[T1027.009 ] Obfuscated Files or Information: Embedded Payloads – Adversaries hide malicious modules inside otherwise benign files to evade detection, enabling stealthy execution and persistence. Protect systems by monitoring file changes, validating signatures, and inspecting uncommon file overlays. #EmbeddedPayloads #DefenseEvasion
Tag: MACOS
[T1027.008 ] Obfuscated Files or Information: Stripped Payloads – Adversaries remove human-readable symbols and strings from binaries and scripts to hinder analysis and evade detection. Stripped payloads reduce useful metadata and make automated scanning and manual reverse engineering harder. #StrippedBinaries #DefenseEvasion
[T1027.006 ] Obfuscated Files or Information: HTML Smuggling – HTML Smuggling hides malicious payloads inside seemingly benign HTML/JavaScript so files are reconstructed client-side and bypass content filters. Monitor for unusual use of Blobs, Data URLs, and download attributes to reduce risk. #HTMLSmuggling #DefenseEvasion
[T1027.005 ] Obfuscated Files or Information: Indicator Removal from Tools – Adversaries alter or strip identifiable indicators from their tools after detection to evade future defenses and continue operations undetected. This tactic reduces signature-based detections and increases the chances of successful reinfection or lateral movement. #ObfuscatedFiles #DefenseEvasion
[T1027.004 ] Obfuscated Files or Information: Compile After Delivery – Adversaries deliver source code or non-native binaries that must be compiled or assembled on the victim to evade detection and analysis. Watch for unexpected compiler use, cross-platform toolchains, and file creation patterns that indicate in-place compilation. #ObfuscatedFiles #CompileAfterDelivery
[T1027.003 ] Obfuscated Files or Information: Steganography – Steganography hides data inside innocuous media like images, audio, or video to evade detection and exfiltrate information. Adversaries embed commands, credentials, or encrypted payloads in files and transmit them to C2, making discovery harder than with overt malware. #Steganography #Detection
[T1027.002 ] Obfuscated Files or Information: Software Packing – Software packing compresses or encrypts executables to hide their original code and evade signature-based detection. Attackers use packers or custom VM-based protections to unpack or interpret code at runtime, often in memory, complicating static analysis and detection. #SoftwarePacking #DefenseEvasion
Lazarus leveraged a ClickFix social-engineering lure in fake recruitment interviews to trick victims into running a malicious “Nvidia” update that installs BeaverTail and the Python trojan InvisibleFerret across Windows and macOS. The campaign uses bat/vbs/shell installers, Node.js deployment, a Win11-specific backdoor drvUpdate.exe (C2 103.231.75.101:8888), and C2 servers such as 45.159.248.110 to exfiltrate data. #BeaverTail #InvisibleFerret
![Cybersecurity News | Daily Recap [30 Aug 2025]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [30 Aug 2025]")
Cybersecurity threats are increasingly driven by AI misuse, sophisticated phishing operations, and disrupted ransomware activities, highlighting evolving attack techniques and law enforcement efforts. Key incidents include AI-powered cybercrime using Claude and Salesloft, targeted supply-chain phishing, and the fragmentation of ransomware gangs like Chaos, alongside high-profile breaches and nation-state activities involving APT29 and Salt Typhoon. #ClaudeAI #SalesloftTheft #APT29 #SaltTyphoon
WhatsApp has fixed a critical security vulnerability (CVE-2025-55177) that could have allowed attackers to process malicious content without user interaction. This flaw, potentially linked with a separate Apple zero-day, has been exploited in targeted attacks against specific individuals, including civil society members. #WhatsAppSecurity #ZeroClickAttacks…
WhatsApp has fixed a serious security vulnerability in its iOS and macOS clients that was exploited in targeted zero-day attacks involving advanced spyware. This patch addresses a zero-click flaw (CVE-2025-55177) that, when combined with an Apple OS vulnerability (CVE-2025-43300), could have allowed attackers to compromise users’ devices. #ZeroDay #Spyware
Google has fixed a critical use-after-free vulnerability in Chrome’s ANGLE graphics library, discovered by Google’s AI-powered detection tool, Big Sleep. The update enhances security across Windows, macOS, and Linux, and users are urged to update their browsers promptly. #CVE2025-9478 #BigSleep…
Malicious versions of the Nx build system were published to npm on August 26, 2025 after a GitHub Actions workflow injection allowed an attacker to steal an npm publish token and push packages that harvest credentials and exfiltrate them to public GitHub repositories. The malware abused local AI CLI tools (Claude, Gemini, Q) to enumerate files and steal tokens, SSH keys, and wallet data, then created attacker-controlled repos prefixed with s1ngularity-repository to store triple-base64βd exfiltrated payloads and also appended “sudo shutdown -h 0” to shell RC files to lock out developers. #Nx #s1ngularity-repository
Over 300,000 Plex Media Server instances remain vulnerable to a critical remote exploit CVE-2025-34158, despite a recent security patch. Many users have not yet upgraded, leaving their systems at risk of data breaches, corruption, or server crashes. #CVE2025-34158 #PlexMediaServer…
Threat researchers have identified PromptLock, an AI-powered ransomware that uses Lua scripts generated via OpenAIβs gpt-oss:20b model to target multiple operating systems. Although currently a proof-of-concept, it demonstrates how AI can be weaponized for cybercriminal activities, leveraging cross-platform capabilities and evasion techniques. #PromptLock #AI ransomware