Android Spyware Asin Targets Arabic Users via Fake News, PDF and War Map Apps

Arabic-speaking users have emerged as the target of a new Android spyware codenamed Asin , according to findings from ESET. The Slovakian cybersecurity company said it first detected the malware spread via multiple campaigns in early 2025, with each attack wave making use of distinct websites...

MalTree: Tracing Malware Evolution from Embeddings at Scale

Malware detection remains largely reactive: machine learning models trained on known samples degrade as threats evolve. Understanding evolutionary relationships among malware families can inform proactive defense, but traditional reverse engineering can take months to years to uncover such lineag...

Building an Adversarial Malware Dataset by Family and Type: Generation, Evasion, and Poisoning Evaluation

We present a dataset of adversarial malware samples derived from the public RawMal-TF collection of real-world malware binaries. Using a suite of adversarial malware generators, we construct two sets of adversarial PE files: 44,347 family-labelled samples and 33,596 type-labelled samples, achievi...

SOC-Alert-Investigation-Portfolio

SOC Alert Investigation Portfolio This repository contains pr...

APT28 Tied to CVE-2026-21513 MSHTML 0-Day Exploited Before Feb 2026 Patch Tuesday

A recently disclosed security flaw patched by Microsoft may have been exploited by the Russia-linked state-sponsored threat actor known as APT28, according to new findings from Akamai. The vulnerability in question is CVE-2026-21513 CVSS score: 8.8, a high-severity security feature bypass affecti...

SecureScan: An AI-Driven Multi-Layer Framework for Malware and Phishing Detection Using Logistic Regression and Threat Intelligence Integration

The growing sophistication of modern malware and phishing campaigns has diminished the effectiveness of traditional signature-based intrusion detection systems. This work presents SecureScan, an AI-driven, triple-layer detection framework that integrates logistic regression-based classification,...

Enhanced Cyber Threat Intelligence by Network Forensic Analysis for Ransomware As a Service(RaaS) Malwares

In the current era of interconnected cyberspace, there is an adverse effect of ransomware on individuals, startups, and large companies. Cybercriminals hold digital assets till the demand for payment is made. The success of ransomware upsurged with the introduction of Ransomware as a ServiceRaaS...

New RadzaRat Spyware Poses as File Manager to Hijack Android Devices

Certo Software found RadzaRat, an Android RAT disguised as a file manager that has a 0/66 detection rate on VirusTotal. It keylogs passwords and steals files...

MH-1M: A 1.34 Million-Sample Comprehensive Multi-Feature Android Malware Dataset for Machine Learning, Deep Learning, Large Language Models, and Threat Intelligence Research

We present MH-1M, one of the most comprehensive and up-to-date datasets for advanced Android malware research. The dataset comprises 1,340,515 applications, encompassing a wide range of features and extensive metadata. To ensure accurate malware classification, we employ the VirusTotal API,...

Forensic journey: hunting evil within AmCache

Introduction When it comes to digital forensics, AmCache plays a vital role in identifying malicious activities in Windows systems. This artifact allows the identification of the execution of both benign and malicious software on a machine. It is managed by the operating system, and at the time o...

VirusTotal Finds 44 Undetected SVG Files Used to Deploy Base64-Encoded Phishing Pages

Cybersecurity researchers have flagged a new malware campaign that has leveraged Scalable Vector Graphics SVG files as part of phishing attacks impersonating the Colombian judicial system. The SVG files, according to VirusTotal, are distributed via email and designed to execute an embedded...

Linux Distros Unpatched Vulnerability : CVE-2023-40857

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Buffer Overflow vulnerability in VirusTotal yara v.4.3.2 allows a remote attacker to execute arbtirary code via the yrexecutecod function in the exe.c component...

OPSEC failures when threat hunting

Over the last few years I’ve carried out a lot of phishing, and have some interesting observations on how organisations respond. However, the purpose of this blog is to highlight a worrying and amusing trend in response actions taken by the blue team and researchers when threat hunting a phishing...

CVE-2023-40857

Buffer Overflow vulnerability in VirusTotal yara v.4.3.2 allows a remote attacker to execute arbtirary code via the yrexecutecod function in the exe.c component...

Hackers Using Golang Variant of Cobalt Strike to Target Apple macOS Systems

A Golang implementation of Cobalt Strike called Geacon is likely to garner the attention of threat actors looking to target Apple macOS systems. That's according to findings from SentinelOne, which observed an increase in the number of Geacon payloads appearing on VirusTotal in recent months...

PT-2023-1976

Name of the Vulnerable Software and Affected Versions Windows Snipping Tool versions prior to 10.2008.3001.0 Windows 10 Snip & Sketch versions prior to 11.2302.20.0 Description The issue is related to the incorrect procedure of saving a file after editing and replacing it with its original file,...

SUSE CVE-2021-45429

A Buffer Overflow vulnerablity exists in VirusTotal YARA git commit: 605b2edf07ed8eb9a2c61ba22eb2e7c362f47ba7 via yrsetconfiguration in yara/libyara/libyara.c, which could cause a Denial of Service...

MobileAudit - SAST and Malware Analysis for Android Mobile APKs

Django Web application for performing Static Analysis and detecting malware in Android APKs In each of the scans, it would have the following information: Application Info Security Info Components SAST Findings Best Practices Implemented Virus Total Info Certificate Info Strings Databases Files F...

PackageDNA - Tool To Analyze Software Packages Of Different Programming Languages That Are Being Or Will Be Used In Their Codes

This tool gives developers, researchers and companies the ability to analyze software packages of different programming languages that are being or will be used in their codes, providing information that allows them to know in advance if this library complies with processes. secure development, i...

Retrohunting APT37: North Korean APT used VBA self decode technique to inject RokRat

This post was authored by Hossein Jazi On December 7 2020 we identified a malicious document uploaded to Virus Total which was purporting to be a meeting request likely used to target the government of South Korea. The meeting date mentioned in the document was 23 Jan 2020, which aligns with the...