m-trends
AI-Driven Cyber Threats, Ransomware Evolution, and Supply Chain Security: We (try to) PREDICT what's coming in Mandiant's 2025 M-Trends Report
I take a SPECULATIVE deep dive into what I think might be in the 2025 Mandiant M-TRENDS report.
2025
apt
Strategic Cyber Threats: Chinese, Russian, and North Korean APTs.. How are they different?
Recent trends indicate a shared interest among these state-sponsored groups in exploiting vulnerabilities and utilizing AI tools like Google's Gemini to improve their cyberattack capabilities.
unc3886
UNC3886: China's Cyber Espionage Tactics Targeting High-Tech Sectors
UNC3886 is a sophisticated China-nexus advanced persistent threat (APT) group focused on cyber espionage against high-tech sectors such as defense, technology, and telecommunications. Active for several years, the group has evolved its tactics to include the use of operational relay boxes (ORBs)...
github
Unveiling Supply Chain Threats: Charming Kitten and Lazarus Group's Tactics
A recent GitHub supply chain attack on March 17, 2025, compromised a GitHub Actions tool, affecting 23,000 organizations. This incident highlights the vulnerability of software development tools, with attackers altering code to leak secrets.
xcsset
XCSSET Malware: Evolving Threats to macOS Development Environments
XCSSET is a sophisticated modular malware strain that primarily targets macOS systems. It was first identified in 2020 and has since evolved, with recent variants incorporating advanced obfuscation and persistence techniques...
ragnar
Ragnar Loader: A Persistent Threat in Ransomware Operations
Ragnar Loader, a sophisticated malware toolkit, is primarily associated with ransomware groups such as FIN7, FIN8, and Ragnar Locker. It has evolved significantly since its emergence in 2020, integrating advanced capabilities to enhance its stealth and operational effectiveness.
vo1d
Vo1d Botnet: Exploiting Android TV Devices for Cybercriminal Gain
The Vo1d botnet is a sophisticated malware campaign that has compromised approximately 1.6 million Android TV devices worldwide. Originating from cybercriminal groups exploiting outdated software and security flaws...
encrypthub
EncryptHub's Global Cyber Assault: Spear-Phishing and Ransomware Tactics Unveiled
EncryptHub, also known as Larva-208, is a sophisticated cybercriminal group that has recently breached 618 organizations worldwide. Their primary method of attack is spear-phishing, utilizing social engineering to deploy infostealers and ransomware.
dprk
Lazarus Group's Cryptocurrency Heists: Bybit, BingX, and Phemex Under Siege
The Lazarus Group has intensified its focus on cryptocurrency exchanges, executing high-profile hacks on Bybit...
socgholish
SocGholish Malware: Advanced Detection and Prevention Strategies
The detection of SocGholish malware has advanced through techniques like behavioral analysis, signature-based detection, and anomaly detection. These methods are crucial due to the malware's ability to change its code and employ unique delivery methods.
mustang-panda
Mustang Panda's Exploitation of Windows Zero-Day: A Strategic Threat Analysis
Mustang Panda, a China-based cyber espionage group, is exploiting a newly discovered Windows zero-day vulnerability to gain unauthorized access to systems. This vulnerability allows the group to execute malicious code...
ato
Comparative Analysis of Account Takeover (ATO) Attack Vectors Across Financial, Retail, and Technology Sectors
Account Takeover (ATO) attacks pose significant threats across various sectors, leading to financial loss, data breaches, and reputational damage.