spynote
Mobile Malware Threats: SpyNote, BadBazaar, and MOONSHINE
SpyNote, BadBazaar, and MOONSHINE are prominent mobile malware families primarily targeting Android devices.
phishing
Smishing Triad's Global Impact: New Phishing Kits and Expanding Targets
The Smishing Triad, a cybercriminal group, is leveraging advanced smishing techniques to deceive victims by impersonating legitimate organizations. They exploit platforms like iMessage using compromised Apple iCloud accounts to send spam messages that bypass traditional filters..
storm-2460
Storm-2460's Exploitation of Windows Zero-Day: Threat Actor similarity in focus.
Storm-2460, a cyber threat group, is actively exploiting a zero-day vulnerability (CVE-2025-29824) in the Windows Common Log File System (CLFS), primarily targeting the finance sector and other high-value industries.
crypto
Cryptocurrency Evasion Tactics: The Houthi Network's Strategic Exploitation
The Houthi network, known for its involvement in the Yemeni conflict, has developed intricate operational methods to evade international sanctions and facilitate arms procurement through cryptocurrency...
m-trends
AI-Driven Cyber Threats, Ransomware Evolution, and Supply Chain Security: We (try to) PREDICT what's coming in Mandiant's 2025 M-Trends Report
I take a SPECULATIVE deep dive into what I think might be in the 2025 Mandiant M-TRENDS report.
apt
Strategic Cyber Threats: Chinese, Russian, and North Korean APTs.. How are they different?
Recent trends indicate a shared interest among these state-sponsored groups in exploiting vulnerabilities and utilizing AI tools like Google's Gemini to improve their cyberattack capabilities.
Thai Money Laundering Tactics on Facebook: Regulatory Responses and Future Implications
The revised analysis of Thai money laundering operations on Facebook reveals sophisticated tactics, including fraudulent schemes and the use of corporate mule accounts. These operations have a substantial financial impact, with millions of baht laundered daily.
podcast
Whack-A-RAT: We're talking AlphaHunt on the Breaking Badness Cybersecurity Podcast
We talk about #SilverFox, DomainTools, The Vertex Project, MISP Project (@misp@misp-community.org ), #AlphaHunt, Intelligence Graphs, #AI, #IOCs, the REN-ISAC, #TTPs and more! 🛡️ We're on a mission to help enable the next generation of intelligence analysts.. If that's you, or even if you're a
oracle
Oracle Cloud Breach Allegations: Unveiling "rose87168" and Their Cloud Exploitation Tactics
The threat actor "rose87168" has emerged as a player in the cybercriminal landscape, claiming responsibility for a major breach involving Oracle Cloud. This actor allegedly exploited vulnerabilities in Oracle's federated single sign-on (SSO) and LDAP systems...
unc3886
UNC3886: China's Cyber Espionage Tactics Targeting High-Tech Sectors
UNC3886 is a sophisticated China-nexus advanced persistent threat (APT) group focused on cyber espionage against high-tech sectors such as defense, technology, and telecommunications. Active for several years, the group has evolved its tactics to include the use of operational relay boxes (ORBs)...
github
Unveiling Supply Chain Threats: Charming Kitten and Lazarus Group's Tactics
A recent GitHub supply chain attack on March 17, 2025, compromised a GitHub Actions tool, affecting 23,000 organizations. This incident highlights the vulnerability of software development tools, with attackers altering code to leak secrets.
xcsset
XCSSET Malware: Evolving Threats to macOS Development Environments
XCSSET is a sophisticated modular malware strain that primarily targets macOS systems. It was first identified in 2020 and has since evolved, with recent variants incorporating advanced obfuscation and persistence techniques...