Mastodawn

Palo Alto Networks Unit 42 researchers uncovered a campaign by an initial access broker to exploit leaked Machine Keys (cryptographic keys used on ASP.NET sites) to gain access to targeted organizations & sell that access on to other threat actors. https://unit42.paloaltonetworks.com/initial-access-broker-exploits-leaked-machine-keys/

Virus Bulletin 20m ago

Trellix researchers discovered a DoNot APT (aka APT-C-35, Mint Tempest, Origami Elephant, SECTOR02 & Viceroy Tiger) campaign targeting a European foreign affairs ministry. The attackers lured their targets to click on a malicious Google Drive link. https://www.trellix.com/blogs/research/from-click-to-compromise-unveiling-the-sophisticated-attack-of-donot-apt-group-on-southern-european-government-entities/

Virus Bulletin 23m ago

Morphisec’s threat research team has uncovered the revival of Pay2Key, an Iranian-backed ransomware-as-a-service operation. Researcher Ilia Kulmin presents a technical analysis and OSINT findings, exposing Pay2Key.I2P’s operations and its ties to Mimic. https://www.morphisec.com/blog/pay2key-resurgence-iranian-cyber-warfare/

Pay2Key’s Resurgence: Iranian Cyber Warfare Targets the West

Pay2Key's recent resurgence is driven by Iranian cyber warfare and targeting western countries. Read the full technical analysis and details.

Morphisec

Virus Bulletin 31m ago

ANY.RUN 19h ago

👾 #Ducex is a packer used by #Triada trojan. It stands out due to:
🔹 Native code
🔹 Encrypted functions & strings
🔹 Self-debugging
🔹 Signature checks
🔹 Frida & Xposed detection

👨‍💻 Read our technical analysis to see how it works: https://any.run/cybersecurity-blog/ducex-packer-analysis/?utm_source=mastodon&utm_medium=post&utm_campaign=ducex_analysis&utm_term=080725&utm_content=linktoblog

Technical Analysis of Ducex: Packer of Triada Android Malware

Read a technical analysis of the Ducex packer used by Android malware like Triada for obfuscation and analysis evasion.

ANY.RUN's Cybersecurity Blog

Virus Bulletin 31m ago

Sekoia.io 1d ago

A few weeks ago, we published our global analysis of Adversary-in-the-Middle #phishing threats, providing actionable intelligence on multiple #AitM phishing kits.

This report includes 11 sheets covering the most widespread #AitM phishing kits as of Q1 2025.

Virus Bulletin 23h ago

G DATA Security Lab researchers Sean Cartagena, Josemaria Grana & Andrew Go discovered and examined a resurgence of malware deploying XMRig cryptominer in mid-April this year, after a two-year hiatus. https://www.gdatasoftware.com/blog/2025/07/38228-monero-malware-xmrig-resurgence

Virus Bulletin 23h ago

FortiGuard Labs recently uncovered an active delivery site that hosts a weaponized HTA script and silently drops the infostealer “NordDragonScan” into victims’ environments. https://www.fortinet.com/blog/threat-research/norddragonscan-quiet-data-harvester-on-windows

Virus Bulletin 23h ago

Cybereason's Hema Loganathan & Cristian Carrillo Mendez look into a malicious WordPress website with ClickFix delivering malicious versions of the legitimate NetSupport Manager Remote Access Tool (RAT). https://www.cybereason.com/blog/net-support-rat-wordpress-clickfix

Virus Bulletin 23h ago

S2W TALON's Huiseong Yang analyses AiLock. This ransomware group was first discovered in March 2025, and like other RaaS groups, it negotiates with victim organizations through a negotiation site and threatens to release stolen data through a leak site. https://medium.com/s2wblog/detailed-analysis-of-ailock-ransomware-1d3263beff15

Virus Bulletin 1d ago

ESET researchers analyse a cyberespionage campaign conducted by BladedFeline, an Iran-aligned APT group with likely ties to OilRig. They found two reverse tunnels, a variety of supplementary tools, a new backdoor (Whisper) & a malicious IIS module (PrimeCache). https://www.welivesecurity.com/en/eset-research/bladedfeline-whispering-dark/