Virus Bulletin

@VirusBulletin@infosec.exchange
2.5K Followers
57 Following
1.9K Posts
Security information portal, testing and certification body.
Organisers of the annual Virus Bulletin conference.
Virus Bulletin12h ago
Fortinet's Xiaopeng Zhang and John Simmons provide a detailed examination of a Havoc variant involved in a long-term cyber intrusion targeting critical national infrastructure in the Middle East. https://www.fortinet.com/blog/threat-research/dissecting-a-malicious-havoc-sample
Virus Bulletin12h ago
Recorded Future researchers analyse a new version of DRAT in a TAG-140 (overlaps with SideCopy) campaign targeting Indian government organizations. DRAT V2 updates its custom TCP-based, server-initiated C2 protocol & expands functional capabilities. https://www.recordedfuture.com/research/drat-v2-updated-drat-emerges-tag-140s-arsenal
Virus Bulletin12h ago
Check Point Research look into an ongoing spear-phishing campaign targeting Israeli journalists, high-profile cybersecurity experts, and computer science professors from leading Israeli universities. https://research.checkpoint.com/2025/iranian-educated-manticore-targets-leading-tech-academics/
Virus Bulletin1d ago

A little taste of what’s coming up at VB2025 🎬

We can’t wait to see so many of you in Berlin this September.

If you haven’t registered yet, now’s the time: Early Bird ends this week 🎟️

Secure your place now 👉https://tinyurl.com/4ujjvf7v

#vb2025 #cybersecurity #berlin

Virus Bulletin1d ago
Zscaler ThreatLabz researchers recently uncovered AI-themed websites designed to spread malware like Vidar, Lumma & Legion Loader. Threat actors are using Black Hat SEO to poison search engine rankings for AI keywords to spread malware. https://www.zscaler.com/blogs/security-research/black-hat-seo-poisoning-search-engine-results-ai-distribute-malware
Virus Bulletin1d ago
Trellix researchers Nico Paulo Yturriaga & Pham Duy Phuc uncovered an APT malware campaign that targets the energy, oil and gas sector through phishing attacks and the exploitation of Microsoft ClickOnce. https://www.trellix.com/blogs/research/oneclik-a-clickonce-based-apt-campaign-targeting-energy-oil-and-gas-infrastructure/
Virus Bulletin1d ago
IBM X-Force researchers Golo Mühr & Joshua Chung discovered China-aligned threat actor Hive0154 spreading Pubload malware, featuring lure documents and filenames targeting the Tibetan community. https://www.ibm.com/think/x-force/hive0154-mustang-panda-shifts-focus-tibetan-community-deploy-pubload-backdoor
Virus Bulletin1d ago
G Data's Lance Go & Karsten Hahn show how threat actors abuse ConnectWise to build and distribute their own signed malware, and look at what security vendors can do to detect them. https://www.gdatasoftware.com/blog/2025/06/38218-connectwise-abuse-malware
Virus Bulletin1d ago
Stephan Berger2d ago

A teammate of mine worked on an interesting incident where the attackers connected to the backup server via RDP, launched the Chrome browser, and searched on Google for "VirtualBox".

The VirtualBox installer was then downloaded to the home directory of the compromised user:
C:\Users\<user>\Downloads\VirtualBox-7.1.6-167084-Win.exe

This file is a Windows installation package that the attacker used to set up a VirtualBox environment, allowing them to create an operating system without endpoint protection. The newly created virtual machine had the hostname "WIN-D1V1F70QJLC".

The attacker then logged into this newly created virtual machine to carry out further tasks without logging, antivirus, or EDR monitoring.

Virus Bulletin3d ago
Palo Alto Networks Unit 42 researchers identified a wave of Prometei Linux attacks. This malware family, which includes both Linux and Windows variants, allows attackers to remotely control compromised systems for cryptocurrency mining and credential theft. https://unit42.paloaltonetworks.com/prometei-botnet-2025-activity/
×
Catalin Cimpanu3d ago

-CoinMarketCap hacked via animated logo
-White House rejects NSA & CyberCom nomination
-FCC probes US Cyber Trust Mark program
-Cyberattack disrupts Russian animal processing industry
-Iran hacks Albania's capital Tirana
-Breach at insurance company Aflac
-Oxford, UK breach
-Tonga hit by another cyberattack
-Salt Typhoon hacks Canadian telco
-BitoPro hack linked to North Korea
-Judge overturns HHS privacy rule

Podcast: https://risky.biz/RBNEWS441/
Newsletter: https://news.risky.biz/risky-bulletin-coinmarketcap-hacked-via-a-doodle-image/

Show threadCatalin Cimpanu3d ago
-Paraguay data leaked after government declined ransom
-Israel tells citizens to turn off security cameras
-UK Cyber Growth Action Plan
-Austria to monitor secure messengers
-EU spyware debate falls flat in Parliament
-Twitter sues New York over transparency laws... because of course it did
-Google trained AI on YouTube vids without permission
-Microsoft removes legacy drivers from Windows Update
-Evil twin hacker pleads guilty
-DHS warns of Iranian cyberattacks after bombing run
Show threadCatalin Cimpanu3d ago
-119 groups involved in Israel-Iran "cyber war"
-Prometei Linux variant resurgence
-New Amatera Stealer
-New Matryoshka campaign plays as a telenovela
-Matryoshka goes after Armenia now
-The Confucius APT's Anondoor backdoor
-FreeType zero-day linked to Paragon attacks
-RCE in Pterodactyl gaming server panels
-IBM Storage Protect backup servers have a hardcoded admin account 🤦‍♂️
-MyASUS stores API creds inside DLL files 🤦‍♂️
-New tools—ctail, Golem, SGCC, Paragon, VMwhere, linWinPwn