AANew.
Proofpoint Security brief: VenomRAT is defanged https://www.proofpoint.com/us/blog/threat-insight/security-brief-venomrat-defanged #infosec #threatresearch #ransomware
New.
Group-IB: Uncovering a Multi-Stage Phishing Kit Targeting Italy's Infrastructure https://www.group-ib.com/blog/uncover-phishing-italy/ #infosec #phishing #ransomware #threatresearch
New.
Cisco: Unleashing the Kraken ransomware group https://blog.talosintelligence.com/ @TalosSecurity #infosec #threatresearch #ransomware
Bitdefender Threat Debrief | November 2025 https://www.bitdefender.com/en-us/blog/businessinsights/bitdefender-threat-debrief-november-2025 #infosec #threatresearch
Bitdefender Threat Debrief | November 2025
The ALPHV Insiders: Cyber Defenders Who Cast a Shadow on Enterprise Security This edition of the Bitdefender Threat Debrief includes coverage on the indictment of ALPHV affiliates, Qilin’s exponential growth, Sinobi’s return to our Top 10, and more.
Zimperium: Are Your Employees Putting Your Enterprise at Risk This Holiday Season? https://zimperium.com/blog/are-your-employees-putting-your-enterprise-at-risk-this-holiday-season
From yesterday:
NGate: NFC Relay Malware Enabling ATM Withdrawals Without Physical Cards https://zimperium.com/blog/ngate-nfc-relay-malware-enabling-atm-withdrawals-without-physical-cards @zimperium
Via Betanews: Mobile threats increase ahead of holiday shopping season https://betanews.com/2025/11/13/mobile-threats-increase-ahead-of-holiday-shopping-season/ @betanews @iandbarker #infosec #phishing #threatresearch #malware #Android #smishing @kirwed
New.
WatchTower: Is It CitrixBleed4? Well, No. Is It Good? Also, No. (Citrix NetScaler Memory Leak & RXSS CVE-2025-12101) https://labs.watchtowr.com/is-it-citrixbleed4-well-no-is-it-good-also-no-citrix-netscalers-memory-leak-rxss-cve-2025-12101/ #infoec #threatresearch
Is It CitrixBleed4? Well, No. Is It Good? Also, No. (Citrix NetScaler Memory Leak & RXSS CVE-2025-12101)
There’s an elegance to vulnerability research that feels almost poetic - the quiet dance between chaos and control. It’s the art of peeling back the layers of complexity, not to destroy but to understand; to trace the fragile threads that hold systems together and see where they might
New.
Picus: DEV-1084 and MERCURY: Inside Iran’s DarkBit Ransomware Operations https://www.picussecurity.com/resource/dev-1084-and-mercury-inside-irans-darkbit-ransomware-operations #infosec #threatresearch #ransomware
Andrew 🌻 Brandt 🐇Pull a thread, unravel a sweater.
Today's #ThreatResearch blog is about uncovering a massive #phishing operation after stumbling across a single URL.
Since February, the operators of this campaign have registered more than 4300 domain names and have used it to target people with fake hotel reservation "confirmation" messages.
A short 🧵
https://www.netcraft.com/blog/thousands-of-domains-target-hotel-guests-in-massive-phishing-campaign
New.
Picus: MalKamak APT’s ShellClient RAT: Inside Operation GhostShell https://www.picussecurity.com/resource/blog/malkamak-apts-shellclient-rat-inside-operation-ghostshell
GreenCharlie APT: Iran’s PowerShell-Based Cyber Espionage Campaigns https://www.picussecurity.com/resource/blog/greencharlie-apt-irans-powershell-based-cyber-espionage-campaigns #threatresearch #infosec #Windows11 #espionage #malware #PowerShell
New.
"One of their most novel tactics involved a watering hole attack on a compromised Kuwaiti government website, where they injected a hidden HTML image tag pointing to an actor-controlled server. This was designed to passively harvest NTLM hashes from visitors by tricking their browsers into an authentication attempt."
Picus: xHunt APT: Cyber-Espionage Operations Targeting Kuwait and Exchange Servers https://www.picussecurity.com/resource/blog/xhunt-apt-cyber-espionage-operations-targeting-kuwait-and-exchange-servers #espionage #infosec #threatresearch
