0x1CE

#ESETresearch uncovered a multiplatform supply-chain attack by the 🇰🇵 #ScarCruft APT group targeting the Yanbian region via backdoor-laced Windows and Android games. welivesecurity.com/en/eset-resear… 1/6

🚨 The LABScon 2026 Call for Papers is officially OPEN! 🗓️ Deadline to submit: June 19, 2026 🔗 labscon.io <- find the button here

#BREAKING #ESETresearch provides technical details on #DynoWiper, a data‑wiping malware used in a data‑destruction incident on December 29, 2025, affecting a company in Poland’s 🇵🇱 energy sector. welivesecurity.com/en/eset-resear… 1/5

🚨BREAKING: We uncovered LANDFALL — a commercial-grade Android spyware exploiting a now-patched Samsung zero-day (CVE-2025-21042) through weaponized DNG images sent via WhatsApp, enabling zero-click compromise of Samsung Galaxy devices. 1/ unit42.paloaltonetworks.com/landfall-is-ne…

CNCERT confirms Operation Triangulation attacks on Chinese orgs and connects it to NewDSZ - the implant we discovered and analyzed in 2023 mp.weixin.qq.com/s/XPjT0BVOJPJx…

Great work @_CPResearch_!

#ESETresearch has discovered a zero day exploit abusing #CVE-2025-24983 vulnerability in Windows Kernel to elevate privileges (#LPE). First seen in the wild in March 2023, the exploit was deployed through #PipeMagic backdoor on the compromised machines. 1/4

#PIVOTcon25 #CfP is open and you can submit your proposals till 7 FEB 2025 Remember - one track,30m - no recording/streaming/tweeting. U should feel comfy to share more - No TLP:WHITE - Original content only Let us guide u through with a little meme-thread #CTI #ThreatIntel 1/10

#ESETresearch reveals the first Linux UEFI bootkit, Bootkitty. It disables kernel signature verification and preloads two ELFs unknown during our analysis. Also discovered, a possibly related unsigned LKM – both were uploaded to VT early this month. welivesecurity.com/en/eset-resear… 1/5

.@Volexity’s latest blog post describes in detail how a Russian APT used a new attack technique, the “Nearest Neighbor Attack”, to leverage Wi-Fi networks in close proximity to the intended target, while the attacker was halfway around the world. volexity.com/blog/2024/11/2… #dfir

Issue #4 is out – enjoy! pagedout.institute/?page=issues.p… Please RT and tell your friends :)

#ESETresearch has discovered the Lunar toolset, two previously unknown backdoors (which we named #LunarWeb and #LunarMail) possibly linked to Turla, compromising a European MFA and its diplomatic missions abroad. welivesecurity.com/en/eset-resear… 1/6

❤️‍🔥!! CALL FOR PAPERS !! ❤️‍🔥 Submission Deadline: June 21, 2024 - Talks are 20 minutes long + 5 minutes for Q&A - Workshops are 90 minutes long. LABScon is primarily a threat intelligence and vulnerability research conference but we keep an open-mind. CFP is live: s1.ai/CFP24

@lorenzofb securelist.com/the-mystery-of…

What are your favorite unresolved cyber mysteries? Think some outstanding espionage operation we know almost nothing about, the identity of a hacker who's had a series of spectacular hacks and never faced the consequences, or things of that sort.

Thanks to marcan (@marcan/111655847458820583" target="_blank" rel="nofollow noopener">social.treehouse.systems/@marcan/111655…) and @zhuowei (x.com/zhuowei/status…) now we know the original purpose for this unknown hardware feature. Its MMIO debug registers for GPU L2 cache. I am really excited that we are very close to solving this mystery!

The recording of our (me, @bzvr_, @kucher1n) #37c3 talk “Operation Triangulation: What You Get When Attack iPhones of Researchers” was published! media.ccc.de/v/37c3-11859-o…

Worst rebranding of the year Microsoft APT rebranding

During routine monitoring of suspicious activities on the systems of high-profile customers, #ESETresearch discovered a sophisticated and previously undocumented #StealthFalcon backdoor that we named #Deadglyph. welivesecurity.com/en/eset-resear…

@greglesnewich @ConnorSecurity @labscon_io Great presentation! It seems one clean file slipped into the IOCs c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

I had a lot of fun working on Floss2Yar with the genius @ConnorSecurity (any good code is his) and giving this talk @labscon_io The Lamberts are academically interesting because of the small sample count & code sharing, but really this talk is my love letter to YARA

Our research on Tick APT group is out! 👇