NtAlertThread

New Research! seqrite.com/blog/operation… We have found an interesting campaign targeting an entity of Chinese telecom with VELETRIX implant. The implant uses anti-sandbox, shellcode obfuscation technique via IPV4 and execution via EnumCalendarInfo leading to Vshell implant.

👾 Hundreds of GitHub repositories delivering malware to gamers under the guise of free game cheats were discovered by Acronis Threat Research Unit. Among the malware found is Vidar 2.0, a recently updated information stealer that has risen to popularity following the disruption of other leading infostealers. Vidar 2.0 represents a substantial advancement: it has been fully rewritten from C++ to C, introduces polymorphic builds and multi-threaded execution and is distributed via trusted platforms like GitHub and Reddit, making detection and takedown harder. Research authored by Eliad Kimhy and Darrel Virtusio provides a complete overview of this novel variant alongside an analysis of the broader attack vector. Read more: acronis.com/en/tru/posts/v…

Thanks @SinghSoodeep for tracking LOTUSLITE and referencing the original research from our Acronis TRU team, also found by @G60930953 ! Shows, APTs are lazy too & love reusing same tool often :D

@smica83 @abuse_ch Yep, hahahaha!

@ElementalX2 @abuse_ch Oh, that was you? Thanks 😂

'Energy_Infrastructure_Situation_Note _Tehran_Province_2026 zip' looks like some PlugX related sample, possible #MustangPanda @abuse_ch bazaar.abuse.ch/sample/de13e4b…

@SinghSoodeep @virusbtn Yes the payloads are same and the continuation of the ongoing campaigns since 2025, usage of Golang, C++, PowerShell, .NET and random compiled language based wrappers to just launch a PowerShell TCP based reverse shell. seqrite.com/blog/operation…

@ElementalX2 @virusbtn This activity took place in Feb 2026 and yes, it does have overlaps with YoroTrooper's TTPs and victimology.

Interesting attack targeting Turkmenistan and Central Asia Threat actor created a web page masquerading as MoFA, Turkmenistan luring users to download an archive named UN_Regional_Meeting_2026.rar MD5 hash of RAR archive: 8024f252d50027fe630d0280b181d65a Domain: filereader[.]online RAR archive contains a .NET binary that loads a PowerShell script that opens a reverse TCP shell connection to 185.62.57[.]219:10443 #apt #threatintel @500mk500 @malwrhunterteam @smica83

@belabs_engineer has released a binary polynomial MBA explorer. You can check out the website here: tools.codedefender.io

Notes on an interesting low detection linux and macOS #backdoor shared by @malwrhunterteam 🐞ELF: f26711b081192e5e0deb4dc25f68d6a2 📡Domains: mefng.giize[.]com, drawpin.accesscam[.]org, chopaw.camdvr[.]org dmpdump.github.io/posts/Linux_Ba…

New blog! We found an open directory attributed to #MuddyWater Iranian APT and found vulnerabilities/victims they've been targeting, red-team tools, and a loader that deploys a persistent variant of #Tsundere botnet - a MaaS sold by a Russian threat actor that is known for using #EtherHiding to store C2 addresses on the Ethereum blockchain. esentire.com/blog/muddywate…

@smica83 @abuse_ch Yes, its Sidecopy @PrakkiSathwik already flagged the C2 at VT!

FUD 'GoDrive.vhdx' seen from India @abuse_ch Looks like some kind of APT stuff: bazaar.abuse.ch/sample/da29eb7… URL: hxxps://ashraagrotech(.)com/assets/js/space/bs/adv/

@silascutler @censysio 🎊🥳

cocomelonc.github.io/malware/2026/0… next one from my blog. Pure #mathematics. Leveraging Discrete Fourier Transform (DFT) to turn our #shellcode into #frequency noise. Enjoy! #cybersecurity #hacking #malware #threatintel #research #purpleteam #programming #maldev #ethicalhacking #book

Congrats ICT! Its been a crazy performance, Ily 🇮🇳❤️

I want to share a quick thought for people in cyber security. This will be my longest tweet ever. I’ve spoken to many lately who are having an existential crisis from the constant posts about “the end of cybersecurity jobs.” Yes, things are changing quickly. This is a significant moment for the tech industry. Change can be uncomfortable. But we’ve seen cycles like this before. • When GitHub and open source took off, people said software engineers would disappear because code was free. • When AWS and cloud computing emerged, people said infrastructure jobs would vanish. • When fuzzing and SAST tools improved, people said vulnerability research would disappear. • Virtualization would eliminate infrastructure jobs. • Mobile computing was going to end desktop dev. • Exploit mitigations would end exploitability. It didn't. Each time automation improved, the amount of software grew faster than the automation. It does feel "different" this time as it's explosive. Some roles will shrink: • repetitive pentesting • basic vulnerability scanning • tier-1 SOC monitoring But other areas are expanding rapidly: • AI system security • supply chain security • identity architecture • autonomous agent security • critical infrastructure protection Historically, every time we eliminate one class of bugs, new classes emerge. Right now people are vibe-coding entire systems, giving AI access to their machines, crossing trust boundaries, and deploying autonomous agents with excessive permissions. The legal and regulatory world is nowhere close to ready. There will absolutely be new failure modes. Humans are amazing and always adapt, finding new ways to do things. The worst thing you can do right now is fall into a doom loop. ...and I’ll be honest, I too have felt the "psychological paralysis" a few times thinking, “Is this time different?” It's especially impactful when it comes from someone I respect in the community. There are certainly unknowns, in an industry where we've become accustomed to predictability. But... the majority of those reactions are usually driven by social media, not reality. Platforms like X reward engagement, and sensational doom posts spread faster than measured thinking. If you see something like: “Holy #$%^! Opus 66.6 just found every bug in Chrome and replaced 50 startups!” …mute it and move on. Instead: Stay curious. Learn the new technology. Adapt your skillsets. Build things. We’ll get through this transition the same way we always have. If I'm wrong then Sam Altman better be right about UBI! :) I'm sure that if this tweet gets any engagement that I'll get some heat for it, but a good friend of mine reminds me often to focus on what you have control over. I'll revisit this tweet at DEF CON 40!

📢 Open-sourcing the Sarvam 30B and 105B models! Trained from scratch with all data, model research and inference optimisation done in-house, these models punch above their weight in most global benchmarks plus excel in Indian languages. Get the weights at Hugging Face and AIKosh. Thanks to the good folks at SGLang for day 0 support, vLLM support coming soon. Links, benchmark scores, examples, and more in our blog - sarvam.ai/blogs/sarvam-3…

Patch Diff to SYSTEM - using LLMs to exploit a LPE vuln on Windows. More importantly, some thoughts on model capabilities the implications on our security industry elastic.co/security-labs/…

Suspicious & suspected campaign targeting ISAFP (Intelligence Service of the Armed Forces of the Philippines), currently 0/66 at VirusTotal 769b782f6ca51cf10c3f25033cc21ddd725fb5ec5805b373975839bf98aa3746 66[.]42[.]54[.]228 [1/94] @malwrhunterteam @500mk500 @TeamAFP

We built Brainworm: malware that lives entirely inside of an AI agent's context window. No binaries. No scripts. Once loaded, it registers with C2 and executes tasks using the agent's own tools. Welcome to the era of semantic malware. 🧠🪱 Blog: originhq.com/blog/brainworm

🇮🇷 Handala Hack is active again on socials, signaling a classic hack-and-leak cycle: inflated impact claims, rapid-fire screenshots, and plenty of OSINT dressed up as compromise.

New Blogpost "Amos Stealer "malext" variant spread in global malvertising campaign using free text-sharing websites" is now live. @gi7w0rm/amos-stealer-malext-variant-spread-in-a-global-malvertising-campaign-using-free-text-sharing-4d240e11d7e2" target="_blank" rel="nofollow noopener">medium.com/@gi7w0rm/amos-… Hope you will enjoy 🙂