~Sophos~
New packer 'Shanya' is being used by ransomware groups like Akira to deliver payloads and an EDR killer.
-
IOCs: biokdsl. com, biklkfd. com
-
#Packer #Ransomware #Shanya #ThreatIntel
New packer 'Shanya' is being used by ransomware groups like Akira to deliver payloads and an EDR killer.
-
IOCs: biokdsl. com, biklkfd. com
-
#Packer #Ransomware #Shanya #ThreatIntel
Shanya Packer-as-a-Service Fuels Attacks
news.sophos.com
December 7, 2025 at 4:04 AM
~Sophos~
New packer 'Shanya' is being used by ransomware groups like Akira to deliver payloads and an EDR killer.
-
IOCs: biokdsl. com, biklkfd. com
-
#Packer #Ransomware #Shanya #ThreatIntel
New packer 'Shanya' is being used by ransomware groups like Akira to deliver payloads and an EDR killer.
-
IOCs: biokdsl. com, biklkfd. com
-
#Packer #Ransomware #Shanya #ThreatIntel
Barts Health NHS Trust has reported a breach involving historic invoice data after an Oracle zero-day was exploited. No clinical systems were impacted, and authorities have been notified.
What can organizations do to reduce exposure from third-party enterprise software?
#CyberSecurity #ThreatIntel
What can organizations do to reduce exposure from third-party enterprise software?
#CyberSecurity #ThreatIntel
December 6, 2025 at 5:58 PM
Barts Health NHS Trust has reported a breach involving historic invoice data after an Oracle zero-day was exploited. No clinical systems were impacted, and authorities have been notified.
What can organizations do to reduce exposure from third-party enterprise software?
#CyberSecurity #ThreatIntel
What can organizations do to reduce exposure from third-party enterprise software?
#CyberSecurity #ThreatIntel
LockBit got the Operation Cronos takedown. BlackCat imploded. Cl0p just logged a record leak month—and shows no sign of slowing. By 2026, do we really keep Cl0p dark for 90+ days… or just get Cl0p v2 with a fresh logo? 🔐🤡📉
#AlphaHunt #ransomware #ThreatIntel
#AlphaHunt #ransomware #ThreatIntel
December 1, 2025 at 2:03 PM
LockBit got the Operation Cronos takedown. BlackCat imploded. Cl0p just logged a record leak month—and shows no sign of slowing. By 2026, do we really keep Cl0p dark for 90+ days… or just get Cl0p v2 with a fresh logo? 🔐🤡📉
#AlphaHunt #ransomware #ThreatIntel
#AlphaHunt #ransomware #ThreatIntel
#PIVOTcon26 #CfP is open and you can submit your proposals till 6 FEB 2026
CfP rules and submissions here: pretalx.com/pivotcon26/cfp
#ThreatIntel #ThreatResearch #CTI
CfP rules and submissions here: pretalx.com/pivotcon26/cfp
#ThreatIntel #ThreatResearch #CTI
a little boy is driving a toy car down a street .
ALT: a little boy is driving a toy car down a street .
media.tenor.com
November 27, 2025 at 2:06 PM
#PIVOTcon26 #CfP is open and you can submit your proposals till 6 FEB 2026
CfP rules and submissions here: pretalx.com/pivotcon26/cfp
#ThreatIntel #ThreatResearch #CTI
CfP rules and submissions here: pretalx.com/pivotcon26/cfp
#ThreatIntel #ThreatResearch #CTI
winbuzzer.com/2025/11/28/f...
Fake Windows Update Notifications: ClickFix Malware Campaign Uses PNG Steganography to Evade Detection
#Security #Malware #Cybercrime #Phishing #Microsoft #Windows11 #Cybersecurity #Hackers #Steganography #Rhadamanthys #ClickFix #Infosecurity #ThreatIntel
Fake Windows Update Notifications: ClickFix Malware Campaign Uses PNG Steganography to Evade Detection
#Security #Malware #Cybercrime #Phishing #Microsoft #Windows11 #Cybersecurity #Hackers #Steganography #Rhadamanthys #ClickFix #Infosecurity #ThreatIntel
Fake Windows Update Notifications: ClickFix Malware Campaign Shifts to PNG Steganography to Evade Detection - WinBuzzer
Cybercriminals are shifting to hiding malware in PNG images using steganography, bypassing Microsoft's recent block on SVG files in Outlook.
winbuzzer.com
November 28, 2025 at 9:02 AM
winbuzzer.com/2025/11/28/f...
Fake Windows Update Notifications: ClickFix Malware Campaign Uses PNG Steganography to Evade Detection
#Security #Malware #Cybercrime #Phishing #Microsoft #Windows11 #Cybersecurity #Hackers #Steganography #Rhadamanthys #ClickFix #Infosecurity #ThreatIntel
Fake Windows Update Notifications: ClickFix Malware Campaign Uses PNG Steganography to Evade Detection
#Security #Malware #Cybercrime #Phishing #Microsoft #Windows11 #Cybersecurity #Hackers #Steganography #Rhadamanthys #ClickFix #Infosecurity #ThreatIntel
A new Mirai variant - ShadowV2 - is exploiting IoT vulnerabilities to expand a DDoS-focused botnet. Targets include D-Link, TP-Link, DD-WRT, and more.
#CyberSecurity #IoTSecurity #ThreatIntel #BotnetActivity #TechNadu
#CyberSecurity #IoTSecurity #ThreatIntel #BotnetActivity #TechNadu
November 27, 2025 at 5:56 PM
A new Mirai variant - ShadowV2 - is exploiting IoT vulnerabilities to expand a DDoS-focused botnet. Targets include D-Link, TP-Link, DD-WRT, and more.
#CyberSecurity #IoTSecurity #ThreatIntel #BotnetActivity #TechNadu
#CyberSecurity #IoTSecurity #ThreatIntel #BotnetActivity #TechNadu
Full analysis: www.technadu.com/russian-tech...
Follow TechNadu for more threat intel and global cyber policy coverage.
#CyberSecurity #Infosec #Russia #ThreatIntel #TechNews
Follow TechNadu for more threat intel and global cyber policy coverage.
#CyberSecurity #Infosec #Russia #ThreatIntel #TechNews
Russian Tech Entrepreneur Who Criticized the Max App and Opposed the Criminalizing of Security Flaw Disclosure, Arrested on Treason Charges
A 21-year-old Russian cybersecurity entrepreneur, Timur Kilin, has been arrested on treason charges after criticizing a state-backed messaging app.
www.technadu.com
November 26, 2025 at 9:35 AM
Full analysis: www.technadu.com/russian-tech...
Follow TechNadu for more threat intel and global cyber policy coverage.
#CyberSecurity #Infosec #Russia #ThreatIntel #TechNews
Follow TechNadu for more threat intel and global cyber policy coverage.
#CyberSecurity #Infosec #Russia #ThreatIntel #TechNews
I'm offering a rare public Applied #CTI training course for cyber threat intelligence in evening North America/morning Australia/Asia in January - register your interest soon if you would like to attend mission-focused #ThreatIntel training!
forms.gle/i3n4srD6hWzf...
forms.gle/i3n4srD6hWzf...
Paralus LLC: Applied Threat Intelligence
Hello and thank you for your interest in a workshop focusing on Applied Threat Intelligence!
Scheduling:
12-16 January 2026 (Five Days)
1700-1900 US Eastern/2200-0000 Central European/0900-1100 Austr...
forms.gle
November 24, 2025 at 10:52 PM
I'm offering a rare public Applied #CTI training course for cyber threat intelligence in evening North America/morning Australia/Asia in January - register your interest soon if you would like to attend mission-focused #ThreatIntel training!
forms.gle/i3n4srD6hWzf...
forms.gle/i3n4srD6hWzf...
250k threat actor usernames atm and growing
#cti #threatintel #osint #infosec #cybersecurity #hacking #threatactors
#cti #threatintel #osint #infosec #cybersecurity #hacking #threatactors
GitHub - spmedia/Threat-Actor-Usernames-Scrape: A collection of intel and usernames scraped from various cybercrime sources & forums. DarkForums, HackForums, Patched, Cracked, BreachForums, LeakBase, ...
A collection of intel and usernames scraped from various cybercrime sources & forums. DarkForums, HackForums, Patched, Cracked, BreachForums, LeakBase, & more - spmedia/Threat-Actor-Usernam...
github.com
November 23, 2025 at 6:52 AM
250k threat actor usernames atm and growing
#cti #threatintel #osint #infosec #cybersecurity #hacking #threatactors
#cti #threatintel #osint #infosec #cybersecurity #hacking #threatactors
The cyber threat landscape never sleeps, and neither do we. What was the top security headline this week that made you rethink your strategy?
If you want real intelligence (not hype) subscribe to the JANUS Cyber Threat Report for expert-led updates.
#Cybersecurity #ThreatIntel #Community
If you want real intelligence (not hype) subscribe to the JANUS Cyber Threat Report for expert-led updates.
#Cybersecurity #ThreatIntel #Community
November 19, 2025 at 1:11 PM
The cyber threat landscape never sleeps, and neither do we. What was the top security headline this week that made you rethink your strategy?
If you want real intelligence (not hype) subscribe to the JANUS Cyber Threat Report for expert-led updates.
#Cybersecurity #ThreatIntel #Community
If you want real intelligence (not hype) subscribe to the JANUS Cyber Threat Report for expert-led updates.
#Cybersecurity #ThreatIntel #Community
Modular C2 parked in Graph/SharePoint—perfect place to hide your beacon. Sliver/Havoc/Mythic blur APT vs crimeware. 🕵️
Get the playbook—then subscribe for the next move. -> blog.alphahunt.io/modular-c2-f...
#AlphaHunt #CyberSecurity #Infosec #ThreatIntel
Get the playbook—then subscribe for the next move. -> blog.alphahunt.io/modular-c2-f...
#AlphaHunt #CyberSecurity #Infosec #ThreatIntel
Modular C2 Frameworks Quietly Redefine Threat Operations for 2025–2026
Attackers are rapidly shifting to modular, cloud-integrated C2 frameworks—Sliver, Havoc, Mythic, Brute Ratel C4, and Cobalt Strike—blurring lines between APT and cybercrime. These tools’ stealth,…
blog.alphahunt.io
November 14, 2025 at 2:06 PM
Modular C2 parked in Graph/SharePoint—perfect place to hide your beacon. Sliver/Havoc/Mythic blur APT vs crimeware. 🕵️
Get the playbook—then subscribe for the next move. -> blog.alphahunt.io/modular-c2-f...
#AlphaHunt #CyberSecurity #Infosec #ThreatIntel
Get the playbook—then subscribe for the next move. -> blog.alphahunt.io/modular-c2-f...
#AlphaHunt #CyberSecurity #Infosec #ThreatIntel
The two key vetting principles are: TRUST - you are someone we know and trust or someone we know and trust can vouch for you #CTI #ThreatIntel (5/6)
a man holding a cat with the words circle of trust written above him
ALT: a man holding a cat with the words circle of trust written above him
media.tenor.com
November 13, 2025 at 3:28 PM
The two key vetting principles are: TRUST - you are someone we know and trust or someone we know and trust can vouch for you #CTI #ThreatIntel (5/6)
New cheatsheets pushed🕵️♂️
github.com/r1cksec/chea...
#infosec #cybersecurity #pentest #redteam #osint #opensource #malware #threatintel
github.com/r1cksec/chea...
#infosec #cybersecurity #pentest #redteam #osint #opensource #malware #threatintel
GitHub - r1cksec/cheatsheets: Collection of knowledge about information security
Collection of knowledge about information security - r1cksec/cheatsheets
github.com
November 12, 2025 at 8:47 AM
New cheatsheets pushed🕵️♂️
github.com/r1cksec/chea...
#infosec #cybersecurity #pentest #redteam #osint #opensource #malware #threatintel
github.com/r1cksec/chea...
#infosec #cybersecurity #pentest #redteam #osint #opensource #malware #threatintel
xHunt APT renews espionage in Kuwait - abusing Exchange & IIS to deploy PowerShell backdoors “Hisoka” & “TriFive.”
#CyberSecurity #xHunt #APT #ThreatIntel
#CyberSecurity #xHunt #APT #ThreatIntel
November 11, 2025 at 11:22 AM
xHunt APT renews espionage in Kuwait - abusing Exchange & IIS to deploy PowerShell backdoors “Hisoka” & “TriFive.”
#CyberSecurity #xHunt #APT #ThreatIntel
#CyberSecurity #xHunt #APT #ThreatIntel
🚨 CATASTROPHIC BREACH: Chinese security firm Knownsec hacked, exposing state-sponsored cyber arsenal. Leaked files reveal RATs for all OSs, hardware attack tools, and a global target list including India, UK & SK. #ThreatIntel #China #CyberWarfare
China
A massive data breach at Chinese cybersecurity firm Knownsec has exposed a trove of state-sponsored hacking tools, malware, and global surveillance target lists, revealing large-scale data theft from multiple nations.
cyber.netsecops.io
November 10, 2025 at 4:26 PM
🚨 CATASTROPHIC BREACH: Chinese security firm Knownsec hacked, exposing state-sponsored cyber arsenal. Leaked files reveal RATs for all OSs, hardware attack tools, and a global target list including India, UK & SK. #ThreatIntel #China #CyberWarfare
Intelligence Investigations: Business
Dec 15-16 | 1000-1400 ET
Passive recon for business inv. & pen test work.
$315 | 30% off w code FAWKES thru Nov 15
Reg: theosintion.as.me?appointmentT...
#OSINT #PassiveRecon #ThreatIntel #SanctionsData #CyberInvestigations #InfoSecTraining #PenTestRecon
Dec 15-16 | 1000-1400 ET
Passive recon for business inv. & pen test work.
$315 | 30% off w code FAWKES thru Nov 15
Reg: theosintion.as.me?appointmentT...
#OSINT #PassiveRecon #ThreatIntel #SanctionsData #CyberInvestigations #InfoSecTraining #PenTestRecon
November 6, 2025 at 6:21 PM
Intelligence Investigations: Business
Dec 15-16 | 1000-1400 ET
Passive recon for business inv. & pen test work.
$315 | 30% off w code FAWKES thru Nov 15
Reg: theosintion.as.me?appointmentT...
#OSINT #PassiveRecon #ThreatIntel #SanctionsData #CyberInvestigations #InfoSecTraining #PenTestRecon
Dec 15-16 | 1000-1400 ET
Passive recon for business inv. & pen test work.
$315 | 30% off w code FAWKES thru Nov 15
Reg: theosintion.as.me?appointmentT...
#OSINT #PassiveRecon #ThreatIntel #SanctionsData #CyberInvestigations #InfoSecTraining #PenTestRecon
We deployed MCP honeypots to understand how threat actors engage with AI middleware exposed to the internet. What we observed was unexpected. Full analysis ⬇️
#GreyNoise #AI #AISecurity #MCP #MCPSecurity #Cybersecurity #ThreatIntel
#GreyNoise #AI #AISecurity #MCP #MCPSecurity #Cybersecurity #ThreatIntel
What GreyNoise Learned from Deploying MCP Honeypots
GreyNoise deployed MCP honeypots to see what happens when AI middleware meets the open internet — revealing how attackers interact with this new layer of AI infrastructure.
www.greynoise.io
November 5, 2025 at 7:15 PM
We deployed MCP honeypots to understand how threat actors engage with AI middleware exposed to the internet. What we observed was unexpected. Full analysis ⬇️
#GreyNoise #AI #AISecurity #MCP #MCPSecurity #Cybersecurity #ThreatIntel
#GreyNoise #AI #AISecurity #MCP #MCPSecurity #Cybersecurity #ThreatIntel
Huntress has published an article about Gootloader with an absolutely ridiculous amount of IoCs to hunt for, beyond an already excellent technical deep dive.
https://www.huntress.com/blog/gootloader-threat-detection-woff2-obfuscation
Raising the bar?
#threatintel #cybersecurity
https://www.huntress.com/blog/gootloader-threat-detection-woff2-obfuscation
Raising the bar?
#threatintel #cybersecurity
Gootloader | Threat Detection Overview | Huntress
Gootloader returns with new obfuscation techniques, including custom WOFF2 fonts and updated persistence mechanisms, while continuing its partnership with Vanilla Tempest for ransomware deployment. Dive in and discover what Huntress is seeing.
www.huntress.com
November 5, 2025 at 5:52 PM
Huntress has published an article about Gootloader with an absolutely ridiculous amount of IoCs to hunt for, beyond an already excellent technical deep dive.
https://www.huntress.com/blog/gootloader-threat-detection-woff2-obfuscation
Raising the bar?
#threatintel #cybersecurity
https://www.huntress.com/blog/gootloader-threat-detection-woff2-obfuscation
Raising the bar?
#threatintel #cybersecurity
New UI to RansomLook.io
The open source project providing real-time ransomware intelligence.
Thanks to @F_kZ_ for the incredible work.
#ransomware #threatintelligence #threatintel #opensource
🔗 https://www.ransomlook.io/
The open source project providing real-time ransomware intelligence.
Thanks to @F_kZ_ for the incredible work.
#ransomware #threatintelligence #threatintel #opensource
🔗 https://www.ransomlook.io/
November 5, 2025 at 6:43 AM
New UI to RansomLook.io
The open source project providing real-time ransomware intelligence.
Thanks to @F_kZ_ for the incredible work.
#ransomware #threatintelligence #threatintel #opensource
🔗 https://www.ransomlook.io/
The open source project providing real-time ransomware intelligence.
Thanks to @F_kZ_ for the incredible work.
#ransomware #threatintelligence #threatintel #opensource
🔗 https://www.ransomlook.io/
I like this Cyber Threat Intelligence Maturity Model:
https://img1.wsimg.com/blobby/go/9aad51ed-ae49-4d8d-ba52-3af7e504ddf1/downloads/2accb54e-ec3a-49e4-bfa4-1d7abbafbe8a/CTI-CMM%20book%20Version%201.2%20web%20amended.pdf?ver=1757523856600
#threatintel #cybersecurity
https://img1.wsimg.com/blobby/go/9aad51ed-ae49-4d8d-ba52-3af7e504ddf1/downloads/2accb54e-ec3a-49e4-bfa4-1d7abbafbe8a/CTI-CMM%20book%20Version%201.2%20web%20amended.pdf?ver=1757523856600
#threatintel #cybersecurity
November 3, 2025 at 2:16 PM
I like this Cyber Threat Intelligence Maturity Model:
https://img1.wsimg.com/blobby/go/9aad51ed-ae49-4d8d-ba52-3af7e504ddf1/downloads/2accb54e-ec3a-49e4-bfa4-1d7abbafbe8a/CTI-CMM%20book%20Version%201.2%20web%20amended.pdf?ver=1757523856600
#threatintel #cybersecurity
https://img1.wsimg.com/blobby/go/9aad51ed-ae49-4d8d-ba52-3af7e504ddf1/downloads/2accb54e-ec3a-49e4-bfa4-1d7abbafbe8a/CTI-CMM%20book%20Version%201.2%20web%20amended.pdf?ver=1757523856600
#threatintel #cybersecurity
Predatory Sparrow: a destructive campaign using Meteor wiper to trash rail systems, banks and crypto infrastructure across the Middle East. Attacks are surgical - targeting specific hostnames, disabling NICs, clearing logs, and deleting shadow copies.
#CyberSecurity #InfoSec #ThreatIntel
#CyberSecurity #InfoSec #ThreatIntel
October 28, 2025 at 12:45 PM
Predatory Sparrow: a destructive campaign using Meteor wiper to trash rail systems, banks and crypto infrastructure across the Middle East. Attacks are surgical - targeting specific hostnames, disabling NICs, clearing logs, and deleting shadow copies.
#CyberSecurity #InfoSec #ThreatIntel
#CyberSecurity #InfoSec #ThreatIntel
🚀 Introducing abusedb.cloud - now in public beta, designed to help developers, researchers, and security teams quickly identify the optimal contacts for hosts.
Let’s make the internet a little less hostile, one lookup at a time. 🌍✨
#security #infosec #api #threatintel #opensource #cybersecurity
Let’s make the internet a little less hostile, one lookup at a time. 🌍✨
#security #infosec #api #threatintel #opensource #cybersecurity
October 28, 2025 at 10:32 AM
🚀 Introducing abusedb.cloud - now in public beta, designed to help developers, researchers, and security teams quickly identify the optimal contacts for hosts.
Let’s make the internet a little less hostile, one lookup at a time. 🌍✨
#security #infosec #api #threatintel #opensource #cybersecurity
Let’s make the internet a little less hostile, one lookup at a time. 🌍✨
#security #infosec #api #threatintel #opensource #cybersecurity
Threat Actors Rotating New IPs Daily to Attack Microsoft RDP
Full Analysis ⬇️
#RDP #GreyNoise #ThreatIntel
Full Analysis ⬇️
#RDP #GreyNoise #ThreatIntel
Threat Actors Deploying New IPs Daily to Attack Microsoft RDP
GreyNoise reports attackers using rotating IPs to exploit Microsoft RDP timing vulnerabilities, targeting RD Web Access and RDP login enumeration to evade detection.
www.greynoise.io
October 20, 2025 at 8:40 PM
Threat Actors Rotating New IPs Daily to Attack Microsoft RDP
Full Analysis ⬇️
#RDP #GreyNoise #ThreatIntel
Full Analysis ⬇️
#RDP #GreyNoise #ThreatIntel
🛡️ Breaches like F5’s show why continuous threat tracking matters.
BaseFortify automatically maps CVEs, CPEs & CVSS to your systems and warns you early.
Register free today and stay ahead of attacks 👇
🔗 basefortify.eu/register
#CyberResilience #BaseFortify #ThreatIntel #CyberAwareness
BaseFortify automatically maps CVEs, CPEs & CVSS to your systems and warns you early.
Register free today and stay ahead of attacks 👇
🔗 basefortify.eu/register
#CyberResilience #BaseFortify #ThreatIntel #CyberAwareness
Register for Free | BaseFortify
Sign up at BaseFortify to start monitoring vulnerabilities instantly. Get free access to AI-powered CVE analysis, real-time alerts, and powerful dashboards.
basefortify.eu
October 16, 2025 at 8:15 AM
🛡️ Breaches like F5’s show why continuous threat tracking matters.
BaseFortify automatically maps CVEs, CPEs & CVSS to your systems and warns you early.
Register free today and stay ahead of attacks 👇
🔗 basefortify.eu/register
#CyberResilience #BaseFortify #ThreatIntel #CyberAwareness
BaseFortify automatically maps CVEs, CPEs & CVSS to your systems and warns you early.
Register free today and stay ahead of attacks 👇
🔗 basefortify.eu/register
#CyberResilience #BaseFortify #ThreatIntel #CyberAwareness
It’s chilling how close we came without even knowing it. A few misread signals or nervous fingers, and history could’ve ended differently. The Cold War wasn’t just about strategy- it was about sheer luck.
#ColdWar #History #NuclearNearMiss #GlobalSecurity #threatintel daily.jstor.org/close-calls-...
#ColdWar #History #NuclearNearMiss #GlobalSecurity #threatintel daily.jstor.org/close-calls-...
Close Calls: When the Cold War Almost Went Nuclear - JSTOR Daily
Most of the nuclear near-misses during the Cold War were kept under wraps, and they still make for unnerving reading in the twenty-first century.
daily.jstor.org
October 11, 2025 at 7:45 PM
It’s chilling how close we came without even knowing it. A few misread signals or nervous fingers, and history could’ve ended differently. The Cold War wasn’t just about strategy- it was about sheer luck.
#ColdWar #History #NuclearNearMiss #GlobalSecurity #threatintel daily.jstor.org/close-calls-...
#ColdWar #History #NuclearNearMiss #GlobalSecurity #threatintel daily.jstor.org/close-calls-...