marktsec

Hide the threat - GPO lateral movement Learn how to perform and understand lateral mouvement though GPO mechanism during pentest and red team assessments.

Hide the threat – GPO lateral movement
www.intrinsec.com/hide-the-thr...

In-Depth Analysis: Water Gamayun APT Multi-Stage Attack Uncovered Zscaler Threat Hunting team analyzes Water Gamayun APT’s multi-stage attack exploiting MMC, fake PDFs, and obfuscation to deliver hidden malware.

Sophisticated Water Gamayun APT Group Attack
www.zscaler.com/blogs/securi...

You’re invited: Four phishing lures in campaigns dropping RMM tools | Red Canary Joint research from Red Canary Intelligence and Zscaler threat hunters spotlights phishing campaigns dropping RMM tools

You’re invited: Four phishing lures in campaigns dropping RMM tools
redcanary.com/blog/threat-...

Meet Rey, the Admin of ‘Scattered Lapsus$ Hunters’ A prolific cybercriminal group that calls itself "Scattered LAPSUS$ Hunters" made headlines regularly this year by stealing data from and publicly mass extorting dozens of major corporations. But the ...

Meet Rey, the Admin of ‘Scattered Lapsus$ Hunters’
krebsonsecurity.com/2025/11/meet...

Inside DPRK’s Fake Job Platform Targeting U.S. AI Talent | Validin Inside DPRK’s Fake Job Platform Targeting U.S. AI Talent

Inside DPRK’s Fake Job Platform Targeting U.S. AI Talent
www.validin.com/blog/inside_...

APT41 Cyber Attacks: History, Operations, and Full TTP Analysis
www.picussecurity.com/resource/blo...

[Updated 24 Nov 2025] Deep scan for bad NPM packages nested across projects - DFIR for Shai-Hulud cyberattack, Sep-Nov 2025 [Updated 24 Nov 2025] Deep scan for bad NPM packages nested across projects - DFIR for Shai-Hulud cyberattack, Sep-Nov 2025 - bad-deps.txt

Deep scan for bad NPM packages nested across projects - DFIR for Shai-Hulud cyberattack
gist.github.com/alexgreenlan...

Add exploit module for Fortinet FortiWeb (CVE-2025-64446 + CVE-2025-58034) by sfewer-r7 · Pull Request #20717 · rapid7/metasploit-framework Overview This pull request add in a new exploit module targeting Fortinet FortiWeb via CVE-2025-64446 + CVE-2025-58034. CVE-2025-64446 is an authentication bypass that lets a unauthenticated attack...

github.com/rapid7/metas...

When The Impersonation Function Gets Used To Impersonate Users (Fortinet FortiWeb Auth. Bypass CVE-2025-64446) The Internet is ablaze, and once again we all have a front-row seat - a bad person, if you can believe it, is doing a bad thing! The first warning of such behaviour came from the great team at Defuse...

When The Impersonation Function Gets Used To Impersonate Users (Fortinet FortiWeb Auth. Bypass CVE-2025-64446)
labs.watchtowr.com/when-the-imp...

Palo Alto Scanning Surges ~500% in 48 Hours, Marking 90-Day High On October 3, 2025, GreyNoise observed a ~500% increase in IPs scanning Palo Alto Networks login portals, the highest level recorded in the past 90 days. The activity was highly targeted and involved ...

Palo Alto Scanning Surges ~500% in 48 Hours, Marking 90-Day High
www.greynoise.io/blog/palo-al...

🚨 Stealc v2.8.0 update observed:
• Updated Edge module to extract the new v20 key
• Expanded crypto-wallet targeting (incl. LTC/Dash Core, Trezor Suite, MEW Desktop, AtomicDEX & more)
• Improved C2 marker parsing + performance fixes
#ThreatIntel #InfoSec

LSASS Dump – Windows Error Reporting The Windows Error Reporting is a feature that is responsible for the collection of information about system and application crashes and reporting this information to Microsoft. Windows are shipped …

LSASS Dump – Windows Error Reporting
ipurple.team/2025/11/18/l...

XFiles Spyware Update

License to Encrypt: “The Gentlemen” Make Their Move In this Threat Analysis Report, Cybereason explores the new ransomware group, "The Gentlemen", and their latest TTPs.

License to Encrypt: “The Gentlemen” Make Their Move
www.cybereason.com/blog/the-gen...

Russian alleged cyber-hacker faces extradition to US after arrest in Thailand | CNN A Russian man wanted for extradition by the United States over cyber-crime allegations has been arrested on the Thai holiday island of Phuket, local police said Friday.

Russian alleged cyber-hacker faces extradition to US after arrest in Thailand.
Denis Obrezko is allegedly part of the notorious group Void Blizzard
edition.cnn.com/2025/11/15/a...

Contagious Interview Actors Now Utilize JSON Storage Services for Malware Delivery NVISO reports a new development in the Contagious Interview campaign. The threat actors have recently resorted to utilizing JSON storage services like JSON Keeper, JSONsilo, and npoint.io to host a…

Contagious Interview Actors Now Utilize JSON Storage Services for Malware Delivery
blog.nviso.eu/2025/11/13/c...

Path confusion vulnerability in GUI
fortiguard.fortinet.com/psirt/FG-IR-...

Unauthenticated Authentication Bypass in Fortinet FortiWeb (CVE-2025-64446)

GitHub - watchtowrlabs/watchTowr-vs-Fortiweb-AuthBypass Contribute to watchtowrlabs/watchTowr-vs-Fortiweb-AuthBypass development by creating an account on GitHub.

Detection Artifact Generator for FortiWeb Authentication Bypass
github.com/watchtowrlab...

Operation Endgame - The actions targeted one of the biggest infostealer Rhadamanthys, the Remote Access Trojan VenomRAT, and the botnet Elysium.

Rhadamanthys infostealer disrupted as cybercriminals lose server access The Rhadamanthys infostealer operation has been disrupted, with numerous "customers" of the malware-as-a-service reporting that they no longer have access to their servers.

Rhadamanthys infostealer disrupted as cybercriminals lose server access
www.bleepingcomputer.com/news/securit...

Intel Drops #4 Phishing kit targeting MS login pages

Phishing kit targeting MS login pages
intelinsights.substack.com/p/intel-drop...

Post claiming a ‘100% working EDR/XDR killer’
#ThreatIntel #InfoSec

Phishing Campaigns “I Paid Twice” Targeting Booking.com Hotels and Customers
blog.sekoia.io/phishing-cam...

Meta is earning a fortune on a deluge of fraudulent ads, documents show Meta projected 10% of its 2024 revenue would come from ads for scams and banned goods, and it internally estimates that its platforms show users 15 billion scam ads a day, company documents show.

Meta is earning a fortune on a deluge of fraudulent ads, documents show
www.reuters.com/investigatio...

Matanbuchus loader now ships as shellcode (BIN), supports in-memory .NET execution and payloads from ZIPs; sideload techniques refreshed. Operators added 2FA+CAPTCHA to the C2 and claim an unprecedented “white inject” #InfoSec #threatintel

CLOP RANSOMWARE: DISSECTING NETWORK NOTE: This Research Investigates purely focuses on the Networks used by the Clop Ransomware Group during their infiltration at different victims.  INTRODUCTION GETTING FOOTHOLD: CVE-2025–61882…

CLOP RANSOMWARE: DISSECTING NETWORK
theravenfile.com/2025/11/04/c...

Alleged Jabber Zeus Coder ‘MrICQ’ in U.S. Custody A Ukrainian man indicted in 2012 for conspiring with a prolific hacking group to steal tens of millions of dollars from U.S. businesses was arrested in Italy and is now in custody in the United States...

Alleged Jabber Zeus Coder ‘MrICQ’ in U.S. Custody
krebsonsecurity.com/2025/11/alle...

Kubernetes Penetration Testing: Methodology & Guide Kubernetes Penetration Testing guide: reconnaissance, API/etcd/kubelet checks, RBAC & secrets testing, tools, exploit chains, and remediation for pentesters.

Kubernetes Penetration Testing: Methodology & Guide
deepstrike.io/blog/kuberne...

🚨 New KATREUS Miner (Silent XMR Miner)
Advertised on underground forums with:
• Anti-kill, watchdog, persistence & injection modules
• AV evasion claims (C + ASM)
• Targets Windows 8.1 → Server 2025
• Seller offering only 5 “licenses”
#ThreatIntel #Cryptomining #InfoSec