m-trends
AI-Driven Cyber Threats, Ransomware Evolution, and Supply Chain Security: We (try to) PREDICT what's coming in Mandiant's 2025 M-Trends Report
I take a SPECULATIVE deep dive into what I think might be in the 2025 Mandiant M-TRENDS report.
Latest
apt
Strategic Cyber Threats: Chinese, Russian, and North Korean APTs.. How are they different?
Recent trends indicate a shared interest among these state-sponsored groups in exploiting vulnerabilities and utilizing AI tools like Google's Gemini to improve their cyberattack capabilities.
Thai Money Laundering Tactics on Facebook: Regulatory Responses and Future Implications
The revised analysis of Thai money laundering operations on Facebook reveals sophisticated tactics, including fraudulent schemes and the use of corporate mule accounts. These operations have a substantial financial impact, with millions of baht laundered daily.
podcast
Whack-A-RAT: We're talking AlphaHunt on the Breaking Badness Cybersecurity Podcast
We talk about #SilverFox, DomainTools, The Vertex Project, MISP Project (@misp@misp-community.org ), #AlphaHunt, Intelligence Graphs, #AI, #IOCs, the REN-ISAC, #TTPs and more! 🛡️ We're on a mission to help enable the next generation of intelligence analysts.. If that's you, or even if you're a
oracle
Oracle Cloud Breach Allegations: Unveiling "rose87168" and Their Cloud Exploitation Tactics
The threat actor "rose87168" has emerged as a player in the cybercriminal landscape, claiming responsibility for a major breach involving Oracle Cloud. This actor allegedly exploited vulnerabilities in Oracle's federated single sign-on (SSO) and LDAP systems...
unc3886
UNC3886: China's Cyber Espionage Tactics Targeting High-Tech Sectors
UNC3886 is a sophisticated China-nexus advanced persistent threat (APT) group focused on cyber espionage against high-tech sectors such as defense, technology, and telecommunications. Active for several years, the group has evolved its tactics to include the use of operational relay boxes (ORBs)...
github
Unveiling Supply Chain Threats: Charming Kitten and Lazarus Group's Tactics
A recent GitHub supply chain attack on March 17, 2025, compromised a GitHub Actions tool, affecting 23,000 organizations. This incident highlights the vulnerability of software development tools, with attackers altering code to leak secrets.
xcsset
XCSSET Malware: Evolving Threats to macOS Development Environments
XCSSET is a sophisticated modular malware strain that primarily targets macOS systems. It was first identified in 2020 and has since evolved, with recent variants incorporating advanced obfuscation and persistence techniques...
ragnar
Ragnar Loader: A Persistent Threat in Ransomware Operations
Ragnar Loader, a sophisticated malware toolkit, is primarily associated with ransomware groups such as FIN7, FIN8, and Ragnar Locker. It has evolved significantly since its emergence in 2020, integrating advanced capabilities to enhance its stealth and operational effectiveness.
vmware
VMware Vulnerabilities: APT29, APT41, and APT28's Exploitation Tactics
Recent analysis highlights the potential exploitation of VMware vulnerabilities (CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226) by APT29, APT41, and APT28. These groups are known for...
vo1d
Vo1d Botnet: Exploiting Android TV Devices for Cybercriminal Gain
The Vo1d botnet is a sophisticated malware campaign that has compromised approximately 1.6 million Android TV devices worldwide. Originating from cybercriminal groups exploiting outdated software and security flaws...
encrypthub
EncryptHub's Global Cyber Assault: Spear-Phishing and Ransomware Tactics Unveiled
EncryptHub, also known as Larva-208, is a sophisticated cybercriminal group that has recently breached 618 organizations worldwide. Their primary method of attack is spear-phishing, utilizing social engineering to deploy infostealers and ransomware.