Access All Threat Research
Search Post related with “Threat Research”
*Total Collection : 3811 Threat Research (auto update every day)
Last 100 Threat Research
- Illuminating the Dark Angels Ransomware Group
- MisterioLNK: The Open-Source Framework for Malicious Loaders
- “Bridging the Gap: GoldenJackal Enhances Government Safeguards”
- Distribution of SectopRAT (ArechClient2) Disguised as Notion Installer
- “Extensive Google Ads Campaign Targets Utility Software”
- Mamba 2FA: Emerging Player in the AiTM Phishing Landscape
- “Awaken Likho: Unveiling New Techniques of an APT Group”
- PhantomLoader Now Distributes SSLoad: A Technical Analysis
- AWS Launches Improvements for Key Quarantine Policy
- perfctl: A Covert Malware Threat Affecting Millions of Linux Servers
- Understanding Ransomware Groups: A Deep Dive into CyberVolk Ransomware | Rapid7 Blog
- Revealing New Campaigns Through Daily Tunneling Detection
- CUCKOO SPEAR Part 2: Arsenal of Threat Actors
- Scam Detection and Incident Management
- Analysis of ‘BlueShark’ Threat Tactics by Kimsuky Group
- Demystifying CyberVolk Ransomware Groups
- VILSA STEALER: A CYFIRMA Analysis
- Bulbature: Exploring the Depths of GobRAT’s Waters
- “New MedusaLocker Variant Linked to Ongoing Threat Actor Since 2022”
- From Call to Compromise: Responding to a Vishing-Induced Network Attack
- “SHROUDED#SLEEP: Analyzing North Korea’s Campaign in Southeast Asia”
- “Bee vs. Panda: CeranaKeeper’s Strategic Move into Thailand”
- Detecting and Mitigating Remote Code Execution Exploits in CUPS
- Is All That JavaScript Just for… Spear Phishing?
- “Meow, Meow Leaks: Navigating the Turmoil of Ransomware Attribution”
- From Partnership to Betrayal: The Zoom Phishing Risk
- Threat Overview: Insights into Akira Ransomware | Qualys Security Blog
- FIN7 Operates Honeypot Domains Featuring Malicious AI DeepNude Generators – Insights from New Silent Push Research
- An In-Depth Analysis of the NetSupport RAT Campaign through DNS Insights
- “Revolutionizing Threat Hunting: Machine Learning as the Key to Uncovering Hidden Threats”
- Bulbature: Exploring the Depths of GobRAT
- Security Brief: Royal Mail Attracts Open Source Prince Ransomware
- Stonefly: Ongoing Extortion Attacks Targeting U.S. Entities
- September Email Malware Campaign
- Efficient Detection of Vulnerability Scanning Traffic from Underground Tools via Machine Learning
- “Key Group: A New Ransomware Collective Leveraging Leaked Builders”
- “Stealthy Breach: Uncovering the Advanced Attack Using VS Code for Unauthorized Access”
- MDR in Action: Stopping the More_Eggs Backdoor from Emerging
- Analysis of Data Exfiltration Attacks: Strategies and Prevention in Manufacturing Sector Breaches – ReliaQuest
- “Over 300,000 Attacks! GorillaBot Emerges as the Dominant Force in DDoS Threats – NSFOCUS, Inc. Safeguards Enterprises and Carriers from Advanced Cyber Threats.”
- Netskope Threat Labs Reveals XWorm’s Covert Tactics
- “Exploring Vulnerable Drivers and Risk Mitigation Strategies”
- Hadooken and K4Spreader: The 8220 Gang’s Newest Weapons
- Nitrogen Campaign Concludes with BlackCat Ransomware After Targeting Sliver
- “Decoding Event Logs: Detecting Human-Operated Ransomware via Windows Event Logs – Insights from JPCERT/CC”
- DragonForce Ransomware Group
- Monitoring the DNS Footprint of Polyfill Supply Chain Attackers
- “Wallet Scam: Analyzing Crypto Drainer Tactics”
- OSINT Analysis: Tracking Malicious Infrastructure Associated with Transparent Tribe – CYFIRMA
- Gamaredon’s Cyberespionage Tactics: Analyzing the Toolset Used for Surveillance on Ukraine in 2022 and 2023
- “Exploring Linux Malware, Crypto Mining, and Gambling API Exploits: A Study by Elastic Security Labs”
- “DCRat Exploits HTML Smuggling to Target Users”
- WalletConnect Scam: Analyzing Crypto Drainer Tactics
- Thread Hijacking: Exploiting Trusted Conversations for Network Infiltration
- “Nexe Backdoor Unleashed: Patchwork APT Group’s Advanced Evasion Tactics”
- “Mail Transfer Exploitation: How Threat Actors Use Third-Party Infrastructure for Spam”
- Exploring the Tools of Sparkling Pisces: KLogEXE and FPSpy
- New Vidar campaign active via PEC: use C2 on Steam and Telegram profiles
- LummaC2: Hiding Code with Indirect Control Flow
- Storm-0501: Ransomware Threats Evolving in Hybrid Cloud Settings | Microsoft Security Blog
- Exploring SloppyLemming’s Operations Throughout South Asia
- SilentSelfie: Exposing a Major Campaign Targeting Kurdish Websites
- Intercepting Malware-Stolen Data on Telegram and Discord
- “10 Years of DLL Hijacking: Strategies to Prevent Future Attacks”
- “Uncovering Connections: From 12 to 21 in the Twelve and BlackJack Groups”
- Exploring Rilide
- TikTok Links Exploited to Compromise Microsoft Accounts
- HTML Smuggling: Exploiting Blob URLs for Phishing Attacks
- Analyzing the Infrastructure and Tactics of the Sniper Dz Phishing-as-a-Service Platform
- Security Brief: Cyber Actor Targets Transport and Logistics Firms with Malware via Compromised Accounts and Tailored Social Engineering
- “Exploiting Azure Automation Account Packages and Runtime Environments”
- Exploring SnipBot: The Newest RomCom Malware Variant
- Threat Actors Exploit Docker Swarm and Kubernetes for Large-Scale Cryptocurrency Mining | Datadog Security Labs
- Silent Push Monitors Russia-Linked Cryptocurrency Threat Actor Engaged in Political Deception
- Staying Ahead: Reducing the Threat of DPRK IT Workers
- “Necro Trojan’s Repeated Infiltration of Google Play”
- “Undetected Android Spyware Targeting Individuals in South Korea”
- Kryptina RaaS: Transforming Unsellable Cast-Offs into Enterprise Ransomware Solutions
- Indicators of Akira Ransomware | Huntress
- Reviving Internet Explorer: Threat Actors Exploit Zero-Day Vulnerabilities in Shortcut Files to Target Victims (CVE-2024-38112)
- “How Ransomhub Ransomware Disables EDR and Antivirus Protections with EDRKillShifter”
- Poseidon Stealer Leverages Sora AI to Target macOS Users
- -=TWELVE=- Returns!
- Go Injector: A Pathway to Stealers
- Attack on MS-SQL Servers Exploiting GotoHTTP
- Emulating Medusa Ransomware for Enhanced Security Analysis
- “UNC1860 and Iran’s Role in Middle Eastern Networks”
- Huntress: ReadText34 Ransomware Incident Analysis
- WebDAV-as-a-Service: Exploring the Infrastructure of Emmenhtal Loader Distribution
- Critical Zero-Click Vulnerability (CVE-2024-20017) in MediaTek Wi-Fi Chipsets Poses Threat to Routers and Smartphones
- “Earth Baxia Targets APAC with Spear-Phishing and GeoServer Exploits”
- WhoisXML API Research Investigates IDNs, Native Language Characters, and Homograph Attacks
- Exploring Splinter: An Introduction to a New Post-Exploitation Red Team Tool
- Supershell Malware Targeting Linux SSH Servers
- Lumma Stealer spread through fake security vulnerability notification on its GitHub project.
- Pisces Campaign Unleashes PondRAT Backdoors for Linux and MacOS via Poisoned Python Packages
- The Growing Dangers of LLMjacking: Evolving Tactics and Evading Sanctions
- Essential Insights on Black Basta Ransomware | Qualys Security Blog
- Revealing the Threat: Lumma Stealer Malware Takes Advantage of Fake CAPTCHA Pages | CloudSEK
- FortiClient EMS Exploited: Analyzing the Attack Chain and Post-Exploitation Tactics
Reference for Threat Research
This Threat Research category section will FILTER and FETCH the POST (related with Analysis Report only) from the following sites:
- asec.ahnlab.com
- any.run/cybersecurity-blog/
- attackiq.com
- bitdefender.com/blog/labs/
- cadosecurity.com/blog/
- cisa.gov/news-events/cybersecurity-advisories/
- crowdstrike.com/blog/
- cybereason.com/blog/category/research/
- darktrace.com/blog/
- fortinet.com/blog/threat-research/
- harfanglab.io/en/insidethelab/
- malwarebytes.com/blog/threat-intelligence/
- mandiant.com/resources/blog/
- mcafee.com/blogs/other-blogs/mcafee-labs/
- proofpoint.com/us/blog
- securelist.com/tag/malware-descriptions/
- securityintelligence.com/category/x-force/threat-intelligence/
- blog.talosintelligence.com
- trendmicro.com/en_us/research/
- unit42.paloaltonetworks.com
- nextron-systems.com/blog/
- team-cymru.com/blog/categories/threat-research/
- zscaler.com/blogs/
- blog.sonicwall.com
- labs.k7computing.com/
- recordedfuture.com/blog
- blog.sekoia.io/category/research-threat-intelligence/
- embee-research.ghost.io
- netspi.com/blog/technical/
- huntress.com/blog
For the sites below, automatic FETCH cannot be performed
(i need to monitor it manual, will be delay 5-7 days)
Bellow are other reference, but for some reason i’m not fetching it automatically
(i need to review the article manually, will be delay 3-5 days)
- cleafy.com/labs (update 1-2 months)
- guidepointsecurity.com/blog/ > category: threat advisory
- research.openanalysis.net
- blog.phylum.io/tag/research/
- shadowstackre.com/analysis/
- mssplab.github.io
- farghlymal.github.io
- asec.ahnlab.com/ko/
- blog.bushidotoken.net
- kroll.com/en/insights/publications/cyber
- Sentinelone.com
- blog.lumen.com