OTX Bot<p>PE32 Ransomware: A New Telegram-Based Threat on the Rise</p><p>PE32 Ransomware is a new strain of malware that utilizes Telegram for command and control. Despite its amateur execution, it effectively encrypts files and causes significant damage. The ransomware features a unique two-tiered payment model, demanding one fee to unlock files and another to prevent data leaks. It communicates entirely via Telegram Bot API, with the bot token exposed in the code. PE32 is characterized by its messy and loud behavior, dropping marker files, triggering disk repairs, and encrypting even useless files. While lacking sophisticated evasion techniques, it poses a real threat due to its fast encryption process and the current state of poor security hygiene among potential victims. The malware's reliance on basic Windows libraries and its chaotic codebase make it both easy to analyze and potentially dangerous.</p><p>Pulse ID: 6807bc7d39bf1b2aa4d2ff27<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/6807bc7d39bf1b2aa4d2ff27" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/6807b</span><span class="invisible">c7d39bf1b2aa4d2ff27</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-04-22 15:57:49</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/Encryption" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Encryption</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Malware</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/RansomWare" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RansomWare</span></a> <a href="https://social.raytec.co/tags/Telegram" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Telegram</span></a> <a href="https://social.raytec.co/tags/Windows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Windows</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AlienVault</span></a></p>
Recent searches
No recent searches
Search options
Only available when logged in.
flipboard.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
Welcome to Flipboard on Mastodon. A place for our community of curators and enthusiasts to inform and inspire each other.
If you'd like to join please request an invitation via the sign-up page.
Administered by:
Server stats:
1.2Kactive users
flipboard.social: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.7
#malware
123 posts · 69 participants · 0 posts today
OTX Bot<p>Sophisticated backdoor mimicking secure networking software updates</p><p>A sophisticated backdoor targeting Russian organizations in government, finance, and industrial sectors has been discovered. The malware masquerades as updates for ViPNet, a secure networking software suite. It is distributed via LZH archives containing legitimate and malicious files. The backdoor exploits a path substitution technique to execute a malicious loader, which then decrypts and loads a versatile payload capable of connecting to a C2 server, stealing files, and launching additional malicious components. The complexity of this attack highlights the need for multi-layered security measures to protect against advanced persistent threats.</p><p>Pulse ID: 6807bc7e44edbbe6afa50132<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/6807bc7e44edbbe6afa50132" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/6807b</span><span class="invisible">c7e44edbbe6afa50132</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-04-22 15:57:50</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/BackDoor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BackDoor</span></a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/Government" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Government</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Malware</span></a> <a href="https://social.raytec.co/tags/Mimic" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Mimic</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/Russia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Russia</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AlienVault</span></a></p>
OTX Bot<p>Infostealer Malware FormBook Spread via Phishing Campaign – Part I</p><p>A phishing campaign delivering a malicious Word document exploiting CVE-2017-11882 was observed spreading a new FormBook variant. The campaign tricks recipients into opening an attached document, which extracts a 64-bit DLL file and exploits the vulnerability to execute it. The DLL acts as a downloader and installer for FormBook, establishing persistence and downloading an encrypted payload disguised as a PNG file. The payload is decrypted and injected into a legitimate process using process hollowing techniques. This fileless variant of FormBook aims to evade detection by keeping the malware entirely in memory. The analysis covers the initial phishing email, exploitation process, payload download and decryption, and the sophisticated injection techniques used to deploy FormBook.</p><p>Pulse ID: 6807bc8539bf1b2aa4d2ff28<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/6807bc8539bf1b2aa4d2ff28" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/6807b</span><span class="invisible">c8539bf1b2aa4d2ff28</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-04-22 15:57:57</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/Email" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Email</span></a> <a href="https://social.raytec.co/tags/FormBook" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FormBook</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/InfoStealer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoStealer</span></a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Malware</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Phishing</span></a> <a href="https://social.raytec.co/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Vulnerability</span></a> <a href="https://social.raytec.co/tags/Word" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Word</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AlienVault</span></a></p>
OTX Bot<p>DOGE Binary Loader Indicators of Compromise</p><p>This intelligence document provides a list of Indicators of Compromise (IoCs) associated with the DOGE Binary Loader. It includes several malicious URLs hosted on the domain 'hilarious-trifle-d9182e.netlify.app' along with their corresponding SHA-256 hashes. The listed files include PowerShell scripts ('lootsubmit.ps1' and 'trackerjacker.ps1'), a PNG image ('qrcode.png'), and an executable ('ktool.exe'). These IoCs are crucial for identifying and mitigating potential infections related to the DOGE Binary Loader malware campaign.</p><p>Pulse ID: 6807c697bf4aed9f93dbef55<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/6807c697bf4aed9f93dbef55" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/6807c</span><span class="invisible">697bf4aed9f93dbef55</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-04-22 16:40:55</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Malware</span></a> <a href="https://social.raytec.co/tags/NET" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NET</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/PowerShell" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PowerShell</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AlienVault</span></a></p>
OTX Bot<p>APT Group Profiles - Larva-24005</p><p>A new operation named Larva-24005, linked to the Kimsuky group, has been discovered by ASEC. The threat actors exploited RDP vulnerabilities to infiltrate systems, installing MySpy malware and RDPWrap for continuous remote access. They also deployed keyloggers to record user inputs. The group has been targeting South Korea's software, energy, and financial industries since October 2023, with attacks extending to multiple countries worldwide. Their methods include exploiting the BlueKeep vulnerability (CVE-2019-0708) and using phishing emails. The attackers employ various tools such as RDP scanners, droppers, and keyloggers in their multi-stage attack process.</p><p>Pulse ID: 6807c698b42f069fc7334d48<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/6807c698b42f069fc7334d48" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/6807c</span><span class="invisible">698b42f069fc7334d48</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-04-22 16:40:56</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/ASEC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ASEC</span></a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/Email" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Email</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/KeyLogger" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>KeyLogger</span></a> <a href="https://social.raytec.co/tags/Kimsuky" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Kimsuky</span></a> <a href="https://social.raytec.co/tags/Korea" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Korea</span></a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Malware</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Phishing</span></a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RAT</span></a> <a href="https://social.raytec.co/tags/RDP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RDP</span></a> <a href="https://social.raytec.co/tags/SouthKorea" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SouthKorea</span></a> <a href="https://social.raytec.co/tags/UK" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>UK</span></a> <a href="https://social.raytec.co/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Vulnerability</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AlienVault</span></a></p>
OTX Bot<p>Sophisticated backdoor mimicking secure networking software updates</p><p>A sophisticated backdoor targeting Russian organizations in government, finance, and industry sectors was discovered masquerading as updates for ViPNet secure networking software. The malware, distributed in LZH archives, exploits a path substitution technique to execute a malicious loader that deploys a versatile backdoor. This backdoor can connect to a C2 server, steal files, and launch additional malicious components. The attack highlights the increasing complexity of APT group tactics and emphasizes the need for multi-layered security defenses to protect against such sophisticated threats.</p><p>Pulse ID: 6807d9bd776ee82a5a8a7112<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/6807d9bd776ee82a5a8a7112" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/6807d</span><span class="invisible">9bd776ee82a5a8a7112</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-04-22 18:02:37</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/BackDoor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BackDoor</span></a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/Government" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Government</span></a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ICS</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Malware</span></a> <a href="https://social.raytec.co/tags/Mimic" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Mimic</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/Russia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Russia</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AlienVault</span></a></p>
OTX Bot<p>Case of Attacks Targeting MS-SQL Servers to Install Ammyy Admin</p><p>A series of attacks targeting poorly managed MS-SQL servers have been identified, involving the installation of Ammyy Admin, a remote control tool. The attackers exploit vulnerable servers, execute commands to gather system information, and use WGet to install additional malware. The installed malware includes Ammyy Admin (mscorsvw.exe), its settings file (settings3.bin), and PetitPotato (p.ax). The attackers utilize an old version of Ammyy Admin (v3.10) and employ known exploitation methods to gain remote control. They also use PetitPotato for privilege escalation, adding new users and activating RDP services. To prevent such attacks, administrators are advised to use strong passwords, update software regularly, and implement security measures like firewalls.</p><p>Pulse ID: 6807c69906b162a197133ee9<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/6807c69906b162a197133ee9" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/6807c</span><span class="invisible">69906b162a197133ee9</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-04-22 16:40:57</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/MSSQL" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MSSQL</span></a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Malware</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/Password" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Password</span></a> <a href="https://social.raytec.co/tags/Passwords" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Passwords</span></a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RAT</span></a> <a href="https://social.raytec.co/tags/RDP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RDP</span></a> <a href="https://social.raytec.co/tags/SQL" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SQL</span></a> <a href="https://social.raytec.co/tags/Word" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Word</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AlienVault</span></a></p>
heise online English<p>IT security researchers warn of new attack technique using the clipboard</p><p>IT security researchers at Proofpoint have discovered a new attack method in which attackers use social engineering and the clipboard.</p><p><a href="https://www.heise.de/en/news/IT-security-researchers-warn-of-new-attack-technique-using-the-clipboard-9769010.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">heise.de/en/news/IT-security-r</span><span class="invisible">esearchers-warn-of-new-attack-technique-using-the-clipboard-9769010.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon</span></a></p><p><a href="https://social.heise.de/tags/IT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IT</span></a> <a href="https://social.heise.de/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Malware</span></a> <a href="https://social.heise.de/tags/PowerShell" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PowerShell</span></a> <a href="https://social.heise.de/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a> <a href="https://social.heise.de/tags/news" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>news</span></a></p>
Hackread.com<p>NEW🚨 A fake version of the <a href="https://mstdn.social/tags/AlpineQuest" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AlpineQuest</span></a> mapping app was used to spy on Russian military Android devices. The spyware steals contacts, location data & files.</p><p>Details: <a href="https://hackread.com/fake-alpine-quest-mapping-app-spying-russian-military/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">hackread.com/fake-alpine-quest</span><span class="invisible">-mapping-app-spying-russian-military/</span></a></p><p><a href="https://mstdn.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://mstdn.social/tags/Android" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Android</span></a> <a href="https://mstdn.social/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Malware</span></a> <a href="https://mstdn.social/tags/Russia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Russia</span></a></p>
The DefendOps Diaries<p>Imagine joining a seemingly normal Zoom call—only to have your crypto assets compromised. "Elusive Comet" hackers are impersonating trusted voices and exploiting default settings to break into digital wallets. How secure is your next meeting?</p><p><a href="https://thedefendopsdiaries.com/the-elusive-comet-cyber-threat-a-deep-dive-into-cryptocurrency-attacks/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">thedefendopsdiaries.com/the-el</span><span class="invisible">usive-comet-cyber-threat-a-deep-dive-into-cryptocurrency-attacks/</span></a></p><p><a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a><br><a href="https://infosec.exchange/tags/cryptocurrency" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cryptocurrency</span></a><br><a href="https://infosec.exchange/tags/socialengineering" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>socialengineering</span></a><br><a href="https://infosec.exchange/tags/zoomsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>zoomsecurity</span></a><br><a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malware</span></a></p>
OTX Bot<p>Infostealer Malware Formbook is Distributed Through Phishing Campaign</p><p>Pulse ID: 6807dae6ec2dcadcfb55d2b9<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/6807dae6ec2dcadcfb55d2b9" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/6807d</span><span class="invisible">ae6ec2dcadcfb55d2b9</span></a> <br>Pulse Author: cryptocti<br>Created: 2025-04-22 18:07:34</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/FormBook" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FormBook</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/InfoStealer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoStealer</span></a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Malware</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Phishing</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/cryptocti" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cryptocti</span></a></p>
AAKL<p>Huntress: Say Hello to Mac Malware: A Tradecraft Tuesday Recap <a href="https://www.huntress.com/blog/say-hello-to-mac-malware-a-tradecraft-tuesday-recap" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">huntress.com/blog/say-hello-to</span><span class="invisible">-mac-malware-a-tradecraft-tuesday-recap</span></a> <span class="h-card" translate="no"><a href="https://infosec.exchange/@huntress" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>huntress</span></a></span> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Infosec</span></a> <a href="https://infosec.exchange/tags/Apple" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Apple</span></a> <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malware</span></a> <a href="https://infosec.exchange/tags/Mac" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Mac</span></a></p>
AAKL<p>Fortinet: Infostealer Malware FormBook Spread via Phishing Campaign – Part I <a href="https://www.fortinet.com/blog/threat-research/infostealer-malware-formbook-spread-via-phishing-campaign-part-i" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">fortinet.com/blog/threat-resea</span><span class="invisible">rch/infostealer-malware-formbook-spread-via-phishing-campaign-part-i</span></a> <span class="h-card" translate="no"><a href="https://infosec.exchange/@fortinet" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>fortinet</span></a></span> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Infosec</span></a> <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malware</span></a> <a href="https://infosec.exchange/tags/phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>phishing</span></a></p>
Snagburz<p>An attachment infecting your computer? Avoid running it. Following is how to do it and a site recommendation:<br><a href="https://phpandmore.net/2025/04/22/avoid-that-malware-and-a-site-recommendation/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">phpandmore.net/2025/04/22/avoi</span><span class="invisible">d-that-malware-and-a-site-recommendation/</span></a></p><p><a href="https://techhub.social/tags/blog" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>blog</span></a> <a href="https://techhub.social/tags/podcast" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>podcast</span></a> <a href="https://techhub.social/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malware</span></a> <a href="https://techhub.social/tags/viruses" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>viruses</span></a> <a href="https://techhub.social/tags/worms" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>worms</span></a></p>
Pyrzout :vm:<p>Russian organizations targeted by backdoor masquerading as secure networking software updates – Source: securelist.com <a href="https://ciso2ciso.com/russian-organizations-targeted-by-backdoor-masquerading-as-secure-networking-software-updates-source-securelist-com/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">ciso2ciso.com/russian-organiza</span><span class="invisible">tions-targeted-by-backdoor-masquerading-as-secure-networking-software-updates-source-securelist-com/</span></a> <a href="https://social.skynetcloud.site/tags/rssfeedpostgeneratorecho" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>rssfeedpostgeneratorecho</span></a> <a href="https://social.skynetcloud.site/tags/APT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>APT</span></a>(Targetedattacks) <a href="https://social.skynetcloud.site/tags/CyberSecurityNews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurityNews</span></a> <a href="https://social.skynetcloud.site/tags/Targetedattacks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Targetedattacks</span></a> <a href="https://social.skynetcloud.site/tags/securelistcom" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>securelistcom</span></a> <a href="https://social.skynetcloud.site/tags/Incidents" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Incidents</span></a> <a href="https://social.skynetcloud.site/tags/backdoor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>backdoor</span></a> <a href="https://social.skynetcloud.site/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Malware</span></a> <a href="https://social.skynetcloud.site/tags/Trojan" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Trojan</span></a></p>
Pyrzout :vm:<p>Lumma Stealer Exploits Fake CAPTCHA Pages to Harvest Sensitive Data <a href="https://cybersecuritynews.com/lumma-stealer-exploits-fake-captcha-pages/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">cybersecuritynews.com/lumma-st</span><span class="invisible">ealer-exploits-fake-captcha-pages/</span></a> <a href="https://social.skynetcloud.site/tags/CyberAttackArticle" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberAttackArticle</span></a> <a href="https://social.skynetcloud.site/tags/CyberSecurityNews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurityNews</span></a> <a href="https://social.skynetcloud.site/tags/cybersecuritynews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecuritynews</span></a> <a href="https://social.skynetcloud.site/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.skynetcloud.site/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://social.skynetcloud.site/tags/vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vulnerability</span></a> <a href="https://social.skynetcloud.site/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Malware</span></a></p>
Pyrzout :vm:<p>Hackers Leverage Windows MS Utility Tool to Inject Malicious DLL Payload <a href="https://cybersecuritynews.com/windows-ms-utility-tool/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">cybersecuritynews.com/windows-</span><span class="invisible">ms-utility-tool/</span></a> <a href="https://social.skynetcloud.site/tags/CyberSecurityNews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurityNews</span></a> <a href="https://social.skynetcloud.site/tags/cybersecuritynews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecuritynews</span></a> <a href="https://social.skynetcloud.site/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.skynetcloud.site/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://social.skynetcloud.site/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Microsoft</span></a> <a href="https://social.skynetcloud.site/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malware</span></a></p>
Pyrzout :vm:<p>Latest Lumma InfoStealer Variant Found Using Code Flow Obfuscation <a href="https://gbhackers.com/latest-lumma-infostealer-variant-found-using-code/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">gbhackers.com/latest-lumma-inf</span><span class="invisible">ostealer-variant-found-using-code/</span></a> <a href="https://social.skynetcloud.site/tags/CyberSecurityNews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurityNews</span></a> <a href="https://social.skynetcloud.site/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://social.skynetcloud.site/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Malware</span></a></p>
N-gated Hacker News<p>🚨 Who would've guessed the geniuses 🤓 behind securing the universe with their all-in-one, super-duper software package couldn't protect their own backyard from a crypto-thieving gremlin? 🚫🔐 I mean, what's a little key-stealing <a href="https://mastodon.social/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malware</span></a> between friends, right? 😂 <a href="https://mastodon.social/tags/OopsWeDidItAgain" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OopsWeDidItAgain</span></a><br><a href="https://www.aikido.dev/blog/xrp-supplychain-attack-official-npm-package-infected-with-crypto-stealing-backdoor" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">aikido.dev/blog/xrp-supplychai</span><span class="invisible">n-attack-official-npm-package-infected-with-crypto-stealing-backdoor</span></a> <a href="https://mastodon.social/tags/crypto" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>crypto</span></a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://mastodon.social/tags/hackers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hackers</span></a> <a href="https://mastodon.social/tags/technews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>technews</span></a> <a href="https://mastodon.social/tags/humor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>humor</span></a> <a href="https://mastodon.social/tags/HackerNews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HackerNews</span></a> <a href="https://mastodon.social/tags/ngated" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ngated</span></a></p>
Hacker News<p>Offical XRP NPM package has been compromised and key stealing malware introduced</p><p><a href="https://www.aikido.dev/blog/xrp-supplychain-attack-official-npm-package-infected-with-crypto-stealing-backdoor" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">aikido.dev/blog/xrp-supplychai</span><span class="invisible">n-attack-official-npm-package-infected-with-crypto-stealing-backdoor</span></a></p><p><a href="https://mastodon.social/tags/HackerNews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HackerNews</span></a> <a href="https://mastodon.social/tags/XRP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>XRP</span></a> <a href="https://mastodon.social/tags/NPM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NPM</span></a> <a href="https://mastodon.social/tags/package" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>package</span></a> <a href="https://mastodon.social/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malware</span></a> <a href="https://mastodon.social/tags/crypto" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>crypto</span></a> <a href="https://mastodon.social/tags/theft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>theft</span></a> <a href="https://mastodon.social/tags/supplychain" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>supplychain</span></a> <a href="https://mastodon.social/tags/attack" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>attack</span></a> <a href="https://mastodon.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a></p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload