Antelox

v1.2 is out github.com/buzzer-re/Riku… With new features like the research mode and the bulk function renamer, check it out!

This is a novelty. MCP filed with nice Skills for x64dbg. And we’re just at the beginning x64.ooo/posts/2026-02-…

I released a new version of dotnetfile (v0.2.10) with fixes and improvements from several contributors (thank you!): github.com/pan-unit42/dot…

After almost a year of development QHexView 5.1 is now released as stable! A lot of work has been done to retain Qt5 and Windows XP compatibility (!) and to keep the codebase minimal, simple and clean but packed with lots of features. ➡️github.com/Dax89/QHexView… #cplusplus #qt

RIFT Update ⚡ Automate rustc_hashes.json updates with new Linux & Windows scripts! Easier than ever. 👉 github.com/microsoft/RIFT #CyberSec #MalwareResearch #RIFT

Danabot has resurfaced with version 669 after nearly a 6 month hiatus following the Operation Endgame law enforcement actions in May. The current C2s are the following: 62.60.226[.]146:443 62.60.226[.]154:443 80.64.19[.]39:443 aqpfkxxtvahlzr6vobt6fhj4riev7wxzoxwltbcysuybirygxzvp23ad[.]onion:443 fejdqikkdwheckrutucbbyeovpdnef4bopz2fx636i67p3qpffpfxxad[.]onion:443 t77e4phezpwqebpbhdagr26ewkfaxytscimhxofws4wcisjo4wundead[.]onion:443 vsjyfpt7vcd6atniefmz36ikxrqk5eyv573a2af4e2ntb437wdch63yd[.]onion:443 Backconnect C2s: 158.94.208[.]102:443 158.94.208[.]102:8080 Danabot is currently using the following wallet addresses to steal cryptocurrency: BTC: 12eTGpL8EqYowAfw7DdqmeiZ87R922wt5L ETH: 0xb49a8bad358c0adb639f43c035b8c06777487dd7 LTC: LedxKBWF4MiM3x9F7zmCdaxnnu8A8SUohZ TRX: TY4iNhGut31cMbE3M6TU5CoCXvFJ5nP59i

The ZeroAccess Developer and His Windows Kernel-Mode Debugger: r136a1.dev/2025/10/28/zer…

CyberChef in IDA Pro will enable a lot of new creative data extraction/manipulation workflows! 🚀 #idapro #cyberchef #idachef #cyberpro

Zscaler ThreatLabz has discovered a new malware family that we named YiBackdoor which shares significant code overlaps with IcedID and Latrodectus. YiBackdoor enables threat actors to collect system information, take screenshots, execute arbitrary commands, and deploy plugins on compromised systems. Read our entire technical analysis here: zscaler.com/blogs/security…

ThreatLabz has identified two new SmokeLoader versions that are being used by multiple threat groups. These versions, which we refer to as version 2025 alpha and version 2025, fix significant bugs that previously caused significant performance degradation on an infected system. In addition, various SmokeLoader artifacts have been updated to evade static and behavior based detection. Read our technical analysis here: zscaler.com/blogs/security… The latest version of SmokeBuster is available here: github.com/ThreatLabz/smo…

XyliBox: BestAV (Fake Antispyware affiliate) exposed xylibox.com/2020/01/bestav…

Excited to share our latest research on APT37(a.k.a ScarCruft, Ruby Sleet, and Velvet Chollima)’s new infection chain and C2 operation: 1⃣ Initial Access: Leveraging LNK and CHM files to deliver Rust-based and PowerShell-based malware. 2⃣ Post-Recon: Deployment of FadeStealer via a Python loader using Process Doppelgänging, followed by hands-on-keyboard activity. 3⃣ C2: A simple yet highly effective C2 script orchestrating the entire operation Please check this out: zscaler.com/blogs/security…

Thanks to the awesome work by our team we can finally announce our official urlscan cli tool: urlscan.io/blog/2025/09/0… - Submit scans, run searches, find domains, get creative. Feel free to share your use-cases with us on X! Download on Github or homebrew.

Comprehensive analysis of HijackLoader by Ryan Weil trellix.com/blogs/research…

Zscaler ThreatLabz revisits Raspberry Robin in our latest analysis. Recent updates include enhanced obfuscation, a shift to ChaCha-20 encryption, a randomized RC4 key seed per campaign, and a new privilege escalation exploit (CVE-2024-38196). Check out our analysis: zscaler.com/blogs/security…

ThreatLabz has observed Bumblebee distributing DonutLoader embedded with StealC v2. Bumblebee config: github.com/ThreatLabz/ioc… StealC config: C2: http://nispgael[.]biz/7321a45c92764723.php Botnet ID: winmtr RC4 key: 140877183e614f06 Expiration date: 10/08/2025

We're excited to announce a major new release of x64dbg! The main new feature is support for bitfields, enums and anonymous types, which allows all types in the Windows SDK to be represented and displayed 🔥

We just presented our new Binary Ninja plugin for deobfuscation of Mixed Boolean Arithmetic expressions at REcon25. Check it out!

Interested in learning how to build a lab VM for malware analysis and reversing? You can download a 40+ page chapter on this topic, taken from my book Evasive Malware. Get the PDF from my blog, here: 🤓 evasivemalware.com/EvasiveMalware… CC @nostarch

🔥 TitanHide has been updated to support the latest VMProtect 3.9.4 changes! The service name is now used as the device name as well, so the check for \\.\TitanHide will fail if you name the service differently 🧠