AANew.
Any.Run: Kamasers Analysis: A Multi-Vector DDoS Botnet Targeting Organizations Worldwide https://any.run/cybersecurity-blog/kamasers-technical-analysis/ @anyrun_app #malware #infosec #threatresearch #DDoS
New.
Recorded Future: ClickFix Campaigns Targeting Windows and macOS https://www.recordedfuture.com/research/clickfix-campaigns-targeting-windows-and-macos #infosec #Windows #macOS #Apple #Microsoft #threatresearch
ClickFix Campaigns Targeting Windows and macOS
Insikt Group reveals five ClickFix social engineering clusters (QuickBooks, Booking.com, Birdeye) targeting Windows and macOS. Learn how threat actors exploit native system tools with malicious, obfuscated commands to gain initial access, and get key mitigations for defense
New.
Securonix: Analyzing FAUX#ELEVATE: Threat Actors Target France with CV Lures to Deploy Crypto miners and Infostealers Targeting Enterprise Environments https://www.securonix.com/blog/faux-elevate-threat-actors-crypto-miners-and-infostealers/
Sekoia: Silver Fox: The Only Tax Audit Where the Fine Print Installs Malware https://blog.sekoia.io/silver-fox-the-only-tax-audit-where-the-fine-print-installs-malware/ @sekoia_io
From yesterday:
Sophos: NICKEL ALLEY strategy: Fake it ‘til you make it https://www.sophos.com/en-us/blog/nickel-alley-strategy-fake-it-til-you-make-it @SophosXOps
Wiz: KICS GitHub Action Compromised: TeamPCP Strikes Again in Supply Chain Attack https://www.wiz.io/blog/teampcp-attack-kics-github-action @wiz #GitHub #infosec #threatresearch #malware #Trivy
Analyzing FAUX#ELEVATE: Threat Actors Target France with CV Lures to Deploy Crypto miners and Infostealers Targeting Enterprise Environments
Securonix Threat Research: FAUX#ELEVATE is a fast-moving phishing campaign using fake resumes and obfuscated VBScript to steal credentials, exfiltrate data, and deploy crypto miners in enterprise environments.
From yesterday.
Socket: Trivy Supply Chain Attack Expands to Compromised Docker Images https://socket.dev/blog/trivy-docker-images-compromised @SocketSecurity #infosec #threatresearch #Docker #cyberattack
Posted yesterday, if you missed it:
WatchTower: A 32-Year-Old Bug Walks Into A Telnet Server (GNU inetutils Telnetd CVE-2026-32746 Pre-Auth RCE) https://labs.watchtowr.com/a-32-year-old-bug-walks-into-a-telnet-server-gnu-inetutils-telnetd-cve-2026-32746/ #infosec #threatresearch
A 32-Year-Old Bug Walks Into A Telnet Server (GNU inetutils Telnetd CVE-2026-32746)
A long, long time ago, in a land free of binary exploit mitigations, when Unix still roamed the Earth, there lived a pre-authentication Telnetd vulnerability. In fact, this vulnerability was born so long ago (way back in 1994) that it may even be older than you. To put the timespan
Sophos, from yesterday: Android devices ship with firmware-level malware https://www.sophos.com/en-us/blog/android-devices-ship-with-firmware-level-malware @SophosXOps #infosec #threatresearch #Android #malware #Google
New.
Socket: Trivy Under Attack Again: Widespread GitHub Actions Tag Compromise Exposes CI/CD Secrets https://socket.dev/blog/trivy-under-attack-again-github-actions-compromise @SocketSecurity #infoec #threatresearch #GitHub
New.
Unit42: Analyzing the Current State of AI Use in Malware https://unit42.paloaltonetworks.com/ai-use-in-malware/ @unit42_intel #infosec #malware #threatresearch
New.
Huntress: From W-2 to BYOVD: How a Tax Search Leads to Kernel-Mode AV/EDR Kill https://www.huntress.com/blog/w2-malvertising-to-kernel-mode-edr-kill @huntress #infosec #threatresearch
ESET: EDR killers explained: Beyond the drivers https://www.welivesecurity.com/en/eset-research/edr-killers-explained-beyond-the-drivers/ @ESETresearch $infosec #threatresearch
