Sabitlenmiş Tweet
Ctrl-Alt-Intel
135 posts


Full analysis & writeup here: ctrlaltintel.com/research/VoidB…
English
Ctrl-Alt-Intel retweetledi
Ctrl-Alt-Intel retweetledi

kb.cert.org/vuls/id/213560
I can confirm this also exists in an another Tenda router. This one is more of an enterprise offering, the G300.
Firmware download: tendacn.com/us/material/sh…
Thanks Tenda for not stripping your binaries :)
@ctrlaltintel
@rootsecdev

English
Ctrl-Alt-Intel retweetledi

We've seen four logistics firms getting hit by Teams messages (today!) that lead to Quick Assist, then a RAT/C2 that seems fairly novel.
I'll get some IoCs later, but for now keep an eye out for Teams messages from .onmicrosoft.com accounts.
@HuntressLabs
English

@banthisguy9349 One indicator can lead down to a fully
comprenhsive investigations. I love pivoting 🔥
ctrlaltintel.com/research/Kazak…
Above started w. 1 IP, looking for C2s running vuln. MongoDB on @censysio
Chasing the down all rabbit holes does lead to gold
English

We don't have to stop there. Using Hunt.io SQL we can see the top ASNs linked to VShell in the past month.
The most active are:
AS37963 - 285 C2s
AS45090 - 258 C2s
AS9294 - 227 C2s
AS133199 - 195 C2s
AS36352 - 110 C2s
(7/8)


English
Ctrl-Alt-Intel retweetledi

Squats, Backdoors, ClickFix and Blockchain. As part of a Have I Been Squatted & @ctrlaltintel researcher traced a typosquatted domain through a ClickFix lure, persistent macOS backdoor, and blockchain-based command-and-control infrastructure.
haveibeensquatted.com/blog/from-typo…
English

haveibeensquatted.com/blog/from-typo…
The findings appear to be part of a wider campaign, with the same Polygon smart contract address reported by @pamoutaf 🚀
English

One of our researchers has published a blog for @beensquatted exposing an ongoing macOS stealer & backdoor campaign 🔥
Originating from typosquatted domains, a threat actor is using ClickFix lures to deliver a persistent macOS loader hat hosts C2 using Polygon smart contracts👇
English
Ctrl-Alt-Intel retweetledi

𝗛𝘂𝗻𝘁 𝟯.𝟬 𝗶𝘀 𝗹𝗶𝘃𝗲. 𝗣𝘂𝗹𝗹 𝘁𝗵𝗲 𝘁𝗵𝗿𝗲𝗮𝗱. 🚀
Most threat hunting tools stop at the lookup. You get a result, maybe a tag, and then you're on your own figuring out what connects to what.
We built v3 to fix that. Every indicator, whether it's an IP, a domain, or a hash, should open into the full picture automatically.
👉 Here's what's new: hunt.io/blog/introduci…
→ 60+ API endpoints across C2, AttackCapture, Vulnerability Intel, SQL, and more
→ Remote MCP server, connect Claude or other AI tools straight to Hunt data
→ Cloudflare Buster turns one domain into a full infrastructure cluster
→ Passive DNS History gives you a real timeline of DNS changes, not just a point-in-time snapshot
→ Attack Reports turns exposed attacker directories into structured campaign reports, tied to specific IPs, IOCs, and CVEs
→ Exploit Capture indexes 54,000+ AI-classified files staged in attacker open directories right now
→ Provider Radar now includes Registrar intelligence, catching domain provisioning patterns before those domains go live in an attack
→ Flattened data architecture so HuntSQL joins are finally possible, no workarounds
→ And much more!
And the best part: you get 14 days free, no credit card needed. Open an account and start hunting today 👇 portal.hunt.io/sign-up
GIF
English





