Pulsedive Threat Intelligence

What to know about the Aisuru-Kimwolf botnet: pulsedive.com/threat/Aisuru-… - Massive botnet, 1M+ compromised devices - Kimwolf = specialized Android variant - Aisuru = parent botnet that has spawned other botnets - Used in DDoS and other attacks Expect more news and updates on this threat in the coming weeks.

VoidLink - a nascent threat developed using AI, according to @CheckPointSW's research team. What We Know: - Advanced Linux malware framework - 30+ modules for a plug-in based design - Cloud-native and cloud-aware - First observed late 2025, not seen in the wild yet More news at: pulsedive.com/threat/VoidLink

The blog examines the malware, PowerShell loader, execution chain, and mitigation recommendations. We also share indicators of compromise and artifacts from the analysis (available in our GitHub repo). IOCs: pulsedive.com/explore/?q=thr… Artifacts: github.com/pulsedive-rese…

Pulsedive Threat Research has published a technical analysis of TAMECAT, a PowerShell-Based backdoor used by APT42. blog.pulsedive.com/tamecat-analys…

Newly Added Threat Page: PeckBirdy -  JScript-based C2 framework - Used by threat actors aligned with China - Since 2023 - New primary research from @trendaisecurity: trendmicro.com/en_us/research… Latest news, TTPs, IOCs available on Pulsedive's PeckBirdy Threat page: pulsedive.com/threat/PeckBir…

More details on this and other 2025 activities in our end of year recap: blog.pulsedive.com/2025-in-review/

23 of them have been used in ransomware campaigns. Which ones? 👇

236 additions to @CISAgov's KEV (known exploited vulnerabilities) catalog this year. Data in graphic as of 12/14/2025.

A lot happened in 2025 - some surprising, some expected. 2024: we predicted increased adoption Gen AI by threat actors for social engineering lures & malicious tooling. 2025: we saw that threat actors have integrated AI into malware and used prompt engineering to bypass AI safety controls. Notably, @Anthropic reported on the first AI-orchestrated cyber espionage campaign. See below for the breakdown by task & AI v. human activity. Read our full recap of the last 12 months in our Year in Review: blog.pulsedive.com/2025-in-review/

Exploitation attempts for #React2Shell (CVE-2025-55182) have been widespread over the last week. Three resources that outline exploitation are: greynoise.io/blog/cve-2025-… esentire.com/security-advis… huntress.com/blog/peerbligh… Recommendation: Deploy patches as soon as possible

LAST CALL Get 30% off Pro with code BLACKFRIDAY25: pulsedive.com/purchase/pro Less than a day left for our biggest deal of the year for Pro. Pulsedive Pro comes with an upgraded API, Feed, and additional features. Monthly and annual plans both apply for first-time customers. More info available on our blog: blog.pulsedive.com/black-friday-2…

We analyzed the malicious code in the recent "second coming" of Shai-Hulud. blog.pulsedive.com/return-of-shai…

Some additional deals with @PentesterLab @pulsedive Cyber Plumbers Lab, @cyberwarfarelab , @nostarch - no affiliate codes just a good time to learn and grab gear 🙂 feel free to submit PRs or DM me to add. I know a few others have lists too, check them out - I do this for fun.

Black Friday is on. What: 30% off a year of Pulsedive Pro When: Valid through December 1, 2025 How: use code BLACKFRIDAY25 at pulsedive.com/purchase/pro More info: blog.pulsedive.com/black-friday-2…

SpearSpecter TL;DR - Ongoing espionage campaign - Iranian threat actors (APT42) - Targeting high-level Middle Eastern government & defense officials - Social engineering for initial access - Technical analysis by the Israeli National Defense Agency on TAMECAT modules, multi-channel C&C infrastructure, payload staging, and credential theft via native Windows functionality Learn more on Pulsedive's SpearSpecter threat page: pulsedive.com/threat/SpearSp… Original research: govextra.gov.il/national-digit…

We'll be back . See you soon.

North Korea’s Konni group just pulled off something wild — they turned Google’s own Find Hub into a weapon. By stealing Google logins, they could remotely wipe Android phones, erasing data and covering their tracks. It all started with a fake “Stress Clear” app, signed with a real Chinese company’s certificate. Full story ↓ thehackernews.com/2025/11/konni-…

Only two days left to nab 30% off 12 months of Pro with code "CIRCUITBIRD30". Terms & FAQ: blog.pulsedive.com/black-friday-2… Redeem: pulsedive.com/purchase/pro