Neiki

Threat Insights Portal! * A lot of updates * V2 Release soon! * New Secondary domain: threat.rip And more! Join the discord: tip.neiki.dev/discord

Bluehammer Privilege escalation via Microsoft Defender. No patch yet github.com/Nightmare-Ecli… #0day #lpe

Minecraft mod voidrealms-1.8.9.jar downloads an Electron based stealer 0/65 on VT Offending class file: YourMod.class Download URL: hxxps://stellar-conquest[.]fr/setup.exe 🧵 virustotal.com/gui/file/7d68f…

@struppigel Interesting finding! I first discovered this via a Discord Server. The first campaign downloaded NovaShadow Stealer and now switched to GalaxyStealer. Exact same pattern (Above the one i found some days ago)

@vxgiveaways @HackerStick3rs good luck

Giveaway Time - 150 Cool Stickers 30 winners 5 Stickers Each Comment below and follow @HackerStick3rs Winners chosen in 24 hours

🔥𝗡𝗲𝘄 𝗔𝗣𝗧𝟮𝟴 𝗱𝗼𝗺𝗮𝗶𝗻 𝘂𝘀𝗲𝗱 𝗳𝗼𝗿 𝗖𝗩𝗘-𝟮𝟬𝟮𝟲-𝟮𝟭𝟱𝟬𝟵 𝗰𝗮𝗺𝗽𝗮𝗶𝗴𝗻 Based on @anyrun_app sandbox submissions and intelligence lookup, I just found another new domain associated with APT28 used for CVE-2026-21509 attack campaign. The domain 48d83469-d0c6-4ade-8f82-e383fff094b8[.]webhook[.]site Let's Encrypt certificate was just created yesterday on the 7 Feb and hosted on a Hetzner Cloud Server residing in Germany. I am sharing the SHA256 of the word RTF document so that defenders can block or monitor this hash in their environment. 🫡 𝗔𝗣𝗧𝟮𝟴 𝗡𝗲𝘄 𝗗𝗼𝗺𝗮𝗶𝗻: 48d83469-d0c6-4ade-8f82-e383fff094b8[.]webhook[.]site 𝗪𝗼𝗿𝗱 𝗥𝗧𝗙 𝗦𝗛𝗔𝟮𝟱𝟲: 506e7512c897514e9d312a1532d2e2949ec8ebd73f6ca52740fb5e3306f08843 #Cybersecurity #Threathunting #APT28

@UK_Daniel_Card What platform is this ? 👀

notepad-plus-plus.org/downloads/v8.9… a21550189e7d796054b9b8fed5a1c3b7adf7bdcad179c7c51e730fc56c2c1cdf

Notepad++ compromised (long pedantic version so nerds shut up) - Notepad++ update infrastructure was compromised - Notepad++ suspects it is the Chinese government - No evidence provided currently demonstrating why they suspect it was the Chinese government - Only "select targets" were delivered malicious Notepad++ from update infrastructure - No information is provided who "select targets" were - No information provided why they believe it was selective - No information on what was delivered to "selective targets" - Compromise timeline blurry - "Incident began" JUNE, 2025 - Hosting infrastructure says "September 2, 2025" - Attackers maintained access until "December 2nd, 2025" - Notepad++ states they believe compromise was JUNE THROUGH DECEMBER, conflicting with hosting provider - No analysis released yet on "exact technical mechanism" - No IoCs (Indicator of compromise) released

Honored to be a top contributor and a part of the Threat Intelligence Community. Glad to see @abuse_ch and @spamhaus recognizing the work done by volunteers :D

Thank you @abuse_ch & @spamhaus for the acknowledgment and recognition. #ThreatIntel

64ea03152588e16eae41bbb011dbc1474dd45e154c7b8eb2941f650be4a00e65 @malwrhunterteam @Neiki__ @virustotal

@skocherhan @malwrhunterteam @virustotal Very interesting vidar samples, thanks for sharing!

@akinkunmi Hey, Are you interested to prevent abuse of your service in the future? :D I work closely with a platform to stop and detect abused free tunnel / dns / providers by Malware. Take a look: abuse.uncoverit.org Let me know if you are interested to join

ngrok, but cooler and 100% open-source. OutRay is live. 🚀 Expose your development server to the internet in seconds. Jump in here: 👉 outray.dev

@vxunderground @ddd1ms 😼

It is time for our first giveaway. We're giving away a Librem 14 from Purism. It's a fancy expensive $1,400+- laptop. Requirements: - Follow @ddd1ms on Xitter - Comment below Librem is a pro-privacy laptop that unironically comes with a fuckin' kill switches for mic, bluetooth, camera. It has Intel Management engine disabled. It runs PureOS, with app sandboxing, adblocking, tracking protection, etc. This laptop is basically a privacy nerd laptop. It also comes with a bunch of NSA stickers, HOPE (Hackers on Planet Earth) stickers, FBI Most Wanted stickers, etc. I forgot to ask for the specs on the laptop, but I'll get that stuff later on. Attached image is the laptop he'll mail to your home.

I would have reported it via Tickets but @virustotal doesn’t reply to my Ticket since months

I love the new @virustotal update, broke all comments 🫩

XUbuntu Malware! Loader / Dropper: virustotal.com/gui/file/ec3a4… Dropped file: virustotal.com/gui/file/afaeb… Final payload detected: tip.neiki.dev/sandbox/534e79…

Chat, we are cooked Discord is being extorted by the people who compromised their Zendesk instance They've got 1.5TB of age verification related photos. 2,185,151 photos tl;dr 2.1m Discord users drivers license and/or passport might be leaked. Unknown number of e-mails

@Silents_1 @CloudflareHelp Can you please send the virustotal link via dm

@Cloudflare is that the price you pay for reporting phishing and malware? 😂