Frederik#Rapid7 published some analysis of #malware likely dropped through the Notepad++ issue.
One of the loaders used by the malware is built with #Microsoft Warbird, a kernel-level code protection framework used by Windows. @cirosec blogged about how this framework could be abused a while back and also published a PoC on GitHub.
I'm one of the authors of that research. We included some thoughts on detection in the article but if there's any further questions about the technique or anything, ask away :)
KrebsOnSecurity RSSPatch Tuesday, January 2026 Edition
https://krebsonsecurity.com/2026/01/patch-tuesday-january-2026-edition/
#MicrosoftPatchTuesdayJanuary2026 #DesktopWindowManager #MicrosoftOffice #LatestWarnings #TheComingStorm #CVE-2023-31096 #CVE-2026-20805 #CVE-2026-20952 #CVE-2026-20953 #CVE-2026-21265 #CVE-2026-0628 #CVE-2026-0891 #CVE-2026-0892 #TimetoPatch #AdamBarnett #ChrisGoettl #Immersive #KevBreen #Ivanti #Rapid7
RedPacket SecurityCVE Alert: CVE-2025-6264 - Rapid7 - Velociraptor - https://www.redpacketsecurity.com/cve-alert-cve-2025-6264-rapid7-velociraptor/
#OSINT #ThreatIntel #CyberSecurity #cve-2025-6264 #rapid7 #velociraptor
TechNadu🚨 Crimson Collective hackers exploit AWS IAM keys to steal data, modify RDS passwords, and exfiltrate S3 snapshots.
The same group claims the Red Hat breach (570GB data theft) — partnering with Scattered Lapsus$ Hunters to raise extortion stakes.
🧩 Tool used: TruffleHog
🧠 TTPs: Long-term IAM compromise → privilege escalation → API-based exfiltration
💬 What detection logic would you apply to flag these IAM anomalies?
Follow @technadu for continuous threat intelligence and AWS security insights.
#AWS #InfoSec #CyberSecurity #CrimsonCollective #CloudSecurity #ThreatIntel #RedHat #Rapid7 #DataBreach #CyberThreats #TechNadu #AWSBreach
Habr«Швейцарский нож» хакера: как появился и устарел (?) Metasploit Framework
В прошлой статье мы рассказывали о HD Moore — хакере, который подарил миру фреймворк, навсегда изменивший практику пентестов. Теперь на очереди сам Metasploit: в прошлом — настоящий «швейцарский нож» пентестера, ныне — скорее вспомогательный инструмент с отдельными рабочими лезвиями. Чем был Metasploit для индустрии в нулевые, что представляет из себя сейчас, и почему пентестеры продолжают использовать его даже спустя двадцать лет? Разбираем историю эволюции легендарного фреймворка, которому в этом июле исполняется 22 года.
https://habr.com/ru/companies/bastion/articles/930906/
#metasploit_framework #история_Metasploit #инструменты_пентестера #пентест #redteam #rapid7 #hd_moore #джеймс_мур #история_ибиндустрии #как_появился_Metasploit
ITSEC NewsMicrosoft Fix Targets Attacks on SharePoint Zero-Day - On Sunday, July 20, Microsoft Corp. issued an emergency security update for a vuln... https://krebsonsecurity.com/2025/07/microsoft-fix-targets-attacks-on-sharepoint-zero-day/ #cybersecurity&infrastructuresecurityagency #sharepointserver #latestwarnings #thecomingstorm #cve-2025-49704 #cve-2025-49706 #cve-2025-53770 #cve-2025-53771 #microsoftcorp. #timetopatch #eyesecurity #rapid7 #cisa
Patch Tuesday, June 2025 Edition - Microsoft today released security updates to fix at least 67 vulnerabilities in it... https://krebsonsecurity.com/2025/06/patch-tuesday-june-2025-edition/ #windowsservermessageblock #sansinternetstormcenter #patchtuesdayjune2025 #experiencemanager #cve-2025-33053 #cve-2025-33073 #mozillafirefox #securitytools #acrobatreader #badsuccessor #googlechrome #timetopatch #adambarnett #alexvovk #sethhoyt #action1 #automox #akamai #rapid7 #webdav
Patch Tuesday, June 2025 Edition
https://krebsonsecurity.com/2025/06/patch-tuesday-june-2025-edition/
#WindowsServerMessageBlock #sansinternetstormcenter #PatchTuesdayJune2025 #ExperienceManager #CVE-2025-33053 #CVE-2025-33073 #mozillafirefox #SecurityTools #AcrobatReader #BadSuccessor #GoogleChrome #TimetoPatch #AdamBarnett #AlexVovk #SethHoyt #Action1 #Automox #Akamai #Rapid7 #WebDAV
Benjamin Carr, Ph.D. 👨🏻💻🧬World's first #CPU-level #ransomware can "bypass every freaking traditional technology we have out there" — new #firmware-based attacks could usher in new era of unavoidable ransomware
Beek, #Rapid7's senior director of threat analytics, revealed AMD Zen chip bug gave him idea that highly skilled attacker could in theory "allow those intruders to load unapproved #microcode into the processors, breaking encryption at the hardware level and modifying CPU behavior at will."
https://www.tomshardware.com/pc-components/cpus/worlds-first-cpu-level-ransomware-can-bypass-every-freaking-traditional-technology-we-have-out-there-new-firmware-based-attacks-could-usher-in-new-era-of-unavoidable-ransomware
Beek, #Rapid7's senior director of threat analytics, revealed AMD Zen chip bug gave him idea that highly skilled attacker could in theory "allow those intruders to load unapproved #microcode into the processors, breaking encryption at the hardware level and modifying CPU behavior at will."
https://www.tomshardware.com/pc-components/cpus/worlds-first-cpu-level-ransomware-can-bypass-every-freaking-traditional-technology-we-have-out-there-new-firmware-based-attacks-could-usher-in-new-era-of-unavoidable-ransomware
Patch Tuesday, May 2025 Edition
https://krebsonsecurity.com/2025/05/patch-tuesday-may-2025-edition/
#MicrosoftPatchTuesdayMay2025 #WindowsCommonLogFileSystem #LatestWarnings #TheComingStorm #CVE-2025-30397 #CVE-2025-30400 #CVE-2025-32701 #CVE-2025-32706 #CVE-2025-32709 #ImmersiveLabs #TimetoPatch #AdamBarnett #KevBreen #Rapid7