In addition to espionage threat actors, financially motivated cybercriminals have been exploiting the WinRAR vulnerability CVE-2025-8088.
The highly effective ecrime actor, typically seen distributing Koi Stealer/Koi Loader (TA4561), was observed doing so in Fall 2025.
Details. โคต๏ธ
28.01.2026 21:40 โ ๐ 2 ๐ 3 ๐ฌ 1 ๐ 0
Would love to get a fuller version of your take on The Dawn of Everything.
04.01.2026 16:49 โ ๐ 5 ๐ 0 ๐ฌ 0 ๐ 0
Redirection to adding authorized device.
New research from Proofpoint โผ๏ธ
Threat actors are using #phishing tactics to trick users into giving access to #M365 accounts.
โ ๏ธ Successful compromise leads to #accounttakeover, #dataexfiltration, and more.
Blog: brnw.ch/21wYtcM
Hereโs what you need to know. ๐งตโคต๏ธ
18.12.2025 16:56 โ ๐ 2 ๐ 2 ๐ฌ 1 ๐ 1
This time of year, threat actors are attempting to send you gifts youโd rather not receive. ๐
Proofpoint is seeing an increase in holiday-themed threats. Main #phishing lure themes include party invitations, holiday vouchers, end-of-year bonuses, and holiday travel.
04.12.2025 18:32 โ ๐ 0 ๐ 1 ๐ฌ 1 ๐ 0
This is the correct answer. LSJUMB already has it in their (admittedly limited) repertoire that somehow still includes Zoot Suit Riot and more than one Offspring song
24.11.2025 01:24 โ ๐ 3 ๐ 0 ๐ฌ 0 ๐ 0
Crossed wires: a case study of Iranian espionage and attribution | Proofpoint US
Proofpoint would like to thank Josh Miller for his initial research on UNK_SmudgedSerpent and contribution to this report.ย Key findingsย Between June and August 2025,
New Iran drop from me tracking an attribution nightmare - UNK_SmudgedSerpent! A little Charming, a little Muddy, and a lot C5. Targeting policy experts with benign conversation starters, health-themed infra, OnlyOffice spoofs, and RMMs. Check out the full story www.proofpoint.com/us/blog/thre...
05.11.2025 13:37 โ ๐ 19 ๐ 12 ๐ฌ 2 ๐ 0
Nike's ad for the Dodgers win featuring Kendrick Lamar
02.11.2025 04:29 โ ๐ 1899 ๐ 543 ๐ฌ 24 ๐ 150
ladies and gentlemen...we got him
30.10.2025 19:10 โ ๐ 18311 ๐ 4056 ๐ฌ 174 ๐ 185
You have to be shitting me... Ohtani homered again
18.10.2025 02:47 โ ๐ 724 ๐ 88 ๐ฌ 21 ๐ 82
When the monster bytes: tracking TA585 and its arsenal | Proofpoint US
Key findingsย TA585 is a sophisticated cybercriminal threat actor recently named by Proofpoint. It operates its entire attack chain from infrastructure to email delivery to malware
TA585 is the identifier of the most recent threat actor named by Proofpoint.
The sophisticated cybercriminal, notably, appears to own its entire attack chain with multiple delivery techniques.
Learn about TA585 and one of its favored payloads, MonsterV2: brnw.ch/21wWAAU.
13.10.2025 20:35 โ ๐ 0 ๐ 1 ๐ฌ 1 ๐ 0
Threat actors continue to abuse GitHub to deliver malware, this time: #LummaStealer. We identified GitHub notification emails that kick off the attack chain. Messages are sent when the threat actor, using an actor-controlled account, comments on existing GitHub issues. ๐งต
03.09.2025 18:23 โ ๐ 0 ๐ 2 ๐ฌ 1 ๐ 0
NEW โผ๏ธ Researchers at @Proofpoint revealed an increase in China-aligned cyber #espionage targeting Taiwanโs #semiconductor industryโa sector critical to the global tech #supplychain.
At least 3๏ธโฃ distinct China-aligned threat actors are behind the efforts. brnw.ch/21wUctY
16.07.2025 21:09 โ ๐ 8 ๐ 5 ๐ฌ 1 ๐ 1
The Bitter End: Unraveling Eight Years of Espionage AnticsโPart One | Proofpoint US
This is a two-part blog series, detailing research undertaken in collaboration with Threatray. Part two of this blog series can be found on their website here.ย Analyst note: Throughout
Just published:
A two-part blog series in collaboration with
@threatray.bsky.social, which aims to substantiate the claim that #TA397 (Bitter) is an espionage-focused, state-backed threat actor with interests aligned to the Indian state.
Part 1: brnw.ch/21wT9A5
Part 2: brnw.ch/21wT9Ad.
04.06.2025 14:56 โ ๐ 3 ๐ 2 ๐ฌ 1 ๐ 1
YouTube video by DW News
China conducted state-sponsored cyber attack says US Treasury | DW News
Went on DW to discuss the breach at Treasury. Not sure what was more predictable - that the vector was a supply chain attack on a cybersecurity vendor or the pro-PRC bots in the comments m.youtube.com/watch?v=VjA7...
06.01.2025 19:41 โ ๐ 1 ๐ 0 ๐ฌ 0 ๐ 0
Hidden in Plain Sight: TA397โs New Attack Chain Delivers Espionage RATs | Proofpoint US
Key findingsย Proofpoint observed advanced persistent threat (APT) TA397 targeting a Turkish defense sector organization with a lure about public infrastructure projects in Madagascar.ย ย The attack...
Proofpoint has published a report detailing new activity from #TA397 (AKA Bitter), a prominent South Asian advanced persistent threat (APT) group.
The campaign, which took place in November 2024, targeted a defense sector organization in Turkey.
Read the blog: ow.ly/z81o50UshPt.
17.12.2024 18:00 โ ๐ 8 ๐ 5 ๐ฌ 1 ๐ 1
We just launched our new website... please let us know if your RSS feeds or podcatchers are doing anything weird!
Meanwhile, check out the new risky.biz website. You can get everything there -- written content, podcasts/audio and video as well.
A nice website! And it only took me 18 years!
12.12.2024 04:29 โ ๐ 59 ๐ 14 ๐ฌ 16 ๐ 2
Tis' the season of telco and ISP attacks apparently. First Salt Typhoon and now this super interesting campaign: bsky.app/profile/did:...
12.12.2024 21:28 โ ๐ 2 ๐ 0 ๐ฌ 0 ๐ 0
Stanford alumni letter.pdf
Stanford alums have written the university president and provost to protest their handling of a student journalist, who is facing 3 felony accusations after covering a protest:
"It was wrongful for the University to direct his arrest and encourage his prosecution" drive.google.com/file/d/1jIx1...
10.12.2024 01:37 โ ๐ 296 ๐ 65 ๐ฌ 7 ๐ 6
The rabbit beat Oregon that day, 18-7. The Big Ten could never
09.12.2024 23:26 โ ๐ 0 ๐ 0 ๐ฌ 0 ๐ 0
09.12.2024 22:24 โ ๐ 160 ๐ 11 ๐ฌ 5 ๐ 2
YouTube video by Risky Business Media
Risky Business Weekly (773): Cybercriminals are dropping like flies in Russia
This weekโs show is up! Go go go!
youtu.be/cstfm5FbRFI
04.12.2024 02:50 โ ๐ 58 ๐ 10 ๐ฌ 1 ๐ 0
DISCARDED | Proofpoint | Proofpoint US
New episode of DISCARDED where we sit down with the ๐ Mark Kelly, our lead China analyst, to talk all things China APT! Tune in wherever you get your podcasts. ๐ฎ
Web: www.proofpoint.com/us/podcasts/...
Apple: podcasts.apple.com/us/podcast/d...
Spotify: open.spotify.com/episode/2AtJ...
04.12.2024 00:38 โ ๐ 24 ๐ 10 ๐ฌ 2 ๐ 0
YouTube video by Risky Business Media
Risky Business Weekly (771): Palo Alto's firewall 0days are very, very stupid
This week's show is up! We cover Palo Alto Networks' very dumb 0days, big changes coming to Windows, Jen Easterly's imminent departure from CISA and why NSO being bad, in retrospect, might be... good?
Get it as audio from the usual places or from YouTube here:
www.youtube.com/watch?v=Rxye...
20.11.2024 03:57 โ ๐ 29 ๐ 10 ๐ฌ 1 ๐ 0
The best answer to the Fullcast question is actually in SEC country - Cahokia. Largest city north of Mexico, obsessed with sports (chunkey), loved birdman icons (war damn eagle), and so unpleasant that when they collapsed, that part of the country stayed unhabitated for literally hundreds of years
04.01.2024 19:12 โ ๐ 0 ๐ 0 ๐ฌ 0 ๐ 0
Defector.com. SFGate.com. Six books. Iโm just here for a good time.
Signal: @drewmagary84
no not the nazi one on twitter
๐Studies influence, propaganda, platform design@Georgetown
โ๐ผLawfare,The Atlantic
๐Invisible Rulers: The People Who Turn Lies Into Reality (invisiblerulers.com) โhow influencers, algorithms, &online crowds shape public opinion
๐ฆน๐ปโโ๏ธTwitter Files supervillain
Skeet about markets and political corruption
Discord: http://bit.ly/3Bf2pNJ
Links: http://bit.ly/3V8D6Gb
Get $50-$5000 to trade: http://bit.ly/4ayctTD
oh great, now Iโm on bluesky
Threat Research @ Proofpoint. Former @virtualroutes.bsky.social fellow. @warstudieskcl.bsky.social alum. She/her
fb&g forever | co-host @LFRPod | ๐ contributor @Lakers | IG: @dariussoriano |
Political science professor, academic dean, writer, podcaster, shaker of hands with Mel Brooks โ you know, the usual kinks.
This account mirrors Fabrizio Romano's posts from Twitter/X.
Not affiliated with Fabrizio Romano or HERE WE GO.
Want to contact me? DM @yopro.studio.
buymeacoffee.com/adamr.bsky - Support me!
Just to let you know, there are many, many recipes waiting for you on www.nigella.com
Signed comic prints: beetlemoses.bigcartel.com
๐ฆUnofficially posting frames from the Food Network dub of Iron Chef ๐ฅ How will the challenger fight back? ๐ง The heat will be on! ๐ฅ
Episode title and frame # are in alt txt
(ran by @dudethatbe.bsky.social)
Hire me I need a full time job
You can pay me to do this for your site, you know
https://account.venmo.com/u/cjzer0
Opened at gunpoint in a Lady Footlocker. Trombonist, composer, bandleader (The Great Long Meadow Fire, True East, Store Hours). Blueskyโs resident Fun Tsar. Brooklyn, NY. he/him.
https://linktr.ee/Danlehner
author of five new york times bestsellers
https://goodmovie.substack.com
Pod: Past Lives. Tides of History. Book: "The Verge," on the world around 1500. Coming 5/5/2026: โLost Worlds,โ on prehistory. pwymanusc at gmail. https://linktr.ee/patrickwyman
โจ Aquarius โฐ Appalachian ๐ธ ATLien
priors: EDSBS, Sports Illustrated, Grantland, MTV, assorted other dead newsrooms
now: @channel6.bsky.social, @shutdownfullcast.bsky.social, coonhound rescuing, miscellaneous hellraising
independent writer of citationneeded.news and @web3isgoinggreat.com โข tech researcher and cryptocurrency industry critic โข software engineer โข wikipedian
support my work: citationneeded.news/signup
links: mollywhite.net/linktree
๐๐๐
We started with one sticker and have now contributed over $2M to Ukraine's war effort since February 2022. DISCOVER OUR NEW COLLECTION ๐
https://linktr.ee/saintjavelinshop
Okta Threat Intelligence. Personal account. Interests: Cybercrime, cyber threat intelligence, OSINT, data breaches. Formerly intel analysis @ Intel 471.
