da_6675h ago

For the #IFIN newcomers, I wanted to drop a mega-thread on a bunch of blog posts and resources I've written in the past few years focused on #ThreatResearch, #VulnerabilityResearch , #DetectionEngineering , getting people comfortable with #Snort and #Suricata, and #Homelab and just dump them into one place, with the promise to update them, if you all want it. Go have a look here:

https://discourse.ifin.network/t/nsm-and-virtual-labbing-mega-thread/319

NSM and Virtual Labbing Mega-Thread

NSM and Virtual Labbing Mega-Thread In talking to some of the seniors in charge around here, I asked about sharing some old blog posts I did for my job over at the Emerging Threats Discourse , and while technically much of what I wrote does have to do with threat intelligence, it isn’t about a particular threat, more than it is about learning how to do various things related to threat research, detection engineering, NSM stuff, and homelabbing. So ultimately, this is what I wanted to do: Use...

IFIN
AA1d ago

about the Bitwarden breach ...

Sophos: Supply chain attacks hit Checkmarx and Bitwarden developer tools https://www.sophos.com/en-us/blog/supply-chain-attacks-hit-checkmarx-and-bitwarden-developer-tools @SophosXOps #infosec @databreach #BitWarden #threatresearch

Supply chain attacks hit Checkmarx and Bitwarden developer tools

Supply chain attacks hit Checkmarx and Bitwarden developer tools

SOPHOS
AA1d ago

New.

Kaspersky: PhantomRPC: A new privilege escalation technique in Windows RPC https://securelist.com/phantomrpc-rpc-vulnerability/119428/ @Kaspersky #infosec #threatresearch #Windows #Microsoft #vulnerability

PhantomRPC: A new privilege escalation technique in Windows RPC

Kaspersky researcher discovered a vulnerability in RPC architecture that enables an attacker to create a fake RPC server and escalate their privileges.

Kaspersky
AA1d ago

If you missed this yesterday:

SentinelOne: fast16 | Mystery ShadowBrokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet https://www.sentinelone.com/labs/fast16-mystery-shadowbrokers-reference-reveals-high-precision-software-sabotage-5-years-before-stuxnet/ #threatresearch

More:

Security Week: Pre-Stuxnet Sabotage Malware ‘Fast16’ Linked to US-Iran Cyber Tensions https://www.securityweek.com/pre-stuxnet-sabotage-malware-fast16-linked-to-us-iran-cyber-tensions/ @SecurityWeek #infosec #malware

fast16 | Mystery ShadowBrokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet

A previously unknown 2005 cyber sabotage framework patches high-precision calculation software in memory to silently corrupt results.

SentinelOne
AA2d ago

New.

ESET: GopherWhisper: A burrow full of malware https://www.welivesecurity.com/en/eset-research/gopherwhisper-burrow-full-malware/ @ESETresearch #infosec #threatresearch #malware #Discord #Microsoft #Slack

GopherWhisper: A burrow full of malware

ESET Research has discovered a new China-aligned APT group that we’ve named GopherWhisper, which targets Mongolian governmental institutions.

AA3d ago

New.

Huntress: Codex Red: Untangling a Linux Incident With an OpenAI Twist (Part 2) https://www.huntress.com/blog/codex-part-two

Here's the first part: https://www.huntress.com/blog/codex-part-one @huntress #Linux #OpenAI #infosec #threatresearch

Untangling a Linux Incident With an OpenAI Twist (Part 2) | Huntress

A developer used OpenAI’s Codex to handle suspicious activity, leading to unexpected outcomes found by Huntress SOC analysts during an investigation.

Huntress
AA3d ago

New.

Group-IB: Anatomy of a Fraud Operation: Mule Account Creation on B2B Fintech Platforms in France https://www.group-ib.com/blog/french-fintech-mule-accounts/ #infosec #threatresearch

AA3d ago

New.

Socket: Malicious Checkmarx Artifacts Found in Official KICS Docker Repository and Code Extensions https://socket.dev/blog/checkmarx-supply-chain-compromise @SocketSecurity #infosec #threatresearch

Malicious Checkmarx Artifacts Found in Official KICS Docker Repository and Code Extensions

Docker and Socket have uncovered malicious Checkmarx KICS images and suspicious code extension releases in a broader supply chain compromise.

Socket
AA4d ago

New.

"No payment instructions or extortion mechanisms were found in the sample, which indicates it was not created for financial gain."

"This wiper is extremely targeted, has no financial motivation, and aims to erase all the device’s files and data."

Kaspersky: Lotus Wiper: a new threat targeting the energy and utilities sector https://securelist.com/tr/lotus-wiper/119472/ @Kaspersky #infosec #threatresearch #malware

Lotus Wiper: a new threat targeting the energy and utilities sector

Kaspersky researchers analyze the attack chain of a highly destructive Lotus Wiper that can be linked to a targeted attack on the energy and utilities sector.

Securelist
AA5d ago

New.

Check Point: DFIR Report – The Gentlemen & SystemBC: A Sneak Peek Behind the Proxy https://research.checkpoint.com/2026/dfir-report-the-gentlemen/ #infosec #ransomware #threatresearch

DFIR Report – The Gentlemen & SystemBC: A Sneak Peek Behind the Proxy - Check Point Research

Key Points The Gentlemen RaaS The Gentlemen ransomware‑as‑a‑service (RaaS) operation is a relatively new group that emerged around mid‑2025. The operators advertise their services across multiple underground forums, promoting their ransomware platform and inviting penetration testers (and other technically skilled actors) to join as affiliates. The RaaS provides affiliates with multi‑OS lockers for Windows, Linux, […]

Check Point Research