Mastodawn

SentinelOne's Jim Walter analyses Katz Stealer. This infostealer, marketed and operated as Malware-as-a-Service (MaaS), was launched in early 2025 and garnered attention within the infostealer landscape. https://www.sentinelone.com/blog/katz-stealer-powerful-maas-on-the-prowl-for-credentials-and-crypto-assets/

Virus Bulletin 1d ago

Trustwave reseachers share key insights from the analysis of a KAWA4096 sample to uncover how this ransomware operates. This new threat features a leak site that follows the style of the Akira ransomware group & a ransom note format similar to that of Qilin. https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/kawa4096s-ransomware-tide-rising-threat-with-borrowed-styles/

Virus Bulletin 1d ago

JPCERT/CC's 増渕維摩 (Yuma Masubuchi) looks into malware identified in attacks exploiting Ivanti Connect Secure vulnerabilities CVE-2025-0282 and CVE-2025-22457 from December 2024 to the present. https://blogs.jpcert.or.jp/en/2025/07/ivanti_cs.html

Virus Bulletin 1d ago

Jamf Threat Labs researcher Thijs Xhaflaire shares technical insights on a macOS Odyssey Stealer. This variant exhibits many of the same characteristics as detailed in Moonlock’s recent Atomic Stealer research. https://www.jamf.com/blog/signed-and-stealing-uncovering-new-insights-on-odyssey-infostealer/

Virus Bulletin 2d ago

Sophistication or missed opportunity?

Join Justin Lentz (Solis Security) and Nicole Fishbein (Intezer) at VB2025 in Berlin as they unpack an unusual case of long-term zero-day exploitation.

📅 Sept 26 | 11:00–11:30 | Green Room

Find out more about this talk 👉https://tinyurl.com/mudadsjb

Virus Bulletin 2d ago

Morphisec's Michael Gorelik looks into a new version of the Matanbuchus loader. The updated version introduces advanced techniques such as new communication protocols, in-memory stealth, enhanced obfuscation, support for WQL queries, CMD & PowerShell reverse shells. https://www.morphisec.com/blog/ransomware-threat-matanbuchus-3-0-maas-levels-up/

Virus Bulletin 2d ago

The Seqrite Labs APT-Team has identified and tracked a cluster of espionage-oriented operations conducting campaigns across multiple Asian jurisdictions including China, Hong Kong & Pakistan. This threat entity usually deploys CV-themed decoy documents. https://www.seqrite.com/blog/ung0002-espionage-campaigns-south-asia/

Virus Bulletin 2d ago

Proofpoint Threat Research identified multiple China-aligned threat actors specifically targeting Taiwanese organizations within the semiconductor industry. In all cases, the motive was most likely espionage. https://www.proofpoint.com/us/blog/threat-insight/phish-china-aligned-espionage-actors-ramp-up-taiwan-semiconductor-targeting

Virus Bulletin 2d ago

abuse.ch

3d ago

We are incredibly proud to have assisted Europol 🇪🇺 in a global operation against the notorious pro-Russian #hacktivist group #NoName057(16) 🥳

Over the years, NoName057(16) has carried out thousands of #DDoS attacks against websites of western organisations and national critical infrastructure 🏛️ , aiming to spread pro-Russian ideology 🇷🇺 and stir up distrust and uncertainty in the western hemisphere 🌎 😵‍💫

https://www.europol.europa.eu/media-press/newsroom/news/global-operation-targets-noname05716-pro-russian-cybercrime-network

Global operation targets NoName057(16) pro-Russian cybercrime network – The offenders targeted Ukraine and supporting countries, including many EU Member States | Europol

The offenders targeted Ukraine and supporting countries, including many EU Member States. Between 14 and 17 July, a joint international operation, known as Eastwood and coordinated by Europol, targeted the pro-Russian cybercrime network NoName057(16). The actions led to the shutdown of several hundred servers worldwide, while the group's central server infrastructure was taken offline.

Europol