactive since 2022, compromised the network of a US trade group and a Mexican research institute. www.welivesecurity.com/en/eset-rese... 1/5
You will always remember this as the day you finally caught FamousSparrow
ESET researchers uncover the toolset used by the FamousSparrow APT group, including two undocumented versions of the group’s signature backdoor, SparrowDoor.
www.welivesecurity.com
March 26, 2025 at 3:03 PM
In July 2024, #ESETresearch discovered that the China-aligned #FamousSparrow APT group, thought at the time to have been inactive since 2022, compromised the network of a US trade group and a Mexican research institute. www.welivesecurity.com/en/eset-rese... 1/5
Reposted by Tom
#ESETresearch has uncovered the #MirrorFace Operation AkaiRyū, which extends the group’s usual focus beyond Japan into Europe. The initial lure centered around Expo 2025 in Japan, compromising a Central European diplomatic institute. 1/8
www.welivesecurity.com/en/eset-rese...
www.welivesecurity.com/en/eset-rese...
Operation AkaiRyū: MirrorFace invites Europe to Expo 2025 and revives ANEL backdoor
ESET researchers uncovered MirrorFace activity that expanded beyond its usual focus on Japan and targeted a Central European diplomatic institute with the ANEL backdoor.
www.welivesecurity.com
March 18, 2025 at 10:03 AM
#ESETresearch has uncovered the #MirrorFace Operation AkaiRyū, which extends the group’s usual focus beyond Japan into Europe. The initial lure centered around Expo 2025 in Japan, compromising a Central European diplomatic institute. 1/8
www.welivesecurity.com/en/eset-rese...
www.welivesecurity.com/en/eset-rese...
Reposted by Tom
REST IN PEACE, MICHELLE TRACHTENBERG
February 26, 2025 at 10:46 PM
REST IN PEACE, MICHELLE TRACHTENBERG
Reposted by Tom
This is a list of all the Italian spyware makers that got their products caught in the wild over the last 10ish years:
- Hacking Team (RIP)
- Cy4Gate
- eSurv (RIP)
- GR Sistemi
- Negg
- Raxir
- RCS Lab
Italy, the country of "pizza, spaghetti and spyware," as someone once said.
- Hacking Team (RIP)
- Cy4Gate
- eSurv (RIP)
- GR Sistemi
- Negg
- Raxir
- RCS Lab
Italy, the country of "pizza, spaghetti and spyware," as someone once said.
February 13, 2025 at 3:29 PM
This is a list of all the Italian spyware makers that got their products caught in the wild over the last 10ish years:
- Hacking Team (RIP)
- Cy4Gate
- eSurv (RIP)
- GR Sistemi
- Negg
- Raxir
- RCS Lab
Italy, the country of "pizza, spaghetti and spyware," as someone once said.
- Hacking Team (RIP)
- Cy4Gate
- eSurv (RIP)
- GR Sistemi
- Negg
- Raxir
- RCS Lab
Italy, the country of "pizza, spaghetti and spyware," as someone once said.
Reposted by Tom
YARA-X 0.13.0 is out: github.com/VirusTotal/y...
As always, Victor and the contributors are cranking out quality improvements!
In particular, check out the docs on how to use the formatter and linter and open issues (or tell me somehow) if you hit bugs or have things you want to see.
As always, Victor and the contributors are cranking out quality improvements!
In particular, check out the docs on how to use the formatter and linter and open issues (or tell me somehow) if you hit bugs or have things you want to see.
Release v0.13.0 · VirusTotal/yara-x
Implemented basic linting via the check command.
Refactor the format of JSON output (#281).
Parse Mach-O certificates (#276).
Allow using previously defined variables in with statements (#287).
BUG...
github.com
February 3, 2025 at 6:04 PM
YARA-X 0.13.0 is out: github.com/VirusTotal/y...
As always, Victor and the contributors are cranking out quality improvements!
In particular, check out the docs on how to use the formatter and linter and open issues (or tell me somehow) if you hit bugs or have things you want to see.
As always, Victor and the contributors are cranking out quality improvements!
In particular, check out the docs on how to use the formatter and linter and open issues (or tell me somehow) if you hit bugs or have things you want to see.
Reposted by Tom
vmi-rs 0.2 is out. It underwent a huge refactoring. OS components like Process, FileObject, Key, ... are now standalone objects.
Also, kernel crashdump support was added, so you can also use it as a kind of Volatility framework. But faster.
Example code:
github.com/vmi-rs/vmi/b...
Also, kernel crashdump support was added, so you can also use it as a kind of Volatility framework. But faster.
Example code:
github.com/vmi-rs/vmi/b...
github.com
February 4, 2025 at 7:47 PM
vmi-rs 0.2 is out. It underwent a huge refactoring. OS components like Process, FileObject, Key, ... are now standalone objects.
Also, kernel crashdump support was added, so you can also use it as a kind of Volatility framework. But faster.
Example code:
github.com/vmi-rs/vmi/b...
Also, kernel crashdump support was added, so you can also use it as a kind of Volatility framework. But faster.
Example code:
github.com/vmi-rs/vmi/b...
Reposted by Tom
Cyber agencies from the Five Eyes, Australia, Canada, New Zealand, the UK, and the US, released guidance on securing network edge devices
www.cyber.gc.ca/en/news-even...
PDF: www.ic3.gov/CSA/2025/250...
www.nsa.gov/Press-Room/P...
www.ncsc.gov.uk/guidance/gui...
www.cyber.gov.au/resources-bu...
www.cyber.gc.ca/en/news-even...
PDF: www.ic3.gov/CSA/2025/250...
www.nsa.gov/Press-Room/P...
www.ncsc.gov.uk/guidance/gui...
www.cyber.gov.au/resources-bu...
Five Eyes publish series to sound alarm on cyber security threats to edge devices - Canadian Centre for Cyber Security
Five Eyes publish series to sound alarm on cyber security threats to edge devices
www.cyber.gc.ca
February 4, 2025 at 3:22 PM
Cyber agencies from the Five Eyes, Australia, Canada, New Zealand, the UK, and the US, released guidance on securing network edge devices
www.cyber.gc.ca/en/news-even...
PDF: www.ic3.gov/CSA/2025/250...
www.nsa.gov/Press-Room/P...
www.ncsc.gov.uk/guidance/gui...
www.cyber.gov.au/resources-bu...
www.cyber.gc.ca/en/news-even...
PDF: www.ic3.gov/CSA/2025/250...
www.nsa.gov/Press-Room/P...
www.ncsc.gov.uk/guidance/gui...
www.cyber.gov.au/resources-bu...
Reposted by Tom
In case if you wonder what broke #ProcessHollowing on Windows 11 24H2, I have something for you: hshrzd.wordpress.com/2025/01/27/p...
Process Hollowing on Windows 11 24H2
Process Hollowing (a.k.a. RunPE) is probably the oldest, and the most popular process impersonation technique (it allows to run a malicious executable under the cover of a benign process). It is us…
hshrzd.wordpress.com
January 26, 2025 at 11:55 PM
In case if you wonder what broke #ProcessHollowing on Windows 11 24H2, I have something for you: hshrzd.wordpress.com/2025/01/27/p...
Reposted by Tom
I have a different take.
The market was *way* overpriced last week. People knew that valuations had outpaced actual growth, in spite of that growth being pretty radical. But people hold on to rising stocks without a catalyst - you don't want to sell too early.
So Deepseek's emergence just ...
The market was *way* overpriced last week. People knew that valuations had outpaced actual growth, in spite of that growth being pretty radical. But people hold on to rising stocks without a catalyst - you don't want to sell too early.
So Deepseek's emergence just ...
The AI bubble was inflated based on the idea that we need bigger models that both are trained and run on bigger and even larger GPUs. A company came along that has undermined the narrative - ways both substantive and questionable - and now the market panicked that $200bn got wasted on AI capex
Can someone explain it to me like I'm stupid?
January 27, 2025 at 9:11 PM
I have a different take.
The market was *way* overpriced last week. People knew that valuations had outpaced actual growth, in spite of that growth being pretty radical. But people hold on to rising stocks without a catalyst - you don't want to sell too early.
So Deepseek's emergence just ...
The market was *way* overpriced last week. People knew that valuations had outpaced actual growth, in spite of that growth being pretty radical. But people hold on to rising stocks without a catalyst - you don't want to sell too early.
So Deepseek's emergence just ...