Yazoul - Cybersecurity Alerts🧠 Formbook Daily Report
⬇️ Trend: declining (24%)
📊 14 new samples
🌐 55 C2 servers
Full analysis, IOCs, and hashes:
https://www.yazoul.net/malware/formbook/reports/2026-04-03
BSidesLuxembourgAnother talk announcement!
🟣🤖 𝗚𝗢𝗢𝗗𝗕𝗬𝗘 𝗣𝗨𝗥𝗣𝗟𝗘 𝗧𝗘𝗔𝗠, 𝗛𝗘𝗟𝗟𝗢 𝗣𝗨𝗥𝗣𝗟𝗘 𝗕𝗢𝗧𝗦 - 𝗣𝗔𝗧𝗥𝗜𝗖𝗞 𝗠𝗞𝗛𝗔𝗘𝗟 & 𝗥𝗔𝗟𝗣𝗛 𝗘𝗟 𝗞𝗛𝗢𝗨𝗥𝗬 🛡️⚔️
What if purple teaming could run itself? 🚀 This talk reveals an AI driven framework that simulates real world attacks, uncovers detection gaps, and continuously strengthens your defenses with zero manual effort. It's more than automation. It is a smart, self evolving security cycle where offense and defense work together in real time to stay ahead of threats.
Patrick Mkhael https://pretalx.com/bsidesluxembourg-2026/speaker/WHMGFD/ is an Offensive Security R&D lead with a strong blue team foundation, now focused on red teaming, cloud pentesting, and building tools for adversary emulation and automated security testing.
Ralph El Khoury https://pretalx.com/bsidesluxembourg-2026/speaker/X9QCJN/ is a red teamer and CVE hunter with a passion for breaking AD and web apps. Teaches kids to question everything, starting with default credentials.
📅 Conference dates: 6–8 May 2026 | 09:00–18:00
📍 14, Porte de France, Esch-sur-Alzette, Luxembourg
🎟️ Tickets: https://2026.bsides.lu/tickets/
📅 Schedule Link: https://pretalx.com/bsidesluxembourg-2026/schedule/
#BSidesLuxembourg2026 #CyberSecurity #PurpleTeam #RedTeam #BlueTeam #AI
Offensive Sequence🛑 CRITICAL: CVE-2026-32213 impacts Azure AI Foundry. Improper authorization lets remote attackers fully compromise systems — no auth needed! Restrict access, enhance monitoring, & prep IR now. https://radar.offseq.com/threat/cve-2026-32213-cwe-285-improper-authorization-in-m-b7cd2d00 #OffSeq #Azure #Cloud #Vuln #BlueTeam
RDP Snitch2026-04-02 RDP #Honeypot IOCs - 768 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
106.51.23.167 - 417
143.198.111.35 - 147
122.165.249.151 - 48
Top ASNs:
AS24309 - 417
AS14061 - 165
AS24560 - 48
Top Accounts:
hello - 633
Administr - 27
142.93.8.59 - 27
Top ISPs:
Atria Convergence Technologies Pvt. Ltd. - 417
DigitalOcean, LLC - 165
BHARTI - 48
Top Clients:
Unknown - 768
Top Software:
Unknown - 768
Top Keyboards:
Unknown - 768
Top IP Classification:
Unknown - 549
hosting & proxy - 147
hosting - 72
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key
2026-04-02 RDP #Honeypot IOCs - 512 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
106.51.23.167 - 278
143.198.111.35 - 98
122.165.249.151 - 32
Top ASNs:
AS24309 - 278
AS14061 - 110
AS24560 - 32
Top Accounts:
hello - 422
Administr - 18
142.93.8.59 - 18
Top ISPs:
Atria Convergence Technologies Pvt. Ltd. - 278
DigitalOcean, LLC - 110
BHARTI - 32
Top Clients:
Unknown - 512
Top Software:
Unknown - 512
Top Keyboards:
Unknown - 512
Top IP Classification:
Unknown - 366
hosting & proxy - 98
hosting - 48
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key
2026-04-02 RDP #Honeypot IOCs - 256 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
106.51.23.167 - 139
143.198.111.35 - 49
122.165.249.151 - 16
Top ASNs:
AS24309 - 139
AS14061 - 55
AS24560 - 16
Top Accounts:
hello - 211
Administr - 9
142.93.8.59 - 9
Top ISPs:
Atria Convergence Technologies Pvt. Ltd. - 139
DigitalOcean, LLC - 55
BHARTI - 16
Top Clients:
Unknown - 256
Top Software:
Unknown - 256
Top Keyboards:
Unknown - 256
Top IP Classification:
Unknown - 183
hosting & proxy - 49
hosting - 24
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key
🧠 Agent Tesla Daily Report
➡️ Trend: stable (0%)
📊 22 new samples
🌐 0 C2 servers
Full analysis, IOCs, and hashes:
https://www.yazoul.net/malware/agent-tesla/reports/2026-04-02
2026-04-01 RDP #Honeypot IOCs - 7749 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
181.30.37.197 - 6552
143.198.111.35 - 843
122.165.249.151 - 174
Top ASNs:
AS7303 - 6552
AS14061 - 846
AS24560 - 174
Top Accounts:
NCRACK_USER - 6552
hello - 1047
Administr - 33
Top ISPs:
Telecom Argentina S.A - 6552
DigitalOcean, LLC - 846
BHARTI - 174
Top Clients:
Unknown - 7749
Top Software:
Unknown - 7749
Top Keyboards:
Unknown - 7749
Top IP Classification:
Unknown - 6813
hosting & proxy - 846
hosting - 87
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key
2026-04-01 RDP #Honeypot IOCs - 5166 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
181.30.37.197 - 4368
143.198.111.35 - 562
122.165.249.151 - 116
Top ASNs:
AS7303 - 4368
AS14061 - 564
AS24560 - 116
Top Accounts:
NCRACK_USER - 4368
hello - 698
Administr - 22
Top ISPs:
Telecom Argentina S.A - 4368
DigitalOcean, LLC - 564
BHARTI - 116
Top Clients:
Unknown - 5166
Top Software:
Unknown - 5166
Top Keyboards:
Unknown - 5166
Top IP Classification:
Unknown - 4542
hosting & proxy - 564
hosting - 58
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key
2026-04-01 RDP #Honeypot IOCs - 2583 scans
Thread with top 3 features in each category and links to the full dataset
#DFIR #InfoSec
Top IPs:
181.30.37.197 - 2184
143.198.111.35 - 281
122.165.249.151 - 58
Top ASNs:
AS7303 - 2184
AS14061 - 282
AS24560 - 58
Top Accounts:
NCRACK_USER - 2184
hello - 349
Administr - 11
Top ISPs:
Telecom Argentina S.A - 2184
DigitalOcean, LLC - 282
BHARTI - 58
Top Clients:
Unknown - 2583
Top Software:
Unknown - 2583
Top Keyboards:
Unknown - 2583
Top IP Classification:
Unknown - 2271
hosting & proxy - 282
hosting - 29
Pastebin links with full 24-hr RDP Honeypot IOC Lists:
Bad API request, invalid api_dev_key