Search Post related with “Threat Research”
*Total Collection : [post_counts slug=”threat-research”] Threat Research (auto update every day)
Last 100 Threat Research
- Infostealer malware linked to Lazarus Group campaigns
- Resolving a Mutual TLS session resumption vulnerability
- Blackfield – HTB
- GreenSpot APT Targets NetEase 163.com Users with Fake Download Pages and Spoofed Domains
- Abyss Locker Ransomware: Attack Flow & Defense Strategies | Sygnia
- Dark Web Profile: Tortoiseshell APT
- LLMjacking targets DeepSeek
- Chinese-Speaking Group Manipulates SEO with BadIIS
- FinStealer
- Using capa Rules for Android Malware Detection
- Kimsuky Masquerading as Invoice Malware – Invoice (2024,10,02)
- From Chatbots to Cyberattacks: How AI is Helping Hackers Stay One Step Ahead
- Exposed! How a Single API Flaw Put Millions of Medical Records at Risk 🚨
- Malicious ML models discovered on Hugging Face platform
- Google Cloud Platform Data Destruction via Cloud Build
- Lynx Ransomware: Exposing How INC Ransomware Rebrands Itself
- APT QUARTERLY HIGHLIGHTS : Q4 2024
- University site cloned to evade ad detection distributes fake Cisco installer
- Lazarus Group Targets Organizations with Sophisticated LinkedIn Recruiting Scam
- AsyncRAT Reloaded: Using Python and TryCloudflare for Malware Delivery Again
- Scalable Vector Graphics files pose a novel phishing threat
- ALPHV Ransomware: Analyzing the BlackCat After Change Healthcare Attack
- Firefox 135, New Translation Languages and Security Updates
- The MOONSHINE Exploit Kit and the DarkNimbus Backdoor in the DNS Spotlight
- Take my money: OCR crypto stealers in Google Play and App Store
- Hudson Rock’s Cybercrime and Threat Intelligence Researcher, Leonid Rozenberg, Shares Insights About Infostealers and Security
- Persistent Threats from the Kimsuky Group Using RDP Wrapper
- GetSmoked: UAC-0006 Returns With SmokeLoader Targeting Ukraine’s Largest State-Owned Bank
- Zyxel Telnet Vulnerabilities – Blog – VulnCheck
- Latrodectus Malware Analysis – Decoding Obfuscated Malware By Removing Junk Comments
- Analyzing ELF/Sshdinjector.A!tr with a Human and Artificial Analyst
- Go Supply Chain Attack: Malicious Package Exploits Go Module Proxy Caching for Persistence
- Detection engineering at scale: one step closer (part two)
- Stealers on the Rise: A Closer Look at a Growing macOS Threat
- CVE-2023-6080: A Case Study on Third-Party Installer Abuse
- CVE-2025-0411: Ukrainian Organizations Targeted in Zero-Day Campaign and Homoglyph Attacks
- XE Group: From Credit Card Skimming to Exploiting Zero-Days
- CyberDefenders Write-up: 3CX Supply Chain
- Kimsuky Insurance Impersonation Malware -241002- 2024 GA Sales Department Branch Distribution (October) (2025.1.31)
- Operation Phantom Circuit: North Korea’s Global Data Exfiltration Campaign
- Vidar Returns: Variable Payload and More Sophisticated Obfuscation for This New Wave
- Advanced Cyberchef Techniques – Defeating Nanocore Obfuscation With Math and Flow Control
- RST TI Report Digest: 03 Feb 2025
- K Analysis of Malicious HWP Cases from APT37 Group Disseminated via Messenger
- Ongoing Email Bombing Campaigns Leading to Remote Access and Data Exfiltration
- Spread of Android Malware in FakeApp Mode Government Service Application
- ClickFix vs. traditional download in new DarkGate campaign
- UAC-0063: Cyber Espionage Operation Expanding from Central Asia
- Dark Web Profile: RA World
- Cloud Atlas: sheet happens
- Infrastructure Laundering: Silent Push Exposes Cloudy Behavior Around FUNNULL CDN Renting IPs from Big Tech
- Threat Actors Use CVE-2019-18935 to Deliver Reverse Shells and JuicyPotatoNG Privilege …
- DeepSeek’s Growing Influence Sparks a Surge in Frauds and Phishing Attacks
- Phishing Email Suspected to be from Kimsuky Targeting Kakao Customer Center (December 16, 2024)
- Samsung Galaxy S24, Samsung Galaxy S23 (Galaxy S24/S23 Explain) Targeted Vulnerability CVE-2024-49415
- ASTRAL STEALER ANALYSIS
- Dark Web Profile: Termite Ransomware
- Microsoft advertisers phished via malicious Google ads
- North Korean APT Lazarus Targets Developers with Malicious npm Package
- Coyote Banking Trojan: A Stealthy Attack via LNK Files
- Unmasking Media-Hungry Ransomware Groups: Bashe (APT73)
- Lumma Stealer’s GitHub-Based Delivery Explored via Managed Detection and Response
- HTTP Client Tools Exploitation for Account Takeover Attacks
- Unmasking SparkRAT: Detection & macOS Campaign Insights
- Threat Actors Exploit Government Website Vulnerabilities for Phishing Campaigns
- No need to RSVP: a closer look at the Tria stealer campaign
- CL-STA-0048: An Espionage Operation Against High-Value Targets in South Asia
- Analysis of VAT Final Tax Return Payment Notification Phishing Email Suspected to be from Kimsuky (January 20, 2025)
- Fake Judicial Review Emails Deliver SapphireRAT Targeting Latin American Victims
- Nooope: DarkComet Backdoor Malware Analysis
- Baicells: A Retrospective
- Wiz Research Uncovers Exposed DeepSeek Database Leaking Sensitive Information, Including Chat History
- Exposed! How a Simple Web Misconfiguration Left Critical Data Wide Open to Hackers
- 3 Major Cyber Attacks in January 2025
- Kubernetes CVE-2024-10220 Attack and Defense
- Unmasking FleshStealer: A New Infostealer Threat in 2025
- Network traffic analysis: Koi Loader Stealer
- 1Peering into Midnight Blizzard’s DNS Footprint
- Phorpiex – Downloader Delivering Ransomware
- Dark Web Profile: FunkSec
- Cato CTRL Threat Research: Unmasking Hellcat – Not Your Average Ransomware Gang
- Analyzing Incident Malicious File Script Download Attempt Event ID 76 in LetsDefend
- CAPTCHA Chaos: From X Threads to Telegram
- CVE-2024-53704 | AttackerKB
- Security Brief: Threat Actors Take Taxes Into Account
- New TorNet backdoor seen in widespread campaign
- How ANY.RUN Helps Healthcare Organizations Against Ransomware: Interlock Case Study
- 10,000 WordPress Websites Found Delivering MacOS and Microsoft Malware – c/side
- Technical Analysis of an AsyncRAT Attack Impersonating DHL
- Racing the Clock: Outpacing Accelerating Attacks – ReliaQuest
- InvisibleFerret: Everything About Lazarus APT’s New Backdoor – Cybersecurity Insiders
- January 27 Advisory: SonicWall RCE Vulnerability Added to CISA KEV CVE-2025-23006
- How a Clipboard Hijacker Delivers Lumma Stealer – ThreatDown by Malwarebytes
- Cracking the Giant: How ODAT Challenges Oracle, the King of Databases
- Phishing Email Redirecting to Fake YouTube Targeting Medical Institutions – 11.eml
- Lumma Stealer Malware Updated to Use ChaCha20 Cipher for Config
- Technical Analysis of Xloader Versions 6 and 7 | Part 1
- Emulating the Splintered Hunters International Ransomware
- Exploring PowerShell Reflective Loading in Lumma Stealer
- Targeted Campaign Delivering Havoc | dmpdump
>> Access All Threat Research
Reference for Threat Research
This Threat Research category section will FILTER and FETCH the POST (related with Analysis Report only) from the following sites:
- asec.ahnlab.com
- any.run/cybersecurity-blog/
- attackiq.com
- bitdefender.com/blog/labs/
- cadosecurity.com/blog/
- cisa.gov/news-events/cybersecurity-advisories/
- crowdstrike.com/blog/
- cybereason.com/blog/category/research/
- darktrace.com/blog/
- fortinet.com/blog/threat-research/
- harfanglab.io/en/insidethelab/
- malwarebytes.com/blog/threat-intelligence/
- mandiant.com/resources/blog/
- mcafee.com/blogs/other-blogs/mcafee-labs/
- proofpoint.com/us/blog
- securelist.com/tag/malware-descriptions/
- securityintelligence.com/category/x-force/threat-intelligence/
- blog.talosintelligence.com
- trendmicro.com/en_us/research/
- unit42.paloaltonetworks.com
- nextron-systems.com/blog/
- team-cymru.com/blog/categories/threat-research/
- zscaler.com/blogs/
- blog.sonicwall.com
- labs.k7computing.com/
- recordedfuture.com/blog
- blog.sekoia.io/category/research-threat-intelligence/
- embee-research.ghost.io
- netspi.com/blog/technical/
- huntress.com/blog
- other 100++ sources
For the sites below, automatic FETCH cannot be performed
(i need to monitor it manual, will be delay 3-7 days)
Bellow are other reference, but for some reason i’m not fetching it automatically
(i need to review the article manually, will be delay 3-5 days)
- cleafy.com/labs (update 1-2 months)
- guidepointsecurity.com/blog/ > category: threat advisory
- research.openanalysis.net
- blog.phylum.io/tag/research/
- shadowstackre.com/analysis/
- mssplab.github.io
- farghlymal.github.io
- asec.ahnlab.com/ko/
- blog.bushidotoken.net
- kroll.com/en/insights/publications/cyber
- Sentinelone.com
- blog.lumen.com
Update
- December, 2024: securonixblog – Fixed (xpath error)
- December, 2024: huntress – Fixed (xpath error)
- December, 2024: nccgroup – Failed (Incapsula)
- December, 2024: Mandiant – Removed (now part of Google Cloud)
- December, 2024: antiy.cn – Failed (curl or xpath error)
- December, 2024: sonicwall.com – Failed (curl error)
- January, 2025: team-cymru.com (RSS Feed Removed)
Update January, 2025
“Due to copyright reasons, starting January 2025, this site will no longer display the full content of sourced articles. Only Summaries, Key Points, MITRE Tactics for Threat Research, and selected IoCs will be provided. To read the full article, please click on the ‘source’ link to view it on the original website.”