BlueEye

AS promised , i am done with writing my blog post about #GOZI aka #ISFB, where i went in the depth of analyzing the first loader,uncovering the config decryption routine ,showcasing #malware self-injection ,and the extraction of the 2nd stage. blu3eye.gitbook.io/malware-insigh…

Samples from APT Dropping Elephant are uploaded @abuse_ch bazaar.abuse.ch/browse/tag/Dro…

⚠️ New threat detected: [email protected] ⚠️ This file gathers detailed OS and network information (including hostname, user details, and IP addresses) and sends it to hardcoded endpoints (e.g., http://23[.]22[.]251[.]177:8080/jpd[.]php and http://23[... socket.dev/npm/package/ny…

Hi everyone! I’m looking for new opportunities in #threat research/hunting. 3+ yrs experience, focused on #ransomware in my last role, and independently tracking #APTs. DMs open — happy to connect or chat!

Check out our analysis of the SharePoint ToolShell vulnerabilities: how the ITW exploit works, how it was patched, and why the initial patches could be easily bypassed securelist.com/toolshell-expl…

Recently we identified a notable uptick in TA455 related activity tied to the ongoing Iranian "Dream Job" campaign. Tactics, techniques, and procedures (TTP’s) of the group seem to be evolving continuously, demonstrating a high level of agility. We discovered new unknown malware…

🚨 New dark web threat: “Snow Killer” an advanced AV/EDR killer targeting Windows 7–11 & Server 2008–2025, with HVCI & PatchGuard bypass, physical memory access, and custom UAC bypass. Uses a non-public vulnerable driver. Price: $150+. #infosec #DarkWeb #ThreatIntel

A new report traces the history of the early wave of Chinese hackers who became the backbone of the state's espionage apparatus. wired.com/story/china-ho… @WIRED

North Korean(🇰🇵) malware developers are working in the Cyber Weapons folder.

101 Chrome Exploitation — Part 0: Preface We are starting a new series on modern browsers' architecture and their exploitation using Chrome as an example. Readers will learn how browser subsystems are implemented, how their security is ensured and how it is violated with…

🚨 New malware “LAMEHUG” uses a coding LLM to generate real-time attack commands—no scripts needed. Discovered by Ukraine CERT, it runs through Hugging Face and was sent by APT28 to target officials. This changes how phishing works → thehackernews.com/2025/07/cert-u…

🔥 Threat hunting just got easier. #ANYRUN’s TI Lookup is now free! It’s one of the best intel sources out there. Use live attack data for instant threat context. Speed up investigations and handle incidents early. intelligence.any.run/analysis/looku…

SquidLoader is swimming just beneath the surface! 🦑 This sophisticated malware is targeting HK financial orgs with advanced evasion techniques. Get the deep dive on its ant-analysis tricks & #IOCs. bit.ly/3UaVlg2

github.com/MicroOperation… Analysis of intel goldmont plus’ predecode cache since its core logic is undocumented + I hadn’t seen anyone reverse engineer it yet

Le Handala prend la mer le 18 juillet pour briser le blocus humanitaire et dénoncer le génocide en Palestine 🇵🇸 Suivez le parcours de la @GazaFFlotilla, poursuivons la mobilisation ! Jamais nous ne lâcherons Gaza des yeux.

Shout-out to GReAT’s Sojun Ryu (@hypen1117) for his talk at #FIRSTCON25 🇩🇰 breaking down Lazarus’ “Operation Dream Job” and the brand-new CookiePlus malware. More: securelist.com/lazarus-new-ma… Thanks @FIRSTdotOrg for bringing GR, business & research together! #CyberSec

🚨 Alert: Latrodectus still in the making with version 2.2 🔍 The Latrodectus downloader has unexpectedly resurfaced with its recent version 2.2.7, despite previous law enforcement disruptions under Operation Endgame 2.0, where authorities took down around 300 servers and 650…

A few weeks ago, I was responding to a cybersecurity incident - $500,000 have been stolen from a #blockchain developer. The infected operating system was freshly installed, and the victim was vigilant about cybersecurity. How could this happen? New supply chain attack? [1/6]