Threat Intel Scraping Without Burning Your Cover or Your Stack

Threat Intel Scraping sounds simple until it isn’t, here’s how cybersecurity teams avoid blocks, bad data, and unnecessary risk...

We Are Currently Clean on OPSEC: Why JD Can't Encrypt

We analyse the 2025 Signalgate leak of sensitive US military information by the Trump administration, addressing why confidentiality was violated messages leaked to the press in spite of encryption Signal, to deepen the socio-technical considerations when designing and deploying encryption. First...

tempest-c2

⚡ Tempest C2 Framework Advanced Post-Exploitation & Comma...

SigInt-Cirtanus 1.0

SigInt-Cirtanus is a Python-based, multi-threaded threat intelligence automation framework designed for defensive cybersecurity operations. It retrieves and processes real-time threat feeds e.g., from URLhaus, validates indicators, and dynamically generates detection artifacts for integration wit...

nightfury

NightFury Framework Version 2.0 | Professional Red Team Ope...

LummaC2 Infects North Korean Hacker Device Linked to Bybit Heist

LummaC2 infostealer infects North Korean hacker’s device, exposing ties to $1.4B Bybit heist and revealing tools, infrastructure and OPSEC failures...

ULTIMATE-CYBERSECURITY-MASTER-GUIDE

🛡️ ULTIMATE CYBERSECURITY MASTER GUIDE COLLECTION 📊 Comple...

Linux Distros Unpatched Vulnerability : CVE-2025-38184

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer The reproduction steps: 1. create a tun interface 2. enable l2 bearer 3. TIPCNLUDPGETREMOTE...

CL-STA-0969 Installs Covert Malware in Telecom Networks During 10-Month Espionage Campaign

Telecommunications organizations in Southeast Asia have been targeted by a state-sponsored threat actor known as CL-STA-0969 to facilitate remote control over compromised networks. Palo Alto Networks Unit 42 said it observed multiple incidents in the region, including one aimed at critical...

OP-SEC Multi-Router Looking Glass Web Detection

Binary data op-secmrlgdetect.nbin...

OpenAI Bans ChatGPT Accounts Used by Russian, Iranian, and Chinese Hacker Groups

OpenAI has revealed that it banned a set of ChatGPT accounts that were likely operated by Russian-speaking threat actors and two Chinese nation-state hacking groups to assist with malware development, social media automation, and research about U.S. satellite communications technologies, among...

Meta Disrupts Influence Ops Targeting Romania, Azerbaijan, and Taiwan with Fake Personas

Meta on Thursday revealed that it disrupted three covert influence operations originating from Iran, China, and Romania during the first quarter of 2025. "We detected and removed these campaigns before they were able to build authentic audiences on our apps," the social media giant said in its...

BlackLock Ransomware Exposed After Researchers Exploit Leak Site Vulnerability

In what's an instance of hacking the hackers, threat hunters have managed to infiltrate the online infrastructure associated with a ransomware group called BlackLock, uncovering crucial information about their modus operandi in the process. Resecurity said it identified a security vulnerability i...

Microsoft Bug Allowed Hackers to Breach Over Two Dozen Organizations via Forged Azure AD Tokens

Microsoft on Friday said a validation error in its source code allowed for Azure Active Directory Azure AD tokens to be forged by a malicious actor known as Storm-0558 using a Microsoft account MSA consumer signing key to breach two dozen organizations. "Storm-0558 acquired an inactive MSA consum...

Analysis of Storm-0558 techniques for unauthorized email access

Executive summary On July 11, 2023, Microsoft published two blogs detailing a malicious campaign by a threat actor tracked as Storm-0558 that targeted customer email that weve detected and mitigated: Microsoft Security Response Center and Microsoft on the Issues. As we continue our investigation...

EFB vulnerability in Lufthansa’s Lido eRouteManual

Almost all commercial airlines now use electronic flight bags EFBs to drive efficiency and safety in their operations. We’ve been testing the security of EFBs and their apps, here’s our latest findings. TL;DR Many airlines use Lufthansa Systems Lido eRoute Manual for their EFB approach plates. We...

BianLian ransomware ramps up data-leak extortion and improves operational security

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary BianLian ransomware group is ramping up data-leak extortion to extract payments, using similar tactics & a custom backdoor, and bringing 30 new C2 servers online monthly. To receive real-time threat...

Accused ‘Raccoon’ Malware Developer Fled Ukraine After Russian Invasion

A 26-year-old Ukrainian man is awaiting extradition from The Netherlands to the United States on charges that he acted as a core developer for Raccoon, a popular "malware-as-a-service" offering that helped paying customers steal passwords and financial data from millions of cybercrime victims...

ZINC weaponizing open-source software

In recent months, Microsoft has detected a wide range of social engineering campaigns using weaponized legitimate open-source software by an actor we track as ZINC. Microsoft Threat Intelligence Center MSTIC observed activity targeting employees in organizations across multiple industries includi...

New Sophisticated Malware

Mandiant is reporting on a new botnet. The group, which security firm Mandiant is calling UNC3524, has spent the past 18 months burrowing into victims networks with unusual stealth. In cases where the group is ejected, it wastes no time reinfecting the victim environment and picking up where thin...