Virus Bulletin

@[email protected]
2.6K Followers
57 Following
2.6K Posts
Security information portal, testing and certification body.
Organisers of the annual Virus Bulletin conference.
Virus Bulletin19m ago
Splunk Threat Research team is tracking a new malware campaign with a specific loader that’s currently pushing two very different threats at once: Gh0st RAT & CloverPlus adware - giving the attackers long-term control of systems while they make quick profits. https://www.splunk.com/en_us/blog/security/detecting-ghost-rat-cloverplus-adware-loader-analysis.html
Virus Bulletin24m ago
DomainTools assesses with high-confidence that personas 'Homeland Justice', 'Karma' & 'Handala' constitute a coordinated, MOIS-aligned cyber influence ecosystem operating under multiple branded identities that serve distinct but complementary operational roles. https://dti.domaintools.com/research/mois-linked-moist-grasshopper-homeland-justice-karmabelow80-handala-hackers-campaigns-and-evolution
Virus Bulletin28m ago
Validin Efstratios Lontzetidis & Christos Fotopoulos look into a UNC1069 campaign targeting individuals by luring them into fraudulent meetings hosted by fake companies. The malware used appears to be updated variants of Cabbage RAT. https://www.validin.com/blog/i_cant_hear_you_unc1069/
Virus Bulletin30m ago
Huntress Security Operations Center has seen an uptick in incidents involving compromised Bomgar remote monitoring & management (RMM) instances. In some cases threat actors have used the compromised Bomgar instances to deploy the LockBit ransomware. https://www.huntress.com/blog/uptick-bomgar-exploitation
Virus Bulletin3d ago

VB2026 is heading to Seville ✨

Join us in Seville 14-16 October 2026 at Barceló Sevilla Renacimiento.

Travel and venue information will be shared soon, so stay tuned for updates ✈️

#VB2026 #VirusBulletin #Cybersecurity #Seville

Virus Bulletin5d ago

Did you know? 💡

The VB2026 venue, the Barceló Sevilla Renacimiento, places attendees right next to Isla Mágica, one of Seville’s most distinctive attractions 🎢

A great escape for the brave or adrenaline lovers after a busy day of conference sessions and networking!

VB2026 | Seville | 14–16 October 2026 🇪🇸

See you there!

Virus Bulletin6d ago
Stefan Dasic at Malwarebytes uncovers a fake Claude site that serves a trojanised installer while still delivering a working copy of the app. Behind the scenes, the ZIP contains a PlugX malware that gives attackers remote access to the victim system. https://www.malwarebytes.com/blog/scams/2026/04/fake-claude-site-installs-malware-that-gives-attackers-access-to-your-computer
Virus Bulletin6d ago
Nir Avraham at Jamf Threat Labs reveals Predator spyware’s previously unreported iOS kernel exploitation engine, showing how it achieves the deep access. The analysed chain targets iOS versions before 17 and devices through the A16 generation. https://www.jamf.com/blog/predator-spyware-ios-kernel-exploitation-engine/
Virus Bulletin6d ago
Genians Security Center uncovers an APT37 campaign that used social networking as an initial access vector. Two Facebook accounts set to North Korea-linked locations were used to screen targets, build trust, and move conversations to Messenger. https://www.genians.co.kr/en/blog/threat_intelligence/pretexting
Virus BulletinApr 10
Stefan Dasic at Malwarebytes uncovers a fake Windows support website that tricks users into downloading a large MSI file posing as a legitimate update. Behind the scenes, the chain uses Electron, VBS, and a renamed Python process to deliver a credential-stealing payload. https://www.malwarebytes.com/blog/scams/2026/04/this-fake-windows-support-website-delivers-password-stealing-malware