How a Webmail Log File Became a Root-Level Backdoor

THREAT ANALYSIS May 2026 · Forensic Case Study A forensic breakdown of how an attacker turned CyberPanel's SnappyMail logging into a persistent webshell that survived every WordPress cleanup attempt. A WordPress site owner reported redirect malware on their site. They found that clicking anywhere...

Instructure Reaches Ransom Agreement with ShinyHunters to Stop 3.65TB Canvas Leak

American educational technology company Instructure, the parent company of Canvas, said it reached an "agreement" with a decentralized cybercrime extortion group after it breached its network and threatened to leak stolen information from thousands of schools and universities. In an update shared...

From the field to the report and back again: How incident responders can use the Year in Review

Every year, Cisco Talos publishes Year in Review, a comprehensive look at the previous year's threat landscape. It's drawn from an enormous volume of telemetry, such as endpoint detections, network traffic, email data, and boots-on-the-ground Cisco Talos Incident Response Talos IR engagements. As...

parseusbs 操作系统命令注入漏洞

Parseusbs is a USB-connected recording and forensic analysis tool developed by Khyrenz Ltd. Versions of Parseusbs prior to 1.9 contained a vulnerability related to operating system command injection. This vulnerability arose from the fact that the volume list path parameters were passed directly ...

parseusbs 操作系统命令注入漏洞

Parseusbs is a USB connection recording and forensic analysis tool developed by Khyrenz Ltd. Versions of Parseusbs prior to 1.9 contained an operating system command injection vulnerability. This vulnerability stemmed from the LNK file path being passed to the os.popen shell command without prope...

AI Agents Vs. Human Investigators: Balancing Automation, Security, and Expertise in Cyber Forensic Analysis

In an era where cyber threats are rapidly evolving, the reliability of cyber forensic analysis has become increasingly critical for effective digital investigations and cybersecurity responses. AI agents are being adopted across digital forensic practices due to their ability to automate processe...

Endpoint Security Agent: A Comprehensive Approach to Real-Time System Monitoring and Threat Detection

As cyber threats continue to evolve in complexity and frequency, robust endpoint protection is essential for organizational security. This paper presents "Endpoint Security Agent: A Comprehensive Approach to Real-time System Monitoring and Threat Detection" a modular, real-time security solution...

PromptLocate: Localizing Prompt Injection Attacks

Prompt injection attacks deceive a large language model into completing an attacker-specified task instead of its intended task by contaminating its input data with an injected prompt, which consists of injected instructions and data. Localizing the injected prompt within contaminated data is...

EUVD-2024-42541

Malicious code in bioql PyPI...

Scout: Leveraging Large Language Models for Rapid Digital Evidence Discovery

Recent technological advancements and the prevalence of technology in day to day activities have caused a major increase in the likelihood of the involvement of digital evidence in more and more legal investigations. Consumer-grade hardware is growing more powerful, with expanding memory and...

Exploit for Inclusion of Functionality from Untrusted Control Sphere in Sudo_Project Sudo

CVE-2025-32463 Detection Framework A comprehensive security m...

Forensic journey: Breaking down the UserAssist artifact structure

Introduction As members of the Global Emergency Response Team GERT, we work with forensic artifacts on a daily basis to conduct investigations, and one of the most valuable artifacts is UserAssist. It contains useful execution information that helps us determine and track adversarial activities,...

Paragon Spyware Used to Spy on European Journalists

Paragon is an Israeli spyware company, increasingly in the news now that NSO Group seems to be waning. "Graphite" is the name of its product. Citizen Lab caught it spying on multiple European journalists with a zero-click iOS exploit: On April 29, 2025, a select group of iOS users were notified b...

There'S Waldo: PCB Tamper Forensic Analysis Using Explainable AI on Impedance Signatures

The security of printed circuit boards PCBs has become increasingly vital as supply chain vulnerabilities, including tampering, present significant risks to electronic systems. While detecting tampering on a PCB is the first step for verification, forensics is also needed to identify the modified...

TracLLM: a Generic Framework for Attributing Long Context LLMs

Long context large language models LLMs are deployed in many real-world applications such as RAG, agent, and broad LLM-integrated applications. Given an instruction and a long context e.g., documents, PDF files, webpages, a long context LLM can generate an output grounded in the provided context,...

New Malware Spotted Corrupts Its Own Headers to Block Analysis

Fortinet spots new malware that corrupts its own headers to block forensic analysis, hide behavior, and communicate with its C2 server...

CVE-2024-47608

Logicytics is designed to harvest and collect data for forensic analysis. Logicytics has a basic vuln affecting compromised devices from shell injections. This vulnerability is fixed in 2.3.2...

Towards a Standardized Methodology and Dataset for Evaluating LLM-Based Digital Forensic Timeline Analysis

Large language models LLMs have seen widespread adoption in many domains including digital forensics. While prior research has largely centered on case studies and examples demonstrating how LLMs can assist forensic investigations, deeper explorations remain limited, i.e., a standardized approach...

Exploit for Unrestricted Upload of File with Dangerous Type in Sap Netweaver

CVE-2025-31324 Zero-Day SAP Vulnerability & Compromise Assessm...

Bytesrevealer - Online Reverse Enginerring Viewer

Bytes Revealer is a powerful reverse engineering and binary analysis tool designed for security researchers, forensic analysts, and developers. With features like hex view, visual representation, string extraction, entropy calculation, and file signature detection, it helps users uncover hidden...