🔒 FTRSec 🐼

Termncolor and Colorinal Explained | ThreatLabz ThreatLabz examines how termncolor and colorinal, malicious Python packages, expose supply chain risks via DLL sideloading, persistence, and covert C2 communication.

www.zscaler.com/blogs/securi...

YouTube video by SANS Digital Forensics and Incident Response A North Korean Cyber Operation

www.youtube.com/watch?v=T7x1...

Unmasking LockBit: A Deep Dive into DLL Sideloading and Masquerading Tactics Stealthy TTPs help ransomware attackers remain under the radar.

www.security.com/threat-intel...

Splunk 10 Released :)

help.splunk.com/en/splunk-en...

help.splunk.com/en/splunk-en...

Disrupting active exploitation of on-premises SharePoint vulnerabilities | Microsoft Security Blog Microsoft has observed two named Chinese nation-state actors, Linen Typhoon and Violet Typhoon, exploiting vulnerabilities targeting internet-facing SharePoint servers. In addition, we have observed a...

www.microsoft.com/en-us/securi...

SOC files: an APT41 attack on government IT services in Africa Kaspersky experts analyze an incident that saw APT41 launch a targeted attack on government IT services in Africa.

An interesting detailed article about an advanced attack and the TTP used

securelist.com/apt41-in-afr...

#Detection #malware #IoC #Cybersecurity

KongTuke FileFix Leads to New Interlock RAT Variant Researchers from The DFIR Report, in partnership with Proofpoint, have identified a new and resilient variant of the Interlock ransomware group’s remote access trojan (RAT). This new malware,…

thedfirreport.com/2025/07/14/k...

Hackers are Using ClickFix Techniques to Deliver NetSupport RAT, Latrodectus and Lumma Stealer Malware Emerging in late 2024 and surging throughout the first half of 2025, ClickFix has become a pervasive social-engineering vector in which threat actors trick users into executing malicious commands unde...

cybersecuritynews.com/hackers-are-...

Malicious ML models discovered on Hugging Face platform Developers working on machine learning take note: RL threat researchers have identified nullifAI, a novel attack technique used on Hugging Face.

www.reversinglabs.com/blog/rl-iden...

techcommunity.microsoft.com/blog/microso...

From PowerShell to a Python Obfuscation Race! - SANS Internet Storm Center From PowerShell to a Python Obfuscation Race!, Author: Xavier Mertens

isc.sans.edu/diary/From+P...

www.akamai.com/blog/securit...

The Database Slayer: Deep Dive and Simulation of the Xbash Malware In the world of malware, common ransomware schemes aim to take the data within databases and hold them hostage, promising data recovery upon ransom payment.

Investigation on Xbash malware

www.trustwave.com/en-us/resour...

Investigating A Web Shell Intrusion With Trend Micro™ Managed XDR This blog discusses a web shell intrusion incident where attackers abused the IIS worker to exfiltrate stolen data.

Webshell through IIS

www.trendmicro.com/en_us/resear...

Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit Our blog entry discusses a fake PoC exploit for LDAPNightmare (CVE-2024-49113) that is being used to distribute information-stealing malware.

www.trendmicro.com/en_hk/resear...

The EAGERBEE backdoor may be related to the CoughingDown actor Kaspersky researchers analyze EAGERBEE backdoor modules, revealing a possible connection to the CoughingDown APT actor.

Happy new year ! Wish you all the best for the 2025 year !

I'm back to activity after a quick break, starting by sharing an interesting article about EAGERBEE backdoor.

securelist.com/eagerbee-bac...

#Cybersecurity #IoC #malware #infosec

Get all parameters to function, including default values Get all parameters to function, including default values - Get-AllBoundParameters.ps1

#pwsh tip of the day!

$PSBoundParameters doesn't account for params whom have a default value. Thankfully, you can still get this information! Enter $PSCmdlet! You can pull the bound parameters off of the Invocation Property of that object.

I put together a quick example at:

Happy Scripting!

apkleaks: Scanning APK file for URIs, endpoints & secrets APKLeaks using jadx dissambler to decompile APK file. If it doesn't exist in your environment, it'll ask you to download or nah.

apkleaks: Scanning APK file for URIs, endpoints & secrets meterpreter.org/apkleaks-sca...

GitHub - olafhartong/PockETWatcher: a tiny program to consume an ETW trace for research a tiny program to consume an ETW trace for research - olafhartong/PockETWatcher

Adding to my ETW research toolkit, a tiny program to consume information from a provider with as little overhead as possible.

PockETWatcher, a tool to get the essential information from a ETW provider to the CLI or a JSON file

github.com/olafhartong/...

Cryptojacking Attack Exploits Docker Swarm and Kubernetes to Build Botnet A new cryptojacking attack exploits Docker Swarm and Kubernetes via exposed APIs, forming a botnet. Learn how it works and how to protect your systems

www.secureblink.com/cyber-securi...

Top 2 Malicious Python Packages You Must Avoid! Zebo-0.1.0 & Cometlogger-0.1 Top 2 Malicious Python Packages You Must Avoid! Zebo-0.1.0 & Cometlogger-0.1 - Malware - Information Security Newspaper | Hacking News

www.securitynewspaper.com/2024/12/26/t...

Analyzing North Korean Malware Before I start, it is important to say that I have not done this alone. So a special thanks to all members of ByteSized, you can find more…

medium.com/@henrique4wi...

Merry Christmas to everyone! 🥳

Big respect to those in cyber holding the fort today ! Thank you !

Skuld Malware Using Weaponized Windows Utilities Packages To Deliver Malware Researchers discovered a malware campaign targeting the npm ecosystem, distributing the Skuld infostealer through malicious packages

Skuld Malware Using Weaponized Windows Utilities Packages To Deliver Malware
gbhackers.com/skuld-malwar...

#Infosec #Security #Cybersecurity #CeptBiro #Skuld #Malware #WindowsUtilitiesPackages #Malware

🎁 GenAI x Sec Advent #21

What happens when attackers compromise your GenAI system? Let's talk about LLM Hijacking 👇

🧐 LLM Hijacking is an attack where a threat actor gains unauthorized access to your LLM cloud resources and exploits them for their own […]

[Original post on infosec.exchange]

Supply Chain Attack on Rspack npm Packages Injects Cryptojac... A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.

And yet another supply chain attack

socket.dev/blog/rspack-...

#cybersecurity #infosec #malware

Python-Based NodeStealer Version Targets Facebook Ads Manager

TrendMicro analysis on python-based nodestealer.

I remind you that using the Startup folder to establish persistence is a common method used by attackers.

www.trendmicro.com/en_us/resear...

#infosec #cybersecurity #malware

Detecting DeerStealer malware with Wazuh | Wazuh This blog post shows how to detect a DeerStealer malware infection on Windows endpoints with Wazuh. See more here!

For all the wazuh lovers, a small article to make detection on deerstealer with sysmon

wazuh.com/blog/detecti...