Security Joes

AI observability is now critical as OpenClaw’s adaptability accelerates. Researchers are actively exploring this shift and strengthening defenses around OpenClaw. We’re releasing new detection capabilities for the EDR/XDR tools we use daily securityjoes.com/post/hunting-o…

🚨 New Blogpost is Out!! Over 50 GitHub accounts, and several LinkedIn accounts as well, were involved in a massive Lazarus fake hiring attack, dubbed as "LazarOps" by the security joes incident response team. Read the full blog at - securityjoes.com/post/operation…

Our first LATAM regional meetup took place in São Paulo, Brazil! 🇧🇷 Threat Researchers from across the region came together to connect and have fun. Check out the Dinner in the Sky video! Obrigado, Brasil! Estamos só começando. 🇧🇷🔥

🎙️ Following our live podcast launch… 🚀 CloudCastle is now officially live on GitHub! 🙏 To everyone who joined us live — thank you! 💙 Let us know how you’re using CloudCastle. #CloudCastle #SecurityJoes #AWSIR #ThreatHunting #OpenSource #CybersecurityTools

🚨 We’re going live in 1 hour! (18:00 IL) We’re launching CloudCastle, live on air, and talking about how it was built, Why it matters, and how you can start building your own tools too. 🎙️ Save your spot now — last chance to register: eventbrite.com/e/141305451709…

🚨 New blog from Security Joes! Weaponizing Windows Drivers: A Hacker’s Guide for Beginners Explore how attackers exploit vulnerable drivers (BYOVD) & how defenders can stay ahead. 📖 Read now - securityjoes.com/post/weaponizi…

Podcast Behind The Scenes - Take 2🎬😂 Join us, July 15 2025 at 18 PM Israel Time. (Not July 16!!) Register here: eventbrite.com/e/building-sec… #שער_ריק #its_the_15 #AI #security_joes #incident_response

Join us as we release CloudCastle - CSPM for everyone, for free. In this podcast- 1. Why CloudCastle 2. Code overview 3. DIY tips 4. AMA session with our CEO @IdoNaor1, who coded the tool single-handedly Host: Sr. IR, Eilay Y. #XJOES linkedin.com/posts/security…

🚨 Crowdstrike-Deploy v1.3 is here! Our team continues to give back to the DFIR community with tools that solve real problems.💪 🛠️ Deploy Fast, Defend Faster. Check it out on Security Joes GitHub: lnkd.in/dXs--wm9 linkedin.com/posts/eilay-yo…

A recently patched sandbox escape in Google Chrome (CVE-2025-2783, CVSS 8.3) was exploited in-the-wild by a threat actor tracked as TaxOff, leading to the deployment of a custom multithreaded backdoor named Trinper. 👉 For help, visit securityjoes.com

Veeam has just released a critical patch addressing a remote code execution (RCE) flaw in its Backup & Replication software. Tracked as CVE-2025-23121, this vulnerability carries a CVSS score of 9.9, underscoring its severity. Need help? securityjoes.com

🚨 XSS Attack Hits CoinMarketCap – Exposes SDLC Security Gaps 🔐 June 20, 2025: CoinMarketCap was targeted by a front-end XSS attack via a compromised homepage image executed a malicious remote API call. The result? A fake wallet pop-up prompting users to "verify" their wallets.

Two newly disclosed vulnerabilities could let attackers escalate privileges to root on default installations of major Linux distributions — including Ubuntu, Fedora, Debian, and openSUSE. 🛡️ Let’s talk securityjoes.com #Linux #CyberSecurity #LPE #Vulnerability #PatchNow

🧠 Technical Details Google’s Threat Intelligence Group has identified a cyberattack campaign, UNC6040, targeting companies in Europe and the Americas. Attackers are deceiving employees into installing a modified version of Salesforce’s Data Loader. 👉 securityjoes.com

🧬 Catena Loader - Memory-Only Malware Campaign Attack Flow: Fake VPN/browser installers with signed decoys Shellcode in .ini files → reflective DLL injection Memory-only payloads + delayed persistence 👉 securityjoes.com #ThreatHunting #Malware #CyberSecurity #DFIR

RVTools Installer Compromised via Fake Domains – Targeting VMware Admins The trusted utility RVTools, used for auditing and reporting VMware environments, has been at the center of a malware distribution campaign via malicious lookalike websites. 👉securityjoes.com

💥 Are you attending Infosecurity Europe next week? Come meet the Security Joes team in London at Infosec Europe, June 3–5 at ExCeL! 🛡️ 👉 infosecurityeurope.com #Infosec2025 #CyberSecurity #LondonEvents #SecurityJoes #IncidentResponse #DFIR

🚨 Kimsuky APT Deploys XWorm RAT via Obfuscated PowerShell North Korea-linked Kimsuky group launches sophisticated campaign using heavily obfuscated PowerShell scripts to deliver XWorm Remote Access Trojan. #ThreatIntel #SecurityJoes #Kimsuky #XWormRAT #CyberSecurity #APT #DFIR

🚨 New Threat Alert: PupkinStealer Malware Targets Windows Systems 🚨A newly identified .NET-based malware, PupkinStealer, is actively targeting Windows users to exfiltrate sensitive data via Telegram's Bot API. 🔒 Need help? 👉 securityjoes.com

🛠️ Technical Details A critical vulnerability, CVE-2025-43714, has been identified in ChatGPT, allowing attackers to embed malicious SVG (Scalable Vector Graphics) files into shared conversations. Need help? securityjoes.com