Arda Büyükkaya
@WhichbufferArda
Cyber Threat Intelligence Analyst @EclecticIQ | Threat Hunter | Malware Analyst |. (All opinions expressed here are mine only). 🇳🇱
You might like
Part 2 of @DomainTools research is out: Inside the Great Firewall Part 2: Technical Infrastructure dti.domaintools.com/inside-the-gre…
recordedfuture.com/research/malic… Props to the author of this piece. @TheRecord_Media @RecordedFuture
wat.
#ESETresearch has released its latest APT Activity Report (Apr–Sep 2025): 🇨🇳China-aligned groups targeted Latin America amid US-China tensions. 🇷🇺Russia-aligned groups intensified ops against 🇺🇦Ukraine & 🇪🇺EU states. Full report: web-assets.esetstatic.com/wls/en/papers/…
#ESETresearch has released its latest APT Activity Report (Apr–Sep 2025): 🇨🇳China-aligned groups targeted Latin America amid US-China tensions. 🇷🇺Russia-aligned groups intensified ops against 🇺🇦Ukraine & 🇪🇺EU states. Full report: web-assets.esetstatic.com/wls/en/papers/…
The Russian state-backed hacking unit Sandworm has been targeting Ukraine's grain industry with wiper malware amid Moscow's ongoing efforts to undermine Kyiv's wartime economy therecord.media/russia-sandwor…
Proofpoint Threat Research details an espionage campaign targeting Iranian academics & foreign policy experts, starting with a benign Iran-themed conversation, moving to credential harvesting, & a URL to an archive with MSI installer that deploys RMM tools proofpoint.com/us/blog/threat…
Thank you to the amazing @Andy2002a for updating the @Mandiant #Gootloader decoder script github.com/mandiant/gootl…
We are thrilled to have collaborated with @NVISOsecurity on their latest #VShell research! Our insights helped shape the findings on this evolving threat. Check out their blog for the full details. 🐉🐦⬛
Our NVISO #IncidentResponse Team has been tracking #VShell campaigns worldwide! More than 1,500 active VShell servers were uncovered, each capable of giving attackers remote control over compromised networks. Read the report here 👇 nviso.eu/blog/nviso-ana…
Interesting exploits hitting multiple Cisco ASA honeypots Notably in the payload: <svg/onload=alert('PTSwarm')> PTSwarm is the offensive arm of Positive Technologies, a Russian company that "..supports RU Intelligence in carrying out malicious cyber activities against the US"
Awesome new threat report from Google Threat Intel Group documenting how threat actors are leveraging Gemini. A lot of information and actionable avalable in the report! Great work 👌 services.google.com/fh/files/misc/…
Good morning! ☀️ #GootLoader woke up and chose violence (again) Grab your coffee, this one's JUICY 💣 huntress.com/blog/gootloade…
🆕 Checkout the blog between @NVISOsecurity & @TeamCymru all about #VShell, which has been used a lot over the last year (over 1,500 servers!), primarily used for long-term espionage activities 🌍🇨🇳 Including NetFlow Analysis 👀 🔗 nviso.eu/blog/nviso-ana…
Curly COMrades APT now deploys a small Linux VM (120MB on disk, 256MB memory) on compromised Win10 machines (after enabling Hyper-V) that includes reverse shell + proxy to target environment: bitdefender.com/en-us/blog/bus…
Two bombshell stories all cybersecurity professionals must read: 1. Ex-ASD boss of US Exploiter Developer sold exploits to the Russians techcrunch.com/2025/11/03/how… 2. Employees of a US ransomware negotiation firm ran attacks with BlackCat ransomware chicago.suntimes.com/the-watchdogs/…
An IT company, a financial institution and eight men accused of aiding cybercrime and IT worker scams are now on the U.S. government's list of sanctioned North Korean entities therecord.media/north-korea-us…
The SLAYSTYLE web shells (aka BEEFLUSH) from Mandiant’s report on BRICKSTORM (UNC5221, China-nexus) just surfaced on VirusTotal If you’re already using the rules from Signature-Base or YARA-Forge, you’re covered 0 AV detection rate Report cloud.google.com/blog/topics/th… Sample…
'DATEV-Rechnung Nr. 21412122025.pdf.lnk' @abuse_ch bazaar.abuse.ch/sample/b13fe27… #WsgiDAV #opendir with LNK that was seen from Germany: hxxps://msg-presented-threshold-figure.trycloudflare(.)com/DE/DATEV-Rechnung%20Nr.%2021412122025.pdf.lnk
The U.K.'s water suppliers have reported five cyberattacks since January 2024, according to information reviewed by Recorded Future News. The incidents did not affect the safety of water supplies, but they highlight an increasing threat therecord.media/britain-water-…
🚨📸 PICTURED: The LNER train driver praised as a hero for keeping the train running to Huntingdon has been named as Iraq War veteran Andrew Johnson Johnson spent 17 years in the Royal Navy and was deployed to Iraq in 2003 before becoming a train driver in 2018
👀 OpenSource Malware an open database for tracking malicious open-source packages from npm, PyPI, GitHub repos! Great source of intel feed for supply-chain attacks! 👇 opensourcemalware.com
United States Trends
- 1. GTA 6 16.8K posts
- 2. #911onABC 4,202 posts
- 3. GTA VI 25.2K posts
- 4. Rockstar 58.8K posts
- 5. Raiders 34.6K posts
- 6. Antonio Brown 7,932 posts
- 7. UTSA 1,378 posts
- 8. Sidney Crosby 1,307 posts
- 9. #WickedOneWonderfulNight N/A
- 10. Nancy Pelosi 143K posts
- 11. #ShootingStar N/A
- 12. Ozempic 23.2K posts
- 13. #TNFonPrime 1,948 posts
- 14. #bandaids 5,336 posts
- 15. GTA 5 1,971 posts
- 16. Katy Perry 40.3K posts
- 17. Thursday Night Football 4,001 posts
- 18. $SENS $0.70 Senseonics CGM N/A
- 19. Free AB N/A
- 20. Fickell 1,340 posts
You might like
-
Chris Duggan
@TLP_R3D -
Squiblydoo
@SquiblydooBlog -
proxylife
@pr0xylife -
RussianPanda 🐼 🇺🇦
@RussianPanda9xx -
Matthew
@embee_research -
herrcore
@herrcore -
Michael Koczwara
@MichalKoczwara -
Aaron Jornet
@RexorVc0 -
Jiří Vinopal
@vinopaljiri -
Ne0ne | Igal
@0xToxin -
Sekoia.io
@sekoia_io -
Kyle Cucci
@d4rksystem -
ςεяβεяμs - мαℓωαяε яεsεαяςнεя
@c3rb3ru5d3d53c -
Gameel Ali 🤘
@MalGamy12 -
Kostas
@Kostastsale
Something went wrong.
Something went wrong.